Most of us regularly share our personal data not only with each other, but with companies and organisations across the globe. With the expansion of the internet, smart phone technology and social media, individuals and companies are able to get hold of your personal data much more easily than they could a few years ago.
This means that the Data Protection Act of 1998, which protects how your personal data can and can’t be used, is no longer fit for purpose as it does not take into account the digital era we live in.
In light of this, on Friday 25 May 2018 the EU is introducing the General Data Protection Regulations (GDPR).
What is meant by personal data?
This is any information relating to an individual, personal or professional. This includes a name, address, email address, financial details, posts on social networks, photographs and medical records.
What is meant by sensitive personal data?
This is any information relating to an individual’s racial or ethnic origin, political opinions, religious beliefs, trade union activities, physical or mental health, sexuality, or details of criminal offences.
What is GDPR?
The new GDPR guidelines will strengthen an individual’s data protection rights, ensuring that those using their information will do so with care and consideration of the potential risks, whilst having safeguards in place to protect the individual.
As a result you will have greater control over your personal information, with stricter rules being introduced to manage how your sensitive data is gathered and stored. The powers of the national regulators – the Information Commissioner’s Office – will also increase.
As an organisation, Notting Hill Genesis will support these new rights and act on the requests of individuals based on these new regulations.
Who does GDPR apply to?
- Any organisation that captures, handles, stores, or shares any kind of personal data of EU citizens
- Any organisation that processes data on behalf of another (for example, a cloud service provider)
How does Notting Hill Genesis use my data?
We want you to be confident in the way that your information is used, taking the security of your personal data and the implementation of these new rights seriously. We currently use your personal data to respond to enquiries, provides services and manage customer relationships. We also use your personal data to inform you about our services, help us improve our services and notify you of any changes we are considering to make.
Will Notting Hill Genesis share my personal information with others?
Access to your information is usually limited to ourselves, but there are occasions when we need to disclose your details to others. When we need to do this, we do it:
- Where it is in our legitimate interests to do so – for example, to carry out customer research to help us improve our service in line with your tenancy agreement or lease
- When we are legally obliged to – for example, credit checks, debt collection or in connection with legal proceedings
- In the detection and prevention of fraud
- When relevant, with your prior consent
We may also need to share your information with emergency services and local authorities to help them respond to an emergency situation that affects you.
What does the GDPR mean for me?
Under the new regulations, you will have the right to:
- Withdraw consent for your data to be used where there is no legitimate reason for that data to be used
- Amend your data where the data is inaccurate
- Request for your data to be deleted, known as the ‘right to be forgotten’.
- Give explicit consent for your data to be processed in certain circumstances by ticking an ‘opt-in’ box
- Make a subject access request (a request to see the information we hold on you) at any time, free of charge, and get a response within one month
- Will have the right to object by automated means
To ensure that you are confident in how we use your data, we will:
- Enhance our security measures to protect your personal and sensitive data
- Regularly review our policies and procedures to ensure they are robust and evolve accordingly
- Provide regular and ongoing training in data protection for our staff so that they understand their duties and responsibilities when handling your personal data
- Ensure that in all instances where we require your consent, it is requested in clear, plain English
- Obtain parental consent before using a child’s data
- Take action on any data breaches swiftly and in a fully transparent manner, notifying those affected and the appropriate authorities accordingly
What about Brexit?
GDPR will not be affected by Brexit. The UK will remain in the European Union from May 2018 and will be governed by its rules. The Government has also confirmed that GDPR will be implemented across the UK regardless of Brexit.
The protection of your information will remain at the heart of our commitment to delivering excellent service to our customers.
Make a complaint
As with all Notting Hill Genesis services, if you aren’t happy with the way we have used your data you are entitled to submit a complaint. Click here for more information on how to make a complaint.
Control of your personal information
The new regulations will give you greater control over your personal information, increasing the number of rights you have. One of these rights will allow you at any time to request to see the information we hold on you by making a subject access request.
To make a subject access request, please contact your officer or write to us at the following address:
Subject Access Request
Notting Hill Genesis
Bruce Kenrick House
2 Killick Street
We will respond within 30 calendar days and provide a copy of this information, free of charge.
You can also find out more about your rights under the new regulations by visiting the Information Commissioner’s Office website.