Purpose of this Document

This document has been prepared to inform WMIP members, trustees and agents of the appropriate ways to obtain, hold and process individuals’ personal data in compliance with current data protection laws and regulations.


Data protection is a legal requirement for most organisations including WMIP. In May 2018 the General Data Protection Regulation (GDPR) came into effect. The Information Commissioner’s Office (ICO) web site provides guidance on what must be done to be compliant – see www.ico.org. Based on the self-assessment questionnaire on the ICO web site WMIP does not have to register with the ICO.

Data Controller

The WMIP Board of Trustees will be the “Data Controller”.

Data Audit

A data audit should be undertaken to record and understand:

  • What personal data WMIP holds
  • How and when the data was collected
  • How the data is moved, processed and accessed within WMIP
  • What the data is used for
  • If any data that is transferred or shared with other organisations
  • What security there is for the data
  • Any risks there are to the data held

An initial audit was undertaken in March 2018. This will be reviewed on an annual basis