The Royal Commission undertakes to comply with the General Data Protection Regulation (GDPR) in the collection, processing and transfer of personal information, and is committed to following good practice. Personal data held by the Royal Commission will therefore be:
• Fairly and lawfully processed.
• Processed for limited purposes and not in any manner incompatible with those purposes.
• Adequate, relevant and not excessive.
• Accurate.
• Not kept for longer than is necessary.
• Processed in line with the data subject’s rights.
• Secure.
• Not transferred to countries without adequate protection.
Accordingly, the Royal Commission will always establish a legal basis for compiling personal information and clearly inform the public, in a Privacy Notice, of:
• What personal data we control and process.
• Why we require such data.
• How and where this data is processed and stored, and to whom any transfers are made.
• How long we retain the data and why.
It will only collect such personal information as is required for the proper discharge of its public duties, and will keep this information only for as long as it is needed. Such information will be used only for the purposes for which it was collected, be processed with due regard for data subjects’ rights, and be protected by the necessary levels of security.
The Royal Commission will ensure that its staff are aware of their responsibilities under GDPR, and will provide them with the necessary advice, guidance and training in handling personal data.
The Royal Commission will comply with subject access requests to the best of its abilities, and will make clear the rights of data subjects in this regard, and in requesting correction or deletion of their personal data, in its public Privacy Notice. The Privacy Notice will name the Data Protection Officer and provide contact details.
The Royal Commission undertakes to notify the Information Commissioner’s Office of any of its own breaches of the Regulation, in accordance with GDPR.
To download this document as a PDF, click here: Data Protection Policy
Mae’r polisi hwn hefyd ar gael yn y Gymraeg | This policy is also available in Welsh.
![]() |
This document is available under the Open Government Licence. |