Data Protection Compliance - Volunteer Task list: Difference between revisions

From Freegle Wiki
Jump to navigationJump to search
No edit summary
No edit summary
Line 1: Line 1:
== Ongoing Tasks on Freegle Data Protection Compliance ==
== Ongoing Tasks on Freegle Data Protection Compliance ==


As of 17th Sept 2017 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing
As of 22nd March 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing


{| class="wikitable"
{| class="wikitable"
Line 7: Line 7:
! Task Status
! Task Status
|- valign="top"
|- valign="top"
| Raising the awareness of the Board, Volunteers and Membership of Freegle to the GDPR implications || There will be a few items posted out as we work through the different elements, however most information will be via the notifications that point to Wiki informational pages.
| Raising the awareness of the Board, Volunteers and Membership of Freegle to the GDPR implications || This will be emails to the Board and mod groups that point to Wiki informational pages. <br>Completed - initial information out to the board/mods <br> Next - Complete the policy and request approval/amendment from the board.
|-
|-
| Document Freegle's Legal Basis for Data Processing & National Jurisdiction || DPO will look for standard wording and see if we can get a DPO savvy legal eye over it.
| Document Freegle's Legal Basis for Data Processing & National Jurisdiction || So far I've stated that we will use "Legitimate Interest" as out legal basis. DPO will look for standard wording to expand out "Balancing statement" and see if we can get a DPO savvy legal eye over it.
|-
|-
| Create Data Protection Policy Document || This will clearly spell out Freegle's policy on :<br>- Consent & Notices <br>- Subject Access requests<br>- Notification of Data Breaches<br>- Children's accounts and guardian consent<br>- Design of Data Protection<br>- User requested data deletion<br>- Data Retention Policy <br> <br>The DPO to draft initial policy and work with system owners (Freegle Direct, Norfolk, TrashNothing) to ensure there is clarity
| Create Data Protection Policy Document || This will clearly spell out Freegle's policy on :<br>- Consent & Notices <br>- Subject Access requests<br>- Notification of Data Breaches<br>- Children's accounts and guardian consent<br>- Design of Data Protection<br>- User requested data deletion<br>- Data Retention Policy <br> <br>The DPO to draft initial policy and work with system owners (Freegle Direct, Norfolk, TrashNothing) to ensure there is clarity
Line 19: Line 19:
== Completed Tasks -  Freegle Data Protection Compliance ==
== Completed Tasks -  Freegle Data Protection Compliance ==


As of 17th Sept 2017 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing
As of 22nd March 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing


{| class="wikitable"
{| class="wikitable"
Line 26: Line 26:
|- valign="top"
|- valign="top"
| Assign Data Protection Officer || Although its not a legal or regulatory requirement for an organisation such as Freegle to have a DPO, we have a Volunteer assigned. There is also a generic email address for this function which is DPO@ilovefreegle.org
| Assign Data Protection Officer || Although its not a legal or regulatory requirement for an organisation such as Freegle to have a DPO, we have a Volunteer assigned. There is also a generic email address for this function which is DPO@ilovefreegle.org
|-
| Create Data Use & Protection Wiki Page || This has been created and its mostly complete.
|}
|}



Revision as of 16:09, 22 March 2018

Ongoing Tasks on Freegle Data Protection Compliance

As of 22nd March 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing

Ongoing Tasks Task Status
Raising the awareness of the Board, Volunteers and Membership of Freegle to the GDPR implications This will be emails to the Board and mod groups that point to Wiki informational pages.
Completed - initial information out to the board/mods
Next - Complete the policy and request approval/amendment from the board.
Document Freegle's Legal Basis for Data Processing & National Jurisdiction So far I've stated that we will use "Legitimate Interest" as out legal basis. DPO will look for standard wording to expand out "Balancing statement" and see if we can get a DPO savvy legal eye over it.
Create Data Protection Policy Document This will clearly spell out Freegle's policy on :
- Consent & Notices
- Subject Access requests
- Notification of Data Breaches
- Children's accounts and guardian consent
- Design of Data Protection
- User requested data deletion
- Data Retention Policy

The DPO to draft initial policy and work with system owners (Freegle Direct, Norfolk, TrashNothing) to ensure there is clarity
Create Data Protection Guidance This will explain how the policies can be operated. This will be for the System owners and Volunteers


Completed Tasks - Freegle Data Protection Compliance

As of 22nd March 2018 the volunteer who is dealing with Data Protection compliance has the following tasks that are ongoing

Ongoing Task Completion comments
Assign Data Protection Officer Although its not a legal or regulatory requirement for an organisation such as Freegle to have a DPO, we have a Volunteer assigned. There is also a generic email address for this function which is DPO@ilovefreegle.org
Create Data Use & Protection Wiki Page This has been created and its mostly complete.

Useful Links