Data Protection Policy (CENTA)

 

 

Policy Statement​

CENTA recognises its responsibility to comply with the UK General Data Protection Regulation (UK GDPR) and Data Protection Act 2018. We are committed to protecting the personal data of clients, staff and stakeholders.

​

Scope

This policy applies to all staff, contractors, and volunteers handling personal data.

​

Data Principles

CENTA ensures all personal data is:

• Processed lawfully, fairly and transparently

• Collected for specified, legitimate purposes

• Adequate, relevant and limited

• Accurate and up-to-date

• Stored only as long as necessary

• Processed securely

​

Roles and Responsibilities

• The Data Protection Lead is responsible for compliance and oversight

• All staff must follow this policy and complete data protection training

 

Data Subject Rights

CENTA supports the rights of individuals to:

• Be informed

• Access data

• Rectify inaccurate data

• Erase data (subject to legal grounds)

• Restrict or object to processing

• Port data (where applicable)

 

Data Security

We use technical and organisational measures to keep data safe, including:

• Password-protected systems

• Limited access controls

• Secure email practices

 

Breaches

Data breaches will be reported to the ICO within 72 hours if required. Affected individuals will be informed where there is a high risk to their rights.

 

Training

All staff are required to undertake periodic data protection training.

 

Review

This policy is reviewed annually or when regulations change.