GDPR (General Data Protection Regulations) is a whole system of regulations, systems, rights and principles that aims to protect the personal data of every EU citizen. It came into effect on the 25th May 2018 The GDPR legislation documents are huge and set out to give a person more rights over the data that an organisation holds on them, but in a nutshell, the main points are as follows:
- A person can request to see all the details that you hold on them both in human and machine readable format.
- A person can request that you delete all the personal data that is held by an organisation
- You need to state a valid reason for gathering and processing their data
- You need to ask for consent when you gather data
- You need to provide people with a way of withdrawing that consent at any time.
- You need to take precautions to protect personal data that you have gathered.
Medstead Parish Council has developed the required Policy and this is attached for reference below.