The Royal Commission undertakes to comply with the Data Protection Act 1998, in relation to the collection, processing and disclosure of personal information, as defined by the Act, and is committed to following its eight principles of good practice. Personal data held by the Royal Commission will therefore be:
Accordingly, the Royal Commission, where possible, will always try to seek data subjects’ permission when compiling personal information and inform them of its uses. It will only collect such personal information as is required for the proper discharge of its duties, and will keep this information only for as long as it is needed. Such information will be used only for the purposes for which it was collected, be processed with due regard for data subjects’ rights, and be protected by the necessary levels of security.
The Royal Commission will ensure that its staff are aware of their responsibilities under the Data Protection Act, and will provide them with the necessary advice, guidance and training in handling personal data.
The Royal Commission will comply with subject access requests, as set out by the Act, to the best of its abilities, and will include provisions for dealing with such requests as part of its public enquiries service.
The Royal Commission undertakes to notify the Information Commissioner’s Office of any sets of personal data that it may hold, for inclusion on the Data Protection Register. It will renew its entries annually, and make any necessary additions or changes.
Mae’r polisi hwn hefyd ar gael yn y Gymraeg | This policy is also available in Welsh.
|This document is available under the Open Government Licence.|