Security

Privacy

All organisations or businesses in the UK  handling personal information are bound by the requirements of GDPR, General Data Protection Regulation. Using RegisterPlus does not absolve an organisation from those requirements but does provide tools to make meeting the requirements easier.

All organisations using RegisterPlus to record the details of those attending their meetings need to be aware of the principles of GDPR and apply them to the way they record and handle personal information. The seven key principles of GDPR are :-

  • Lawfulness, fairness, and transparency;
  • Purpose limitation;
  • Data minimisation;
  • Accuracy;
  •  Storage limitation;
  •  Integrity and confidentiality; and
  •  Accountability.

Each organisation needs to develop and publish a Privacy Policy which sets out how these principles will be applied in the way it handles data. We have drafted an example Privacy Policy which covers aspects of the use of RegisterPlus to hold personal data on adults and children. However, each organisation should customise it for their own use and may have to add other ways in which they process data. The policy is for guidance only and does not guarantee legal status.

RegisterPlus and GDPR

Using RegisterPlus does not remove the need for organisations to conform to GDPR but it provides guidance and tools to support each of the key principles.

Lawfulness, fairness and transparency – RegisterPlus provides a structure to help organisations to collect data legally, to process it fairly and ensure those who submit their data understand what is being collected and why.

Purpose limitation – using RegisterPlus ensures that data is only collected to support the activities of the church or organisation using it.

Data minimisation – the data collected by RegisterPlus only covers what is necessary to support these activities.

Accuracy – the system is easy to use and enter data accurately. It also allows those who provide the data to enter it themselves and/or check what is being held and correct if necessary.

Storage limitation – provision is made so that once people are no longer attending activities, their data can be removed from the system. this should be done in accordance with your own data retention policy. Where people have attended activities and that needs to be recorded for safeguarding reasons, their records can be archived. This will delete personal contact details etc but retain just names for attendance registers.

Integrity and confidentiality – storing the data electronically ensures that it is kept safely and securely. All access is protected by password and anyone with access to data other than their own must log in with two factor authentication. The personal data in the database in encrypted so even if someone could gain access to the database, they could not retrieve personal information.

Accountaility – using RegisterPlus shows that the organisation takes the security of its data seriously and can demonstrate that clear processes are in place.