Data Protection Policy

Introduction

The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of The International Bureau for Epilepsy [IBE]. This includes obligations in dealing with personal data, in order to ensure that the organisation complies with the requirements of the relevant EU legislation, namely the General Data Protection Regulation (GDPR) (EU) 2016/679.

Rationale

IBE must comply with the Data Protection principles set out in the relevant legislation. This Policy applies to all Personal Data collected, processed and stored by IBE in relation to its staff, service providers, members and clients in the course of its activities. All are treated equally under this Policy.

Scope

The policy covers both personal and sensitive personal data held in relation to data subjects by IBE. The policy applies equally to personal data held in manual and automated form.

All Personal and Sensitive Personal Data will be treated with equal care by IBE. Both categories will be equally referred-to as Personal Data in this policy, unless specifically stated otherwise.

This policy should be read in conjunction with the associated Subject Access Request procedure, the Data Retention and Destruction Policy, the Data Retention Periods List and the Data Loss Notification procedure.

IBE as a Data Controller

In the course of its daily organisational activities, IBE acquires, processes and stores personal data in relation to:

  • Employees/Contractors of IBE
  • Members of IBE
  • Sponsors/Partners of IBE
  • Third party service providers engaged by IBE

In accordance with EU Data Protection legislation, this data must be acquired and managed fairly. Not all staff members will be expected to be experts in Data Protection legislation. However, IBE is committed to ensuring that its staff have sufficient awareness of the legislation in order to be able to