The General Data Protection Regulation (GDPR) comes into force across Europe on the 25th May 2018 replacing the existing data protection framework under the EU Data Protection Directive.
What is GDPR?
GDPR is a new law around the protection of Personal Data which seeks to strengthen and unify data protection for all individuals within the EU. GDPR grants a number of new and enhanced rights to all individuals regarding the treatment of their personal information by organisations such as St. Francis Credit Union. These regulations will apply to any organisation that controls and/or processes data on behalf of an individual or group of individuals.
Key aspects of GDPR:
In addition to the existing eight Data Protection Principles, the new regulation seeks to extend them further in order to strengthen the personal data rights of an individual. The main changes in the regulation are listed below:
- St. Francis Credit Union must be responsible for and be able to demonstrate compliance within GDPR – ‘Accountability’ is a new addition under GDPR
- Data subjects can request to have their data erased by an organisation, if no legal basis exists for retaining the data – Right to be forgotten
- Data subjects can obtain their data from an organisation and can have that data transmitted to another organisation – Data portability
- Data subjects can object to the processing of their data by an organisation, in certain circumstances
- Data subjects can request that they are not subjected to automated decision making, including profiling, in certain circumstances
- Data subjects can lodge a subject access request free of charge. The previous fee associated with lodging a subject access request has been removed under GDPR.
How has St. Francis Credit Union prepared for GDPR?
At St. Francis Credit Union, we have prepared for GDPR in a proactive manner. We have been actively implementing the changes required in order to remain compliant under the new regulation. We have demonstrated and documented accountability through a number of technical and organisational measures:
- St. Francis Credit Union has appointed a Data Protection Officer to oversee the transition into GDPR and act as a point of contact for members, staff and the supervisory authority. Our Data Protection Officer oversees how we collect, use, share and protect your information to ensure your rights are fulfilled.
- We have reviewed and amended existing application forms and updated them accordingly so that they are aligned with the principles of the GDPR – Data Minimisation & Privacy by Design
- We have reviewed and updated St. Francis Credit Union data protection policies and also provided a data protection privacy notice which has been made available to staff and members
- We have conducted a data audit to identify all personal data held by St. Francis Credit Union and recorded the legal basis for processing such data
- Staff training
- We have contacted any data processors we share information with to ensure they too are GDPR compliant
- We have revised internal controls and undertaken GDPR readiness assessments
- CCTV systems have been reviewed to ensure the use of CCTV is proportional and justified for the purpose it was installed
St. Francis Credit Union has always appreciated your trust in us to collect, process and protect your information. As a data controller and processor of your personal data, we will continue to:
- Operate in a transparent manner in relation to how we safeguard and use your personal date
- Develop on our strong risk culture by acting responsibly and putting your security at the front of our priorities
- Manage our controls, processes and systems to improve our level of customer service while providing you with the assurance that your information is safe and secure; and
- conduct our business in a fair and transparent way and ensure we minimise the risk of unfair outcomes for our customers or impact on their data rights and freedoms
What does GDPR mean for you?
GDPR acts to empower individuals in relation to the treatment of their personal information. It increases and reinforces the rights of individuals in relation to the information we hold about them. Being transparent and providing accessible information to members about how we process their personal information is a key element of GDPR. St. Francis Credit Union takes privacy and the protection of personal data belonging to our members and staff very seriously. We treat information belonging to our members and staff with the highest priority in terms of security and we will continue to implement this strategy going forward. Therefore, we fully support the enhancements to data protection which will be introduced by GDPR.
What do you need to do?
The changes described above are purely to enhance your understanding of GDPR and to clarify your rights under the new regulations. Please take some time to read our updated Privacy Notice for more detailed information on how we use your information and your rights.
Need more information?
If you have any questions in relation to GDPR, please call us on 065 6828305or email us at firstname.lastname@example.org.