GDPR Data Protection Mo’s MOJO

GDPR

Policy information

Organisation: Mo’s MOJO

Scope of Policy: This policy applies to Mo’s MOJO offices and websites in the UK

Operational Date: May 2018

Review Date: May 2012

Introduction

Purpose of policy

·       complying with the law

·       following good practice

·       protecting clients, staff and other individuals

·       protecting the organisation

Types of data

·   Personal names

·   Email addresses

·   Home addresses

·   Telephone numbers

·   Business details

Policy statement

Key risks

We commit to:

·       comply with both the law and good practice

·       respect individuals’ rights

·       be open and honest with individuals whose data is held

·       provide training and support for staff who handle personal data, so that they can act confidently and consistently

·       Notify the Information Commissioner voluntarily, even if this is not required

Whilst the risk of data getting into the wrong hands is quite low, we will make sure that your data is not compromised, by using reputable online data storage systems and also ensuring passwords and access is restricted to key personnel.

Employees & Volunteers

We make sure that all staff and volunteers read, understand and accept any policies and procedures that relate to the personal data they may handle in the course of their work

Responsibilities: Data Protection Officer

Although not required, we are in the process of appointing a Data protection officer –

Their responsibilities would include·

Reviewing Data Protection and related policies·

Advising other staff on tricky Data Protection issues·

Ensuring that Data Protection induction and training takes place·

Notification to the ICO·

Handling subject access requests·

Approving unusual or controversial disclosures of personal data