< Back

Data Management

Do you collect, process, handle, manage or control data in your charity? Get specialist advice. And think insurance!

If you hold and process information about your clients, employees or suppliers, you are legally obliged to protect that information.

Under the Data Protection Act, you must:

  • Only collect information that you need for a specific purpose
  • Keep it secure
  • Ensure it is relevant and up to date
  • Only hold as much as you need, and only for as long as you need it
  • Allow the subject of the information to see it on request

Data means information which:

  • Can be processed by means of equipment operating automatically, or is recorded with the intention that it should be processed by means of such equipment
  • Is recorded as records relating to individuals and held in a sufficiently systematic, structured way as to allow ready access to specific information about those individuals
  • Otherwise forms part of an accessible record

You must comply with the Act from the moment you obtain the data until the data has been returned, deleted or destroyed. Your duties extend to the way you dispose of personal data when you no longer need to keep it – you must dispose of the data securely.

The Privacy and Electronic Communications Regulations apply to unsolicited marketing messages sent electronically such as by telephone, fax, email and text, and include rules about using calling-line identification, cookies and directories.

Hot Tips:

Check and Record…

  • Have you taken adequate professional advice?
  • Have you fully documented agreed procedures?
  • Do you regularly audit your systems and processes to ensure compliance?
  • Have you carried out adequate training?
  • Do you have procedures in place for Subject Access Requests and complaints?

Keep records!

Evaluate whether those that collect, process, handle or manage data at work require additional training to carry out their duties in a compliant manner and in your best interests
The Information Commissioners Office has a Toolkit which may help.

Communicate policy on…

  • What your organisation agrees as its own definition of Personal Data
  • Your agreed procedures for collecting, processing, handling, managing or controlling Personal Data
  • Your agreed procedures for complaints

Don’t forget…

  • Check your insurance policies
  • Talk to your specialist insurance advisor if you have any doubts about the intent of your policies

Share this Support Article

Is something wrong, missing or needs updating?
Let us know.

Except where otherwise noted, CaSE Insurance licenses the content in the Risk & Insurance Library under the Attribution-NonCommercial-ShareAlike 4.0 International licence. All content in the Risk & Insurance Library is intended purely as introductory information on the subject matter, and does not provide you with information on risk management or insurance or advice (whether legal or financial) on which you should rely. You should always seek professional advice specific to your requirements.