Data Protection policy for the Sale Photographic Society – 2017

Aims of this Policy

Sale Photography Society (hereafter called SPS) needs to keep certain information regarding its general and committee members to carry out its day to day operations, to meet its objectives and to comply with legal obligations.

The organisation is committed to ensuring any personal data will be dealt with in line with the Data Protection Act (DPA) 1998. To comply with the law, personal information will be collected and used fairly, stored safely and not disclosed to any other person unlawfully.

The aim of this policy is to ensure that everyone handling personal data is fully aware of the requirements and legislation in accordance with the data protection procedures. This document also highlights key data protection procedures within the organisation.

This policy covers all committee members and the general membership who need access to any formal databases.


In line with the Data Protection Act 1998 principles, SPS will ensure that personal data will:  Be obtained fairly and lawfully and shall not be processed unless certain conditions are met

The definition of ‘Processing’ is obtaining, using, holding, amending, disclosing, destroying and deleting personal data. This includes some paper based personal data as well as that kept on computers or used by any remote application.

The Personal Data Guardianship Code suggests five key principles of good data governance on which best practice is based. The organisation will seek to abide by this code in relation to all the personal data it processes, i.e.

Type of information processed

SPS processes the following personal information:

Personal information is kept in the following forms:

Groups of officers within the organisation who will process personal information are:


Under the Data Protection Guardianship Code, overall responsibility for personal data in a not for profit organisation rests with the governing body. In the case of Sale Photographic Society, this is the committee members.

The governing body delegates tasks to the ‘Data Controller’ who will be nominated by the committee. The Data Controller is responsible for:

The Sale Photographic Society secretary and main competitions secretary who process personal information must ensure they not only understand but also act in line with this policy and the data protection principles.

Breach of this policy will result in suspension of the member and they will be brought before the next committee meeting to account for their actions

Policy Implementation

To meet our responsibilities the committee members will:

We will ensure that:


Training and awareness raising about the Data Protection Act and how it is followed in this organisation will take the following forms:

On appointment to the committee, a copy of this document will be shared with the member together with a verbal overview of the Data Protection Act

Gathering and checking information

Before personal information is collected, we will consider:

We will inform people whose information is gathered about the following

We will take the following measures to ensure that personal information kept is accurate

Personal sensitive information will not be used apart from the exact purpose for which permission was given.

Data Security

SPS will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure. The following measures will be taken:

Subject Access Requests

Anyone whose personal information we process has the right to know:

They also have the right to prevent processing of their personal data in some circumstances and the right to correct, rectify, block or erase information regarded as wrong.

Individuals have a right under the Act to access certain personal data being kept about them on computer and certain files. Any person wishing to exercise this right should apply in writing to the appointed Data Controller

Queries about handling personal information will be dealt with swiftly and politely.

We will aim to comply with requests for access to personal information as soon as possible, but will ensure it is provided within the 40 days required by the Act from receiving the written request.


This policy will be reviewed at intervals of two years to ensure it remains up to date and compliant with the law.


I confirm I have read and understood SPS’s Data Protection Policy and will act in accordance with it and I have initialled each page.

I am connected with this organisation in my capacity as a



Print name:


Please return this form to the appointed Data Controller