1. Home
  2. Policies & Governance
  3. GDPR & Data Protection

GDPR & Data Protection

GDPR & Data Protection

Purpose

The UK Organization for Biotechnology and Computational Science (UKABCS) is committed to safeguarding the personal data of its members, partners, staff, and beneficiaries. This policy sets out how UKABCS collects, stores, processes, and protects personal information in compliance with the UK General Data Protection Regulation (GDPR) and international data protection standards.

Scope

This policy applies to all personal data collected and processed by UKABCS in connection with:

  • Membership registration and management
  • Grant applications and peer review
  • Partnerships and collaborations
  • Events, workshops, and conferences
  • Communications, newsletters, and outreach activities

Principles of Data Protection

UKABCS upholds the following principles in line with GDPR:

  1. Lawfulness, Fairness, and Transparency – Personal data is collected and processed in a lawful, fair, and transparent manner.
  2. Purpose Limitation – Data is collected only for specified, explicit, and legitimate purposes.
  3. Data Minimization – Only the minimum data necessary for operations is collected.
  4. Accuracy – Data is kept accurate and up to date.
  5. Storage Limitation – Data is retained only for as long as necessary for the stated purposes.
  6. Integrity and Confidentiality – Data is processed securely to protect against unauthorized or unlawful access, loss, or damage.

Data Collection and Use

  • Personal data is collected only when necessary, such as during membership registration, grant applications, or event participation.
  • Data may include: names, contact details, institutional affiliation, professional background, and payment details (where relevant).
  • Data is used solely for authorized research, administrative, and communication purposes, and will not be shared with third parties without consent, unless required by law.

Data Security

  • All personal data is stored securely with appropriate technical and organizational safeguards.
  • Access to personal data is restricted to authorized staff and trustees on a need-to-know basis.
  • Digital systems are protected by encryption, secure passwords, and regular monitoring.
  • Physical records (if any) are kept in secure storage with controlled access.

Data Subject Rights

Under GDPR, individuals have the right to:

  • Access their personal data held by UKABCS
  • Request correction of inaccurate or incomplete data
  • Request deletion of personal data, subject to legal obligations
  • Restrict or object to certain processing activities
  • Request data portability

Requests will be responded to within 30 days in accordance with GDPR requirements.

Data Sharing and Third Parties

  • UKABCS does not sell personal data.
  • Data may be shared with trusted service providers (e.g., IT, auditing, payment processors) under strict confidentiality agreements.
  • International transfers of data will comply with GDPR standards to ensure protection in all jurisdictions.

Breach Notification

  • Any suspected or confirmed data breach will be reported to the Information Commissioner’s Office (ICO) within 72 hours, as required by GDPR.
  • Affected individuals will be notified without undue delay if the breach poses a high risk to their rights and freedoms.

Review and Compliance

  • This policy will be reviewed annually to ensure ongoing compliance with GDPR and evolving international standards.
  • Staff, trustees, and volunteers will receive training on data protection responsibilities.
Grant-making Policy
Due Diligence Policy
Conflict of Interest (COI) Policy