Currently, the Data Protection Policy UK is the GDPR – General Data Protection Regulation, European Union Regulation 2016/679.
This is a regulation by which the European Council, the European Commission, and the European Parliament intend to unify and strengthen data protection for the individuals within the EU (European Union). The GDPR also addresses personal data exporting outside the EU. The main GDPR objectives are to give its citizens back their control over their personal data. It also unified the regulation over the subject within the EU, which achieved the simplification of the regulatory environment for international businesses.
The GDPR covers both computerised and written information, as well as ensuring the individual’s right to access these records.
The GDPR also covers records that relate to company staff and even volunteer workers.
All staff in Age UK Exeter must obey this Data Protection Policy UK at all times.
The Chief Executive is the main responsible for protecting data within Age UK Exeter. However, each individual processing data acts on the controller’s behalf. Therefore, each and everyone involved has the legal obligation to obey the Regulations.
Principles of Data Protection
As a data controller, Age UK Exeter has to comply with good information handling principles. Such GDPR principles require our Data Controller to;
- Process all personal data lawfully, fairly, and transparently.
- Obtain personal data only for lawful and specified purposes. Also to ensure that this data didn’t process in any incompatible manner with the originally stated purposes.
- Ensure that all personal data is relevant, not excessive, and adequate for its storage purposes.
- Make sure that all personal data is 100% accurate and, wherever necessary, kept up to date.
- You also have to ensure that no personal data is kept for any longer than necessary for the originally stated purpose.