Introduction
The EU General Data Protection Regulation (GDPR) came into force across the European Union on May 25, 2018, introducing significant changes to data protection law. Designed to meet the demands of the digital age, the GDPR is based on privacy by design and takes a risk-based approach. It addresses the broader use of technology, new definitions of personal data, and increased cross-border processing. The regulation aims to standardize data protection laws across the EU, providing individuals with stronger and more consistent rights to access and control their personal information.
Our Commitment
At LOGOS Development CIC, we are committed to ensuring the security and protection of the personal information we process, striving for a compliant and consistent approach to data protection. Our data protection policies are robust and effective, aligning with existing laws and data protection principles.
We are dedicated to safeguarding personal information and developing a data protection regime that is effective, fit for purpose, and demonstrates an understanding and appreciation for the new regulation. Our GDPR compliance preparation includes developing and implementing new data protection roles, policies, procedures, controls, and measures to ensure ongoing compliance.
Data Subject Rights
We provide easy-to-access information on our website regarding individuals’ rights to access any personal information that LOGOS Development CIC processes about them. Individuals can request information about the personal data we hold, the purposes of processing, the categories of personal data concerned, and the recipients to whom the personal data has been disclosed. They can also inquire about the duration of data storage, the source of the data if not collected directly from them, and their rights to have incomplete or inaccurate data corrected, request erasure or restrict processing, object to direct marketing, and learn about any automated decision-making used. Additionally, we provide guidance on lodging a complaint or seeking judicial remedy.
Policies and Procedures
Our data protection policies and procedures ensure that we understand and adequately disseminate our obligations and responsibilities, focusing on privacy by design and the rights of individuals. Our data retention policy and schedule ensure compliance with the principles of data minimisation and storage limitation, with dedicated erasure procedures in place to meet the ‘Right to Erasure’ obligations. Our breach procedures ensure safeguards and measures are in place to identify, assess, investigate, and report any personal data breach promptly, with all volunteers aware of the reporting lines and steps to follow. Our SAR procedures accommodate the 30-day timeframe for providing requested information free of charge, detailing steps for processing an access request, exemptions, and response templates to ensure compliance and consistency.
Information Security & Technical and Organisational Measures
LOGOS Development CIC takes the privacy and security of personal information very seriously, implementing robust information security policies and procedures. These include SSL certification on all website operations, access controls on all client information, mandatory GDPR training for all Executive Board Members and volunteers, secure storage of all paper-based files and data, and secure confidential waste disposal procedures.
GDPR Roles and Employees
Sonia Campbell, our Company Secretary, is designated as the Appointed Person responsible for promoting GDPR awareness across the organization, assessing GDPR readiness, identifying gaps, and implementing new policies, procedures, and measures. Continuous Board and volunteer awareness and understanding are vital to GDPR compliance, and we have implemented a volunteer training program as part of our induction and annual training.
For any questions about our GDPR preparation, please contact Sonia Campbell.
Conclusion
LOGOS Development CIC is dedicated to maintaining the highest standards of data protection and privacy, ensuring the security and integrity of personal information. Through comprehensive policies, ongoing training, and a commitment to GDPR principles, we strive to safeguard the rights and data of all individuals we interact with.
