FNW Data Protection policy and procedures

The Friends of Normandy Wildlife Committee is committed to meeting the new data protection regulations. Below are our policy and procedures, as last updated in February 2018.

Data Protection Policy

Key principles of the General Data Protection Regulation

  • Fairness
  • Lawfulness and Transparency
  • Purpose Limitation
  • Data Minimisation
  • Data Quality
  • Security
  • Integrity and Confidentiality

To implement these principles, FNW will undertake the following:

  1. All contact details provided by those who wish to join the Friends of Normandy Wildlife (FNW) circulation list will be used only for FNW mailings on FNW events and matters concerning wildlife in Normandy and for no other purpose.
  2. FNW will only collect the personal data necessary to send out email mailings.
  3. Contact details will be accurate and up to date.
  4. Individuals will be able to find out in a timely manner what personal data FNW holds on them.
  5. Contact details will be securely stored and disposed of.
  6. Any breach which reveals personal data will be relayed to those affected soon as possible.
  7. Contact details will not be passed to a third party.

 

Data Protection procedures

  1. Contact details on paper will be protected by;
  • keeping records in a locked cabinet or box.
  • updating records after a change of details notification as soon as possible, but no later than then days after the notification.
  • disposing of records no longer needed as soon as possible, but no later than ten days after a request to remove details or after the record is no longer needed.
  • shredding records before disposal.
  1. Electronic contact details will be protected by;
  • password protecting electronic records and storing them on a password protected device.
  • computers used to store records should have reputable and up to date security software installed.
  • records should be backed up. A backup should be taken following a change in data. Backups should be stored in a locked drawer or cabinet.
  • email communications should be sent BCC to all recipients.
  • updating records after a change of details notification as soon as possible, but no later than ten days after the notification.
  • disposing of records no longer needed as soon as possible, but no later than ten days after a request to remove details.
  1. Accessing personal data

Anyone wishing to view their personal data held by Friends of Normandy Wildlife should be given these details within ten days.

  1. Breaches

Breaches of data protection, such as the failure to send out BCC, or a hack of the device used to store the data should be reported to those affected as soon as possible.