Please see below for our GDPR Agreement:
In accordance with recent updates to our internal data security/privacy policies we are emailing you to formalise some details surrounding the validation of data for the National Biodiversity Data Centre. You may have heard about the new General Data Protection Regulation (“GDPR”), which came into effect May 25, 2018. The new GDPR regulations contain clear and concise guidelines governing the usage of an individual’s personal information. Our revised Privacy Policy makes it easy to understand what information we collect, why we collect it and how it is used. You can view our new privacy policy on-line at http://www.biodiversityireland.ie/privacy-policy.
However since your role as a validator necessitates the transfer of some personally identifiable information along with species records specifically contact details such as email addresses, it is therefore necessary for us to highlight some important guidelines governing the use of said data.
The minimum required fields for a valid species record are species name, record date, location name, spatial reference and recorder name. The recorder name is an important part of a species record. However in the absence of contact details(email/telephone), a recorder name is not immediately personally identifiable and therefore is not deemed to be sensitive personal information in the context of species records. Hence the term “personal information” where used in this email does not apply to the recorder’s name.
- Data shared with you for the purposes of validation is to be used solely for that purpose alone. Authorisation is not given to use all or part of the data for any other purpose without prior consent from the National Biodiversity Data Centre.
- The personal information attached to records is to be used only for the purposes of validating species records. Authorisation is not given to use said information for any other purpose. e.g. It is never permissible to use an individuals email address obtained from within the data to contact them regarding another matter since this would constitute a clear breach of GDPR regulations.
- You agree to take all reasonable steps to prevent the loss of said data e.g. keeping laptops locked in public places, maintaining the security of your pc/laptop (anti-virus/updates), not leaving print outs of data in public places etc.
- Upon completion and return of the validated data to the Data Centre, you agree to destroy/remove any personal information attached to the data. Authorisation is not given to maintain local copies of personal information after validation has been completed. Once validation is complete, all copies of any personally identifiable information e.g. email addresses, must be removed from the data.
Finally in order to comply with GDPR regulations, we need to confirm that you understand and agree to all of the aforementioned guidelines. Please send a brief reply to this email confirming your understanding and agreement.
We very much appreciate your continued assistance with validation and also your taking the time to review these guidelines.
If you should ever wish to remove yourself from our list of pre-approved validators, please feel free to contact the Data Centre at info@biodiversityireland.ie.