Definitions

Data Any information, which is being processed automatically or recorded as part of a relevant, filing system.

Data Controller A person or organisation who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data is, or is to be, processed.

Data Subject An individual who is the subject of personal data.

Information Asset Owner The member of staff responsible for collecting the information and/or in charge of the project and/or initiative involving personal data.

Personal Data/Information Data which relates to an identifiable living individual.

Processing Obtaining, accessing, altering, adding to, deleting, changing, disclosing or merging data and anything else, which can be done with data.

Special Category Data Information about an individual's racial or ethnic origin, political opinions, religious beliefs, trade union membership, physical or mental health or condition, sexual life, commission or alleged commission of any offence, any proceedings for any offence committed or alleged to have been committed by him/her.

Introduction and scope

The organisation may collect and hold personal data about its staff, users, visitors, customers, supporters, business partners and other individuals who visit, work with or contact the organisation. It is committed to ensuring that this personal information is managed responsibly and in accordance with data protection legislation, other related policies and any associated legislation or Codes of Practice.

This policy covers all personal information held by the organisation including that contained in its own records and that held in its archives and deposited collections.

All the organisation's staff, volunteers and contractors are required to ensure that they comply fully with this policy and its associated procedures.

This policy is linked closely to the organisation's Acceptable Use Policy. A full list of associated policies can be found in the Appendix.

The legislation

The data protection legislation, namely the Data Protection Act 2018 and the General Data Protection Regulation (GDPR), provides a framework for the handling of Personal Data as well as Special Category Data.

The data protection legislation applies to all Personal Data and Special Category Data contained in manual files and filing systems, e-mails, computer files, computer databases, images and films, documents and all other formats and media.