Data Protection Policy
Contents
1 The importance of protecting personal data
2 Scope of the document
3 What is personal data?
4 Individuals’ rights under the General Data Protection Act (2018)
5 WOC UK data management responsibilities
6 WOC UK data management expectations
7 Sources of further information
WOC UK Data Protection Policy September 2018
1 The importance of protecting personal data
World Orthopaedic Concern UK is committed to facilitating high standards of
orthopaedic education in low/middle income countries. In order to achieve this
we need to build and maintain good relationships with colleagues, patients and
patient groups, national representative organisations and industry partners.
To help maintain these good relationships, WOC UK and the WOC UK
executive committee must adhere to high standards in respect of managing,
storing and disposing of personal data entrusted to us.
The advent of GDPR has prompted us to give careful consideration to the way
in which the WOC UK administers personal data and to set out a concise policy
to guide members and committee members.
2 Scope of the document
This document summarises the key points of the WOC UK Data Protection
Policy.
The expectation is that the WOC UK committee will conform to this policy to
ensure good practice in the management of personal data.
If further clarification is required please contact one of the following in the first
instance: –
WOC UK Secretary – Deepa Bose – deepabose@yahoo.com
WOC UK Chairman – Steve Mannion– stevejmannion@aol.com
3 What is personal data?
Personal data is information relating to an identified or identifiable person. An
‘identifiable person’ is someone who can be identified directly, or indirectly by
reference to an identification number or to one or more factors specific to their
physical, physiological, mental, economic, cultural or social identity.
WOC UK Data Protection Policy September 2018
4 Individuals’ rights under the General Data Protection Act 2018
In any event it is good practice to protect personal data entrusted to WOC UK.
The General Data Protection Regulation (GDPR) came into force on 25 May
2018 to unify data protection regulation within the European Union (EU), and is
designed to hand back control to EU citizens and residents over their personal
data.
GDPR has been incorporated into UK law by means of the Data Protection Act
2018.
From 25 May 2018 anyone who entrusts the WOC UK with their personal data
has the right to:
- Be informed about how their data will be used, stored, retained and/or
disposed. - Request all the personal data we hold on them within 30 days of asking for it
and in a form that the person can use easily. - Request inaccurate data we hold on them be corrected within 30 days of
notifying us. - Request the deletion of any unnecessary personal data we hold on them.
- Restrict the processing of their personal data, and
- Object to the Information Commissioner’s Office if they are unhappy with the
way we are managing their personal data – and organisations need to ensure
that individuals can register such complaints easily.
1 http://www.legislation.gov.uk/ukpga/2018/12/contents/enacted
WOC UK Data Protection Policy September 2018
5
5 WOC UK data management responsibilities
Given the importance of protecting personal data under UK law, WOC UK has
clear and specific responsibilities regarding personal data. We must: - Collect personal data for specific and legitimate purposes only.
- Process personal data only on the grounds by which we can process it
lawfully, fairly, and in a transparent and compliant manner. - Store personal data in a form that prevents the individual from being
identified for longer than the purpose for which their data was being processed. - Ensure personal data is accurate and up-to-date, and
- Any sensitive personal data (data pertaining to racial or ethnic origin, political
opinions, religious or philosophical beliefs, trade union membership, genetic
data, biometric data) must be treated with extra security – only kept
electronically in encrypted and/or pseudonymised form.
WOC UK Data Protection Policy September 2018
6
6 WOC UK data management expectations
We expect all members working on WOC UK matters to: - Understand and follow the WOC UK Data Protection Policy and procedures,
and ensure that colleagues do the same. - Challenge colleagues’ behaviours and activities constructively where they do
not comply with the WOC UK Data Protection Policy. - Explain to individuals clearly at the point we gather personal data the reason
why we are collecting it, how long it will be used, how long we will keep it, and
the lawful basis under which we are collecting it. - Obtain clear and explicit consent from an individual (where it is required)
when we collect their personal data. - Minimise any detrimental risk to the owner of the personal data by storing
and protecting personal data safely, transparently in line with the WOC UK Data
Protection Policy, and in a way that it can be accessed quickly if required. - Actively monitor any personal data we hold to ensure it remains accurate
and up-to-date; and correct or dispose of any inaccurate or out-of-date data
within 30 days of it being identified either by the individual or through
monitoring. - Respond quickly to any request for access to personal data held, to ensure
that we can provide it to the individual within 30 days of receiving any such
request. - Identify and repair any significant breaches of personal data and report such
breaches to the WOC UK executive committee as soon as possible.
7 Sources of further information
WOC UK Data Protection Policy September 2018
7
More information related to GDPR and the Data Protection Act 2018 can be
found as follows:
Information Commissioner’s Office2
The GMC3
Which? Consumer Rights4
WOC UK Executive Committee
September 2018
2 https://ico.org.uk/ 3 https://www.gmc-uk.org/ethical-guidance/ethical-guidance-fordoctors/confidentiality/managing-and-protecting-personal-information 4 https://www.which.co.uk/consumer-rights/regulation/general-data-protection-regulation-gdpr