DATA PROTECTION / GDPR
PURPOSE
The GDPR document outlines how IERUK will responsibly be compliant with the requirements of the GDPR. The contents of this document applies to all members of IERUK and all third parties responsible for the processing of personal data from IERUK.
IERUK STATEMENT
IERUK is committed to conducting its operations in accordance with the applicable data protection laws, regulations and in line with the highest standards of ethical conduct.
Personal data is any information (including opinions) which relates to a natural person. Personal data is subject to legal safeguards and other regulations, which impose restrictions on how organisations may process personal data. Therefore, non-compliance may expose IERUK to complaints, reputational damage, and other consequential impacts.
DATA PROTECTION PRINCIPLES
IERUK has adopted the following principles to govern its collection, use, retention, transfer, disclosure, and destruction of personal data:
-
Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject. This means, IERUK must tell the data subject what processing will occur (transparency), the processing must match the description given to the data subject (fairness), and it must be for one of the purposes specified in the applicable data protection regulation (lawfulness).
-
Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. This means IERUK must specify exactly what the personal data collected will be used for.
-
Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing, and against accidental loss, destruction, or damage. IERUK must use appropriate measures to ensure the integrity and confidentiality of personal data is maintained at all times.
DATA SUBJECT CONSENT
IERUK will obtain personal data only by lawful and fair means and, where appropriate with the knowledge and consent of the individual concerned. Where a need exists to request and receive the consent of an individual prior to the collection, use or disclosure of their personal data, IERUK is committed to seeking such consent.