GDPR, Privacy Notices and Data Protection

The new EU General Data Protection Regulation (GDPR) came into force on 25 May 2018, including in the UK. The primary aim of GDPR is to give control to EU citizens and residents over their personal data.

The EEF takes data protection seriously and aims to be fully compliant with GDPR as both a processor and controller of data; we also aim to be compliant with the Data Protection Act 2018. To this end we have either updated or created the following policy documents. All are directly linked from the relevant part of the site as well as listed here:

We have guidance on data protection in relation to EEF evaluations for evaluators here and for delivery teams (grantees) here.

Governance

Data protection and GDPR issues are overseen by a working group which meets regularly to monitor on-going compliance, review risks and address new data protection issues. The group is headed by the Deputy CEO and supported by colleagues from relevant EEF teams. The working group reports into the EEF’s Finance and Fundraising Committee, with issues escalated to the Board of Trustees when needed.

Training

All EEF staff have undergone training in data protection and the implications of GDPR. Colleagues with particular responsibilities for data protection have undergone further training. The working group continues to review the training needs of the team to ensure the EEF’s approach remains up-to-date.

Complaints

Any complaints related to the EEF's use of personal data, which is not covered in the privacy notices above, can be directed through our complaints procedure here.