The General Data Protection Regulation (GDPR)
The GDPR is a new European law that has been introduced to improve and unify data protection across the EU. All member states will have to comply with the GDPR from 25 May 2018, so the GDPR has replaced the Data Protection Act 1998 in the UK since that date. Any organisation that processes personal data of EU citizens will be required to comply with the GDPR, regardless of where the organisation is based globally, so the fact that the UK has left the EU does not mean that the GDPR will not apply to UK organisations in the future.
GDPR having replaced data protection in 2018, essentially now governs the way in which data is handled (processed), people’s rights regarding their data and how companies should handle this data.
We comply with all aspects of the UK’s data protection legislative framework, which includes the European General Data Protection Regulation (GDPR) and the UK’s own legislation, including the Data Protection Act 2018.
YCS have developed a GDPR policy about how we collect personal data and how we treat this data. We have also developed a privacy notice that we provide to any person either working with YCS (staff, volunteer counsellors and Board members) or receiving a service from us (clients), in order to be as transparent as possible about the personal information we collect and use.
We treat privacy and conﬁdentiality very seriously. We are a charitable incorporated organisation (CIO), and as a CIO we have relationships with fundraisers, volunteers, supporters and service users so we use personal information on YCS on a day-to-day basis in order to fulﬁl our mission to provide low-cost counselling. We never use the personal information of clients to an outside organsiation. We use statistics such as amount of people receiving counselling, areas they live and gender.
In order for us to process but also to protect personal data robustly, YCS has procured a new software package called Oasis that will safely store and protect all our data processing. OASIS is a web hosted solution, which means that no information is held on local computers, servers or laptops. The data is held in a highly secure data centre in the UK operated by Rackspace, who are accredited to IS0 27001:2005 Information Security Standard and are one of the most respected data centre operators in the world. Access is tightly controlled, and only authorised individuals are permitted access to the data centre.
As a result of procuring this new package, all counsellors and staff access any information on a client via Oasis.
Using Oasis allows YCS to protect all client notes and details in a safe manner.