On 25th May 2018 GDPR legislation was introduced to ensure that personal information is held securely and managed appropriately. There are significant fines for charities in breach of this regulation.
The trustees in place on 25th May 2018 ensured that the Mudeka Foundation complied with GDPR implementation.
The guiding principles of GDPR are listed below. Employees, trustees and formal volunteers must familiarise themselves with these principles.
- Lawfulness, fairness and transparency – Processing must be lawful, fair, and transparent to the data subject.
- Purpose limitation – We must use data for the legitimate purposes specified explicitly to the data subject when we collected it.
- Data minimization – We must collect and process only as much data as absolutely necessary for the purposes specified.
- Accuracy – We must keep personal data accurate and up to date.
- Storage limitation – We may only store personally identifying data for as long as necessary for the specified purpose.
- Integrity and confidentiality -Processing must be done in such a way as to ensure appropriate security, integrity, and confidentiality (e.g. by using encryption).
- Accountability – The data controller is responsible for being able to demonstrate GDPR compliance with all of these principles.
Personal information includes, but is not limited to
- Date of birth
- Contact number
- Email address
Examples of the personal data we hold includes, but is not limited to
- Information on scholarship children and guardians
- Information on donors and previous donors in line with financial and reporting regulations
- Newsletter distribution list
- Emails from previous conversations with supporters.
To ensure compliance with GDPR regulations, employees, trustees and formal volunteers will follow the outlined requirements in the policy document.
In the event that any of the requirements are not followed, the person aware of the breach will notify the Responsible Individual in writing immediately. Continued breaches of this policy will impact the role of those responsible.
To report a breach of this policy please email email@example.com