You may be aware of the EU Directive known as GDPR (General Data Protection Regulation), which came into effect on May 25th 2018. A summary of the main consequences can be found below.
Summary of Key GDPR Principles Relating to Individuals
The EU General Data Protection Regulation replaces previous EU Directives and UK Data Protection laws. It establishes for all individuals “the right to the protection of personal data concerning him or her”.
- Breach Notification: WRT must notify individual within 72 hours of first having become aware of a data breach
- Right to Access: The right for individuals to obtain from WRT confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge when requested
- Right to be Forgotten: Entitles the individual to have WRT erase his/her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data
- Right of Rectification: Individuals are entitled to require WRT to rectify any errors in their personal data
- Data Portability: GDPR introduces the right for a data subject to receive the personal data concerning them, which they have previously provided, in a 'commonly used and machine readable format' and have the right to transmit that data to another controller
Wear Rivers Trust (WRT) hold email addresses for the purposes of communicating with interested parties via email and newsletters.
The information is held indefinitely until such time as an individual requests removal, or WRT deems it to be redundant. The information is not sold to or shared with third parties.
Access to the data is limited to the Trust Director and Trust Administrator and is held in a secure commercial environment.