Transitions London C.I.C. is registered with the Information Commissioner’s Office as a Data Controller. Registration number: Z2789593

1. Our Commitment

1.1 Transitions London C.I.C is committed to complying with the requirements of data protection legislation. (Data Protection Act 2018 and General Data Protection Regulation 2018)

1.2 Transitions London C.I.C will ensure that it’s Staff, Directors, Volunteers and others directly commissioned or working on our behalf that have access to any personal or sensitive personal data held by us are fully aware of and comply with their duties and responsibilities under the legislation.

1.3 Transitions London C.I.C’s Board of Directors are jointly responsible for ensuring proper compliance but we have appointed the Managing Director and Quality Standards Director as gatekeepers for ensuring proper adherence as well as sourcing outside expertise / training.

2. The Use of Personal Data

2.1 As part of the effective provision of services, Transitions London C.I.C has to collect and process information about the individuals that we provide services to as well as the individuals delivering those services. These people may include, but are not limited to, members of the public, current, past and prospective employees, clients, candidates, other service users and suppliers.

2.2 Transitions London C.I.C will only process personal data when we permitted to do so by law. There are circumstances where we are required by law to process personal information, for example to comply with government legislation or other requirements.

2.3 Transitions London C.I.C regard the lawful and appropriate treatment of personal information as key to their successful operations; promoting transparency and building trust.

2.4 When processing data we will comply with all relevant data protection legislation as well as adhering to Information Commissioners Office (ICO) guidance.

2.5 We will apply appropriate safeguards and controls to ensure that all personal data is collected, recorded and used fairly and correctly in accordance with data protection legislation, whether it is held on paper (as part of a relevant filing system), in computer records or recorded by any other means.

3. Compliance with the requirements of data protection legislation

3.1 Through appropriate management and the enforcement of strict processes and controls, we will:

  • observe conditions regarding the fair collection and use of personal information;
  • meet legal obligations by specifying the purpose for which personal information is used;
  • only collect and process appropriate personal information to the extent that it is needed to fulfil operational needs or to comply with any legal requirements;
  • ensure the quality of information used;
  • apply checks to determine the length of time information is held;
  • apply suitable measures to safeguard personal information;
  • ensure that personal information is not transferred abroad without suitable safeguards;
  • ensure that the rights of people about whom the information is held can be fully exercised under the legislation;
  • issue staff with requisite procedures to ensure compliance with this statement of policy and the legislation;
  • maintain records regarding data processing.

3.2 Whilst Transitions London C.I.C has robust policies and procedures in place which explain how personal information must be processed, there may be instances where a failure leads to a breach of data security. The Transitions London C.I.C ‘Data Protection Breach Procedure’ outlines the approach that must be taken in such circumstances.

3.3 Data Protection Breaches are taken very seriously as failure to comply with legislation could result in any of the following:

  • A monetary penalty issued by the Information Commissioner’s Office - up to €4million or 4% annual turnover (whichever is higher)
  • Other regulatory action as administered by the Information Commissioner
    • Information notices
    • Undertakings
    • Enforcement notices
    • Consensual assessments (audits)
    • Assessment notices to conduct compulsory audits
  • Damage to Transitions London C.I.C reputation and associated negative impact on the confidence of our clients and other stakeholders.
  • Disciplinary action against employees concerned (as appropriate, dependent on circumstances)
  • Individuals can be criminally liable if they knowingly or recklessly process personal data in breach of the legislation.

3.4 The objectives of this policy will be met by operating policies procedures (but not limited to):

  • IT Systems Procedure document
  • Statement of Service
  • Data Protection Breach Procedure