Data protection

What is data protection?

  • Data protection refers to the policies and measures put in place to keep personal data safe. It's about keeping data safe from misuse, loss, or breaches. It ensures respect for individuals' privacy and their data. It must be collected, stored, and used responsibly and securely.

Two policies govern how UK organisations handle personal data. This includes collecting, storing, and disclosing it.

Data protection principles

There are core principles that must be adopted. Personal data must be:

  1. Processed lawfully, fairly, and with transparency. This is known as 'lawfulness, fairness, and transparency’.
  2. Collected for specified, explicit, and legitimate purposes. It must not be processed in a way that is incompatible with those purposes. This is known as ‘purpose limitation'.
  3. Adequate, relevant, and limited in relation to the purpose. This is known as ‘data minimisation’.
  4. Accurate and, where necessary, kept up to date. Every effort must be taken to ensure that inaccurate personal data is deleted or rectified. This must be done without delay, in light of the purposes for which it is processed. This is known as 'accuracy'.
  5. Kept in a form which permits identification of data subjects for no longer than is necessary for its purpose. This is known as ‘storage limitation’.
  6. Processed in a manner that ensures appropriate security. Like protection against unauthorised access or damage. It also requires using proper technical measures. This is known as 'integrity and confidentiality'.

Our approach to managing personal data is based on these principles.

GDPR

GDPR is the law on protecting your personal information. It explains how organisations can handle customers' data. We work hard to comply at all times with the GDPR and the DPA 2018.

The above documents cover the following topics:

  • Our name and contact details.
  • Contact details for our data protection officer.
  • Purposes and legal bases for processing your personal data.
  • Sources and categories of personal data collected.
  • Recipients of your personal data.
  • Details of transfers of personal data overseas.
  • How long we can keep your personal data for.
  • Your rights in respect of the processing.
  • Your right to withdraw consent. (In certain circumstances).
  • Your right to lodge a complaint with the ICO.
  • When you must, by law, provide your personal data to us.