The GDPR requires ShoeAid to process personal data securely.
This is not a new data protection obligation. It replaces and mirrors the previous requirement to have ‘appropriate technical and organisational measures’ under the Data Protection Act 1998 (the 1998 Act).
However, the GDPR provides more specifics about what ShoeAid has to do about the security of your data and how we assess your information risk and put appropriate security measures in place to prevent these risks.
Whilst these are broadly equivalent to what was considered good and best practice under the 1998 Act, they are now a legal requirement.
The Processes that are in place are as follows:
A) The Data Controller has access to all IT systems of ShoeAid and is an Administrator on all of these systems.
B) Access to these systems is on a “requirements basis” in order to Trustees and Staff to fulfil their obligations in relation to the processing of data.
Follow us on Social Media
