Data Protection Policy

Everyday Mindfulness Scotland

Data Protection Policy __________________________________________________________________________________

Introduction

The purpose of this policy is to:

comply with the law in respect of the data it holds about individuals;
follow good practice;
protect our students, volunteers, staff and other individuals
protect the organisation from the consequences of a breach of its responsibilities.

The policy seeks to meet the legal obligations as outlined in the Data Protection Act 1998.

As a not for profit organisation, we are not obliged to register with the Information Commissioner, however we have done so voluntarily (1 July 2013)

Data Protection Principles

  1. Personal data shall be processed fairly and lawfully and, in particular,shall not be processed unless –

    (a) at least one of the conditions in Schedule 2 is met, and

    (b) in the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.

  2. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.

  3. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

  4. Personal data shall be accurate and, where necessary,kept up todate.

  5. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

  6. Personal data shall be processed in accordance with the rights of data subjects underthisAct.

  7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

  8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Policy Statement

Everyday Mindfulness Scotland will:

  • comply with both the law and good practice

  • respect individuals’ rights

  • be open and honest with individuals whose data is held

  • provide training and support for staff and volunteers who handle personal data, so that they

    can act confidently and consistently

    Everyday Mindfulness Scotland recognises that its first priority under the Data Protection Act is to avoid causing harm to individuals. In the main this means:

  • keeping information securely in the right hands, and

  • holding good quality information.

    Secondly, the Act aims to ensure that the legitimate concerns of individuals about the ways in which their data may be used are taken into account. In addition to being open and transparent, Everyday Mindfulness Scotland will seek to give individuals as much choice as is possible and reasonable over what data is held and how it is used.

    Key Risks

    Everyday Mindfulness Scotland has identified the following potential key risks, which this policy is designed to address:

  • Breach of confidentiality (information being given out inappropriately) especially through emailing

  • Harm to individuals if personal data is not up to date

  • Insecurity of electronic database

    Data Protection Officer

    The Data Protection Officer is currently Jeannie Mackenzie, with the following responsibilities:

  • Briefing the Advisory Group on Data Protection responsibilities

  • Reviewing Data Protection and related policies

  • Advising other staff and volunteers on Data Protection issues

  • Ensuring that Data Protection induction and training takes place

  • Notification

  • Handling subject access requests

  • Approving unusual or controversial disclosures of personal data

All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Staff and Volunteers

All staff and volunteers are required to read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work.

Enforcement

Significant breaches of this policy will be handled under Everyday Mindfulness Scotland’s disciplinary procedures (not yet written)