Data Protection Policy
The below provides an overview of Data Protection guidance. Your Data Protection Legislation Compliance contact at the Federation is
Anna Mileberg – email@example.com
020 8202 2263
For a full copy of the Federation’s Data Protection Policy please click here.
DATA PROTECTION: Key Definitions:
Data Controller: Determines the purposes, conditions and means of the processing of personal data (the Federation)
Data Subject: A person whose personal data is processed by a controller or processor
Personal Data: Any information relating to a living ‘Data Subject’, that can be used to directly or indirectly identify the person
Sensitive data: examples include data relating to racial/ethnic origin, religious beliefs. Subject to much stricter conditions of processing.
DATA PROTECTION: Key Principles:
- Data must be processed lawfully, fairly and in a transparent manner in relation to individuals
- Data must be collected for specific and legitimate purposes only
- Data must be relevant and limited to what is necessary in relation to the purposes for which it is processed
- Data must be kept accurate and up to date
- Data must be processed in a manner that ensures its security
DATA SUBJECTS: Rights of the Individual:
Data subjects have the right to make Subject Access Requests regarding the nature of information held and to whom it has been disclosed and to have inaccurate data rectified, blocked, erased or destroyed.
Data may not be obtained or held by the organisation unless the individual has given consent, after being fully informed of the intended processing. This is referred to as the ‘opt-in’ and should be obtained whenever a new contract is signed – be that a contract of employment or a contract of membership.
DATA: Employee Responsibilities
Employees are responsible for keeping data secure and not disclosing to third parties unless they have been authorised by the Federation and have entered into a confidentiality agreement.
Once data is no longer required it must be disposed of in a secure way eg shredding, or secure electronic deletion.
REMEMBER! Compliance with data protection legislation is the responsibility of all members of the Federation who process personal information.