DATA PROTECTION POLICY
Data Protection Policy
Link to Data Protection Policy V2 Published May 2019 following approval at General Committee April 2019
As defined by our processes this version issued in May 2018 has been reviewed and Retired Replaced by Version 2 2019
GDPR 25 May 2018
Link to RYA Guidelines GDPR
Useful information Principles
GDPR into six privacy principles:
1. Lawfulness, fairness and transparency
Transparency: Tell the subject (Member,Visitor, Staff) what data processing will be done.
Fair: What is processed must match up with how it has been described
Lawful: Processing must meet the tests described in GDPR [article 5, clause 1(a)]
2. Purpose limitations
Personal data can only be obtained for "specified, explicit and legitimate purposes"[article 5, clause 1(b)]. Data can only be used for a specific processing purpose that the subject has been made aware of and no other, without further consent.
3. Data minimisation
Data collected on a subject should be "adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed".[article 5, clause 1(c)]
i.e. No more than the minimum amount of data should be kept for specific processing.
Data must be "accurate and where necessary kept up to date" [article 5, clause 1(d)]
Baselining ensures good protection and protection against identity theft. Data holders should build rectification processes into data management / archiving activities for subject data.
5. Storage limitations
Regulator expects personal data is "kept in a form which permits identification of data subjects for no longer than necessary". [article 5, clause 1(e)]
i.e. Data no longer required should be removed.
6. Integrity and confidentiality
Requires processors to handle data "in a manner [ensuring] appropriate security of the personal data including protection against unlawful processing or accidental loss, destruction or damage". [article 5, clause 1(f)]
Last updated 22:36 on 3 November 2020