• 1
  • 2
  • 3
  • 4
  • 1
  • 2
  • 3
  • 4

Data protection Policy

Statement of intent

Little People UK (LPUK) believes that all members have a right to have any personal information given to us, kept safe and secure, to maintain privacy and ensure correct processes are followed when obtaining, analysing and storing this data.


This policy has been produced to help the committee of LPUK meet their legal obligations concerning the collection and use of personal data provided by members. 


In accordance with the new General Data Protection Regulation (GDPR), from 25th May 2018 we are required to inform our members about the data we hold on them. 

The new legislation requires we obtain members consent to store, process and share their information. 

The information we request from members is:

  • Name
  • Date of birth
  • Address
  • Email address
  • Phone number(s)
  • Gender
  • Dwarfism condition

The reason we request this information is: 

a. Name, address, date of birth, gender and contact details - to inform members about news, events, activities and services offered by LPUK

b. Address - to connect members with others in same/similar location  

c. Dwarfism condition - to connect members with others of the same dwarfism condition

The GDPR 2018 follows the key principles set out in Data Protection Act (DPA) 1998, for managing data linked to a specific person ensuring that this is:

  • Fairly and lawfully processed
  • Processed for limited purposes 
  • Adequate, relevant and not excessive
  • Accurate and up to date
  • Not keep longer than is necessary
  • Processed in line with your rights
  • Kept securely 
  • Not transferred to other countries outside the European Economic Area

Data Protection is divided into two categories; 

  • Date Controllers - decide how the personal data is going to be used
  • Data Processors - process the data on the instructions of the Data Controllers. 

The LPUK committee are the Data Controllers for LPUK and personal data should only be processed in accordance with the LPUK committee. 

This includes electronic, manual and recorded data. 

Not only is compliance with the DPA and GDPR a legal requirement, there are good management reasons for doing so. For example; using out of date of inaccurate data could result in a complaint and failing to follow correct procedures when processing and storing information could have serious consequences. 

If you would like to know more about data protection, visit the website - www.ico.gov.uk 

Following the principles 

The membership forms will be the main method in which these principles are followed, these have been written in such a way that the following applies: 

  1. Fairly and lawfully

It is important to tell individuals why we are collecting their personal data and obtain their consent to use it in this way

  1. Processed for limited purposes 

The information collected on membership forms will only be used for the reason stated on the data protection sheet given with a membership form, or available from the LPUK office.  

  1. Adequate, relevant and not excessive

Membership forms have been carefully designed to ensure sufficient, yet relevant information is collected. 

  1. Accurate and up to date

Membership renewal occurs yearly, to ensure all data is up to date. If member’s information alters, they are encouraged to inform the LPUK office as soon as possible, who can then alter this information accordingly. 

  1. Not kept longer than is necessary 

Member’s data will be updated yearly, to coincide with the membership renewal. All out of date information will be destroyed securely after 3 years. As will members details, if they wish to leave. A record of when and how the data was destroyed will be kept. 

  1. Processed in line with your rights

Information given by members will be processed as per this policy. Members are free to withdraw consent of data processing at any time, and can contact the office regarding this. This will not affect data already processed. 

In some instance, design of the membership form does not automatically ensure data is protected. The following ensures this:

  1. Kept securely 

Information collected is submitted to a database, which is securely protected and access limited. Access to any information kept on the database will be only available to a number of appropriate committee members (Chairperson, Vice Chairperson and Treasurer) and Charity Administrator. 

  1. Not transferred to other countries outside the European Economic Area (EEA)

Data will not be transferred outside of the EEA. 

Data Protection Statement

Membership forms MUST contain a Data Protection Statement (DPS) that can be obtained from the LPUK office, in electronic and paper format. These statements will be shown to any members whilst obtaining data. LPUK’s DPS contains contact details for the Data Controller i.e. LPUK office. These membership forms outline what data will be collected and how the data will be processed. 

The DPS can be found on the LPUK website at: www.littlepeopleuk.org 

Vulnerable adults and children 

For any vulnerable* adults, or person under the age of 18, the membership form and DPS, should be drawn to the attention of the parent or carer.

*Vulnerable adult - all adults aged 18 or over, who are or may be in need of community services by reason of mental or other disability, age or illness and who are, or may be unable to take care of themselves, or unable to protect themselves against significant harm or exploitation (No secrets document, 2000)

Information on the website and educational literature 

Members must give consent when information about individuals is posted on LPUK’s website or literature, for example; name, age, dwarfism, and event photographs. Consent will be requested each time 


A secure database has been setup within LPUK to ensure data collected is held securely, training has been provided to all necessary committee members and staff. If members require further information regarding the database technology, contact the LPUK office. 

Notifying the Information Commissioners Office (ICO)

The ICO is the UK’s independent authority set up to promote access to official information and to protect personal information. As LPUK is collecting personal information and is holding it electronically or manually, we have registered with the ICO. 

The process for members to ask for data

Any member is allowed to have access to their own personal data held by LPUK. However, members can not have access to another member’s data unless they are the parent or legal guardian: of children under the age of 18 and/or vulnerable adults. 

If members require any data they must contact the office, who in turn will contact the appropriate people (Charity Administrator) who can arrange for this data to be provided.  

Further guidance

Raise Funds to Raise Awareness

just giving

Featured Video

Join Little People UK

Become a member of Little People UK to keep up-to-date with what we are doing, receive invitations to events across the UK and get hold of new information literature that we produce.

Join Now

Twitter - Follow us +