Little People UK
Data protection Policy
1. Statement of intent
Little People UK (LPUK) believes that all members have a right to have any personal information given to us, kept safe and secure, to maintain privacy and ensure correct process are followed when obtaining, analysing and storing this data.
This policy has been produced to help the committee of Little People UK meet their legal obligations concerning the collection and use of personal data provided by members of LPUK.
- The Data Protection Act 1998
The Data Protection Act 1998 sets out the key principles for managing data linked to a specific person (personal data). This includes electronic, manual and recorded data.
- Principles of the Data Protection Act 1998
1. Fairly and lawfully processed
2. Processed for limited purposes
3. Adequate, relevant and not excessive
4. Accurate and up to date
5. Not kept longer than is necessary
6. Processed in line with your rights
7. Kept securely
8. Not transferred to other countries outside the European Economic Area
- The Data Protection Act 1998 divides organisations and processing data in to Data Controllers and Data Processors. Data Controllers decide how the personal data is going to be used and Data Processors process the data on the instructions of the Data Controllers. The LPUK Committee is the Data Controller for LPUK and personal data should only be processed in accordance with the LPUK Committee.
- In addition, some deliverer’s e.g. regional representatives may want to collect information about members on their own behalf. This would make the regional representatives Data Controllers of this information, however this data must be processed in accordance to the LPUK Committee.
- Not only is compliance with the Data Protection Act (DPA) a legal requirement, there are good management reasons for doing so. For example; using out of date or inaccurate data could result in a complaint and failing to follow correct procedures when processing and storing information could have serious consequences.
- If you would like to know more about the data protections principles, see the Information Commissioners Office website
- Following the principles the membership forms will be the main method in which these principles are followed, these have been written in such a way that the following applies:
a. Fairly and lawfully
It is important to tell individuals why you are collecting their personal data and obtain their consent to use it in this way.
b. Processed for limited purposes
The information collected on membership forms will only be used for the reason stated on the data protection sheet available.
c. Adequate, relevant and not excessive
Membership forms have been carefully designed to ensure sufficient, yet relevant information is collected.
d. Accurate and up to date
Membership renewal occurs yearly, to ensure all data is up to date. If member’s information alters, they are encouraged to inform the LPUK membership secretary as soon as possible, who can then alter this information accordingly.
e. Not kept longer than is necessary
Member’s data will be updated yearly, to coincide with the membership renewal. All out of date information will be destroyed securely, as will member’s details if they wish to leave.
f. Processed in line with your rights
If members would not like their information to be used in any way, including those stated on the Data Protection Statement, they must inform the LPUK Committee immediately.
- In some instances, design of the membership form does not automatically ensure data is protected. The following ensures this:
i. Kept securely
Information collected is submitted to a database, which is securely protected and access is limited. Access to any information kept on the database will be only available to a number of appropriate committee members.
ii. Not transferred to other countries outside the European Economic Area
Data will not be transferred outside of the EEA.
g. Data Protection Statement
Membership forms MUST contain a Data Protection Statement that can be obtained from the LPUK Committee, in electronic and paper format. These statements will be shown to any member whilst obtaining data. LPUK’s Data Protection Statement contains contact details for the Data Controller i.e. appropriate member of the LPUK Committee.
A brief Data Protection Statement can be found on the website www.littlepeopleuk.org along with the more detailed Data Protection Statement which can be downloaded. This statement should be made available when any details from members are collected.
h. Vulnerable adults and children
For any vulnerable* adult, or person under the age of 18, the membership form and Data Protection Statement, should be drawn to the attention of the parent or carer.
*Vulnerable adult definition – all adults aged 18 or over who are or may be in need of community services by reason of mental or other disability, age or illness and who are, or may be unable to take care of themselves, or unable to protect themselves against significant harm or exploitation (No secrets document, 2000)
i. Additional advice for regional representatives
When someone signs up to be a member of LPUK it is reasonable to assume that they will expect to be contacted from time to time with LPUK communications, including regional events. Therefore a membership form does not automatically need to have an op-out tick box. It is necessary for membership forms to include a brief explanation of how any personal data requested may be used and also how it will not be used, this information is provided on the Data Protection Statement.
If regional representatives require more information than is provided on the membership form, they must inform the Regional Coordinator, who in turn will inform the LPUK Committee. At which stage, discussions of whether this is necessary can take place. If deemed necessary the appropriate forms can be designed for distribution.
j. Information on the website and educational literature
Members must also give consent, when information about individuals is posted on it’s website or literature, for example, name, age, dwarfism and event photographs.
A secure database has been setup within LPUK to ensure data collected is held securely, training has been provided to all necessary committee members. If members require further information regarding the database technology, contact the IT Coordinator.
l. Notifying the Information Commissioners Office
The Information Commissioners Office (ICO) is the UK’s independent authority set up to promote access to official information and to protect personal information. As LPUK is collecting personal information and is holding it electronically or manually, we have registered with the ICO.
m. The process for members to ask for data
Any member is allowed to have access to their personal data held by LPUK. However, members cannot have access to another member’s data. Unless they are the parent or legal guardian: of children under the age of 18 and/or vulnerable adults.
If a member requires any data they must contact the Charity Administrator, who in turn will contact the Little People UK Chairperson and Vice Chairperson who can then arrange for this data to be provided.
4. Further guidance
This policy was adopted:
Date: August 2017 Next Review Date: August 2018
Signed: S.Davis (Chairperson) On behalf of Little People UK Committee