General Data Protection Regulation 2016
On Friday, 25thMay 2018, The Data Protection Act 1988 will be replaced by the General Data Protection Regulation 2016.The GDPR sets out the key principlesby which all personal data, i.e. data by which an individual may be identified, must be collected, processed, stored and used by an organisation such as Observatory Practice.
In particular, to comply with its legal obligations, personal data must be collected by The Observatory Practice:
- for specific, explicit and legitimate purposes;
- processed lawfully, fairly and transparently;
- limited to what is necessary for the purposes for which it is processed;
- kept accurate and up to date;
- stored securely and not disclosed to any third party unlawfully;
- retained for as long as is necessary for the reasons it was collected.
In addition, individuals have certain rights regarding their personal data, i.e.
- to be kept informed about how their data is used;
- how to access their data and any rectify incorrect information;
- how to have their data erased; restrict how their data is used;
- move their data from one organisation to another;
- to object to their data being used at all.
1. Collecting personal information
The Observatory Practiceis committed to respecting and protecting your privacy. When you register with The Observatory Practice as a Member you will be asked to provide certain personal information, for example your name, your address, both postal and email, telephone number, as set out in Membership Application Form. The Observatory Practicewill store this data securely and hold it on computers or in other formats, and use it for the purposes outlined below.
- Use of personal information
The Observatory Practice collects personal data for the purposes of administration and communication with its Members, and for processing and validating membership subscriptions. The Observatory Practice only uses personal information within the context of the purposes outlined, and it will only keep the information as long as is necessary to support these purposes.
- Controlling access to personal information
The Observatory Practicewill not pass on your personal information to any third party unless you give it permission to do so, or The Observatory Practice is required to do so by law. As a member of The Observatory Practiceyour personal information will be displayed on the Observatory Practicewebsite at www.theobservatorypractice.co.ukto provide basic information for potential members or clients who may wish to consult you, such information to include only your name, email and telephone number. Your home address or business address will not be displayed, unless you chose to do so.
- Storing your personal information
The Observatory Practice employs strict information security procedures to store and handle your personal information. The Observatory Practiceprotects your information against unauthorised access, unlawful processing, and accidental loss, destruction and damage. For example, emails will only be sent to you as blind copies, so that only your email address is visible when you receive it. Emails will also display the following statement: “Please note that the information below is being sent to you about matters relevant to The Observatory Practiceof which you are a member. Your name and address are confidential and will not be divulged to any third party. If you do not wish to receive this information, or you wish to amend your name and address, please notify the Secretary at the address below.”
- Data Protection Regulation & Supervision
Under the requirements of both the Data Protection Act 1988and the General Data Protection Regulation 2016.