Data Protection Policy

Purpose of this policy 

Healthwatch Sutton recognises the role it has to protect the rights, freedoms and privacy of the people who share personal data with it. This policy applies to all staff, directors and volunteers of Healthwatch Sutton. 

Healthwatch Sutton collects and uses personal data, including sensitive personal data, which means it is responsible for complying with the Data Protection Act 2018 (DPA) and the General Data Protection Regulation (GDPR). 

Healthwatch Sutton is an Information and Commissioning Office (ICO) registered organisation, and follows the ICO framework. 

The aim of this policy is to assist and inform the staff, directors and volunteers of Healthwatch Sutton to comply with the requirement of the DPA 2018 and GDPR, to minimise any risks to Healthwatch Sutton and its data subjects, and to provide clear good practice guidelines for all involved. 

It sets out what Healthwatch Sutton will do, what is expected of staff, directors and volunteers. It must be fully understood and adopted by all staff, directors and volunteers.