Data Protection Policy


Data Protection Act 1998

The Data Protection Act 1998 took effect on 1 March 2000, and supersedes the Data Protection Act 1984.  The Act protects a data subject (any individual on whom data is held) from unlawful processing of data, and gives right of access to that data.

Under the new Act, essentially all aspects of handling data qualify as processing. Any data user involved, for example, in the collection, storage, retrieval, alteration, destruction or erasure of data will need to work within the requirements of the Act.  In addition, the definition of data is no longer restricted to automatically processed information but also includes manual records.

The MSE Charity is registered with the Information Commissioner as a Data Controller, Registration Number Z1348547


The MSE Charity Policy

 1.     THE MSE CHARITY recognises the public’s and voluntary/community sector’s expectation that their personal information will be handled          in accordance with the law.

 2.     THE MSE CHARITY regards the lawful and correct treatment of personal information as important to successful operations and to                     maintaining the confidence of those people it deals with.

 3.     THE MSE CHARITY fully endorses and will adhere to the eight principles of the Data Protection Act 1998. 

 4.     You should familiarise yourself with Codes of Practise and Operating Guidelines relevant to you and implement them.

 5.      Breaking data protection law can lead to prosecution and/or dismissal

 6.      Data Protection Responsibilities for all Volunteers & Employees of the MSE Charity

    • DO treat personal data with care
    • DO check identities of people by either asking a question that only a bone-fide caller would know before disclosing information by phone
    • DO check there is a need to know basis before disclosing to colleagues
    • DO use confidential waste to dispose of paper documents containing personal data for example post a GAP meeting please destroy/shred printed documents.
    • DO ensure other people cannot see personal data on your computer system or the documents you are using if they have no need to
    • DO not leave personal data on your desk when you are not there
    • DO make sure you have adequate secure storage for documents
    • DO use passwords to protect the data on your computer system and don’t share your login and password
    • ONLY use personal data for the purpose it was collected   
    • ONLY disclose personal data to those people who have a right and a need to know
    • ONLY disclose personal data to authorised third parties
    • If You Are In Any Doubt, Don’t Disclose, Seek Advice       
Equality & Diversity

We aim to be an organisation that values, recognises and responds to the diverse needs of members and those we serve. We adhere to the Equality Act 2010 and will not discriminate against any person or other organisation with particular reference to the protected characteristics

Policy Review

The Operations Manager, with adequate consultation of the Board of Trustees, will regularly review the operation of this policy. We are working towards being compliant with the EU General Data Protection Regulation 2018 (GDPR) before April 2018.  


If you have any questions about this Data Protection Policy, or our treatment of your personal data please contact the Operations Manager via email, or in writing at the Correspondence Address 38 Elm Grove Lane, Norwich, NR3 3LF.