Wythenshawe Community Housing Group Statement of Assurance

The law regarding data protection is changing and from 25 May 2018 all organisations processing1 personal information2 will need to comply with the provisions of the General Data Protection Regulation (GDPR) when doing so.
The new law requires Wythenshawe Community Housing Group, as both a Data Controller and a Data Processor, to ensure that we process personal data in line with the law. We take this opportunity to set out below the main areas of law which impact us as a Data Processor acting on your behalf, and how we are addressing each area.

WCHG will:

I. Act only on instructions from you (unless otherwise required by law).
II. Ensure any processing of personal information is only that set out in the contract / written instruction (the contract should describe the subject matter and duration of the processing, the nature and purposes of the processing, types of personal information and categories of individuals).
III. Either delete or return all personal information when the contract ends.
IV. Employ persons who are committed to confidentiality or are under a legal obligation of confidentiality.
V. Ensure that we take appropriate security measures.
VI. Only subcontract with the prior permission of the Data Controller.
VII. Assist Data Controllers to meet their obligations under the GDPR.

Specifically, WCHG:

 Are training all staff in data protection and information handling, including induction and refresher training.
 Have appointed a Data Protection Officer.
 Have implemented data protection policies and procedures, which are regularly reviewed and are already GDPR compliant.
 Regularly carry out data protection and cyber security audits.
 Have achieved Cyber Essentials certification and are working towards ISO 27001 compliance.

If you have any further questions, please contact your usual WCHG contact or information.management@wchg.org.uk.

1 Processing – Any use of information is classed as processing, including, obtaining, recording, holding, adapting, altering, retrieving, disclosure, transmission, dissemination, alignment, combining and erasure.
2 Personal information – Any information relating to a living individual who can be identified by the information directly or indirectly by combining it with other information.