CABWI AWARDING BODY – DATA PROTECTION AND PRIVACY POLICY

Introduction

The General Data Protection Regulation (GDPR) places obligations on those that control and process information relating to individuals. CABWI Awarding Body, Board of Trustees, Employees and Associates are committed to the rules of data protection and abiding by the eight data protection principles.

The eight data protection principles

CABWI Awarding Body will handle and protect information in line with the eight principles of data protection as set out below:

1. Personal data shall be processed fairly and lawfully

2. Personal data shall be obtained only for one or more specified and lawful purposes

3. Personal data shall be adequate, relevant and not excessive in relation to the purpose for which it is processed

4. Personal data shall be accurate and, where necessary, kept up to date

5. Personal data processed for any purpose shall not be kept for longer than is necessary for that purpose

6. Personal data shall be processed in accordance with the rights of data subjects under this act

7. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

8. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data

Collecting personal data

CABWI Awarding Body collects and processes personal data as part of its Awarding Organisations responsibilities in relation to registration, assessment, issue of results and certificates.

Data sharing

CABWI Awarding Body may need to share personal data in connection with its awarding organisation function with any of the government regulators (Ofqual, CCEA, Qualifications Wales) if requested to do so.

Data handling and storage

CABWI Awarding Body has appropriate technical and organisational measures in place to protect and ensure the safety of data and to prevent against unauthorised disclosure or use.

Data is stored securely in a cloud based system which is password protected and backed up daily on secure servers situated in the United Kingdom.

All paper records are stored in locked cabinets/drawers.

Data retention

CABWI Awarding Body acting as an Awarding Organisation will retain data in accordance with the requirements of the Regulators.

Data destruction

CABWI Awarding will ensure that data that is destroyed is done so in a confidential manner. Paper documents will be cross shredded and electronic data destroyed by being deleted from our systems.

Subject access requests

Any party who has provided personal data to CABWI Awarding Body has the right to request what information is stored and its content.

Requests for access to data must be made in writing to CABWI’s Chief Executive Officer at the address below. Upon verification of the individual making the request, the information will be provided in accordance with the subject’s Rights of Access under the General Data Protection Regulation.

CABWI Awarding Body

Holland House

4 Bury Street

London

EC3A 5AW

Responsibility for the policy

CABWI Awarding Body acknowledges that it, its employees and associates will take every reasonable step possible to protect the confidentiality and security of all data that it receives.

A CABWI Director has been appointed to oversee the implementation of the data protection policy.

The Chief Executive Officer is responsible for the implementation and adherence to the policy by all CABWI representatives.