Data Protection Policy – Buxton Street by street Coronavirus Volunteers
This is the statement of general policy arrangements.
The association is committed to ensuring that all personal information in its possession is processed fairly and lawfully with all due regard to current data protection legislation in force in the
United Kingdom. The association recognises that it is a Data Controller as defined in legislation and takes the responsibilities of this role seriously.
Data Protection Officer
Having reviewed the nature and scope of the information held by the association, the committee have decided not to designate a Data Protection Officer in accordance with Article 37 of the EU General Data Protection Regulation (EU2016/679). Overall responsibility for data protection rests with the committee.
Roles and Responsibilities
Everyone in the association is responsible for ensuring that their own work practices are compliant with the relevant policies and procedures regarding data protection and for promptly reporting any potential breeches of data protection to a committee member. Failure to do so may result in personal liability.
The committee personally acknowledge their overall responsibility for data protection and specific responsibility for the following:
● Day-to-day responsibility for ensuring policy is put into practice
● Maintaining the physical security of locations and devices containing personal information
● Maintaining the cyber security of computer systems containing personal information
● Maintaining a register of personal information processed by the association
● Ensuring that any information processing is in accordance with the legal basis and the data
protection principles
● Ensuring that appropriate impact assessments are carried out and the results of those
assessments are put into practice
● Ensuring that appropriate policies and procedures are in place and that staff are given training
and guidance in order to be competent in doing their work
● Ensuring that data subjects are informed about processing through privacy notices and other
means
● Ensuring that contracts include data protection clauses where relevant
● Ensuring that any personal information exported to a non-EU country is subject to appropriate
legal safeguards
● Ensuring that data subject requests are dealt with appropriately and in a timely manner
● Ensuring that data breech incidents are dealt with appropriately and in a timely manner
● Ensuring that business continuity arrangements protect the confidentiality, integrity and
availability of personal information even during a crisis.