The General Data Protection Regulation (GDPR) is the latest EU data privacy and protection framework which is effective from 25th of May 2018.
At East Cheshire Housing Consortium, we respect your privacy and are highly committed to protecting your personal data. When we refer to “your” personal data we are referring to you personally and, where it is applicable, to any individuals who are connected to your business, such as employees, consultants or workers.
East Cheshire Housing Consortium GDPR Preparation
As part of our GDPR preparation process, we have reviewed and updated all our internal processes, procedures, data systems and documentation in order to ensure that we are compliant when GDPR comes into force in May 2018.
Our GDPR Principles
- We will process all personal data fairly and lawfully.
- We will only process personal data for specified and lawful purposes.
- We will endeavour to hold relevant and accurate personal data, and where practical, we will keep it up to date.
- We will not keep personal data for longer than is necessary.
- We will keep all personal data secure.
- We will endeavour to ensure that personal data is not transferred to countries outside of the European Economic Area (‘EEA’) without adequate protection.
Our GDPR Actions
- We have reviewed and updated our range of policies, including our Data Breach Policy, Business Continuity Plans and Subject Access Requests.
- We have undertaken a systematic review of the personal data we store, manage, maintain, collect, process and control.
- We have provided training to appropriate staff to generally raise the awareness and importance of GDPR to our business.
- We have revised our Privacy Notices to comply with GDPR, ensuring that all individuals whose personal information we process have been informed of why we need it, how it is used, what their rights are, who the information is disclosed to and what safeguarding measures are in place to protect their information.
- GDPR training and awareness will form part of our induction training program for new employees.
- We understand that continuous employee awareness and understanding is vital to the continued compliance with GDPR and have involved relevant employees in our preparation plans.
- We will continually look at ways of improving our systems and procedures to better comply with GDPR best practise and will continue to monitor and modify our GDPR plans beyond May 2018.
Failing to provide Personal Data
Where we need to collect personal data by law or under the terms of a contract that we have with you, and you fail to provide the data when requested, we may not be able to perform the contract.
In such cases, having exhausted all avenues, we may be unable to start providing services or cancel the services however this will only occur following formal notification with an opportunity to rectify matters.
Reasons why we use your Personal Data and Consent
We will only use your Personal Data lawfully and most commonly when we need to perform the contract which we have entered into with you, where we need to comply with a legal or regulatory obligation or where it is necessary for our legitimate interests (and your interests do not override ours).
As such generally, except for some marketing activities, we do not rely upon consent as a legal basis for processing your Personal Data.
Data Security and Data Breaches
Steps have been taken to ensure we have the appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed.
We have put in place procedures to deal with any suspected or actual data breach and will notify you where we are required to do so.
Any East Cheshire Housing Consortium GDPR related questions and any data subject requests can be addressed to East Cheshire Housing Consortium nominated GDPR compliance person – Deborah Sproston – contact email Info@echc.org.uk