Guide to Data Management
What is personal data and how do we use it?
Our privacy notice
Storing data securely
Deleting personal data
1.What is personal data and how do we use it?
Personal data is information about a person which is identifiable as being about them. This includes basic things like names and addresses, and also more complex and sensitive information – such as ethnicity, criminal record, sexual orientation, employment history and/or status, and health information. This list is not exhaustive.
Personal data can be held electronically or on paper. Photographic and film images are also considered to be personal data if people are identifiable in them.
You should only collect, store or use personal data if you or your group needs to do so for a clear, specific purpose.
2.Our Privacy Notice
Belper Refugee Welcome is collecting and using data on the basis of explicit consent.
(See Appendix 1)
Only store, collect and use the minimum amount of data you need for your purpose. Don’t keep extra data if you don’t know why you need it, and don’t keep data longer that is no longer needed for a clear purpose
Our privacy notice informs people about how to contact us if they want their data removing from our records
We must tell people what data we have about them, if they ask, and remove it if requested
3. Storing data securely
Personal data must be stored securely. If you have personal data in a computer
Your computer must be password protected. You should have up to date software
To protect your computer from malware and viruses. If you store information on
paper it should be filed securely.
If you store personal data on the internet( for example: attached to emails, in
Google Drive, Dropbox or Slack) then you should check that the company storing
The data comply with GDPR regulations and that data is not transferred outside of
the UK or EU. Most big companies have privacy policies which confirm that they
It is important that we now who is storing data on our behalf, and that we all
understand the need to keep it safe, secure and up to date. We must keep to
minimum the number of places where we are storing data. Otherwise we may
easily lose track of what we have.
Best practice for our group would be to have one central list of contacts, either on paper (stored securely) or securely stored on line.
Other measures to take:
compile and label files carefully
keep files containing sensitive or confidential data secure and allow access on a ‘need to know’ basis
keep a log so you can see who has accesses the confidential files, when, and the titles of the files they used
electronic files should be password protected and stored on computers with protection against hackers and viruses
Be clear whether data belongs to your group or you personally. Just because you have access to contact details held by the group doesn’t mean that they are your personal contacts.
We must ensure that we do not accidentally share personal data with other members of BRW. For example, if you send an email to everyone on your mailing list, do not simply type all the email addresses into the ‘To’ field. By doing this you are sharing all the email addresses with everyone on the list. Instead you should use the ‘Bcc’ field. This hides everyone’s email addresses. Of course, if you have members explicit consent then you can make email addresses visible.
4. Deleting personal data
Once you have finished using personal data for the purpose it was collected for, then it should be deleted .It should not be kept indefinitely just in case you want to use it again but don’t know what for. When you delete data make sure that it can’t be accessed by someone else.
If someone is no longer volunteering with our group you MUST delete their data. You should also inform Citizens UK so they can delete their data.
It is also important that former volunteers no longer have access to confidential data so they should be deleted from forums such as Whatsapp, Google Drive or Slack, if we are holding data in any of those place.
Refer to Belper Refugee Welcome’s Safeguarding Policy for details of how safeguarding records are stored. Safeguarding Concern forms and Case management forms and other confidential records will be stored securely and separately from other Group material.
Files will be kept for at least 6 months after the 24-month sponsorship period and
beyond that in line with current data legislation and guidance.