Data Protection Statement
Young Epilepsy endeavours to meet the highest standards when collecting and using personal information. We are are committed to upholding the standards and regulations embodied in the Data Protection Act 2018 (DPA 2018) and the General Data Protection Regulation (GDPR). Personal data will therefore at all times be
- Processed lawfully, fairly and in a transparent manner;
- Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date;
- Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; and Processed in a manner that ensures appropriate security.
Young Epilepsy will furthermore:
- Be responsible for, and be able to demonstrate compliance with the DPA 2018 and the GDPR.
The information we hold on you will be kept in a confidential manner with limited access, in accordance with the Data Protection Act 2018 and the General Data Protection Regulation.
We are committed to ensuring that personal data is secure. In order to prevent unauthorised access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect.
If information is to be sent overseas then this will be done in accordance with the Data Protection Act 2018 and the General Data Protection Regulation and under the guidance of the Data Protection Officer and the IT department. The manner in which this will occur will be discussed with you prior to information being sent overseas.
Young Epilepsy is registered with the Information Commissioner’s Office under our legal name of the National Centre for Young People with Epilepsy. Our registration number is Z5611618.
Caldicott Principles statement
At Young Epilepsy we apply the Caldicott Principles, so that every flow of person identifiable information is regularly justified and routinely tested against the principles developed in the Caldicott Report.
- Principle 1 - Justify the purpose(s) for using confidential information
- Principle 2 - Only use it when absolutely necessary
- Principle 3 - Use the minimum that is required
- Principle 4 - Access should be on a strict need-to-know basis
- Principle 5 - Everyone must understand his or her responsibilities
- Principle 6 - Understand and comply with the law
- Principle 7 - The duty to share information can be as important as the duty to protect patient confidentiality