PARD is responsible for collecting, keeping, processing, and using data responsibly under its commitment to the GDRP. This is vitally important for candidates applying for jobs, working for/with the organization, donating money or resources to the organization, and are beneficiaries at PARD. PARD partakes in a Data Management System that is reviewed at least annually, to ensure its processing of data is lawful, fair, and transparent. Personal data are adequate, relevant, and limited to what is necessary, and can be shared only on a need-to-know basis for a specific purpose to target assistance and/or protection, provided the consent of the individual is given, and appropriate security is in place to avoid unauthorized sharing of information. When personal data is deleted this should be done safely such that the data is irrecoverable. All personal information stored shall be deleted 2 years after the completion of the project.
In case of breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data, PARD shall promptly assess the risk to people’s rights and freedoms and if appropriate report this breach to the person in charge. Reporting of knowledge or suspicions of breaching the policy by a colleague is mandatory. Reports are to be handled confidentially and whistle-blowers will be protected from retaliation under PARD’s Whistle-Blower Protection Policy
