The world has changed a lot since the last data protection legislation was put in place (1998).
The General Data Protection Regulations 2018 (GDPR) updates the rules to reflect the way we live and work now and makes sure your information is kept safe, online and offline. ABbA is registered with the Information Commissioner's Office (ICO) for holding personal data in a satisfactory way.
The main changes in the law refer to:
Transparency: GDPR requires all organisations to tell you why they're asking for your personal data, why they need it, what they want to use it for, if they are going to share it and how long it will be kept for.
ABbA require personal data (not bank details) in order to administer the membership, subscriptions and notices. Your data is not shared with anyone else. Statistics are shared with DEFRA each year but the information we send them cannot be traced back to membership.
Consent: The new law gives you greater protection and the right to withdraw your permission for ABbA to store and use your personal data at any time.
You gave your consent to ABbA to retain your personal data when you signed up for a broadband service.
You are able to withdraw this consent by cancelling your membership at any time. Full refund of unused subscriptions will be arranged.
Security: The consequences of not keeping data safe will be more severe.
ABbA stores all your data on a server using encrypted communications. The server has robust anti-hacking systems in place.
Accountability: We are required to keep records and evidence to prove we’re complying with the law.
We will include in every Directors' meetings discussion on our compliance with GDPR.
Data breach: if personal information is lost or shared improperly, this is a data breach. All incidents like this must be reported to the Directors.
If a data breach risks harm to an individual either financially or reputational, we'll need to report these to the regulator.
Individual rights: Existing individual rights have been added to and updated. For example, people now have the right to have their data deleted, and the right to access copies of their data.
Importantly for our Members, the Member is responsible for the upkeep of their data on our systems.
As part of GDPR, there are seven key principles surrounding the use of personal data.
It must be
Processed lawfully, fairly and in a transparent manner.
Collected for specified, explicit and legitimate purposes and will not be used for a different purpose other than which we have told you.
This means we can't collect your personal information for one reason, and then use it for something else.
Adequate, relevant and limited to what is necessary for the purpose for which it was collected for.
We must only collect the minimum amount of personal information necessary for the reason we want it for.
Accurate and, where necessary, kept up to date. Any personal data we collect must be checked regularly by the member to make sure it’s not wrong or out of date.
Not kept for longer than is necessary. We’ll delete data as soon as we no longer need the personal information.
Processed in accordance with the rights of the data subject.
Everyone will have legal rights that can be used to limit, restrict or prevent organisations using personal data. This means if someone acts on one of these rights, ABbA must have procedures in place to respond.
Compliant with the data security principles set out in the updated GDPR legislation.
The law states we must keep your information secure whilst it’s under our control.