Data Protection & GDPR Policy
1. Policy introduction
Data protection legislation exists to protect individuals from the abuse of personal information. It covers both computerised and written information and the individual’s right to see such information.
The GDPR forms part of the data protection regime in the UK, together with the new Data Protection Act 2018 (DPA 2018). The main provisions of this apply, like the GDPR, from 25 May 2018.
Detailed information on the Act may be found at
2. How GDPR affects CSL
CSL must identify valid grounds under the GDPR (known as a ‘lawful basis’) for collecting and using personal data.
CSL must ensure that you do not do anything with the data in breach of any other laws.
CSL must use personal data in a way that is fair. This means you must not process the data in a way that is unduly detrimental, unexpected or misleading to the individuals concerned.
CSL must be clear, open and honest with people from the start about how you will use their personal data.
3. Data Protection registration
CSL is registered with the Information Commissioner under the process formally known as ‘notification’.
As part of the personnel records CSL may need to record sensitive personal data about an employee. The organisation normally only holds personal information contained within the employee/volunteer application form, supervision/appraisal records, training records, employment records or other information required by the organisation.
Personal data only includes information relating to persons who:
-can be identified or who are identifiable, directly from the information in question; or
-who can be indirectly identified from that information in combination with other information.
Sensitive personal data is defined as information relating to any of the following:
- racial or ethnic origin
- political opinions
- religious beliefs or beliefs of a similar nature
- trade union membership
- sexuality or sex life
- offences and/or convictions (including proceedings or sentencing)
The organisation holds a copy of employment/volunteer application forms plus records of training, supervision/appraisals, holidays, sickness and other communication (letters etc).
Under the Data Protection legislation, all employees/volunteers have to give consent for information to be held; additionally they have the right to refuse the holding of additional and/or sensitive information by the organisation by stating this on the Record of Staff Consent Form.
Data collected will include your personal details (name, address, telephone etc) as well as your employment history, volunteering activities & education.
Employee & Volunteer information will be kept in a locked filing cabinet. Only authorised CSL staff members will have access to this. The information given on the application form will be kept as part of a HR file throughout the employment. Should employment with CSL be terminated, personal information will be kept on file for as long as there is a legitimate business need or legal obligation to do so.
6. Right to Access
You have the right to request a copy of the information we have stored about you.
If you would like a copy of some or all of the personal data we hold about you, please write to: Monika Rodoz, The Old Abbey School, Worksop, Notts. S80 2BU or email firstname.lastname@example.org.
You are entitled to ask us to correct or remove any information
In the event of a valid request, we shall provide you with a copy of the requested information within 14 calendar days.
This policy will be reviewed yearly.
LAST UPDATED: 20th June 2018 by Laura Palmer