Data Protection Compliance - Volunteer Task list

From Freegle Wiki
Revision as of 10:19, 5 June 2018 by Jc4stuff (talk | contribs)
Jump to navigationJump to search

Ongoing Tasks on Freegle Data Protection Compliance

As of 4th April 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing

Ongoing Tasks Task Status
Raising the awareness of the Board, Volunteers and Membership of Freegle to the GDPR implications This will be emails to the Board and mod groups that point to Wiki informational pages.
Completed - initial information out to the board/mods
Completed - Request made for the policy and guidance approval/amendment from the board.
Next - draft emails for Members to inform them, Volunteers to inform and point to guidance.
Create DPO role guidance & Subject Access Request form Still to do - 5th June

Completed Tasks - Freegle Data Protection Compliance

As of 22nd March 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing

Ongoing Task Completion comments
Assign Data Protection Officer Although its not a legal or regulatory requirement for an organisation such as Freegle to have a DPO, we have a Volunteer assigned. There is also a generic email address for this function which is DPO@ilovefreegle.org
Create Data Use & Protection Wiki Page This has been created and its mostly complete.
Document Freegle's Legal Basis for Data Processing & National Jurisdiction Complete - We have chosen to use "Legitimate Interest" as out legal basis. Have also included a Legitimate Interest Assessment [LIA] as suggested by the ICO guidance.
Create Data Protection Policy Document This will clearly spell out Freegle's policy on :
- Legal Basis
- Subject Access requests
- Notification of Data Breaches
- Children's accounts and guardian consent
- Design of Data Protection
- User requested data deletion
- Data Retention Policy

The DPO to draft initial policy and work with system owners (Freegle Direct, Norfolk, TrashNothing) to ensure there is clarity
Create Data Protection Guidance This will explain how the policies can be operated. This will be for the System owners and Volunteers

Useful Links