Cura Care recognises its statutory duty to comply with all relevant legislation and the duties and obligations resulting from them. The purpose of our Data Protection Policy is to support the 7 Caldicott Principles, the 10 Data Security Standards, the General Data Protection Regulation (2016) and the Data Protection Act (2018)
We recognise data protection as a fundamental right and embrace the principles of data protection by design and by default.
Cura Care is committed to the protection of its employees and others, including members of the public, from harm or loss resulting the activities and undertakings of Cura Care. Adequate resources will be made available to ensure the success of our policy.
The purpose of our policy is to enable Cura Care to:
- Comply with the law in respect of the data it holds about individuals
- Follow good practice
- Protect the “rights and freedoms” of our stakeholders and any other individuals whose information Cura Care collects and processes in accordance with the General Data Protection Regulation (GDPR)
- Protect the organisation from the consequences of a breach of its responsibilities
Cura Care will:
- Comply with both the law and good practice
- Respect individuals’ rights
- Be open and honest with individuals whose data is held
- Provide training and support for staff and volunteers who handle personal data, so they can act confidently and consistently
Cura Care recognises that its first priority under the GDPR is to avoid causing harm to individuals. In the main this means that personal data must be:
- Kept securely in the right hands
- Processed lawfully, fairly and transparently
- Collected for specific, explicit and legitimate purposes
- Adequate and kept up to date with every effort to erase or rectify without delay
- Kept in a form such that the data subject can be identified only as long as is necessary for processing
- Processed in a manner that ensures the appropriate security