South Downs Leisure and South Downs Leisure Enterprise GDPR Statement
At South Downs Leisure we are now working towards full adherence to the new General Data Protection Regulation which came into force on 25th May 2018.
The General Data Protection Regulation (GDPR) replaced the Data Protection Act (DPA) which governs the processing of personal data. South Downs Leisure has worked hard to ensure that it is fully prepared for the changes that have taken place and we will continue to adapt as the legislation develops.
Many of the concepts and principles remain the same as those stated in the Data Protection Act, but with more emphasis on accountability and how organisations are demonstrating compliance. GDPR still applies primarily to personal data (as distinct from corporate data) but the process is more detailed and robust.
The GDPR applies to the storage of electronic and manually filed data and covers the requirements of both the controllers and the processors of data. At times South Downs Leisure act in both capacities.
ICT security is a key part of the new legislation and covers the use of basic protocols such as strong passwords that are frequently changed, permission groups and document access controls using individual password protections. All of our systems will operate on needs only access including both customer and supplier systems which are controlled by a small central team, led by the South Downs Leisure Data Controller.
In order to achieve full compliance, South Downs Leisure have:-
- Set up a steering group of senior managers and specialist consultants under the direction of the Data Controller to oversee the process.
- Formulated an action plan which will be reviewed by South Downs Leisure’s Board of Trustees.
- Written a new GDPR policy to replace the previous DPA policy.
- Contacted all partners and stakeholders who are required to submit and confirm their acknowledgement and compliance of the legislation changes.
Further updates to this information will be posted as the project progress. Should customers have any queries regarding the impact GDPR will have on their data, please contact us at email@example.com