Data Privacy Law 25th May 2018

May 15, 2018
Jess Wood MBE

For everyone involved in Allsorts!

A new data privacy law comes into effect in the UK on 25 May 2018. As a result, we are reviewing our current Data Protection Policy with a view to issuing a new Privacy Policy in due course. Our current policy is comprehensive but we need to ensure that it conforms in its entirety to the new regulations.

All of you share data with us, and we take the utmost care to protect your privacy, we welcome the opportunity the new law is giving us to review what we do.

This is the process we have undertaken so far includes:

Data Mapping

We completed a Data Mapping exercise to identify key areas which can be used as a quick glance guide to how we currently store and use data.   

 

Information we hold

We completed an audit on all the personal data we hold for staff/ volunteers/ trustees/ service users (parents & carers), highlighting where is comes from and who we share it with. 

 

Consent forms

We are currently investigating whether or not we will need to develop new data consent forms and opt-in processes.

 

Privacy Policy

We are currently reviewing:

- Our privacy policy and checking that our procedures cover all the rights individuals have including how we will delete personal date or provide data electronically in a commonly used format and identifying the lawful basis for how we process data, document that process and explain it in the policy 

- How we manage subject access requests and updating our procedures 

- How to supplement our existing policy with a data retention policy and processor policy and a policy for when we delete data for dispose of hardware data.  

- How we seek, record and manage consent and whether we need to make any chances and refreshing existing consents if and when they do not meet the GDPR standard. 

- How GDPR specifically applies to children and whether or not we need to put any further systems in place 

- How we manage data breaches and ensure we have the right procedures in place to detect, report & investigate a personal data breach as well as a guide if we ever have to report it to the ICO

Data Controller

We have also appointed a Data Controller. This will be Katie Vincent, our Business Manager who will work closely with Freya Benson, our Administrator both of whom manage data, its collection and storage. The Data Controller is responsible for deciding how information about you is used and stored safely.

 

Re-assurance about data protection

Finally, in compliance with the new law, we want to inform you that:

- our policy is clear about what data we hold on you and why we hold that data

- you have increased rights to access data we hold about you

- your personal data is held securely and never passed on to a Third Party without your consent

- the use we put that data to is compliant with the law and best practice

To this end, after a period of review, we will shortly be issuing a new Privacy Policy.

Marketing and consent to contact

Many companies are focusing on how they contact their customers and I have no doubt you have received lots of emails from them asking you to give your preferences. As this area of data protection is mainly to protect people from intrusive marketing and cold calling, this will not be our focus. However, the law requires that we ask you for your consent to contact you. You will shortly be issued with consent forms.

 

ICO

Finally, Allsorts is registered with the ICO (Information Commissioners Office) as part of compliance with funders procurement regulations. This body is responsible for overseeing compliance.

If you have any questions, please ask me.

 

Jess Wood, MBE

Founder & Director

Allsorts Youth Project Ltd © is registered charity in England & Wales and regulated by the Charity Commission under number 1123014 and a Company Limited by Guarantee under number 04154118. Registered office address: 69 Ship Street, Brighton, East Sussex, BN1 1AE.