Data Protection Quick Guide
Do's & Don’ts Guidance
Last updated: 15 January 2025
KNEPP CASTLE ESTATE
(Including Sir Charles Burrell t/a Knepp Castle Estate, Knepp Farm Partnership, Knepp Castle Home Farm, Edward Burrell t/a Knepp Estate B, Knepp Wildland Safaris, Knepp Wild Range, KneppRegenerative Farms, Knepp Energy Ltd, Brookhouse Knepp Ltd, Nancy Burrell,Swallows Knepp Ltd,Knepp 1983 Settlement and Knepp 1987 Settlement)
The table below provides a high-level overview of some dos and don’ts to follow when you are handling personal data. For further guidance please see the Knepp Castle Estate Data Protection Policy, which is available at the Estate Office.
Do: | Don’t: |
Tell people how you are going to use their personal data | Use personal data in ways that people would not expect |
Collect all the information that you need for the relevant purpose | Collect excessive data or data that you think you might need “just in case” |
Keep data up-to-date and update records as soon as you are notified of a change | Sign up a new supplier who will process personal data on behalf of Knepp Castle Estates without first checking that they have adequate measures in place to protect personal data and ensuring that a contract is in place which contains the mandatory GDPR clauses |
Check carefully when inputting information to ensure that it is accurate | Send any personal data outside the European Economic Area without ensuring that an appropriate mechanism is in place to protect the data |
Delete or securely destroy personal data when it is no longer needed | Put confidential information (including all personal data) in waste paper bins |
Keep a clear desk and lock hard copies of data away securely when you are not using it | Leave personal data lying around or take it out of the office unless absolutely necessary |
Use a strong password and always lock your screen when away from your desk | Tell anyone your password |
Follow all guidance that is provided on information security matters | Send anybody marketing communications without their consent |
Check the identity of people who make requests to access their data | Disclose personal data to any third parties unless you are sure that you are authorised to do so |
Notify the Compliance Manager immediately if you become aware of a data breach | Send personal data by email without password protecting it |
Inform the Compliance Manager promptly if you receive a request from an individual seeking to exercise their data protection rights | Forget that people can ask to see their personal data at any time, so you must ensure that everything you write down is professional and fair |