The RCA Trust is committed to providing an efficient, effective and confidential service where service users are central to the service provision. Therefore we are fully committed to adhering to the new standards of legislation as set out by the GDPR from May 25th2018. 

Data Principles  

The 8 data protection principles which we adhere to are – 

1 – Personal information must be processed fairly and lawfully.

2 – Personal information must be processed for limited purposes.

3 – Personal information must be adequate, relevant and not excessive.

4 – Personal information must be accurate and up to date. 

5 – Personal information must not be kept for longer than is necessary.

6 – Personal information must be processed in line with the data subjects’ rights.

7 – Personal information must be secure. 

8 – Personal information must not be transferred to other countries without adequate protection. 

The GDPR builds on existing data protection laws. It gives enhanced protection for personal data and imposes stricter obligations on those who process personal data. The new obligations include:

• When an individual’s personal data is collected, they must be given more information about how it will be used through enhanced privacy notices.

• Individuals will have much stronger rights to have their personal data corrected, erased and/or provided to them. 

What is personal data? - Personal data is any information that relates to an identified or identifiable living person (e.g. staff member, member of the public, or customer). It generally includes their name, address, phone number, date of birth, place of birth, place of work, dietary preferences, opinions, opinions about them, whether they are members of a trade union, their political beliefs, ethnicity, religion or sexuality (as well as other information about them). Information which indirectly identifies a person will also be personal data. This would be the case where a single piece of information could not be used to identify a person but could do so in combination with other data or identifiers. 

Individual’s rights

Under the new GDPR regulations the individual using the service have the following rights – 

1 – The right to be informed.

2 – The right of access

3 – The right of rectification

4 – The right to erasure

5 – The right to restrict processing

6 – The right to data portability

7 – The right to object 

8 – The right not to be subject to automated decision-making including profiling. 

The individual has to give consent for their information to be held freely; therefore clients will have to explicitly give their consent which must be specific, freely given, informed consent and unambiguous. There must be a positive opt-in; consent cannot be inferred from silence, pre-ticked boxes or inactivity. In addition the individual is free to withdraw their consent at any time.