Data protection Policy 2.10 2021
Confidentiality and Data Protection
Introduction:
The aim of this policy is to comply with the GDPR Act 2018 in regard to the keeping of confidential information about people who work for or who are served by CTI 2000.
GDPR Act 2018 places obligations on organisations that use personal information and gives individuals certain rights. The act states that those who record and use personal information must be open about how the information is used and must follow the principles of good information handling.
The principles require data shall be
1. Fairly and lawfully processed.
2. Used for specific defined purposes.
3. Accurate and up to date.
4. Not kept longer than necessary without permission. Individuals can request access and deletion of their details.
5.Secure and confidential
1. What information do we hold?
a. About employees and volunteers
CTI 2000 holds names, telephone numbers, postal and email addresses for all paid staff and volunteers. If you receive your pay by bank transfer, we will also hold your current bank details.
b. About individuals in our care
CTI 2000 hold names, telephone numbers, postal and email addresses for individuals in our care. We also hold information about health problems and medication and how to contact next of kin in an emergency.
c. About other members of the organisations CTI 2000 hold names, telephone numbers, postal and e mail addresses for other members. When an individual ceases to be a member, we no longer retain this information.
2. Where is the information kept?
The information referred to in section 1 is held electronically on computers belonging to the Management Committee. Health information and emergency contact details are also held by group leaders in paper copy. Bank details are held securely by the Treasurer.
3. Who has access to this information?
Members of the Management Committee and Group leaders have access to this information. Anyone has a right to request to see the information we hold about them. Personal information will not be disclosed to anyone outside the organisation without written approval of the individual concerned or their carer. We will only ask carers in cases where an individual, through incapacity, is unable to give informed consent. In an emergency, we reserve the right to disclose medical information to care givers without seeking permission.
4. Third party requests for information
We do not disclose personal information to individuals who are not members of CTI 2000. The only exception is a medical emergency.
Data Protection Check list
1. Never leave confidential information lying around.
2. Do not take confidential information home unless you have permission to do so.
3. Do not copy confidential information into your own files or onto your own computer.
4. Do not discuss confidential information where you may be overheard.
5. If approached by a third party for information about a colleague or individual, do not make any disclosure. Refer the enquirer to a member of the Management Committee and tell them that CTI 2000 does not give out personal information.
6. Do not disclose anything you are told in confidence by a colleague or an individual in our care unless to do so would be negligent (e.g. in a case of suspected mistreatment or abuse) If you are in doubt ask a Member of the Management Committee for advice.
7. Do not speak to the press without permission from the Management Committee
Review date October 2022
Confidentiality and Data Protection
Introduction:
The aim of this policy is to comply with the GDPR Act 2018 in regard to the keeping of confidential information about people who work for or who are served by CTI 2000.
GDPR Act 2018 places obligations on organisations that use personal information and gives individuals certain rights. The act states that those who record and use personal information must be open about how the information is used and must follow the principles of good information handling.
The principles require data shall be
1. Fairly and lawfully processed.
2. Used for specific defined purposes.
3. Accurate and up to date.
4. Not kept longer than necessary without permission. Individuals can request access and deletion of their details.
5.Secure and confidential
1. What information do we hold?
a. About employees and volunteers
CTI 2000 holds names, telephone numbers, postal and email addresses for all paid staff and volunteers. If you receive your pay by bank transfer, we will also hold your current bank details.
b. About individuals in our care
CTI 2000 hold names, telephone numbers, postal and email addresses for individuals in our care. We also hold information about health problems and medication and how to contact next of kin in an emergency.
c. About other members of the organisations CTI 2000 hold names, telephone numbers, postal and e mail addresses for other members. When an individual ceases to be a member, we no longer retain this information.
2. Where is the information kept?
The information referred to in section 1 is held electronically on computers belonging to the Management Committee. Health information and emergency contact details are also held by group leaders in paper copy. Bank details are held securely by the Treasurer.
3. Who has access to this information?
Members of the Management Committee and Group leaders have access to this information. Anyone has a right to request to see the information we hold about them. Personal information will not be disclosed to anyone outside the organisation without written approval of the individual concerned or their carer. We will only ask carers in cases where an individual, through incapacity, is unable to give informed consent. In an emergency, we reserve the right to disclose medical information to care givers without seeking permission.
4. Third party requests for information
We do not disclose personal information to individuals who are not members of CTI 2000. The only exception is a medical emergency.
Data Protection Check list
1. Never leave confidential information lying around.
2. Do not take confidential information home unless you have permission to do so.
3. Do not copy confidential information into your own files or onto your own computer.
4. Do not discuss confidential information where you may be overheard.
5. If approached by a third party for information about a colleague or individual, do not make any disclosure. Refer the enquirer to a member of the Management Committee and tell them that CTI 2000 does not give out personal information.
6. Do not disclose anything you are told in confidence by a colleague or an individual in our care unless to do so would be negligent (e.g. in a case of suspected mistreatment or abuse) If you are in doubt ask a Member of the Management Committee for advice.
7. Do not speak to the press without permission from the Management Committee
Review date October 2022