Page tree
Skip to end of metadata
Go to start of metadata


The IHTSDO gathers and uses certain information about individuals and organizations. These include members, suppliers, business contacts, employees and other people the organization has a relationship with or may need to contact.

This policy describes how this personal data must be collected, handled and stored to meet the organization's data protection standards, and to comply with most laws across Member countries.

Why this policy exists

This data protection policy ensures the IHTSDO:

  • Complies with data protection laws and follows good practice
  • Protects the rights of staff, members and partners
  • Is open about how it stores and processes individuals' and other organizations' data
  • Protects itself from the risks of a data breach

Data Protection

Most data protection laws are in place to describe how organizations must collect, handle and store personal information.

These rules apply regardless of whether data is stored electronically, on paper or on other materials. To comply with most data protection laws, personal information must be collected and used fairly, stored safely and not disclosed unlawfully.

As an example, the data protection act in the UK is underpinned by eight important principles. They say that personal data must:

  1. Be processed fairly and lawfully
  2. Be obtained only for specific, lawful purposes
  3. Be adequate, relevant and not excessive
  4. Be accurate and kept up to date
  5. Not be held for any longer than necessary
  6. Processed in accordance with the rights of data subjects
  7. Be protected in appropriate ways
  8. Not be transferred outside the European Economic Area (EEA) unless that country or territory also ensures an adequate level of protection.

Naturally, the final point is less relevant directly to the IHTSDO due to its global nature and audience and this needs to be reviewed by legal to understand what the IHTSDO must comply to.