Use plain language - sapealk to others as you want them to speak to you
Tell them who you are when you request the data.
Say why you are processing their data, how long it will be stored and who receives it.
Get their clear consent to process the data.
Collecting from children for social media?
Check age limit for parental consent. In the Uk its 13
Let people access their data and give it to another company. This does not usually affect comunity groups.
Inform people of data breaches if there is a serious risk to them. If any of their personal details were accessed, you need to tell the ICO and the person.
Give people the ‘right to be forgotten’.
Erase their personal data if they ask, but only if it doesn’t compromise freedom of expression
or the ability to research.
Community groups do not normally use profiling but If you use profiling to process applications
for legally-binding agreements like loans you must:
Inform your customers; Make sure you have a person, not a machine, checking the process
if the application ends in a refusal; Offer the applicant the right to contest the decision.
Give people the right to opt out of direct marketing that uses their data. This is spam the can act on steroids!
Use extra safeguards for information on health, race, sexual orientation, religion and political beliefs. If you do not really need it, do not ask for it or make the addition of it available.
Make legal arrangements when you transfer data to countries that have not been approved by the EU authorities. It is best NOT to transfer out, make your data only reside in the EU, put up GEO IP blockers, demand your hosts use EU servers.
Do you Log the following
Name and contact details of business
Reasons for data processing
Description of categories of data subjects and personal data
Categories of organisations receiving the data
Transfer of data to another country or organisation
Time limit for removal of data, if possible
Description of security measures used when processing, if possible
You need to make an impact assesment for the followin areas. ew technologies
Automatic, systematic processing and evaluation of personal information
Large-scale monitoring of a publicly accessible area (e.g. CCTV)
Large-scale processing of sensitive data like biometrics
what actually is personal data.