Data Protection (including the EU data protection requirements, effective from 25 May 2018)
“Personal data” is any information about a living individual which allows them to be identified from that data (for example a name, photographs, videos, email address, or address). Identification can be by the information alone or in conjunction with any other information.
The processing of personal data is governed by [the Data Protection Bill/Act 2017 the General Data Protection Regulation 2016/679 (the “GDPR” and other legislation relating to personal data and rights such as the Human Rights Act 1998].
St. Giles’ holds personal information, including contact details, and the PCC is responsible for its security and compliance with relevant legislation.
Subject Access Requests
Everyone has the right to find out if an organisation is using or storing their personal data. The Information Commissioner’s Office (ICO) offer advice about requesting this information at https://ico.org.uk/your-datamatters/your-right-of-access/. To request details of the data held by the PCC email the Data Protection Compliance Officer ([email protected]).
A data breach is a breach of security leading to ‘accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data’. Example breaches are –
Unauthorised disclosure of email addresses when emails are sent to the wrong recipient or CC’d when the blind copy BCC should have been chosen.
If the office PC were stolen the thief would have access to sensitive information about congregation members.
Similarly if a memory stick containing a copy of St. Giles’ is lost, personal data may become available to the person finding it.
If anyone suspects there has been a data breach, they must report it to the DPCO ([email protected]) as soon as possible. All data users must take sensible precautions by ensuring security software is up to date, computers are password protected and memory sticks encrypted.