Data Protection Guidelines: Difference between revisions
Jc4freegle (talk | contribs) |
Jc4freegle (talk | contribs) |
||
Line 3: | Line 3: | ||
== Guidelines for Volunteer Moderators == | == Guidelines for Volunteer Moderators == | ||
This guidance is aligned to the freegle | This guidance is aligned to the freegle [[Data Protection Policy]] sections | ||
Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails. | Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails. | ||
Obtaining Consent - | Obtaining Consent - you are not expected to ask for consent to use emails people send you. However, if information is sent to you clearly only about Freegle, as good practice you should not use this information outside of the Freegle context for which is was sent. | ||
Allowing Access to Data - | Allowing Access to Data - All personal information you retain for your role in Freegle could be in scope of a Subject Access Request. This is where anyone can ask for a copy of all the information about them that Freegle (including its moderators) hold. These requests would come through the Data Protection Officer to ensure that they were reasonable and to give you search criteria to use to find it. For instance we may ask you to send us all information you have pertaining to fred.bloggs@hotmail.com. This would include any correspondence about them, even if it wasn't address to them. | ||
Deleting Data - Right to be forgotten - If anyone asks Freegle to delete their data we have by law to ensure we do this. Typically this will be by deleting their user from a group. Due to the service we offer we will only do this in line with our published policy, so we may have their posts on the group visible for some time until they expire due to our data retention policy. However, if we do get a request under this law asking for all data to be deleted we will ask that moderators try to delete information in line with search criteria the Data Protection Officer will send to them. i.e. please can you delete all information you have on fred.bloggs@hotmail.com | |||
Minimising Data Retained - However tempting it is to keep everything you've ever had about Freegle we recommend that you only retain information that is essential for you fulfilling the role you have. | |||
Practically we would advise you to maintain a separate folder for Freegle emails and periodically reviewing what you have in that folder. Our guidance would be to delete email that is over XX years old. You may wish to keep information you are sure will be needed longer term in a separate folder so it doesn't get lost in any general periodic deletions. | |||
Storing data securely - You should keep the access to all personal data you hold to only those with a legitimate need to see it. So if you have emails in a mailbox or file store (e.g. Google Docs), ensure that access is password protected. Where the mailbox or file store is a group one, ensure that only those that should be able to see it can have access by periodically checking who has rights and changing passwords when moderators leave the group. | |||
== Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc ) == | == Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc ) == |
Revision as of 19:13, 22 October 2017
This Page will contain Guidelines for the implementation of Data Protection Policies
Guidelines for Volunteer Moderators
This guidance is aligned to the freegle Data Protection Policy sections
Definition of Personal Data - This is anything that can identify a living person. In your role as a moderator it will typically be things like their email address, location and possibly other things they write in emails.
Obtaining Consent - you are not expected to ask for consent to use emails people send you. However, if information is sent to you clearly only about Freegle, as good practice you should not use this information outside of the Freegle context for which is was sent.
Allowing Access to Data - All personal information you retain for your role in Freegle could be in scope of a Subject Access Request. This is where anyone can ask for a copy of all the information about them that Freegle (including its moderators) hold. These requests would come through the Data Protection Officer to ensure that they were reasonable and to give you search criteria to use to find it. For instance we may ask you to send us all information you have pertaining to fred.bloggs@hotmail.com. This would include any correspondence about them, even if it wasn't address to them.
Deleting Data - Right to be forgotten - If anyone asks Freegle to delete their data we have by law to ensure we do this. Typically this will be by deleting their user from a group. Due to the service we offer we will only do this in line with our published policy, so we may have their posts on the group visible for some time until they expire due to our data retention policy. However, if we do get a request under this law asking for all data to be deleted we will ask that moderators try to delete information in line with search criteria the Data Protection Officer will send to them. i.e. please can you delete all information you have on fred.bloggs@hotmail.com
Minimising Data Retained - However tempting it is to keep everything you've ever had about Freegle we recommend that you only retain information that is essential for you fulfilling the role you have. Practically we would advise you to maintain a separate folder for Freegle emails and periodically reviewing what you have in that folder. Our guidance would be to delete email that is over XX years old. You may wish to keep information you are sure will be needed longer term in a separate folder so it doesn't get lost in any general periodic deletions.
Storing data securely - You should keep the access to all personal data you hold to only those with a legitimate need to see it. So if you have emails in a mailbox or file store (e.g. Google Docs), ensure that access is password protected. Where the mailbox or file store is a group one, ensure that only those that should be able to see it can have access by periodically checking who has rights and changing passwords when moderators leave the group.
Guidelines for Functional Groups (i.e. freegle Growth, Freegle Media etc )
Its assumed that
Guidelines for the Data Protection Officer
"How To" Section for Users
Useful Links
- Data Protection Policy - Policies for dealing with Personal Data
- Data Protection Guidelines - Guidelines for Volunteers
- Data Protection Compliance - Volunteer Task list - Ongoing and completed tasks
- Spam - further explanation to counter accusations that we spam!
- Basic Information
- Admin