Ahead of the new General Data Protection Regulations (GDPR) that will be introduced in May this year, we have been working towards ensuring that the necessary processes and procedures are in place to safeguard the personal data of our staff and residents.
The new GDPR guidelines, which come into force on 25 May 2018, will strengthen an individual’s data protection rights, ensuring that those using their information will do so with care and consideration of the potential risks, whilst having safeguards in place to protect the individual.
It will achieve this by giving individuals greater control over their personal and sensitive information, introducing stricter rules for gathering and storing sensitive data, as well as increasing the powers of national regulators, such as The Information Commissioner’s Office (ICO).
At Notting Hill Housing we want our residents to be confident in the way their information is used, taking the security of their personal data and the implementation of these new rights seriously. We currently access our resident’s personal data to respond to enquiries, provide services and manage customer relationships. We also use their personal data to help us improve our services and notify them of any changes we are considering or planning to make. Access to your information is limited to ourselves, but there are occasions when we need to disclose your details to others. When we need to do this, we do it:
- Where we have a lawful basis to do so i.e. to perform a contract
- Where it is in our legitimate interests to do so i.e. to carry out customer research to help us improve our service
- When we are legally obliged to, i.e. credit checks, debt collection or in connection with legal proceedings
- In the detection and prevention of fraud
- Or when relevant with your prior consent
We may also share your information with emergency services and local authorities, where this is necessary to help them respond to an emergency situation that affects you.
As a result of these new regulations coming into force, Notting Hill Housing residents will have the right to:
- Be informed of the data held
- Withdraw consent for their data to be used
- Amend their dataRestrict processing in limited circumstances i.e where the data is inaccurate
- Request for their data to be deleted, known as the ‘right to be forgotten’
- Give explicit consent for their data to be processed by ticking an ‘opt-in box’
- Provide parental consent before using their child’s data
- Make a Subject Access Request at any time, free of charge, and get a response within one month>/li>
- Object to decisions made by automated means
To ensure our residents are confident in how we use their data, we will:
- Enhance our security measures to protect your personal and sensitive data
- Regularly review our policies and procedures to ensure they are robust and evolve accordingly
- Provide regular and ongoing training in data protection for our staff to ensure they understand their duties and responsibilities when handling our residents data
- Ensure that in all instances where we require residents consent, it is requested in clear and in plain English
- Ensure data breaches will be actioned swiftly and in a fully transparent manner, notifying those affected and the appropriate authorities accordingly.