GDPR, Ofcom Regulations, and Online Presence Policy

Introduction

This policy document outlines the compliance obligations of The Theosophical Society London , a
religious charity specialising in online courses and content, under the General Data Protection Regulation
(GDPR), Ofcom regulations, and best practices for maintaining an online presence. This policy ensures
that The Theosophical Society London adheres to relevant legal standards, protects personal data, and
maintains a secure and effective online presence.

Scope

This policy applies to all trustees, employees, volunteers, and contractors of The Theosophical Society
London involved in the creation, management, and delivery of online courses and content.

General Data Protection Regulation (GDPR)

Key Provisions

Lawful Basis for Processing:

● Ensure that all personal data is processed lawfully, fairly, and transparently.
● Identify and document the lawful basis for processing personal data, such as consent, contractual
necessity, legal obligation, vital interests, public task, or legitimate interests.

Data Subject Rights:

● Respect and facilitate the rights of individuals, including the right to access, rectify, erase, restrict
processing, data portability, and object to processing.
● Provide clear information to data subjects about their rights and how to exercise them.

Consent:

● Obtain explicit consent from individuals before collecting or processing their personal data for
specific purposes, especially for sensitive data such as religious beliefs.
● Ensure that consent is freely given, specific, informed, and unambiguous, and can be withdrawn
at any time.

Data Protection Impact Assessments (DPIAs):

● Conduct DPIAs for any new processing activities that are likely to result in high risks to the rights
and freedoms of individuals.
● Document and address any risks identified during the DPIA process.

Data Security:

● Implement appropriate technical and organisational measures to ensure the security of personal
data.
● Regularly review and update security measures to protect against unauthorised access, data
breaches, and other risks.

Data Breaches:

● Develop and maintain procedures for identifying, reporting, and managing data breaches.
● Notify the Information Commissioner's Office (ICO) within 72 hours of becoming aware of a
personal data breach, if required, and inform affected individuals if there is a high risk to their
rights and freedoms.

Record Keeping:

● Maintain comprehensive records of data processing activities, including the purposes of
processing, data categories, data subjects, and recipients.

Ofcom Regulations

Key Provisions
Online Safety:

● Ensure that all online content, including courses and communications, adheres to Ofcom’s
standards for protecting users, including minors.
● Implement measures to prevent harmful or inappropriate content from being accessible to
vulnerable groups.

Broadcasting Standards:

● Comply with Ofcom’s broadcasting code if any online content is deemed to fall under
broadcasting regulations, ensuring content is accurate, impartial, and respects privacy.

Communications Act Compliance:

● Adhere to the requirements of the Communications Act 2003 regarding online communications
and content delivery.
● Ensure transparency and honesty in all communications and advertising.

Online Presence

Key Provisions

Website and Content Management:

● Ensure that the charity’s website and online platforms are secure, accessible, and provide accurate
and up-to-date information.
● Regularly review and update online content to ensure it is relevant and compliant with legal and
regulatory standards.

User Privacy and Data Protection:

● Provide clear and comprehensive privacy notices on the website, informing users about data
collection, use, and their rights.
● Use cookies and similar technologies in compliance with the Privacy and Electronic
Communications Regulations (PECR), obtaining consent where required.

Accessibility:

● Ensure that online courses and content are accessible to all users, including those with disabilities,
in compliance with the Equality Act 2010.

Social Media:

● Manage social media accounts responsibly, ensuring content is respectful, accurate, and does not
infringe on the rights of others.
● Implement policies for moderating user-generated content to prevent harassment, misinformation,
and other harmful activities.

Implementation and Compliance

Record Keeping

Digital Archiving:

● Implement a secure digital archiving system for all records related to GDPR compliance, Ofcom
regulations, and online presence management.
● Ensure records are easily accessible for audits and regulatory checks.

Training and Awareness

Staff Training:

● Provide regular training for staff on GDPR, Ofcom regulations, and best practices for maintaining
an online presence.
● Ensure staff understand their responsibilities and the importance of compliance.

Policy Dissemination:

● Communicate this policy to all relevant personnel and ensure it is easily accessible.
● Update the policy as required and inform staff of any changes.

Incident Management

Incident Logs:

● Maintain logs of any incidents involving data protection, online content, or communications,
including details of the incident and steps taken to address it.
● Report significant incidents to the relevant authorities in a timely manner.

Mitigation Measures:

● Implement measures to mitigate risks associated with data protection and online content
management.
● Regularly review and update security practices to protect personal data and online content.

Review and Updates

This policy will be reviewed annually or as required by changes in legislation or operational needs.
Updates will be communicated to all relevant personnel and stakeholders.

Conclusion

In adhering to this policy, The Theosophical Society London ensures compliance with GDPR, Ofcom
regulations and best practices for maintaining a secure and lawful online presence. This commitment
helps to protect personal data, ensure the safety and quality of online content, and uphold the charity’s
reputation and trustworthiness.

Data Protection Officer
Theosophical Society London
Email: dataprotection@theosoc.org.uk

Privacy Policy

Terms of Use