Mind Professionals
1 Stow Court
Stow Road, Stow-Cum-Quy
Cambridge CB25 9AS
T: +44 [0]1223 813838
F: +44 [0]1223 812046
E: enquiries@mindprofessionals.com
This Data Protection Policy is the overarching policy for data security and protection for Mind Professionals Limited (hereafter referred to as “us”, “we”, or “our”).
The purpose of the Data Protection Policy is to support the 7 Caldicott Principles, the 10 Data Security Standards, the General Data Protection Regulation (2016), the Data Protection Act (2018), the common law duty of confidentiality and all other relevant national legislation. We recognise data protection as a fundamental right and embrace the principles of data protection by design and by default.
This policy covers
We shall implement appropriate organisational and technical measures to uphold the principles outlined above. We will integrate necessary safeguards to any data processing to meet regulatory requirements and to protect individual’s data rights. This implementation will consider the nature, scope, purpose and context of any processing and the risks to the rights and freedoms of individuals caused by the processing.
We shall uphold the principles of data protection by design and by default from the beginning of any data processing and during the planning and implementation of any new data process.
Prior to starting any new data processing, if appropriate, we will assess whether we should complete a Data Protection Impact Assessment (DPIA) using the ICO’s screening checklist: https://ico.org.uk/for-organisations/guide-to-data-protection/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-impact-assessments/.
All new systems used for data processing will have data protection built in from the beginning of the system change.
All existing data processing has been recorded on our Record of Processing Activities. Each process has been risk assessed and is reviewed annually.
We ensure that, by default, personal data is only processed when necessary for specific purposes and that individuals are therefore protected against privacy risks.
In all processing of personal data, we use the least amount of identifiable data necessary to complete the work it is required for and we only keep the information for as long as it is required for the purposes of processing or any other legal requirement to retain it.
Where possible, we will use pseudonymised data to protect the privacy and confidentiality of our staff and those we support.
Our designated Data Systems Manager is Catherine Jenkins. The key responsibilities of the lead are:
Our Senior Information Risk Owner (SIRO) is Ash Bavalia. The key responsibilities of the SIRO are: