2017 GDPR Information Audit

Our 2017 GDPR Audit was completed for January 2018 and helped us revise our information policy.
The EU GDPR outlines that data controllers in organisations who may use personal data shall not retain personal data for any longer than necessary. The EU GDPR gives a data subject the right to require the erasure of their personal data as “the right to be forgotten”).

At the Collaborative Research Foundation, the Collaborative Research Institute and Collaborative Intelligence we do not process or store personal data. Our knowledge retention policy is to sanitise all research to remove any personal data such as names, email addresses, images with tags for living human beings as we have no use for this data which is cleared in real-time when researching.

An exception to this policy is that we do retain relevant downloaded business published PDF and image files that may contain names of living human beings for historical research in our knowledgebases. We are testing methods of removing said names automatically with software with only partial success to date.

We do retain contact lists of collaborators who are active on projects and provide them with e-mail accounts. Once the project completes we erase their personal data and e-mail accounts unless the subjects directly request the account is left open. These email accounts are reviewed every six months in co-operation with our outsourced cloud hosting provider.

We have always had this policy primarily to avoid information overload and costs resulting from the retention of unnecessary data.

Any GDPR enquiries for the Collaborative Research Foundation, the Collaborative Research Institute and Collaborative Intelligence should be directed to: samantha.mcgee@crinstitute.org.uk