The General Data Protection Regulation (GDPR) is one of the biggest changes to UK data privacy law and comes into effect on Friday 25 May 2018.
To comply with the GDPR, we are required to inform Environmental Bodies (EBs) and other stakeholders of the lawful basis under which we process personal data and to inform you of why processing your personal data is necessary.
As the appointed regulator of a statutory scheme, we are required to collect certain limited personal data in order to carry out our regulatory functions. We therefore collect and process your data under the GDPR lawful basis of:
GDPR Article 6 (1.e) Public task: the processing is necessary for us to perform a task in the public interest or for our official function, and the task or function has a clear basis in law.
Under the current Data Protection Act, ENTRUST already has a Privacy policy in operation to safeguard the personal data that we hold. However, GDPR extends the scope of privacy law and therefore ENTRUST has reviewed and updated our Privacy policy, which will come into operation on 25 May 2018.
The new policy and the updated Privacy section of the ENTRUST website does not change the way we manage and use your personal data, but it clarifies and makes it even easier to understand what we do with it. We have also added more detail about the ways we use your data and your rights with regards to that data. ENTRUST's Privacy policy sets out:
- When and why ENTRUST collect personal data;
- What personal data we collect;
- How we use individual's personal data;
- How we store personal data;
- The conditions under which we may share an individual's personal data; and
- When we may destroy an individual's personal data.
Additionally the policy also explains an individual's data rights and protections under the GDPR.
You should read our full Privacy policy in the related documents on the right hand side or visit the new updated Privacy section of our website, which sets out clearly all the information you need to know about your personal data.
ENTRUST is registered as a data controller with the Information Commissioner's Office (ICO) under registration number Z8361674. Our registered Data Protection Officer is Jess O'Brien, Communications Manager. Any enquiry about how we process employee or recruitment data, or any questions regarding this policy and our privacy practices should be sent by email to communications@entrust.org.uk or by writing to:
The Data Protection Officer
ENTRUST
60 Holly Walk
Leamington Spa
Warwickshire
CV32 4JE
Alternatively you can call our Helpline on 01926 488 300.