What is GDPR
GDPR – General Data Protection Regulations – comes into force on 25th May, 2018. It replaces the Data Protection Act and is applicable to all organisations handling personal and sensitive data. There is no significant charity exemption.
VIC will comply with it and should an investigation be instigated, there are penalties for any organisation failing to comply. If VIC passes any data to other organisations for processing, any failure to comply to the GDPR rules by that organisation remains the responsibility of VIC. This means VIC must ensure that any suppliers or contacts to whom we pass data for processing are also fully GDPR compliant.
The GDPR covers
‘Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6 (1) shall be carried out only under the control of official authority or when the processing is authorised by Union or member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.’
Special category data is so named as it is more sensitive and requires greater protection e.g. religion, ethnic origin, trade union membership, biometrics, health, sexual orientation, politics. Holding this type of data requires both a lawful basis and an additional condition which is most appropriate in the circumstances.
The additional conditions are summarised here:
The GDPR provides the following rights for individuals:
VIC will comply with it and should an investigation be instigated, there are penalties for any organisation failing to comply. If VIC passes any data to other organisations for processing, any failure to comply to the GDPR rules by that organisation remains the responsibility of VIC. This means VIC must ensure that any suppliers or contacts to whom we pass data for processing are also fully GDPR compliant.
The GDPR covers
- Personal data
- any data which enables an individual to be identified directly or indirectly
- manual filing and electronically filed data
- pseudonymised data that is fairly easy to attribute to an individual
- Sensitive personal data
- Special categories of personal data including, genetic data etc.
- Consent
- Contract
- Legal obligation
- Vital interests
- Public task
- Legitimate interests
‘Processing of personal data relating to criminal convictions and offences or related security measures based on Article 6 (1) shall be carried out only under the control of official authority or when the processing is authorised by Union or member State law providing for appropriate safeguards for the rights and freedoms of data subjects. Any comprehensive register of criminal convictions shall be kept only under the control of official authority.’
Special category data is so named as it is more sensitive and requires greater protection e.g. religion, ethnic origin, trade union membership, biometrics, health, sexual orientation, politics. Holding this type of data requires both a lawful basis and an additional condition which is most appropriate in the circumstances.
The additional conditions are summarised here:
- Data subject has given explicit consent for one or more specified purposes
- Processing is necessary to fulfil the obligations of the data controller or of the data subject in relation to employment, social security and social protection
- Protecting the vital interests of the data subject where they are physically or legally incapable of giving consent
- Legitimate activities with appropriate safeguards by a not-for-profit body relating to members or former members of that organisation
- Processing relates to personal data which are manifestly made public by the data subject
- Necessary for the establishment or defence of legal claims
- Reasons of substantial public interest
- Preventative or occupational medicine
- Reasons of public interest in the area of public health
- Archiving purposes in the public, scientific or historical interest
The GDPR provides the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
- Effectively pursuing its aims and objectives
- Raising money to provide services
- Contact with members to deliver services to them
- Contact with professionals and other organisations to
- Make referrals of VIC members for additional support
- Receive referrals
- Raise awareness of the needs and issues of ex-service and emergency services personnel
- Inform on the services and support offered by VIC
- Update on the activities and impact of VIC
- Contact with supporters to inform of activities, work of the organisation and fundraising campaigns and events
- Prevention of fraud, acts of terrorism and crime