Protecting your personal information
The General Data Protection Regulation (GDPR) is a new regulation that covers how companies collect, store, use and share our personal data. It will come into force on 25 May 2018.
GDPR gives individuals more rights and more control.
Catalyst – and every other organisation that gathers and uses personal data – will have to meet these new standards. This will include everyone from schools to local councils to banks.
What we’re doing, and what customers need to do
It’s our responsibility to make sure that we will comply with the new regulation. So we’re reviewing all of our systems and making changes where we need to.
We will be contacting customers to ask for their consent to use personal data, as appropriate.
Your new rights – from 25 May 2018
If you’re an EU citizen, the new regulation means your rights will be stronger, in the following ways:
- you will have to give your consent to the way your personal data is being processed. The company must record your consent before they have the right to hold your data
- you will have the right to know why a company is using your data, how long they’ll keep it, and who can see it
- you will have the right to access any data a company holds on you. You can ask for a ‘subject access request’, which means the company must give you access to all the data they hold about you
- you will have the right to be forgotten. This means you can ask a company to delete your data if it’s no longer necessary for the purpose they collected it for, or if you no longer consent to them using your data (although there are reasons why a company can keep your data – depending on the products and services they provide you with)
- if your information is shared with other organisations, companies will be responsible for updating them with any changes to your information, and telling them if you’ve asked to be forgotten
What counts as personal data?
The definition of ‘personal data’ has grown under the new regulation. It will include any of the following:
- names, titles, and aliases
- your demographic information, such as gender, race or ethnic origin, age, date of birth, marital status, nationality, education/work histories, employment details, family composition and dependents – if this information is linked to you as an individual
- convictions, proceedings and criminal acts
- photographs and CCTV images – if there is something in the picture that means you can be identified from it (eg. a name badge)
- health information
- contact details, such as telephone numbers, postal addresses and email addresses
- passport numbers, driving licence numbers, taxpayer identification numbers, tax reference codes, and national insurance numbers
- financial identifiers, such as bank account numbers, payment card numbers, payment/transaction identifiers, policy numbers, and claim numbers
- recordings of telephone conversations, IP addresses and website visit histories, logs of visitors to our offices, and logs of accidents, injuries and insurance claims
At Catalyst, we won’t collect data about you that we don’t need. We’ll make sure that the personal data we do collect is updated in our systems in a timely and accurate manner.
- Our Privacy Statement sets out how we collect, store and use your data. When the legislation comes into force in May 2018 we will update our Privacy Statement to reflect your new rights
- Visit the Information Commissioner’s Office website for information on the law, helpful hints and to find out what sort of breaches are being investigated by the regulator
- If you think there may have been a breach where data or information may have been used or secured incorrectly, please contact the Catalyst Data Protection Officer on 020 8832 3397 or email Information.firstname.lastname@example.org