The GDPR Act 2018, requires anyone who handles personal information to comply with a number of important principles. It also gives individuals rights over their personal information.
We take the protection of data extremely seriously and require all employees, trustees and volunteers to be vigilant about how we collect, use and store information – regardless of the method of collection, use and storage, for example electronic, written, audio, symbolic etc.
As a condition of employment/engagement with SHINE, and with regard to the personal data collected, used or processed about other employees, volunteers, trustees and customers or any other person, Shine upholds the eight principles of the Data Protection Act, which make sure that personal information is:
-
Fairly and lawfully processed
-
Processed for limited purposes
-
Adequate, relevant and not excessive
-
Accurate and up-to-date
-
Not kept for longer than is necessary
-
Processed in line with an individual’s rights – individuals have a right to know what personal information is being held on them and to have access to this information and, where appropriate, to correct or erase it, or to arrange for this to be done
-
Secure – ensuring that we do not allow unauthorised or accidental access or alteration to, disclosure, loss or destruction of, such information by either act of omission
-
Not transferred to other countries without adequate protection
Breaches of the Act are criminal offenses. SHINE does not condone or authorise breaches of the GDPR. Consequently, failure to observe the above requirements will be regarded as a serious offense and subject to Disciplinary Procedures.
SHINE’s GDPR Officer is the Operations Manager.