When processing personal data, we will uphold the following standards:
- Ensure we are operating… fairly, lawfully and in a transparent manner and only collect data for specified, explicit and legitimate purposes. We will not process it in ways that are not compatible with what we have told you.
- Employ data minimisation… to limit the collection of personal information to that which is directly relevant and necessary to accomplish a specified purpose.
- Observe data subject rights… to ensure that the rights that are afforded to individuals under the UKGDPR are upheld appropriately and in accordance with the regulation and associated legislation.
- Be accountable… by all staff adhering to and remaining compliant with all of the UKGDPR principles and contributing to demonstrating the organisations compliance.
- Use anonymisation, pseudonymisation and encryption… where possible and appropriate staff to anonymise/pseudonymise and encrypt personal data in order to protect the privacy rights of individuals.
- Use the model of least privilege… in order to ensure that personal data is only accessed by staff that have a defined need to access it, we will ensure that security controls are implemented to data held physically and electronically, and we will review the access controls and permissions on a regular basis.
Should you require any further information about Catch22’s data protection work, please feel free to contact us using the details below:
Data Protection Officer, 27 Pear Tree Street, London, EC1V 3AG
DPO@catch-22.org.uk