The General Data Protection Register (GDPR) became law on 25th May 2018 Upon the UK leaving the EU on 31st December 2020 the UK GDPR replaced the existing EU GDPR and remained the same in all material aspects. From 1st January 2021 the UK GDPR along with the amended Data Protection Act 2018 and the Privacy and Electronic Communications Regulation became the personal data protection legislation in the UK.
The new law has been put into place to give our members and others a clear understanding of the principles of data protection. These principles assert that personal data is: -
- Processed lawfully, fairly and in a transparent manner in relation to the data subject.
- Collected for specific, explicit, and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
- Adequate, relevant, and limited for what is necessary in relation to the purposes for which they are processed.
- Accurate and where necessary kept up to date, personal data that is inaccurate is erased or deleted without delay.
- Kept in a form which permits identification of data subjects for no longer than is necessary.
- Processed in a manner which ensures appropriate security of the personal data including protection against unlawful or unauthorised processing and against accidental loss, destruction, or damage using appropriate technical and organisational measures.
The controller (in our case the Secretary of the organisation) shall be responsible for and be able to demonstrate compliance that the data has been processed lawfully, fairly and in a transparent manner in relation to individuals.
The UK GDPR also gives data subjects several rights over their data, with which NARBTPO needs to comply.
- Right of access. A copy of their data must be provided within one calendar month of the request being received.
- Right of rectification if the data is inaccurate or incomplete.
- Right of erasure of all personal data held on a subject.
- Right to restrict processing of data to storage only.
- Right to data portability, data subject has a right to a copy of their data in a common format.
- Right to object to processing based on a legitimate interest.
- Right not to be subject to automatic decision making, including profiling.
The security of your data is of the utmost importance to us. We use all reasonable measures to protect your information.
We hold your information because you provided it to us when you joined NARBTPO. We keep the details of your name and address, e-mail address, telephone numbers to send publications and other relevant notifications to you.
We keep your information secure and access to your information is only available to a small number of committee members. We never buy or sell information.
Financial laws mean that all financial information must be kept for 7 years, after which it can be archived or safely destroyed. We cannot, by law, destroy this information before this time.
Under the new regulation you have a right to know what information we hold about you. Should you wish to opt out of any of our correspondence you can do this by contacting the Secretary in writing to the address below.
Individual members are responsible for keeping their own personal data up to date. Any changes to the data you have supplied to us please advise the Secretary at the address below.
If you have a specific complaint about the way in which your data is handled, you can contact the Secretary at the address below. If you are unhappy with how we have processed your information you have the right to lodge a complaint with the Office of the Information Commissioner on 0303 123 1113. We have a duty to report a breach within 72 hours.
Our secretary can be reached by emailing them at firstname.lastname@example.org or my phone and email as per their details in the Member's Directory.