Does CaRT comply with the new data protection Act?

Published: Monday, 04 June 2018

MOST of you will now know about the new data protection Act that came into force last month,

Named the General Data Protection Regulation (GDPR) it gives everyone the right to demand that organisations delete their data if they so wish, but more than this it strictly regulates how those holding your data are allowed to use it, certainly not being able to pass it on to others without your permission.

Canal & River Trust has issued a statement on how it will use the data it holds on boaters and who it is allowing to use it:

What CaRT believes it can do

We share customer personal data with the following people and organisations

♦ The Trust's external customer contact agent who manages our inbound calls, digital and email enquiries as well as processing licence and mooring payments through our online web-based platform.

♦ The Trust's legal advisors, contractors, mooring providers, individuals or organisations with a legitimate interest or duty in exchanging information about you, for boating and mooring customers who are subject to enforcement action or in breach of mooring terms and conditions under the terms of our boat licence and/or mooring permit

♦ The Environment Agency for Gold Licence boating customers

♦ The Boat Safety Scheme (a jointly run initiative between the Trust, the Environment Agency and other navigation authorities), for boating customers

♦ Police, local authorities and other law enforcement and regulatory and safeguarding agencies where we are satisfied that the relevant agency has demonstrated a proper legal basis for requesting personal information (e.g. prevention and detection of crime, apprehension and prosecution of offenders, administration of justice or collection of taxes) unless there is an overriding and urgent safeguarding concern where non-disclosure would harm the vital interest of any party when disclosure may take place without a request in writing.

This gives the distinct impression that CaRT can share your data with anyone it thinks fit, and that boaters are not entitled to the protection of their data.

However, under the GDPR an organisation can only share your data with your express permission, and you now have the authority to demand from CaRT that they do not share your data with anyone.

You can even demand that it deletes it, and it must comply under the regulations.