We value your privacy and want you to understand the choices and control you have over your information at Camber & Kernz. To help explain those choices and give you that control, please read this Privacy Notice.
What is the General Data Protection Regulations (GDPR)?
The GDPR comes into force on 25 May 2018. It is not a brand new regulation, but a necessary evolution to the existing Data Protection Act. It is intended to extend additional protection for individuals and their data, providing greater transparency and control over where their data is saved and used. The Information Commissioner’s Office (ICO) has produced guidance on what the new law means for organisations and business, and how they can become compliant.
According to the ICO, the GDPR applies to "personal data", meaning any information relating to an identifiable person who can be directly or indirectly identified, in particular, by reference to an identifier. This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR refers to certain types of personal data as “special categories of personal data”.
The following categories of data are considered “special categories":
Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing.
Please note, that Camber & Kernz do not process any special category data.
What is Lawful processing?
The ICO has offered very clear guidance that to be GDPR compliant; businesses must identify which of the six legal bases for processing personal data they are using.
Six lawful bases for processing personal data:
1. Consent of the data subject (the individual)
2. Processing is necessary for the performance of a contract with the data subject, or to take steps to enter into a contract
3. Processing is necessary for compliance with a legal obligation
4. Processing is necessary to protect the vital interests of a data subject or another person
5. Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller
6. Necessary for the purposes of legitimate interest pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject
Under the GDPR, individuals are provided with the following rights, with regards to their own personal data:
1. The right to be informed - Individuals have the right to be informed about the collection and use of their personal data.
2. The right of access - The right of access allows individuals to be aware of and verify the lawfulness of the processing.
3. The right to rectification - The GDPR includes a right for individuals to have inaccurate personal data rectified, or completed if it is incomplete.
4. The right to erasure - The GDPR introduces a right for individuals to have personal data erased. The right is not absolute and only applies in certain circumstances.
5. The right to restrict processing - Individuals have the right to request the restriction or suppression of their personal data. This is not an absolute right and only applies in certain circumstances.
6. The right to data portability - The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
7. The right to object - Processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
8. Rights in relation to automated decision making and profiling - Automated individual decision-making (making a decision solely by automated means without any human involvement)
Full Details of the GDPR can be found on the https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
All prices are in GBP