This Statement provides information relating to the steps that South Central Community Transport (SCCT) and the Wheel Meet Again (WMA) Project is taking to ensure GDPR compliance.
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations approach data privacy.
The new regulations come into force on 25 May 2018 and introduce an enhanced EU-wide data protection regime.
GDPR IMPACT ON SCCT & WMA Project
At SCCT & WMA we have been reviewing and, where necessary, updating, our data protection practices; we have been developing our own systems, procedures, processes, polices etc. to ensure that internally we meet the enhanced GDPR requirements.
GDPR gives an even greater emphasis on ‘privacy by design’, where data privacy is the default option.
This means that where we personal data that we could potentially pass to a to the National Lottery as part of the funding process, we will be changing our systems from: ‘Opt out’ | Please tick if you want to remain anonymous, to: ‘Opt in’
GDPR IMPACT ON COMPANIES WORKING WITH SCCT & WMA
Our GDPR changes will affect the data we collect from your employees.
We will be in contact with companies on a more personal level in the next few weeks, depending on how your employee data is collected. We’ll be explaining to you what we need you to do, or explaining to you when you will see the changes that we’ve made to your current process.
GDPR IMPACT ON DONORS
Donors will be able to manage their contact preferences SCCT & WMA. We will release more information on how to update preferences once the new system has been launched.
Under the GDPR, the data protection principles set out the main responsibilities for organisations.
SCCT & WMA will comply with the GDPR principles, which require that personal data is:
- Processed lawfully, fairly and in a transparent manner in relation to individuals
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed
- Accurate and, where necessary, kept up to date
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed
- Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures
For general GDPR related questions, contact firstname.lastname@example.org