The EU General Data Protection Regulation (“GDPR”)came into force across the European Union on 25th May 2018 and brings with it the most significant changes to data protection law in two decades. Based on privacy by design and taking a risk-based approach, the GDPR has been designed to meet the requirements of the digital age.
The 21st Century brings with it broader use of technology, new definitions of what constitutes personal data, and a vast increase in cross-border processing. The new Regulation aims to standardise data protection laws and processing across the EU; affording data.
Our Commitment Life Connections CLG (‘we’ or ‘us’ or‘ our’) is committed to ensuring the security and protection of the personal data that we process, and to provide a compliant and consistent approach to data protection. We will endeavour to have a robust and effective data protection policy and practice in place, which complies with existing law and abides by the data protection principles. However, we recognise our obligations in updating and expanding this policy to meet the demands of the General Data Protection Regulation (GDPR) 2018, the Irish Data Protection Act (1988), and the Irish Data Protection (Amendment) Act (2003).
Life Connections CLG is dedicated to safeguarding the personal data under our remit and in developing a data protection regime that is effective, fit for purpose and demonstrates an understanding of, and appreciation for the new Regulation, we will adhere to the 8 Rules of Data Protection outlined below.
1. Obtain and process information fairly
2. Keep it only for one or more specified, explicit and lawful purposes
3. Use and disclose it only in ways compatible with these purposes
4. Keep it safe and secure
5. Keep it accurate, complete and up-to-date
6. Ensure that it is adequate, relevant and not excessive
7. Retain it for no longer than is necessary for the purpose or purposes
8. Give a copy of his/her personal data to the individual on request.
As part of our adherence to the 8 rules we will do the following:
Staff Training - we will ensure all new staff are given a proper briefing on GDPR and we will provide annual training on any updates on GDPR
Clean Desk policy - we are committed to ensuring all desks are clean at the end of the working day and that any paperwork is filed away or disposed of as appropriate.
Storing hard copy data and laptops - we will keep a locked filing cabinet in the office and the key will be held by the CEO. Any laptops or confidential documents will be locked in the drawer overnight.
Access to the office - our office is locked outside office hours.
Email addresses – our mailing list will be stored on our CRM system and an opt-out option is always provided. Any address not used in more than a year will be deleted. No hard copy data from the mailing list will be held.
Obtaining Consent – our mailing list is targeted at parents and consent is clearly given when signing up to this list. Opt-out options are always provided.
Human Resources - all personal data will be held electronically and in some cases, in hard copy in a locked office. Only the CEO has access to the HR folder. Any data held on a staff member, volunteer, or contract worker will be removed within 12 months of their departure.
Data Breaches – our breach procedures ensure that we have safeguards and measures in place to identify, assess, investigate and report any personal data breach at the earliest possible time. In the event of any data loss we will immediately inform the affected individuals and report the loss to the Commissioner within the mandated 72 hour period.
Subject Access Request (SAR) – we will provide the requested data within the 30-day time frame.