Data Protection Policy Statement

The purpose of this paper is to state clearly Butterfly Conservation’s commitment to compliance with Data Protection requirements and to provide an overview of responsibilities and how they will be fulfilled. 

                                                                                                         

1.  Butterfly Conservation’s Commitment 

Butterfly Conservation is committed to ensuring the privacy of personal data by complying with all statutory data protection and privacy requirements as a minimum, and to the adoption of best practice by working positively to prevent any misuse of personal data. 

Butterfly Conservation recognises its responsibility to collect and process personal data fairly and lawfully. This includes all personal data (employees, members, supporters and members of the public) in all areas where personal data is needed to carry out the work of Butterfly Conservation. 


2.  Our Legal Responsibilities 

Who?

  • Although the Chief Executive has the ultimate responsibility for implementing the policy, all employees and Branch volunteers have individual responsibility and an important part to play in implementing and maintaining legal compliance.
  • Therefore responsibility for implementing the policy lies directly with line management from the Chief Executive, Directors and Line Managers through to every employee and Branch volunteer.
  • Every Line Manager and Branch Chair are responsible for implementing and monitoring the policy in their area of activity.
  • Every employee and Branch volunteer must adhere to the policy and co-operate with their colleagues to achieve high standards of legal compliance and best practice.
  • The organisation and arrangements to support implementation of the policy are described in Section 4 below.

 

3.  Our Objective 

What?

Butterfly Conservation (including both collectively and individually its Trustees and Directors) is responsible for:

  • Promoting data protection compliance within the Organisation.
  • Ensuring all Council decisions reflect Butterfly Conservation’s data protection intentions as described in the Data Protection Policy Statement.
  • Encouraging the active promotion to employees of best practice.
  • Ensuring the Trustees are kept informed of any data protection risk management issues.

To ensure all activities involving the collection, processing and storage of personal data are carried out in compliance with current legislation, regulations and best practice. 

To achieve this Butterfly Conservation will: 

  • Provide the necessary information, instruction, training and supervision to all staff responsible for handling personal data. 
  • Make sure that all new staff and Branch volunteers are aware of the Butterfly Conservation’s Data Protection Policy and the procedures necessary to carry out their work. 
  • Promote awareness of data protection matters to staff and advise of changes to the legislation and procedures.
  • Provide specialist support to Line Managers and Branches on data protection matters.
  • Maintain Butterfly Conservation’s notification with the Information Commission’s Register for Data Controllers.
  • Keep the policy under review and amend practice guidelines when necessary.
  • Monitor the implementation of the data protection policy.
  • Carry out compliance audits. 

 

4.  Organisation and arrangements for implementing the policy 

To support Trustees, Directors, staff and Branch volunteers in fulfilling this objective, Butterfly Conservation has nominated the Deputy Chief Executive as Data Protection Officer for Butterfly Conservation.  The Data Protection Officer is responsible, in particular, for monitoring, assisting and ensuring: 

  • Butterfly Conservation is lawfully registered as a data controller under the requirements of the Data Protection Act 1998 and subsequent legislation.
  • Butterfly Conservation’s Data Protection Policy is reviewed periodically and its effectiveness monitored, with any necessary changes to be recommended to the Trustees.
  • That data protection matters raised by employees, Branch volunteers, members of Butterfly Conservation and the general public are dealt with promptly and efficiently.
  • That new non-data protection legislation is assessed for its impact on Butterfly Conservation’s work and procedures (eg law and regulations relating to electronic communications and freedom of information).
  • The development of new procedures, guidelines and codes of practice where appropriate in consultation with Line Managers.
  • There is consultation, agreement and dissemination of information on best practice.
  • That data audits are carried out as appropriate. 

However, it must be remembered that the Data Protection Officer is a support role.  It is therefore the responsibility of all Line Managers and Branch Chairs to assess the skills and knowledge required by themselves and their staff and volunteers and to identify training needs to enable them to comply with data protection requirements. 

Where instruction and training, over and above a basic level, is required by staff and Branches, this may be provided either in-house or by specialist third-parties.  Such training needs are to be agreed with the Data Protection Officer so that the benefits may be shared throughout the organisation.