1. General Data Protection Regulations

2. What is the GDPR? General Data Protection Regulations
The GDPR is a further set of guidelines, following on from the current Data Protection Act.
Rules will give customers more say in how companies use their data.
The new GDPR will come into effect from 25th May 2018.
Still applicable even after Brexit

3. What happens if things go wrong?
If there is a data breach or a company is found not complying with these new regulations could result being fined up to €20 million or 4% of your global annual turnover –whichever one is greater.

4. Individuals’ right concerning the personal data include:
GDPR relates to information that has been collected and can identify ‘Natural Living Persons’ which include photos, address, date of birth, bank details, social media names and posts, and IP addresses
Individuals’ right concerning the personal data include:
The right to know the information that is being kept about them
The right of access
The right to update or rectify incorrect information
The right to be forgotten, have their information removed
The right to restrict what we use this information for.

5. Collecting, processing and holding personal data
Essential in running our business – customers, volunteers and employees, names and address dates of birth, bank details etc.
Personal information collected must
adequate and relevant
accurate and up to date
kept only for as long as necessary
used only for the purpose it was collected
Securely stored

6. Consent
To use data for other purposes eg newsletters, information other products, we need to obtain consent from the individual.
Now needs to be an opt-in process. Customers signing up for marketing communication rather than opt-out boxes
Clear what they are signing up for, unambiguous, specific and freely given.
Must be separate from terms and conditions.
Indicate how they would like to be contacted ( , letter etc)
Opportunity to opt-out
Retain records of consent.
Children must be 16+ to give consent – otherwise must from responsible adult

7. The Effect of GDPR on Websites
The GDPR and Privacy Policies
Users of a website must have a clear understanding of how their personal data is processed. Privacy policy must be written in clear and plain language for users to understand and informed users on the data the website is collecting from them. The policy must be easily available on the website.
The GDPR and Cookie Policies
Cookies store unique data about a user, meaning that personal data is stored. In future we will need a cookie consent which complies with GDPR giving the user the option to opt-in now and out in the future.

8. How you can help
Know what information you have on-site, where it came from
Ensure that you are storing personal information securely, don’t leave it lying around
Ensure only relevant people have access to it
Do not pass on personal information.
Only collect relevant information.
Bring old paperwork to Lidn Park for secure storage/shredding.
Before sending out marketing information or newsletter please check with Comms Team/Ernie Shepherd that we have correct consent.