General Data Protection Regulation

Scope has adopted the European Union General Data Protection Regulation (EU GDPR) as the replacement for the current UK Data Protection Act (1998).

We take the protection of personal data very seriously. We have been working on a programme since 2017 to ensure all of our processes conform to the GDPR, as per the guidance provided by the UK’s governing body, The Information Commissioner’s Office (ICO).

The key areas we’ve been addressing are:
  • Making sure privacy is at the heart of how we work at Scope – we’ve appointed a Data Protection Officer and made our internal processes GDPR ready.
  • Making sure we’re as transparent as possible – we’ve updated our privacy statement to make sure it is as clear as possible for our customers and supporters to access their personal data and exercise their rights under GDPR.
  • Making sure we’re processing information securely – we’ve updated our information security policies and procedures to make sure we’re protecting personal data at all times. 
  • Making sure we don’t keep data longer than necessary – we’ve updated our data retention policy to make sure we’re not keeping data unnecessarily. 
  • Updating our contracts with third parties – we’ve been checking with any other companies we work with to make sure they are GDPR ready.
  • Training our staff – all Scope staff have undergone GDPR awareness training to make sure that everyone understands how to protect personal data.

We have done all of these things to make sure we are GDPR ready, but we understand that this is an ongoing process which we will keep working on.

If you’ve got any questions about GDPR, please don’t hesitate to contact our data protection team - data.protection@scope.org.uk.