SWVG Data Protection
The group is not required to register under the Data Protection Act as it is covered by the exemption for “Not For Profit” organisations. However group members are required to follow the data protection principles set out in the Act and in guidance from the Information Commissioner.
This note summarises that guidance. If you need more detail please use this web link www.ico.gov.uk/organisations.
Data protection – looking after the information you hold
If you hold and process information about your clients, you are legally obliged to protect that information. Under the Data Protection Act, you must:
- only collect information that you need for a specific purpose;
- keep it secure;
- ensure it is relevant and up to date;
- only hold as much as you need, and only for as long as you need it; and
- allow the client to see it on request.
The questions that you need to answer are:
Do I really need this information about my client
Do I know what I’m going to use it for?
Does the client whose information I hold know that I’ve got it, and is he/she likely to understand what it will be used for?
If I’m asked to pass on personal information, would my client expect me to do this?
Am I satisfied that the information is being held securely, whether it’s on paper or on computer?
In normal circumstances visitors should destroy documents about a client ( and delete electronic records) within 6 months of the last contact with that client. If the client is “taken over” by another visitor, all documents should be passed to the new visitor or destroyed if no longer required.
Documents given to a visitor by a client for safe keeping (particularly if they are original documents) should be returned to the client.
Information held by the Co-ordinator and the client administrator will be retained for a maximum of 5 years.
Last Updated: 11/05/2019 – Next Update Due: