Data Protection Policy
This policy applies to all staff and volunteers of Revolution.
Introduction
The purpose of this policy is to enable Revolution to:
- Comply with legal requirements regarding data handling
- Follow best practices in data management
- Protect the clients, staff, volunteers, and other stakeholders of Revolution
- Safeguard the organization from the repercussions of failing to meet its data protection obligations
Overview of the Data Protection Act 1998
The Data Protection Act 1998 establishes rights for individuals regarding their personal information and sets a framework for proper information handling. Key aspects include:
- Fair and lawful processing of personal data
- Processing data for limited, specific purposes
- Ensuring data accuracy and timeliness
- Securing personal data adequately
- Respecting individuals’ rights to access and control their data
- Prohibiting the transfer of data to countries without adequate protections
Policy Statement
Revolution commits to:
- Upholding legal standards and best practices in data handling
- Respecting and protecting individuals’ data rights
- Maintaining transparency with individuals about how their data is used
- Providing necessary training and support to staff and volunteers handling personal data
Definitions and Key Roles
- Data Subject: The individual whose data is being processed (e.g., employees, volunteers, donors).
- Data Controller: Revolution, as the legal entity deciding the purpose and method of processing personal data.
- Data Processor: An external organization processing data on behalf of Revolution, under a contract with strict data protection clauses.
- Data Protection Officer (DPO): Responsible for overseeing data protection strategies and compliance. Current DPO: Rana Miah.
Responsibilities
- The Board of Trustees ensures overall compliance with legal obligations.
- The Data Protection Officer’s duties include briefing the board, reviewing policies, advising on data protection issues, and handling data requests.
- All staff and volunteers must adhere to data handling procedures and are trained accordingly.
Security Measures
Security protocols for handling personal data include:
- Storing physical records in locked cabinets
- Protecting electronic records with passwords
- Confidentially destroying unnecessary data
- Limiting database access through password protection
Data Recording and Storage Practices
Revolution maintains a centralized database with stringent procedures to ensure data accuracy and security:
- Regular reviews and updates of the database system
- Minimized data duplication across systems
- Prompt updates to reflect changes in individual data
Access to Data
- Individuals have the right to access their personal data.
- Requests for data access are managed by the DPO within the legally required timeframe.
- Verification of identity is required for all access requests not personally known to the DPO.
Transparency and Consent
Revolution ensures that data subjects are aware of:
- The purpose of data processing
- Potential disclosures
- Their rights concerning their data Consent is obtained for processing sensitive data, with provisions for opting out of certain uses, such as direct marketing.
Direct Marketing Practices
Revolution conducts marketing only with clear consent, adhering to privacy preferences and legal standards:
- Opt-out options are provided at the first point of data collection.
- Marketing through email or phone follows strict consent guidelines and preference checks.
Staff Training and Policy Acceptance
- Comprehensive training on data protection is provided during staff induction.
- Continuous updates and training opportunities are offered to ensure adherence to data protection policies.
Appendix: Privacy Statement
Details how Revolution handles personal information, including security measures, rights to opt-out of communications, and procedures for accessing personal data.
Other Relevant Policies
- Confidentiality Policy
- Handling Personal Information Policy & Procedure
Data Protection Policy
This policy applies to all staff and volunteers of Revolution.
Introduction
The purpose of this policy is to enable Revolution to:
- Comply with legal requirements regarding data handling
- Follow best practices in data management
- Protect the clients, staff, volunteers, and other stakeholders of Revolution
- Safeguard the organization from the repercussions of failing to meet its data protection obligations
Overview of the Data Protection Act 1998
The Data Protection Act 1998 establishes rights for individuals regarding their personal information and sets a framework for proper information handling. Key aspects include:
- Fair and lawful processing of personal data
- Processing data for limited, specific purposes
- Ensuring data accuracy and timeliness
- Securing personal data adequately
- Respecting individuals’ rights to access and control their data
- Prohibiting the transfer of data to countries without adequate protections
Policy Statement
Revolution commits to:
- Upholding legal standards and best practices in data handling
- Respecting and protecting individuals’ data rights
- Maintaining transparency with individuals about how their data is used
- Providing necessary training and support to staff and volunteers handling personal data
Definitions and Key Roles
- Data Subject: The individual whose data is being processed (e.g., employees, volunteers, donors).
- Data Controller: Revolution, as the legal entity deciding the purpose and method of processing personal data.
- Data Processor: An external organization processing data on behalf of Revolution, under a contract with strict data protection clauses.
- Data Protection Officer (DPO): Responsible for overseeing data protection strategies and compliance. Current DPO: Rana Miah.
Responsibilities
- The Board of Trustees ensures overall compliance with legal obligations.
- The Data Protection Officer’s duties include briefing the board, reviewing policies, advising on data protection issues, and handling data requests.
- All staff and volunteers must adhere to data handling procedures and are trained accordingly.
Security Measures
Security protocols for handling personal data include:
- Storing physical records in locked cabinets
- Protecting electronic records with passwords
- Confidentially destroying unnecessary data
- Limiting database access through password protection
Data Recording and Storage Practices
Revolution maintains a centralized database with stringent procedures to ensure data accuracy and security:
- Regular reviews and updates of the database system
- Minimized data duplication across systems
- Prompt updates to reflect changes in individual data
Access to Data
- Individuals have the right to access their personal data.
- Requests for data access are managed by the DPO within the legally required timeframe.
- Verification of identity is required for all access requests not personally known to the DPO.
Transparency and Consent
Revolution ensures that data subjects are aware of:
- The purpose of data processing
- Potential disclosures
- Their rights concerning their data Consent is obtained for processing sensitive data, with provisions for opting out of certain uses, such as direct marketing.
Direct Marketing Practices
Revolution conducts marketing only with clear consent, adhering to privacy preferences and legal standards:
- Opt-out options are provided at the first point of data collection.
- Marketing through email or phone follows strict consent guidelines and preference checks.
Staff Training and Policy Acceptance
- Comprehensive training on data protection is provided during staff induction.
- Continuous updates and training opportunities are offered to ensure adherence to data protection policies.
Appendix: Privacy Statement
Details how Revolution handles personal information, including security measures, rights to opt-out of communications, and procedures for accessing personal data.
Other Relevant Policies
- Confidentiality Policy
- Handling Personal Information Policy & Procedure
