General Data Protection Regulations - An introduction to keeping data safe within CSWS E-learning Course for new staff and volunteers

General Data Protection
     Regulations
  An introduction to keeping data safe within CSWS
   E-learning Course for new staff and volunteers

Aims of Session
By completing this e-learning module we hope you will:
   •   Understand what GDPR is
   •   Know your responsibilities under GDPR
   •   Learn the steps CSWS have taken to protect personal data
   •   Be introduced to the following policies and procedures
        - Privacy Policy
        - Data Retention
        - Data Breach Process

What is GDPR?
• In order to gain an understanding of GDPR please first undertake this
  WSCC e-learning course:
• https://bit.ly/2rGy5tJ This should take you no longer than 15 minutes.

• Then watch this short video:
• https://www.youtube.com/watch?v=ZfGrp9rhWew

The Rights of Individuals under GDPR

Rights of Individuals under GDPR continued

Carers’ Rights - Data - Summary
• To be informed of data processing
• To access the information we hold on them
• To have inaccuracies corrected
• To have information erased
• To restrict processing of their data
• To withdraw consent
• To complain to the Information Commissioner’s Office

The Obligations on Organisations

The Obligations on Organisations

Our Responsibilities - Summary
• To have a lawful reason for processing someone’s data, and to do so
  fairly and transparently
• To only process data for specified, explicit and legitimate purposes
• To take every reasonable step to ensure data is accurate and where
  necessary, kept up to date
• To only keep someone’s data for as long as is necessary
• To process data in a secure manner

If it goes wrong…

Shifting to a Fundraising Culture

•At CSWS we are moving to become a Fundraising Charity and have registered with the Fundraising
regulator.

•In 2017, the ICO investigated 9 charities, which were lengthy and time consuming for everyone involved;
resulting in financial penalties, which caused reputational damage
•The International Fund for Animal Welfare - £18,000​
•Cancer Support UK - £16,000​
•Cancer Research UK - £16,000​
•Guide Dogs for the Blind Association - £15,000​
•The Royal British Legion - £12,000​
•The NSPCC - £12,000​
•Great Ormond Street Hospital Children’s Charity - £11,000​
•WWF-UK - £9,000​
•Battersea Dogs and Cats Home - £9,000
•Oxfam - £6,000​

Shifting to a Fundraising Culture

•As part of the changes we are now gathering ‘Consent to fundraise’​
•Fundraising includes 'Direct Marketing'

‘advertising or marketing material’ includes any material which promotes the aims and objectives of
the organisation, not just about promoting products or services. So, if you are a charity and using supporters
contact details to keep in touch with them about fundraising campaigns or news about the charity’s work,
you are doing direct marketing​

What should you do if you identify a data
               breach?
               Click to read:

Data breach identified

Immediate steps taken to minimise risks

      Data Control Officer informed as soon as
             possible (within 24 hours)

         DCO to identify next steps and log breach

             Data subjects and ICO to be informed of
             breach within 72 hours

What is our Data Retention Policy?
Carers
• If a carer does not contact us for 7 years, all data relating to them will
  be deleted.
Staff and Volunteers
• All data relating to a staff member or volunteer will be deleted 6 years
  after the person has left.
Donors
• Data must be refreshed every 2 years, and if a Donor does not
  respond to our request to confirm we can hold their data at that time,
  their details will be deleted immediately.

What does ‘good’ look like?
Best Practice tips
• Mailing lists for carers only generated through the database and not held in Outlook.
• Ensure laptops, phones and iPads all have a unique password or PIN.
• On your computer, make sure you save data to Sharepoint, not locally on your desktop.
• Use encrypted emails when sharing personal or sensitive data.
• If you are sending personal or sensitive data, once you are aware recipient has received
  email, delete the email both from your sent items and deleted items.
• Ensure any necessary paper files are stored in locked cabinets.
• Consider going paperless by using your mobile phone camera to take a pic of paper
  records and email it to yourself for later dealing with, rather than transporting paper
  around.
• If you have to move paper records, make sure they’re locked in the boot of your car and
  not left unattended, or if you’re using public transport always double-check you have all
  your belongings before you get off.

Privacy Notice – for reading and
signature
• We have developed a Privacy Notice. Please now take the time to
  read the relevant staff or volunteer notice:

• Please inform your line manager when you have done this in order to
  sign to show you have read and understood this document.

For ongoing help and support
• CSWS Data Protection Officers:
   • Vanessa Hasted – Response Line and Young Adult Carer Programme Lead
      vanessa.hasted@carerssupport.org.uk 07900 742024
      Pat Maher – Finance Manager
      Pat.maher@carerssupport.org.uk 07469 152723

• Online Resources:
• https://carerssupportws.sharepoint.com/GDPR/Forms/AllItems.aspx?
  viewpath=%2FGDPR%2FForms%2FAllItems.aspx

And Finally….
• Thank you for completing this course. Please inform your line
  manager when you have finished and email them the certificate from
  the WSCC e-learning course.
• If you have any further queries relating to GDPR please contact
  dpo@carerssupport.org.uk