Data Protection Policy – Fairport Convention Ltd
This is the statement of general policy arrangements for Fairport Convention Ltd. The organisation is committed to ensuring that all personal information in its possession is processed fairly and lawfully with all due regard to current data protection legislation in force in the United Kingdom. The organisation recognises that it is a Data Controller as defined in legislation and takes the responsibilities of this role seriously.
Data Protection Officer
Having reviewed the nature and scope of the information held by the organisation, the board of directors have decided not to designate a Data Protection Officer in accordance with Article 37 of the EU General Data Protection Regulation (EU2016/679). Overall responsibility for data protection rests with the board of directors.
The Data Protection Officer is responsible for:
- Informing and advising the board regarding data protection obligations;
- Monitoring compliance with data protection legislation;
- Acting as contact point with the Information Commissioner’s Office; and
- Acting as a contact point for data subjects
Roles and Responsibilities
Everyone in the organisation is responsible for ensuring that their own work practices are compliant with the relevant policies and procedures regarding data protection and for promptly reporting any potential breeches of data protection to the incident response team. Failure to do so may result in disciplinary action as well as personal liability
The members of the incident response team are Gareth Williams, Simon Nicol and Davide Pegg and 24 hour contact details can be found in the incident reporting procedure.
The following table sets out the key responsibilities under this policy and the people responsible for each.
| Responsibility | Name(s) | Title(s) |
| Overall responsibility for data protection | David Pegg & Simon Nicol | Directors |
| Day-to-day responsibility for ensuring policy is put into practice | Gareth Williams | Administrator |
| Responsible for the physical security of locations and devices containing personal information | Gareth Williams | Administrator |
| Responsible for the cyber security of computer systems containing personal information | Gareth Williams | Administrator |
| Maintaining a register of personal information processed by the organisation | Gareth Williams | Administrator |
| Ensuring that any information processing is in accordance with the legal basis and the data protection principles | Gareth Williams | Administrator |
| Ensuring that data subjects are informed about processing through privacy notices and other means | Gareth Williams | Administrator |
| Ensuring that contracts include data protection clauses where relevant | Gareth Williams | Administrator |
| Ensuring that data breech incidents are dealt with appropriately and in a timely manner | Gareth Williams | Administrator |
Sign-off and Review
This policy was agreed by the board of directors on 22 October 2025 and will be reviewed at least annually.
Date of last review: 22 October 2025
Signed by: Gareth Williams
