Information management consent compliance tracking overview
Within the General Data Protection Regulation (GDPR), a tenant or other contact's personal data is qualified as being any personal information that could be used to identify the individual, either directly or indirectly. Whilst previously this data might have been restricted to, say, their name, address or photo, the scope of protection has now been widened to include email addresses, medical records, social media posts, and the like. Within a housing organisation, the data controller determines the purposes for which any personal data is processed and the way in which it is carried out. As part of their obligations under GDPR, they are required to provide the data subject with the recipients or categories of recipients with whom the data is likely to be shared. For instance, contact information could be provided to a contractor who is accredited to fulfil a range of repairs and maintenance tasks, or to partner agencies for the provision of expert services that are signposted through the housing options team. Whenever the sharing of personal data takes place with a third party, comprehensive records can be maintained for each separate instance, detailing its nature, scope and legitimate reasoning (in line with the compatible processing principles stipulated by GDPR), using the following fields:
Separate help articles have been created for each key aspect of information management consent compliance tracking, including: