You are using an unsupported browser. Please update your browser to the latest version on or before July 31, 2020.
close
You are viewing the article in preview mode. It is not live at the moment.
Home > Cochrane Staff > Data Protection > (1) What does Data Protection mean for Cochrane?
(1) What does Data Protection mean for Cochrane?
print icon
Ann Shackleton
Nov 01, 2024
views icon 2070

Data protection is all about keeping people’s personal data safe. It should also be clear to people what data we are holding about them, and why.

This introductory section and further guidance will explain how to ensure your Cochrane Group complies with data protection regulations.

 

(2) Best practice guidelines for Cochrane Groups

(3) Creating accounts and storing personal data

(4) Newsletters and mailing lists 

(5) Task emails and other non-marketing communications

(6) Training courses and events

(7) Checklist for Cochrane Groups

 

Introduction

 

Cochrane holds personal information about thousands of supporters and members all over the world. As a charity registered in the UK, Cochrane has to comply with strict data protection rules (General Data Protection Regulation or GDPR) to ensure the personal data of our supporters and contributors are kept safe. These rules apply to Cochrane Groups wherever they are in the world. We could be liable for large fines, and reputational damage, if we do not comply with data protection legislation.


GDPR has seven basic principles which require that personal data must be:

  • Processed fairly and lawfully, in accordance with the rights of the data subject
  • Processed for specific purposes in an appropriate way
  • Adequate, relevant and not excessive in relation to the purpose
  • Accurate and up to date
  • Deleted when no longer necessary
  • Kept secure using technological and organisational measures
  • Not transferred outside the European Economic Area unless that country ensures adequate levels of protection for the rights of the data subject

 

Please note that this guidance only goes into detail about UK GDPR. However Groups should check if they also need to comply with local or international data protection regulations in addition to GDPR.

 

Important definitions:

Data are information stored electronically or on paper

Personal data include anything that can identify a living individual, such as a name, email address or IP address, or an opinion about that person

Data subjects are all living individuals about whom we hold personal data

 

To process data legally, every organisation must identify the legal basis for storing or using people’s personal data. Cochrane's Privacy Policy explains how we process personal data.

 

How Cochrane processes personal data

Cochrane's legal basis for processing these data:
Storing data in online storage systems and databases (such as CRM, RevMan) Contract – the individual agrees that Cochrane can store and use their data when they create a Cochrane Account

Sending marketing emails such as central newsletters and event invitations

 Consent – the individual can choose whether or not to receive this information in their Cochrane Account profile
Sending workflow emails and other essential notifications Contract – when an individual takes on a role (such as Member or Author), Cochrane has a contractual right to store and use their data to give that person the information they need to carry out that role.

 

If you have any questions about this or need further assistance, please contact the Cochrane Support Team: support@cochrane.org

Feedback
0 out of 0 found this helpful

close button
scroll to top icon