The General Data Protection Regulation 2016 was a new European Union Directive that provides a singular data protection law for the European Union, creating a reference and basis upon which security platforms may be initiated, to prevent the loss of personally identifiable information as a consequence of security breaches. The GDPR enforced stringent data protection requirements on all organisations that possess or process personally identifiable information. Non-compliance with the GDPR will result in organisations facing substantial fines, depending on the severity of the breach and the deemed tier of the offence.
The GDPR aims to ensure that data protection laws are kept up to date with the internet age and are responsive to the ever-elevating threat of security breaches and cyber-attacks. Coming into effect on 25th May 2018, the GDPR is prescriptive and will help to reassure European citizens that their personal data is safe, enhancing their confidence and interaction with online services.
The GDPR puts the security of EU citizens at the forefront of all processing activities, including granting individuals new legal rights concerning access to data and data erasure, and holding organisations accountable for any obligations that they fail to adhere to.
The Government confirmed that the GDPR was to be incorporated into the General Data Protection Act 2018. Therefore, it is imperative that individuals involved in, and responsible for, data protection and processing, have a comprehensive appreciation of the meticulous details of the GDPR.
In UKCHO the Executive Committee is the Data Controller, the Data Protection Officer is the Secretary and the Data Processing Officer is the Website Administrator. Individual Members are Data Subjects.
A key role in the GDPR is that of the Data Protection Officer whose role must be designated on the basis of professional qualities and expert knowledge of data protection law. In particular, the DPO must adhere to the GDPR requirements, as follows:
- to inform and advise the Data Controller of their obligations pursuant to the GDPR;
- to monitor compliance with the GDPR, including the assignment of responsibilities, awareness-raising and training involved in data processing operations, and the related audits;
- to provide advice where requested with regard to the data protection impact assessment and monitor its performance;
- to co-operate with the Office of the Information Commissioner as the supervisory authority for the GDPR;
- to act as the contact point for the Office of the Information Commissioner as the supervisory authority for the GDPR on issues related to the processing of personal data.
On Friday, 25th May 2018, The Data Protection Act 1988 was replaced by a new Data Protection Act 2018 incorporating the General Data Protection Regulation 2016. The GDPR sets out the key principles by which all personal data, i.e. data by which an individual may be identified, must be collected, processed, stored and used by an organisation such as UKCHO.
In particular, to comply with its legal obligations, personal data must be collected by UKCHO:
- for specific, explicit and legitimate purposes;
- processed lawfully, fairly and transparently;
- limited to what is necessary for the purposes for which it is processed;
- kept accurate and up to date;
- stored securely and not disclosed to any third party unlawfully;
- retained for as long as is necessary for the reasons it was collected.
In addition, individuals have certain rights regarding their personal data, i.e.
- to be kept informed about how their data is used;
- how to access their data and any rectify incorrect information;
- how to have their data erased; restrict how their data is used;
- move their data from one organisation to another;
- to object to their data being used at all.
- Collecting personal information
UKCHO is committed to respecting and protecting your privacy. When you register with UKCHO as a Member Organisation or Associate Member Organisation you will be asked to provide certain personal information, for example your name, your address, both postal and email, telephone number, as set out in Membership Application Form. UKCHO will store this data securely and hold it on computers or in other formats, and use it for the purposes outlined below.
- Use of personal information
UKCHO collects personal data for the purposes of administration and communication with its Members, and for processing and validating membership subscriptions. UKCHO only uses personal information within the context of the purposes outlined, and it will only keep the information as long as is necessary to support these purposes.
- Controlling access to personal information
UKCHO will not pass on your personal information to any third party unless you give it permission to do so, or UKCHO is required to do so by law. As a member of UKCHO your personal information will be displayed on the UKCHO website at www.ukcho.co.uk to provide basic information for potential members or clients who may wish to consult you, such information to include only your name, email and telephone number. Your home address or business address will not be displayed, unless you chose to do so.
- Storing your personal information
UKCHO employs strict information security procedures to store and handle your personal information. UKCHO protects your information against unauthorised access, unlawful processing, and accidental loss, destruction and damage. For example, emails will only be sent to you as blind copies, so that only your email address will be visible when you receive it. Emails will also display the following statement: “Please note that the information below is being sent to you about matters relevant to The UK Confederation of Hypnotherapy Organisations of which you are a member. Your name and email address are confidential and will not be divulged to any third party. If you do not wish to receive this information, or if you wish to amend your name and email address, please notify the Secretary at the address below.”
- Data Protection Regulation & Supervision
Under the requirements of the Data Protection Act 2018 UKCHO is registered with the Office of the Information Commissioner (Registration Number Z5124571.
“With a unified Register of Members, patients and members of the public would then have a single, reliable point of reference for standards, and would be protected against the risk of poorly-trained practitioners and have redress for poor service”.
(House of Lords Select Committee on Science and Technology Report on CAM’).