Text Resize

-A +A

The New General Data Protection Regulation

The New General Data Protection Regulation

On the 25th of May 2018 the new EU General Data Protection Regulation (GDPR) will replace the existing Data Protection Directive.  The GDPR has been designed to protect and empower all EU citizens data privacy.  This new regulation affects the way that all charities and retail businesses hold data on supporters and customers.

As a charity we are reliant on our supporters, who are essential to the work that we do.   

It is vitally important to us that our supporters feel comfortable with the way in which we communicate with them. We store the names and addresses of our supporters on our secure database so that we are able to send them our annual newsletter, keeping them updated with our projects and the developments that their generous donations have funded. As a small charity we do not share data that we hold on our supporters with any agencies.

Occasionally independent event organisers, for example the London Marathon or fundraising sites such as Just Giving, will share personal information on individuals with us.  These independent third parties only share information with us from individuals who have indicated that they wish to support UCL Hospitals Charitable Foundation and who have provided consent allowing their information to be shared.  Information about third party organisers privacy policies should be clear and accessible at the point where private information is provided.

As one of the requisites of the new GDPR, we have been auditing the existing data that we hold on our individual supporters, ensuring that it is relevant and necessary to our relationship with them.  We have an obligation to our supporters to keep the data that we hold (name, address, and in some cases telephone number and email address) up to date and secure.  It is the right of individual supporters to request access to this information, and if someone feels that the information that we hold about them is not appropriate, they can ask us to change the personal details that we store.  We will action any requests for disclosure of information, or changes to it, within one month of a supporter's request.  It is extremely helpful to us if our existing supporters let us know if any of their contact details change.

The information that we hold on individuals is held in a secure database that has technical controls in place to protect data.  Information is only accessible by appropriately trained staff and contractors.

In light of the new GDPR that is effective from 25th May 2018, the above information clarifies the way in which we store our supporters' personal information, and how we use it.

We hope that our supporters will continue to support us and that they are happy for us to carry on communicating with them in the way that we do. If you are an existing supporter and you DO NOT want us to continue storing your information, please contact us by email at shirley.featherstone@nhs.net. Once you have contacted us to let us know that you no longer want us to continue storing your information, we will mark our database as 'no further contact' and you will not hear from us again unless you contact us asking to be put back on our mailing list.

We hope that this clarifies the new data regulation that is being brought in to protect consumer and supporter rights, and that both our existing supporters and our new supporters feel reassured by our commitment to transparency.  If you have any further questions about GDPR please contact Shirley Featherstone at shirley.featherstone@nhs.net.  Thank you.