The General Data Protection Regulation (GDPR) was brought into legislation on the 25th May 2018. GDPR greatly increases the National Suicide Research Foundations (NSRF) legal obligations regarding how we collect and store personal information. Personal information refers to any information where a person can be identified e.g. Name, address, date of birth etc. The NSRF is committed to protecting the rights and privacy of individuals in accordance with GDPR and the Data Protection Act 2018.
The NSRF’s obligations under the GDPR are as follows;
- Obtain and process all personal information fairly and in a transparent manner.
- Keep any personal information only for the one or more specified and lawful purpose(s).
- Process personal information only in ways compatible with the purposes for which it was given.
- Keep / store all personal information safe and secure.
- Keep all personal information accurate and up to date.
- Ensure personal information collected is adequate, relevant and not excessive.
- Retain personal information no longer than is necessary for the specified purpose or purposes.
- Give a copy of his/her personal data to that individual, upon request.
Data Subject Access Request
Under GDPR, an individual has a right to obtain a copy, clearly explained, of any information relating to them kept on computer or in a structured filing system, by any person or organisation. This is called a Data Subject Access Request. You can make a Data Subject Access Request to the NSRF by emailing firstname.lastname@example.org. We may ask for details which would help us to identify you and to locate all the information we may keep about you, for example, address or date of birth.
Please send any general GDPR-related queries to email@example.com