Our manifesto outlines “22 ways to build resilience and aspiration in people and communities” across five key areas. Download your copy.

Dismiss close

Data Protection: overarching data protection policy

Overhead close-up of a person reviewing a formal-looking document. They are holding a pen to make notes. A laptop is on the table in front of them. Overlaid is text that reads: "Policy Library".

Catch22 reserves the right to amend this policy, following consultation, where appropriate.

Date of last review: June 2023

Date of next review: June 2024

Policy statement

Catch22 is committed to ensuring that it protects and manages the personal information it holds in the course of doing business with the highest care and respect. In order to do this we will abide by a number of principles which are based on, but not limited to, the United Kingdom General Data Protection Regulation (UKGDPR), the Data Protection Act 2018, the Privacy & Electronic Communications Regulation (EC Directive) Regulations 2003 (PECR), ePrivacy Regulation and the Human Rights Act 1998.

We understand the responsibility that we hold and trust that is placed in us in holding the personal information of our staff, volunteers, service users, contractors, stakeholders, supporters and other individuals who in the course of our business provide us with their relevant personal information. We will ensure that we implement the appropriate organisational and technological measures to protect the information as required based on the level of assessed risk for each data asset.


The aim of this policy is to ensure all staff are aware of their responsibilities and obligations in relation to data protection in order to minimise risk of infringement. The policy also aims to improve the understanding of the asset value of the data Catch22 holds. It aims also to inform members of the public how Catch22 complies with data protection legislation and how to exercise their rights to the data we hold about them.

Continue reading