GDPR
Your quick guide
..
Vl . 1 .0
The Facts
04 Fact
The GDPR providesclearand thorough PersonalData privacylaw.
Com paniesthatbreakthe GDPR rulescould be ýned up to 4% oftheirturnoverorup to 20 m ilion euros,roughly£17.5 m ilion (whicheverishighest).
02 Fact
03 Fact
The GDPR replaced the Data Protection Act on 25 M ay2018.
01 Fact
GDPR standsfor GeneralData Protection Regulation.
1.
Staycom pliant:Com pleteyourGDPRelearning andasesm entannualy.
YourGDPRCheck- list
2. 3.
Downloadthisquickguideandkeepithandy.
Fam ilariseyourselfwith theseGDPRrelated docum ents, locatedontheAnchorHanoverintranet:
-SubjectAccessRequestprocedures -Data Retention Schedule -ClearDesk policy -Acceptable Com puterUse policy
4.
Lockcupboardsandof f i ceswhentheyare notinuse.
5.
Shreddocum entsorensurethattheyareplaced in conödentialw aste.
6.
Encryptem ailscontaining PersonalData when you aresending them externaly.
7.
Keepyourpaswordssecure,changethem regularlyanddonotsharethem .
8. 9. 10.
Lockawaykeyswhentheyarenotinuse.
Checktheidentityofcalersand visitors.
Find outwhotheDataProtectionTeam are ontheDataProtectionpageontheAnchor Hanoverintranet.
TheGDPR Roles
AnchorHanoverare ‘Data Controlers’.Thism eansthatwe are totaly responsible forhow we processthe PersonalData we hold and ensuring thatitism anaged within the rulesofthe GDPR. Data Controlers
Data Processorsare people ororganisationsthatprocessdata on behalfofAnchorHanover.Forexam ple,AnchorHanover’spayrol isprocessed bya third-partycom panyso theyare deýned asa Data Processor. Data Processors
Data Subjectsare coleaguesand custom ers.The people who have theirPersonalData processed bythe Data Controlersand Data Processors. Data Subjects
The 7 GDPR Principles
The Rights ofan Individual
The rightto restrictprocessing
The rightto be inform ed
The rightofaccess
The rightto data portabilty
The rightto rectiýcation
The rightto object
Rightsin relation to autom ated decision m aking and proýling
The rightto erasure
W orking on the GO
Considerwho else can see yourdevice ordocum ents.Ifsom eone else can see it,you shouldn’tbe processing personalinform ation.
Alwayslock yourdevice screenswhen theyare notin use.
Don’tleave item sunatended,even in yourcarorin placeswithin yourhom e thatare m ore susceptible to crim e,like a shed,porch orunlocked garage. Don’tletanyone else use your equipm ent.Thatextendsto leting your own children useaworklaptop.
Reporting a Breach
Personaldata breach identiýed.
Select‘Reporta breach’on the Data Protection page on the AnchorHanoverintranetstraight awayorcontactthe Data Protection Team .
Internalcom m unications and any necessary process changes are roled out. The afected Data Subjects m ay be contacted. The DPO informsthe ICO. After72 hours
TheDPO has72hoursfrom now to investigate and notifythe Inform ation Com m issioner’sOfýce (ICO).
Ourcoleaguesand custom erscan requestthatAnchorHanover rem ovesordeletestheirPersonalData itholds.Itwildepend on the legalbasisforprocessing the PersonalData whetherAnchor Hanoverisrequired to rem ove itornot.
AnchorHanoverwilneed to record consentforthe processing of alPersonalData which isnotprocessed in relation to a contract orlegitim ate interest.In practice,thiswilbe m ostlyused byour m arketing and fundraising team s.
UndertheGDPR,can anyone ask Anchor Hanoverto have their data rem oved?
W hen wilAnchor Hanoverneed consent?
FAQs
W hatisAnchor Hanover’sData
W hatifourcoleaguesor custom ersdo notgive consent?
Retention Schedule,can Isee it,do w e stick to it?
OurData Retention Schedule explainshow and where to record and store data and recordswhen created and in live use.Italso explains: • when to considerarchiving recordsand how to do so. • when to considerdeletion ordisposalofdata and recordsand how to do so. The Data Retention Schedule appliesto everyone who createsrecordsand storesdata atAnchorHanover,whetheraboutcoleagues,custom ersor otherwise.You m ustread and folow thisguidance which islocated on the AnchorHanoverintranet.
AnchorHanoverdoesnotneed consentto processalPersonalData. Forexam ple,ifthe processing ofPersonalData isrequired forthe perform ance ofa contract,such asan em ploym entcontract,then you do notneed to explicitlygive consentforthisand you could notwithdraw consenteither,unlessthe contractisalso term inated.
Data Portabiltyisone ofthe Data Subjectrights.Itm eansthatyou can askanyData Controlerfora copyofyourPersonalData held electronicalyin a m achine-readable form at.The intention behind thisit to enable Data Subjectsto switch service providerseasily.Itisintended to work in a sim ilarwayto when you switch curentaccounts,the banksexchange detailsofalthe transactionson youraccount.
W hatisportability?
Ifyou have anyquestionsorconcerns,please visit the Data Protection Page on the AnchorHanover intranetorcontactthe Data Protection Team . data.protection@anchorhanover.org.uk 01274 026141
W ho should IcontactifIhave anyquestionsorconcerns aboutdata protection?
FAQs
W ilthe GDPR stilafectus once we leave the EU?
The regulationsapplyto the processing ofthe PersonalData ofalUK citizens
Ifyou have anyfurtherquestions,need to reporta breach orrequestforinform ation, please go to the Data Protection page on the AnchorHanoverintranet.
Page 1 Page 2 Page 3 Page 4 Page 5 Page 6 Page 7 Page 8 Page 9 Page 10Made with FlippingBook - PDF hosting