Go! Youth Trust needs to keep certain information about its staff, volunteers and young people to allow us to monitor performance, achievements and health and safety amongst other things. We also need to process information so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with. To comply with the law information must be collected and used fairly, stored safely and not disclosed to any other person. To do this Go! Youth Trust must comply with the Data Protection Principles, which are set out in the Data Protection Act 1998.

In summary these state that personal data shall

v Be obtained fairly and lawfully and shall not be processed unless certain conditions are met.

v Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.

v Be relevant, adequate and not excessive for those purposes.

v Be accurate and kept up to date.

v Not be kept for longer than is necessary for that purpose.

v Be processed in accordance with the subject’s rights.

v Be kept safe from unauthorised access, accidental loss or destruction.

v Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

Go! Youth Trust and all staff or others who process or use any personal information must ensure that they follow these principles at all times. In order to ensure that this happens, Go! Youth Trust has developed the Data Protection Policy and user guidelines.

Status of the Policy

This policy does not form part of the formal contract of employment, but it is a condition of employment that workers will abide by the rules and policies made by Go! Youth Trust from time to time. Any failures to follow the policy can therefore result in disciplinary proceedings.

Any member of staff, who considers that the policy has not been followed in respect of personal data about themselves, should raise the matter with the designated data controller initially. Of the matter is not resolved it should be raised as a formal grievance.

Responsibilities of Staff

All staff are responsible for:

v Checking that any information that they provide to Go! Youth Trust in connection with their employment is accurate and up to date.

v Informing Go! Youth Trust of any changes to information, which they have provided e.g. change of address.

v Informing Go! Youth Trust of any errors or changes in staff information.

Go! Youth Trust cannot be held responsible for any such errors unless the staff member has informed the organisation of them.

If and when, as part of their responsibilities, staff collect information about other people. (e.g. clients work, opinions about ability or details of personal circumstances), they must comply with the guidelines for staff.

Data Security

All staff are responsible for ensuring that:

v Any personal data, which they hold, is kept securely, for example:

v Kept in a locked filing cabinet; or

v In a locked drawer; if it is computerised, be password protected; or kept only on disk, which is itself kept securely.

v Personal information is not disclosed either orally or in writing or accidentally or otherwise to any unauthorised third party.

v Staff shall note that unauthorised disclosure will normally be a disciplinary matter, and may be considered gross misconduct in some cases. It may also result in a personal liability for the individual staff member.

Right to Access information

Staff, volunteers and others at Go! Youth Trust have the right to access personal data that is being kept about them either on computer or in files. Any person who wishes to exercise this right should contact the Project Manager in the first instance.

In order to gain access, an individual may wish to receive notification of the information currently being held. This request should be made in writing.

Go! Youth Trust is entitled to make a charge of £10 on each occasion that access is requested, to cover costs.

Go! Youth Trust aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 10 working days.

Consent of the Subject

In many cases Go! Youth Trust can only process personal data with the consent of the individual. In some cases, if the data is sensitive, express consent must be obtained. Agreement to Go! Youth Trust processing some specified classes of personal data is a condition of employment for staff. This includes information about previous criminal convictions in accordance with the Rehabilitation of Offenders Act 1974. Some jobs will being staff into contact with young people and children and vulnerable adults. Go! Youth Trust has a duty under the Children Act 1989 and other enactments to ensure that staff are suitable for the job. Go! Youth Trust also has a duty of care to all staff, volunteers and clients and must therefore make sure that workers and those who use Go! Youth Trust facilities do not pose a threat or danger to other users.

Therefore all prospective staff and volunteers will be asked to consent to their data being processed when an offer of employment of placement is made. A refusal to sign such a form may result in the offer being withdrawn.

Processing sensitive information

Sometimes it is necessary to process information about a person’s criminal convictions, race, and gender and family details. This may be to ensure that Go! Youth Trust is a safe place for everyone, or to operate other organisational policies, such as sick pay policy or equal opportunity policy. Go! Youth Trust will also ask for information about particular health needs, such as allergies to particular forms of medication, or any conditions such as asthma or diabetes or disabilities. Go! Youth Trust will only use the information in the protection and health and safety of the individual, but will need consent to process for example, in the event of a medical emergency. Because this information is considered sensitive, and it is recognised that the processing of it may cause particular concern or distress to individuals, staff, volunteers and clients will be asked to give express consent for Go! Youth Trust to do this. Offers of employment or places may be withdrawn if an individual refuse to consent to this without good reason.

The Data Controller and the Designated Data Controller/s

Go! Youth Trust as an organisation is the data controller under the Act, and Go! Youth Trust’s Board of Trustees is therefore ultimately responsible for implementation. However, the designated data controllers will deal with day to day matters.

Go! Youth Trust has a designated Data Controller – who is currently

Dave Bremner – Managing Director

Retention of Data

Go! Youth Trust will keep some forms of information for longer than others.

Data on staff, volunteers and Clients including any information on health, race or disciplinary matters, will be destroyed after 10 years but a basic record may be retained. For example, employment history and records of achievement.

Go! Youth Trust will need to keep central Personnel records indefinitely. This will include information necessary in respect of pensions, taxation, potential or current disputes or litigation regarding the employment, and information required for job references.

Compliance with the Data Protection Act 1998 is the responsibility of all members of Go! Youth Trust. Any deliberate breach of the Data Protection Policy may lead to disciplinary action being taken, or access to Project facilities being withdrawn, or even criminal prosecution. Any questions or concerns about the interpretation or operation of this policy should be taken up with the Managing Director.

Staff Guidelines

Some members of staff will process personal data on a regular basis. The organisation will ensure that staff, volunteers and clients give their consent to processing and are notified of the categories of processing, as required by the Act.

Information about an individuals physical or mental health, sexual life; political or religious views; trade union membership; ethnicity or race is sensitive and can only be collected and processed with their express consent.

Members of staff have a duty to make sure that they comply with the data protection principles, which are set out in Go! Youth Trust’s Data Protection Policy. In particular staff must ensure that records are:

v Accurate

v Up to date

v Fair

v Kept and disposed of safely, and in accordance with the Organisations Policy.

Individual members of staff are responsible for ensuring that all data they are holding is kept securely. For example using passwords, storing disks in locked cabinets, using coded data etc.

Members of staff must not disclose personal data, unless for normal administrative purposes, without authorisation or agreement from the data controller, or in line with the organisations policy.

Before processing any personal data, all staff should consider the checklist.

Staff checklist for recording data.

v Do you really need to record the information?

v Is the information “standard” or is it “sensitive”?

v If it is sensitive, do you have the data subjects express consent?

v Has the individual or data subject been told that his type of data will be processed?

v Are you authorised to collect/store/process the data?

v If yes, have you checked with the data subject that the data is accurate?

v Are you sure that the data is secure?

v If you do not have the data subjects consent to process, are you satisfied that is in the best interests of the clients or the staff member to collect and retain the data?

v Have you notified the Managing Director that you intend to hold the data?

v How long do you need to keep the data for, and what is the mechanism for review/ destruction?

Glossary of terms


Any information which will be processed or used on or by a computerised system. This can be written, taped, photographic or other information.

Personal Data

Information about a living person. This information is protected by the Act.

Data Subject

The person about whom the data are held.

Sensitive Data

The Act introduces categories of sensitive personal data, namely, personal data consisting of information as to:

v The racial or ethnic origin of the data subject

v Their political opinions

v Their religious beliefs or other beliefs of a similar nature

v Whether they are members of a trade union

v Their physical or mental health or condition

v Their sexual life

v The commission or alleged commission by them of any offence, or

v Any proceedings for any offence committed or alleged to have been committed by them, the disposals of such proceedings or the sentence of any court in such proceedings

Data Controller

A person who determines the purpose for which, and the manner in which, any personal data are, or are to be, processed.


Covers almost anything which is done with or to the data, including:

v Obtaining data

v Recording or entering data onto files

v Holding data, or keeping it on file without doing anything to it or with it

v Organising, altering or adapting data in any way

v Retrieving, consulting or otherwise using the data

v Disclosing data either by giving it out, sending it on email or simply by making it available

v Combining data with other information

v Erasing or destroying data