For everyone involved in Allsorts!
All of you share data with us, and we take the utmost care to protect your privacy, we welcome the opportunity the new law is giving us to review what we do.
This is the process we have undertaken so far includes:
We completed a Data Mapping exercise to identify key areas which can be used as a quick glance guide to how we currently store and use data.
Information we hold
We completed an audit on all the personal data we hold for staff/ volunteers/ trustees/ service users (parents & carers), highlighting where is comes from and who we share it with.
We are currently investigating whether or not we will need to develop new data consent forms and opt-in processes.
We are currently reviewing:
- How we manage subject access requests and updating our procedures
- How to supplement our existing policy with a data retention policy and processor policy and a policy for when we delete data for dispose of hardware data.
- How we seek, record and manage consent and whether we need to make any chances and refreshing existing consents if and when they do not meet the GDPR standard.
- How GDPR specifically applies to children and whether or not we need to put any further systems in place
- How we manage data breaches and ensure we have the right procedures in place to detect, report & investigate a personal data breach as well as a guide if we ever have to report it to the ICO
We have also appointed a Data Controller. This will be Katie Vincent, our Business Manager who will work closely with Freya Benson, our Administrator both of whom manage data, its collection and storage. The Data Controller is responsible for deciding how information about you is used and stored safely.
Re-assurance about data protection
Finally, in compliance with the new law, we want to inform you that:
- our policy is clear about what data we hold on you and why we hold that data
- you have increased rights to access data we hold about you
- your personal data is held securely and never passed on to a Third Party without your consent
- the use we put that data to is compliant with the law and best practice
Marketing and consent to contact
Many companies are focusing on how they contact their customers and I have no doubt you have received lots of emails from them asking you to give your preferences. As this area of data protection is mainly to protect people from intrusive marketing and cold calling, this will not be our focus. However, the law requires that we ask you for your consent to contact you. You will shortly be issued with consent forms.
Finally, Allsorts is registered with the ICO (Information Commissioners Office) as part of compliance with funders procurement regulations. This body is responsible for overseeing compliance.
If you have any questions, please ask me.
Jess Wood, MBE
Founder & Director