General Data Protection Policy
The General Data Protection Act 2018 will come into force on 25 May 2018 and sets out what can and what cannot be done with personal data that is information about living individuals. The Elizabeth Foundation is placed under a legal obligation to comply with the provisions of this Act and is committed to a policy of protecting the rights and freedoms of individuals with respect to giving them a choice at to how their personal data is processed, used and stored.
Commitment to the Protection of Personal Information
In order to function properly, The Elizabeth Foundation needs to collect and use certain types of information about staff, service beneficiaries and other individuals who come into contact with the charity in order to operate effectively. In addition, it is required by law to collect and use certain types of information to comply with the requirements of government departments - different LEAs, statutory and non-statutory funders and other bodies. This personal information must be dealt with properly however it is collected, recorded and used, and there are safeguards to ensure this in the General Data Protection Act 2018.
The Elizabeth Foundation regards the lawful and correct treatment of personal information as very important to the successful and efficient performance of its functions and to maintaining confidence between those with whom we deal and ourselves. We ensure that The Elizabeth Foundation treats personal information lawfully and fairly.
Scope of the policy
The General Data Protection Act applies to electronic and paper records held in structured filing systems containing personal data, meaning data which relates to living individuals who can be identified from the data. This includes any expression of opinion about an individual and intentions towards an individual. It also applies to personal data held visually in photographs or video clips (including CCTV) or as sound recordings. The Elizabeth Foundation collects a large amount of personal data every year.
This policy will be updated as necessary to reflect best practice in data management, security and control and to ensure compliance with any changes or amendments made to the General Data Protection Act 2018.
The Principles of the Policy
The Principles may be summarised as follows, and are intended to make sure that the personal information of “data subjects” (the people about whom information is held) is handled properly.
Under the Principles, data must be:
Individuals will have the following rights:
Data Protection standards
The Elizabeth Foundation will, through appropriate management and adherence to agreed procedures:
At The Elizabeth Foundation, the Board of Trustees we will ensure that: