As a collector and processor of data formerly based in the European Union, FONASBA was required to comply with provisions of the General Data Protection Regulation (GDPR) (EU) 2016/679. FONASBA therefore developed a series of policies to provide information about its actions in respect of the collection of personal and other data for use in connection with its legitimate business interests as an international membership organisation.
Despite the departure of the UK from the European Union and the end of the transition period on 30th November 2020, the GDPR is currently retained in UK domestic law but the framework is under review. The ‘UK GDPR’ sits alongside an amended version of the Data Protection Act 2018.
Until such time as UK data protection diverges from provisions of the GDPR, the key principles, rights and obligations remain the same. and therefore the policies below remain in force until further notice.
Those policies comprise a summary Data Collection and Processing Assessment and individual policies covering the main data collection and processing activities undertaken by the Federation at the end of April 2018. A policy setting out the actions to be taken in the event of a data breach has also been established. Each individual policy can be downloaded by clicking on the link in its title below.
A policy covering the collection and processing of data in respect of employees of FONASBA has also been developed.
These policies will be reviewed when there are changes in legislation, case law, good practice or when changes are deemed necessary as a consequence of their application.