Campaign for Accountable Skilled Trades (CAST)

Author: admin

  • The Shortcuts

    If you only want to focus on the most critical things we regret not doing, or if you have a small maintenance job, click on the below links:

    *Our Survey results show that most rogues are found through recommendations. Do your proper checks on them too.

    If you are using hard earned savings or taking on debt to pay for your project you need to do this:

    • Get the kettle on, grab some biscuits (the nice ones)
    • Get a notebook and pen
    • Sit down
    • Read EVERYTHING in Prevention and make a plan.
      • Yes, it’s a lot.
      • Yes, we do mean it. If you are taking your house apart it is a MASSIVE project that has a whole industry around it.
      • Learn from our failures: CAST’s Prevention pages could save you tens of thousands, your mental health, your marriage and even having a roof over your head.

    If you get stuck, want to ask questions – or even flag a typo – join us on our Facebook Group.

    Back to Prevention Page & Main Menu

  • Compliance & Best Practice

    This section is split into aspects you must do (Compliance) and items you should do (Best Practice) for your sanity as well as everyone else’s.

    Compliance

    Best Practice

    Planning permission

    When making a major change (ie: extension, conversion)

    Check with your local council’s planning portal what they require. You will need to submit architectural drawings as part of your application and there is a cost to seek approval.

    Top Tip

    Check if you live in a Conservation Area, this could impact your plans.

    You may not need an architect but an architectural technician. They are as competent but tend to be lower cost. Check if they have submitted planning applications before, this is a useful route as they will have experience of getting plans passed.

    Resources

    Back to Top

    Building Regulations

    Building Regulations Approval

    Definitely when impacting structural integrity (ie: roof replacement, wall removal) typically for smaller jobs (ie: windows).

    Check with your local council’s planning portal.

    NOTE: This section is in review with our contact Building Control expert to ensure this complex new law is explained effectively.

    There is a new Building Safety law meaning you are responsible for this area. We have written an article on the critical aspects of what you, and your tradesperson, needs to do (see Resources for this section)

    Top Tip

    You can apply yourself OR use a Registered Building Control Approvers (RBCA); they must have completed their registration with the Building Safety Regulator (BSR) before 06th April 2024 to meet new laws. If your builder provides an approved Inspector, check they are registered.

    If you are completing any work that requires building control (or certification sign off) get them to sign a document that they understand the new law and their responsibilities as the legally responsible person for defects that appear even years after the work is complete.

    If they don’t sign they may not be aware of the new law and how it applies to them but it also may help sort the wheat from the chaff.

    Resources

    Back to Top

    Leaseholders

    In addition to needing other permissions, check your lease to understand the process to make changes which is likely to include informing the freeholder/landlord and obtaining their consent.

    Back to Top

    Listed Building Control (LBC) Approval

    If you live in a listed building you have a legal requirement to seek LBC Approval. Applications are typically made through your Council’s Planning Portal and can typically have an impact on your plans, timescale and costs.

    Listing normally protects the entire building both inside and out and any structures which are either attached to the building (including modern extensions) or fall within its curtilage. It sometimes includes garden walls, outbuildings and even statuary within the garden.

    Top Tip

    If you start work without permission you can receive an enforcement order to replace the property as it was before the work started within a specified timescale.

    If you carry out smaller internal changes without permission you may be unable to sell your home as conveyancers will require copies of the LBC approval.

    Resources

    Back to Top

    Party Wall Agreement

    Legally required if you are working on:

    • A shared wall between a semi or terraced house
    • A floor between flats
    • Cutting into a party wall in full or part ie: inserting an RSJ due to an internal wall removal

    Party Wall: Surveyors

    You will need to appoint a surveyor if:

    • The neighbours do not respond within 14 days
    • You and the neighbours cannot agree on the works
    • You are building a wall or structure on the boundary line
    • Excavating within 3 metres of someone else’s foundation

    Typically you will need to cover your neighbours surveyor costs. Costs can be kept down (and time reduced) if you can agree on the same surveyor.

    Top Tips

    Get this resolved before starting any work.

    Do not start work without an agreement in place. This is a legal requirement and can get very expensive.

    Use a Chartered Surveyor as qualified by the Royal Institute of Chartered Surveyors (RICS).  They have a rigorous process and requirements for entry and sustained membership.

    Resources

    Back to Top

    Insurance

    NOTE: This section has been reviewed and edited by the Association of British Insurers.

    Before you start work, speak to your insurer or broker to understand any implications for your insurance cover and so they can be aware of any significant changes.

    Renovating your home increases the risk of damage or loss, so your insurance provider needs to price your home insurance accordingly.

    If works are relatively minor, your current policy might cover you – but it’s always best to check.

    The majority of standard home insurance policies will not allow for major or structural renovation work so extra cover may be required.

    Inform your insurer or broker of your plans

    • Inform them of what changes to your property you are planning and ask them what details you need to provide and how any changes might impact your home insurance.
    • If you are carrying out the work yourself, ask them if there are any implications if things don’t go as planned. Importantly, do not attempt to cut costs by doing DIY jobs you’re not qualified to do.
    • Ask if there is any cover provided for third party contractors coming into your home.  Things like if a contractor has an accident that causes an injury in your home, or accidental damage caused by tradespeople.
    • Ask if the works uncover a situation that requires you to move out, what is provided for under your home insurance.
    • If you will need to move out of your property during the work then you must let your insurer know.  Check that your cover will continue for the period you plan to be out of your property and make sure you speak to your insurer if you may be breaching any limits for time out of your property.
    • If the work is likely to lead to an increase in the rebuild cost of your home e.g. an extension or extra bedroom, then make sure you inform your insurer/broker of this.

    Providing information before starting any major works

    Depending on the nature and extent of the works, you may be asked to provide some more information or documentation.  Make sure that you do this before carrying out any work. 

    Ask your insurer or broker what they require, but this might include:

    • Details of any contractors you are using
    • Plans for the works being undertaken (if they are significant).
    • Expected costs and duration of the works.
    • Approved planning permission for any works.

    Plans inevitably change along the way during a renovation project. Just make sure you keep your insurer informed and retain copies of all communication in your files, and update your project diary.

    Top Tip

    If you do not tell your insurer that your home is undergoing renovation, your policy might become invalid in the event of a claim.  In particular anything that causes essential services or the structural integrity of your building to be impacted.  If in doubt, speak to your insurer or broker. 

    Examples of works that you should speak to your insurer about before going ahead:

    • Adding an extension
    • Removing a load-bearing wall
    • Converting a loft or garage
    • Fitting a new roof
    • Installing new windows
    • Making changes to the wiring or plumbing
    • Installing new cladding

    Insurers will take different approaches to these types of risk.  You may be able to get some expanded cover to cover the works and different insurers may want different information from you. 

    You may also need to source some extra cover yourself depending on the type of work you are undertaking, for example, legal expenses cover which can cover expenses resulting from taking legal action against another party – such as a builder for shoddy work. It can also protect you if legal action is taken against you. If you feel you need additional cover for separate risks speak to an insurance broker

    Remember as well to check that any contractors you use are adequately insured for public liability and professional liability.

    Resources

    Back to Top

    ——————————————————————————-

    Best Practice

    This section relates to Best Practice on being a good customer. For Best Practices in other areas please refer to the appropriate section under Progress Steps. Resolving issues or if the relationship starts to break down see the Resolution Advice section (WIP) or contact us.

    Make Your Mind Up

    Take as long as you need to figure out what you want but once you have completed the scope try not to change your mind. It will increase

    • Costs
    • Time
    • Complexity for contract management
      • If changes are not effectively costed and managed, this can lead to strained relationships between you and your tradesperson.
      • Other trades having to come back 

    It may also cause finished work to be undone and re-done which will be expensive and time consuming. 

    If you must change your mind:

    • First, ask your tradesperson “What impact would it have to…..”. 
    • They should be able to let you know costs and time scale impacts. 
    • You can then make decision on is it really necessary?  Or is it too expensive this far down the road. 
    • Bear in mind this will also cause a knock on effect to the timing of the tradesperson’s next project. .

    There WILL be times when the tradesperson needs you to make a change. 

    • This is typically because they have found something that needs a solution. 
    • The solution typically has costs and time scale impact you need to be aware of and agree on. 

    For both scenarios, you need to manage Scope Changes to ensure communication on timing, costs and expectations are crystal clear for all parties.

    Top Tips

    You will have months before you start to define what you want. Deciding mid-project on a change will be painful. Get your requirements sorted very early.

    Remember you have spent a lot of time and effort finding someone you feel you can trust, ask them for their expertise on what you are wanting to do.

    These conversations are important to note in your diary, as well as updating all paperwork.

    Resources

    CAST Section: Managing Scope Creep

    Back to Top

    Communicate!

    On the initial meeting provide a clear, concise verbal and simplified introduction to the scope of work, flagging key elements, for example:

    • The builder sources and appoints the required, competent trades to complete the project) brief and have the written, detailed scope ready to hand to them
    • Timescales (but never your budget!)

    Concerns:

    If you see or hear something that concerns you, first seek to understand. Ask them about it in a neutral, open way so you can hear and listen to their views.  Example: “Could you help me understand…”

    Always raise a concern when you first spot it. If there is an error it is better fixed early. Don’t leave it so late that making good a mistake becomes a huge and costly job or till the end of the project. Your chance happens now, not later.

    Back to Top

    Respect the Expert

    You hired an expert for a reason. Respect their expertise. Ask their advice, be open to listening, focus on creating a dialogue to find a solution that works for you all.

    Don’t tell them how to do their job. It’s doesn’t hurt to drop in some key verbiage to show that you have a good understanding but don’t be ‘that’ person who stands there and tells them what to do, where they can save you money/themselves time. 

    There is a fine line between their not wanting to do a job a specific way and Tradesmen tend not to state that this is due to their experience, timescales, preference. So decide if something really is that import to you and if it is, find the right tradesperson who can meet that need. It’s going to be a difficult project if you or the tradesperson feel forced into a situation.

    Back to Top

    Keep Good Records

    It is good practice to keep up to date records and filing.

    It can be in any form, a hardcopy folder or online and should contain:

    • Record conversations with whom, about what, (dis)agreements, decisions, instructions on the date they occur.
    • Record promised dates for tasks and activities provided by the tradesperson.
    • Record no-shows, partial days, weather conditions (ie: January weather is not the best for pouring foundations. If there is a delay for this reason this is reasonable; no foundations on a dry summer day is questionable)
    • Record payments, the exact amount, how it was paid, to whom and for what. If you are charged a day of labour for sunny weather but they did not show up, this is grounds for conversation.
    • Screenshot texts as they can be automatically deleted after a period of time.

    Back to Top

    Pay your invoices on time

    This does not include deposits! CAST only recommends paying a deposit on credit card in order to receive protection under the Consumer Protection Act Section 75.

    Your contract will stipulate milestones and list the work to be completed to call a milestone ‘complete’. 

    When the work in the milestone is done, inspect the work, if expert inspections are required (like building control) get them in and obtain their sign offs/approval to proceed. 

    If all is ok promptly pay the amount agreed for that milestone within the agreed timescales, this should be outlined in your contract.

    If all is not ok, discuss the issues with your tradesperson and agree a resolution and timeline.

    Top Tips

    Assume good intent. Ask your tradesperson “Could you help me understand why (insert what you have spotted)”

    ONLY move onto starting the next milestone when the current one is completed to the appropriate standard.

    Back to Top

    Back to Prevention Page & Main Menu

  • GDPR & Data Protection Policy V1.1 – DRAFT

    Index

    1. Legal Definition of two laws
    2. Definitions
    3. Introduction
    4. Data Protection Principles
    5. The Rights of an Individual
    6. Consent
    7. Obtaining Informed Consent
    8. How we Ensure Informed Consent
    9. Disclosure
    10. Use of Files, Books and Paper Records
    11. Disposal of Scrap paper, Printing or Photocopying Overruns
    12. Computers
    13. Direct Marketing
    14. Personnel Records
    15. Confidentiality
    16. Retention of Records
    17. What to do if there is a breach
    18. Powers of the Information Officer
    1. Legal Definition of two laws
    • The GDPR is a European law that sets out how organizations should handle personal data. 
    • The DPA is a UK law that incorporates the GDPR into UK legislation. 
    • The DPA gives individuals rights over their personal data, such as the right to access it. 
    • The DPA requires anyone who processes personal data to comply with the Act’s principles.

    1.1 What does the DPA do? 

    The DPA:

    • Applies to personal data, which is information about individuals
    • Gives individuals the right to access their personal data
    • States that anyone who processes personal data must comply with the Act’s principles

    1.2 What does the GDPR do? 

    The GDPR:

    • Sets out requirements for how organizations should handle personal data
    • Enhances the rights of people whose data is held
    • Gives people more control over what happens to their data

    2. Definitions

    • Processing of information – how information is held and managed.
    • Information Commissioner – formerly known as the Data Protection Commissioner.
    • Notification – formerly known as Registration.
    • Data Subject – used to denote an individual about whom data is held.
    • Data Controller – used to denote the entity with overall responsibility for data collection and management. CAST is the Data Controller for the purposes of the Act.
    • Data Processor – an individual handling or processing data.
    • Personal data – any information which enables a person to be identified.
    • Special categories of personal data – information under the Regulations which requires the individual’s explicit consent for it to be held by the Company.  

    3. Introduction

    • CAST needs to collect data, including some personal information, in order to carry out its work.
    • CAST regards the lawful and correct treatment of personal information as a critical aspect of how the organisation is run.
    • We expect all of our volunteers to comply with GDPR and training will be available accordingly.
    • CAST has undertaken an information audit to find out what data we hold and what we do with it. We have put ourselves in the position of the people we’re collecting information about, and are GDPR compliant, having updated our policies and procedures as required. 


    4. Data Protection Principles

    As data controller, CAST is required to comply with the principles of good information handling.

    • These principles require the Data Controller to:
      • Process personal data fairly, lawfully and in a transparent manner.
      • Obtain personal data only for one or more specified and lawful purposes and to ensure that such data is not processed in a manner that is incompatible with the purpose or purposes for which it was obtained.
      • Ensure that personal data is adequate, relevant and not excessive for the purpose or purposes for which it is held.
      • Ensure that personal data is accurate and, where necessary, kept up-to-date.
      • Ensure that personal data is not kept for any longer than is necessary for the purpose for which it was obtained.
      • Ensure that personal data is kept secure.
      • Ensure that personal data is not transferred to a country outside the European Economic Area unless the country to which it is sent ensures an adequate level of protection for the rights (in relation to the information) of the individuals to whom the personal data relates.

    5. The Rights of an Individual

    • Under the Regulations a Data Subject has the following rights with regard to those who are processing his/her data:
      • The right to be informed
      • The right of access
      • The right to rectification
      • The right to erasure
      • The right to restrict processing
      • The right to data portability
      • The right to object
      • Rights in relation to automated decision making and profiling
      • The right to lodge a complaint with a supervisory authority
    • Personal and special categories of personal data cannot be held without the Data subject’s consent (however, the consequences of not holding it can be explained and a service withheld).
    • Data cannot be used for the purposes of direct marketing of any goods or services if the Data Subject has declined their consent to do so.
    • Data Subjects have a right to have their data erased and to prevent processing in specific circumstances:
      • Where data is no longer necessary in relation to the purpose for which it was originally collected
      • When a Data Subject withdraws consent
      • When a Data Subject objects to the processing and there is no overriding legitimate interest for continuing the processing
      • Personal data was unlawfully processed
    • A Data Subject has a right to restrict processing – where processing is restricted, CAST is permitted to store the personal data but not further process it.  
    • CAST can retain just enough information about the individual to ensure that the restriction is respected in the future.
    • A Data Subject has the ‘right to be forgotten’. Data Subjects can ask, in writing to the Trustees, to see all personal data held on them, including e-mails and computer or paper files.  
    • The Data Processor (CAST) must comply with such requests within 30 days of receipt of the written request.

    6. Consent

    • CAST must record service users’ explicit consent to storing certain information (known as ‘personal data’ or ‘special categories of personal data’) on file.
    • For the purposes of the Regulations, personal and special categories of personal data cover information relating to:
      • The racial or ethnic origin of the Data Subject.
      • His/her political opinions.
      • His/her religious beliefs or other beliefs of a similar nature.
      • Whether he/she is a member of a trade union.
      • His/her physical or mental health or condition.
      • His/her sexual life.
      • The commission or alleged commission by him/her of any offence
      • Online identifiers such as an IP address
      • Name and contact details
      • Genetic and/or biometric data which can be used to identify an individual
    • Special categories of personal information collected by CAST will, in the main, relate to volunteers’ physical and mental health in personnel records.
    • Consent is not required to store information that is not classed as a special category of personal data as long as only accurate data that is necessary for a service to be provided is recorded.
    • CAST will always seek consent where personal or special categories of personal information is to be held. 
    • It should also be noted that where it is not reasonable to obtain consent at the time data is first recorded and the case remains open, retrospective consent should be sought at the earliest appropriate opportunity.

    7. Obtaining Informed Consent

    • Informed consent is when
      • An Individual/Service User clearly understands why their information is needed, who it will be shared with, the possible consequences of them agreeing or refusing the proposed use of the data 
      • And then gives their consent.
    • Consent obtained for one purpose cannot automatically be applied to all uses e.g. where consent has been obtained from a service user in relation to information needed for the provision of that service, separate consent would be required if, for example, direct marketing was to be undertaken.
    • Specific consent for use of any photographs and/or videos taken should be obtained in writing.  Such media could be used for, but not limited to, publicity material, press releases, social media, and website.  Consent should also indicate whether agreement has been given to their name being published in any associated publicity.  
    • If the subject is less than 18 years of age then parental/guardian consent should be sought.
    • Individuals have a right to withdraw consent at any time. 

    8. How we Ensure Informed Consent

    • CAST will ensure that data is collected within the boundaries defined in this policy. This applies to data that is collected in person, or by completing a form.
    • When collecting data, CAST will ensure that the Individual/Service User:
      • Clearly understands why the information is needed 
      • Understands what it will be used for and what the consequences are should the Individual/Service User decide not to give consent to processing
      • As far as reasonably possible, grants explicit written consent for data to be processed
      • Is, as far as reasonably practicable, competent enough to give consent and has given so freely without any duress
      • Has received sufficient information on why their data is needed and how it will be used
    • We provide individuals with the following privacy information:
    • The name and contact details of our organisation.
    • The purposes, lawful basis, and retention periods for personal information, as well as who has access to it and how it is kept.
    • The details of transfers of the personal data to any third countries or international organisations. 

    8.1  Privacy Statement

    • We have a privacy statement on any form requesting personal information. We give individuals information regarding:
      • Why we need the data
      • What we will do with it
      • How it will be stored
      • Who will have access to it
      • The retention period and how and when it will be destroyed when no longer needed
      • How they can withdraw consent
    • We do not obtain personal data from a source other than the individual.
    • We provide information in a way that is concise, transparent, intelligible, easily accessible and we use clear and plain language. 

    9. Disclosure

    • CAST may share some data with other agencies such as the local authority, funding bodies and other voluntary agencies, however all data will be anonymised unless we require consent to share personal information, which we will obtain first, or unless there is a safeguarding issue (please see our separate safeguarding policy).
    • The Individual/Service User will be made aware how and with whom their information will be shared. 
    • There are circumstances where the law allows CAST to disclose data (including sensitive data) without the data subject’s consent.  These are:
      • Carrying out a legal duty or as authorised by the Secretary of State 
      • Protecting vital interests of an Individual/Service User or other person
        • The Individual/Service User has already made the information public
        • Conducting any legal proceedings, obtaining legal advice or defending any legal rights  
        • Monitoring for equal opportunities purposes – i.e. race, disability or religion
        • Providing a confidential service where the Individual/Service User’s consent cannot be obtained or where it is reasonable to proceed without consent: e.g. where we would wish to avoid forcing stressed or ill Individuals/Service Users to provide consent signatures.
    • Consent will be sought wherever possible.

    10. Use of Files, Books and Paper Records

    • In order to prevent unauthorised access or accidental loss or damage to personal information, it is important that care is taken to protect personal data.  
    • Paper records should be kept in locked cabinets/drawers overnight and care should be taken that personal and special categories of personal information is not left unattended and in clear view during the working day. 
    • If your work involves you having personal / and/or special categories of personal data at home or in your car, the same care needs to be taken.

    11. Disposal of Scrap Paper, Printing or Photocopying Overruns

    • Be aware that names/addresses/phone numbers and other information written on scrap paper are also considered to be confidential.  Do not keep or use any scrap paper that contains personal information but ensure that it is shredded.  
    • If you are transferring papers from your home to the office for shredding this should be done as soon as possible and not left in a car for a period of time. When transporting documents, they should be carried out of sight in the boot of your car.

    12. Computers

    • Where computers are networked, access to personal and special categories of personal information is restricted by password to authorised personnel only.  
    • Computer monitors in public areas should be positioned in such a way so that passers-by cannot see what is being displayed. If working in a public area you should lock your computer when leaving it unattended.
    • Firewalls and virus protection to be employed at all times to reduce the possibility of hackers accessing our system and thereby obtaining access to confidential records.
    • Documents should only be stored on the server or cloud-based systems and not on individual computers or other digital storage (ie: USBs).  
    • Where computers or other mobile devices are taken for use off the premises the device must be password protected.

    12.1 Cloud Computing

    • When commissioning cloud based systems, CAST will satisfy themselves as to the compliance of data protection principles and robustness of the cloud based providers. 

    13. Direct Marketing

    • Direct Marketing is a communication that seeks to elicit a measurable fundraising response (such as a donation, a visit to a website, etc.).  The communication may be in any of a variety of formats including mail, telemarketing and email.  The responses should be recorded to inform the next communication. CAST will not share or sell its database(s) with outside organisations.  
    • CAST may hold email addresses of our staff, volunteers, service users and other supporters, to whom we will from time to time send copies of our newsletters, newspapers and details of other activities that may be of interest to them.  Specific consent to contact will be sought from our staff, service users and other supporters, including which formats they prefer (e.g. mail, email, phone etc.) before making any communications.
    • We recognise that clients, staff, volunteers and supporters for whom we hold records have the right to unsubscribe from our mailing lists.  This wish will be recorded on their records and they will be excluded from future contacts.

    14. Personnel Records

    • The Regulations apply equally to volunteer and staff records. CAST may at times record special categories of personal data with the volunteer’s consent or as part of a staff member’s contract of employment.
    • For staff and volunteers who are regularly involved with vulnerable adults, it will be necessary for CAST to apply to the Disclosure & Barring Service to request a disclosure of spent and unspent convictions, as well as cautions, reprimands and final warnings held on the police national computer.  Any information obtained will be dealt with under the strict terms of the DBS Code.   Access to the disclosure reports is limited to Trustees. If there is a positive disclosure the Trustees will discuss this as appropriate and our insurers to assess the risk of appointment.  Insurers should not see the report itself, only the Trustees will have access to this.


    15. Confidentiality

    • When working from home, or from some other off-site location, all data protection and confidentiality principles still apply.  All computer data, e.g. documents and programmes related to work for CAST should not be stored on any external hard disk or on a personal computer.  
    • Workstations in areas accessible to the public, e.g. reception or trading office, should operate a clear desk practice so that any paperwork, including paper diaries, containing personal and/or special categories of personal data is not left out on the desk where passers-by could see it.
    • When sending emails to outside organisations, care should be taken to ensure that any identifying data is removed and that initials are to be used. Confidential and/or special categories of personal information should be written in a separate document which should be password protected before sending.  This document should be highlighted as confidential.
    • Any paperwork kept away from the office should be treated as confidential and kept securely as if it were held in the office.  Documents should not be kept in open view (e.g. on a desktop) but kept in a file in a drawer or filing cabinet as examples, the optimum being a locked cabinet but safely out of sight is a minimum requirement.  
    • If you are carrying documents relating to staff, volunteers or service users you should keep the documents locked out of sight in the boot of the car (not on the front seat). When carrying paper files or documents they should be in a locked briefcase or in a folder or bag which can be securely closed or zipped up.  The briefcase/folder/bag should contain CAST contact details. Never take more personal data with you than is necessary.  
    • If you are discussing CAST outside of the Trustee group no details of members or trustees can be shared. In your capacity as a Trustee/volunteer you must seek the permission of an individual to forward it to someone else, ie: Learning person A has a unique interest and you know that a member has that interest too through your work at th CAST. You must not hand out contact details but ask the member if you can put them in touch with Person A.

    16. Retention of Records

    Paper records should be retained for the following periods at the end of which they should be shredded:

    • Client records – 6 years after ceasing to be a client.
    • Staff records – 6 years after ceasing to be a member of staff.
    • Unsuccessful staff application forms – 6 months after vacancy closing date.
    • Volunteer records – 6 years after ceasing to be a volunteer.
    • Timesheets and other financial documents – 7 years.
    • Employer’s liability insurance – 40 years.
    • Other documentation as it is no longer needed for the task in hand.

    Archived records should clearly display the destruction date.

    17. What to Do If There Is a Breach

    • If you discover, or suspect, a data protection breach you should report this to the Trustees who will decide whether it needs to be reported to the Information Commissioner and take actions to prevent a recurrence. There is a time limit for reporting breaches to ICO so the breach must be reported without delay. The Data Subject involved will also be informed.
    • Any deliberate or reckless breach of this Data Protection Policy by an employee or volunteer may result in disciplinary action which may result in dismissal or the instigation of our Letting Go of Volunteers Policy.

    18, Powers of the Information Commissioner
    The following are criminal offences, which could give rise to a fine and/or prison sentence

    • The unlawful obtaining of personal data.
    • The unlawful selling of personal data.
    • The unlawful disclosure of personal data to unauthorised persons (including 16’s final bullet point)

    18.1 Details of the Information Commissioner

    Further information is available at www.informationcommissioner.gov.uk 

    The Information Commissioner’s office is at:

    Wycliffe House

    Water Lane

    Wilmslow

    Cheshire SK9 5AF

    Switchboard: 01625 545 700 Email: mail@ico.gsi.gov.uk

    Implementation and Quality Assurance
    Implementation is immediate and this Policy shall stay in force until any alterations are formally agreed by CAST leadership. This Policy will be reviewed annually by the leadership, sooner if legislation, best practice or other circumstances indicate this is necessary.  All aspects of this Policy shall be open to review at any time. If you have any comments or suggestions on the content of this policy please contact info@castcampaign.co.uk
    Latest version updated 22 January 2025