Data Protection Policy – The Association of Independent Festivals ltd (AIF).

This is the statement of general policy arrangements for AIF. The organisation is committed to ensuring that all personal information in its possession is processed fairly and lawfully with all due regard to current data protection legislation in force in the United Kingdom. The organisation recognises that it is a Data Controller as defined in legislation and takes the responsibilities of this role seriously.

Data Protection Officer

Having reviewed the nature and scope of the information held by the organisation, the board of directors have decided not to designate a Data Protection Officer in accordance with Article 37 of the EU General Data Protection Regulation (EU2016/679). Overall responsibility for data protection rests with the CEO and board of directors.

Roles and Responsibilities

Everyone in the organisation is responsible for ensuring that their own work practices are compliant with the relevant policies and procedures regarding data protection and for promptly reporting any potential breeches of data protection to the incident response team. Failure to do so may result in disciplinary action as well as personal liability.

The members of the incident response team are: Paul Reed and 24-hour contact details can be found in the incident reporting procedure.

The following table sets out the key responsibilities under this policy and the people responsible for each.

Responsibility Name(s) Title(s)
Overall responsibility for data protection CEO: Paul Reed. Directors: A full current list can be found at www.aiforg.com CEO and Board of Directors
Day-to-day responsibility for ensuring policy is put into practice Paul Reed CEO
Responsible for the physical security of locations and devices containing personal information Paul Reed CEO
Responsible for the cyber security of computer systems containing personal information Paul Reed CEO
Maintaining a register of personal information processed by the organisation Paul Reed CEO
Ensuring that any information processing is in accordance with the legal basis and the data protection principles Paul Reed CEO
Ensuring that appropriate impact assessments are carried out and the results of those
assessments are put into practice
Paul Reed CEO
Ensuring that appropriate policies and procedures are in place and that staff are given training and guidance in order to be competent in doing their work Paul Reed CEO
Ensuring that data subjects are informed about processing through privacy notices and other means Paul Reed CEO
Ensuring that contracts include data protection clauses where relevant Paul Reed CEO
Ensuring that any personal information exported to a non-EU country is subject to appropriate legal safeguards Paul Reed CEO
Ensuring that data subject requests are dealt with appropriately and in a timely manner Paul Reed CEO
Ensuring that data breech incidents are dealt with appropriately and in a timely manner Paul Reed CEO
Ensuring that business continuity arrangements protect the confidentiality, integrity and availability of personal information even during a crisis. Paul Reed CEO
Sign-off and Review

This policy was agreed by the board of directors on 24.08.18 and will be reviewed at least
annually.
Signed by: Paul Reed

CONTACT

If your information changes, or you have any comments, queries and requests relating to our use of your information please contact us at info@aiforg.com.