General Optical Council. Data Protection Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "General Optical Council. Data Protection Policy"

Transcription

1 General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet

2 Document History Version Date December September October 2013 Description of Change Draft Content changes as discussed at SMT Content changes as discussed at Audit & Risk Committee Author L Sparkes L Sparkes L Sparkes Authorisation 2 P a g e

3 Contents 1 Policy Statement Purpose and Scope Policy Satisfaction of Principles... 6 Subject Access... 7 Employee Responsibilities... 7 Data Security... 7 Rights to Access Information... 8 Publication of GDC information... 8 Subject Consent... 9 Retention of Data... 9 Accountability P a g e

4 1 Policy Statement The General Optical Council (GOC) is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. The GOC recognises the importance of the correct and lawful treatment of personal data; it maintains confidence in the organisation and provides for successful operations. The Data Protection Act 1998 (DPA) aims to strike a balance between the rights of individuals to privacy and the ability of organisations to use personal information for the purposes of their business. The types of personal data that the GOC holds will include information about current, past and prospective staff, those working on behalf of the GOC i.e Council, Committees and panel members; registrants; suppliers and others with whom it communicates. This personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act The GOC fully endorses and adheres to the eight principles of the DPA. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Staff and those working on behalf of the GOC who obtain, handle, process, transport and store personal data for the GOC must adhere to these principles. 2 Purpose and Scope The purpose of this policy is to outline the key measures that need to be taken in order to adhere to the eight principles of the DPA. This policy applies to all employees of the GOC and any others who obtain, handle, process, transport and store personal data for the GOC. 3 Policy 3.1 Data Protection Principles In processing information the GOC complies with the requirements of the Data Protection Act 1998, the Human Rights Act 1998, and common law on duty of confidentiality. The GOC complies fully with the Data Protection Act 1998, and its eight principles when processing personal data. The principles say that personal data must be: processed fairly and lawfully and in line with specific conditions set out in the DP Act; processed for a specific purpose or purposes; adequate, relevant and not excessive; 4 P a g e

5 accurate and up to date; not kept for longer than is necessary; processed in accordance with the data subjects rights; secure; not transferred to a country outside the European Economic Area that does not have adequate data protection rules. Fair and Lawful The GOC ensures that we tell people what we do with the information that we hold about them. The data subject should be told: who the data controller is (i.e. the GOC) the purpose or purposes for which the data is to be processed; any other information to make the processing fair for example, this could be information about third parties to whom the data may be disclosed. Personal data processing may only take place if specific conditions set out in the DPA are met. For processing sensitive personal data there are additional, more stringent conditions to fulfill. Conditions particularly relevant to our business might be: when we have the data subject's consent; when processing information is necessary for us to carry out our legal obligations; and when it is necessary for the exercise of a public function in the public interest. Specified purpose The GOC will only use the personal data we have collected for the purposes we have stated both in our notification to the Information Commissioner and those that we have told the data subject when we collected the information. If we have gathered information for one specific purpose we cannot go ahead and use the same information for another purpose. If any new processing is proposed, the Registrar should be consulted to check whether this is compatible with the original purpose. 5 P a g e

6 Adequate, accurate and kept no longer than necessary The GOC ensures that we collect sufficient personal data or sensitive personal data to enable us to carry out our work, and no more. We use our best endeavours to ensure that the records we keep about optometrists, patients and complainants are accurate and up to date. Data subject rights A data subject has certain rights conferred under the DPA including: request access to his or her personal data; prevent processing likely to cause damage or distress. Security The GOC takes appropriate technical, physical and organisational measures to ensure that our information is held securely and safeguarded from; destruction, loss, unauthorised access and disclosure. Transfer of personal data We will not transfer data outside of the EEA except as part of a publicly held register, when we are confident that it is in the substantial public interest to do so, or if another Data Protection Act exemption applies. 3.2 Satisfaction of Principles In order to meet the requirements of the principles, the GOC: observes fully the conditions regarding the fair collection and use of personal data; meets its obligations to specify the purposes for which personal data is used; collects and processes appropriate personal data only to the extent that it is needed to fulfil operational or any legal requirements; ensures the quality of personal data used; applies strict checks to determine the length of time personal data is held; ensures that the rights of individuals about whom the personal data is held, can be fully exercised under the Act; takes appropriate technical and organisational security measures to safeguard personal data; 6 P a g e

7 and ensures that personal data is not transferred abroad without suitable safeguards. 3.3 Subject Access All individuals who are the subject of personal data held by the GOC are entitled to: Ask what information the GOC holds about them and why; Ask how to gain access to it; Be informed how to keep it up to date; Be informed what the GOC is doing to comply with its obligations under the DPA. 3.4 Responsibilities All staff and those working on behalf of the GOC are responsible for: Checking that any personal data that they provide to the GOC is accurate and up to date; Informing the GOC of any changes to information which they have provided, e.g. changes of address; Checking any information that the GOC may send out from time to time is accurate; Sending personal data in a secure way with envelopes marked Private and Confidential with a return address. Recorded delivery should generally be used where personal data is being sent to a third party. If the data is of a sensitive nature then registered post shall be used; If, as part of their responsibilities, staff and those working on behalf of the GOC collect information about other people (e.g. about personal circumstances which would contain sensitive personal data), they must comply with the DPA. 3.5 Data Security The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restricted. All staff and those working on behalf of the GOC are responsible for ensuring that: Any personal data which they hold is kept securely Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Please refer to the GOC Information Security Policy. 7 P a g e

8 3.6 Sensitive Personal Data Sensitive personal data means personal data consisting of information as to a) the racial or ethnic origin of the data subject, b) his/her political opinions, c) his/her religious beliefs or other beliefs of a similar nature, d) whether he/she is a member of a trade union, e) his/her physical or mental health or condition, f) his/her sexual life g) the commission or alleged commission by him/her of any offence, or h) any proceedings for any offence committed or alleged to have been committed by him/her, the disposal of such proceedings or the sentence of any court in such proceedings. 3.7 Rights to Access Information Staff, those working on behalf of the GOC and other subjects of personal data held by the GOC have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. This right is subject to certain exemptions which are set out in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing to the GOC's Information Governance Project Manager. The GOC reserves the right to charge the maximum fee payable (currently 10.00) for each subject access request. If personal details are inaccurate, they can be amended upon request. The GOC aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 calendar days of receipt of a request and appropriate payment unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request. 3.8 Publication of GOC information Information that is already in the public domain is exempt from the 1998 Act. This would include, for example, information on staff and those working on behalf of the GOC contained within externally circulated publications. Any individual who has good reason for wishing details in such publications to remain confidential should contact the GOC's Information Governance Project Manager. 8 P a g e

9 3.9 Subject Consent The need to process data for normal purposes has been communicated to all data subjects. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained. Processing may be necessary to operate GOC policies, such as health and safety and equal opportunities Retention of Data The GOC keeps some forms of information for longer than others. All staff and those working on behalf of the GOC are responsible for ensuring that information is not kept for longer than necessary. Please refer to the GOC Document Retention and Disposal Policy. 4. Accountability 4.1 Registrar The Registrar has an overall duty to ensure that the GOC complies with legislation affecting the handling of personal data and with supporting regulations and codes. 4.2 All staff, Council, Committee and Panel Members All staff and those working on behalf of the GOC are accountable for compliance with this policy and with related policies, standards and guidance. They have a responsibility to handle personal data in accordance with the principles of the DPA. Individual can be liable in law under the terms of the DPA. Deliberate misuse of personal data or a serious breach of DPA may result in disciplinary action being taken. 4.3 Associates and externals Many people contribute to the work of the GOC whether in a paid or contractual basis. The GOC are responsible for ensuring that associates and externals are aware of and comply with the principles of the DPA in the course of the work they undertake for the GOC. The responsibility of externals and associates to comply with the DPA will be made known to them when they begin working for the GOC. 9 P a g e

Data Protection Policy

Data Protection Policy Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018

More information

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect

More information

Tourettes Action Data Protection Policy

Tourettes Action Data Protection Policy Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version

More information

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00 Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed

More information

Data Protection. Policy

Data Protection. Policy Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all

More information

Data Protection Policy

Data Protection Policy Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,

More information

GROUP DATA PROTECTION POLICY

GROUP DATA PROTECTION POLICY GROUP DATA PROTECTION POLICY Conducting business the right way Safeguarding our customer and employee personal data Version 1 [August 2016] CONDUCTING BUSINESS THE RIGHT WAY Our Values, Doing the Right

More information

Data Protection Policy

Data Protection Policy THE CIPPENHAM SCHOOLS TRUST Data Protection Policy *Date for revision: Summer Term 2018 Responsibility for policy: Responsibility for operational: Trustees Trustees Reviewed by Directors: *subject to any

More information

Data protection (GDPR) policy

Data protection (GDPR) policy Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL

More information

Data Protection Policy

Data Protection Policy Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY 1. Introduction This policy is intended to provide information about how the School will use (or process ) personal data about individuals including: Current, past and prospective pupils; Parents, carers

More information

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you: Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes

More information

Data Protection Policy

Data Protection Policy Data Protection Policy University of London Data Protection UoL website link: http://www.london.ac.uk/238.html Email: records.managament@london.ac.uk Contents 1 Policy statement... 3 2 Introduction and

More information

St Mark s Church of England Academy Data Protection Policy

St Mark s Church of England Academy Data Protection Policy St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...

More information

Regulates the way data controllers process personal data

Regulates the way data controllers process personal data GUIDANCE NOTE ON THE DATA PROTECTION ACT 1998 This guidance note gives an overview of how the Data Protection Act 1998 (the Act ) applies to clubs (including class associations) and recognised training

More information

Data Protection Policy & Procedures

Data Protection Policy & Procedures Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who

More information

KRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012

KRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012 . SAFE HARBOR PRIVACY POLICY Amended and Restated as of July 20, 2012 I. OBJECTIVES The objective of this policy is to comply with applicable laws and regulations and document the processes and procedures

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY APPENDIX. DATA PROTECTION POLICY Document Status Author Director of Registry Services (Data) Date of Origin 27 th July 2011 This Version July 2014 Review requirements Date of next review July 2016 Approval

More information

IQ Data Protection Policy

IQ Data Protection Policy IQ Data Protection Policy Statement of purpose IQ Ltd is registered on the Data Protection register as a statutory requirement for organisations that hold personal data. Registration was first completed

More information

UK Research and Innovation (UKRI) Data Protection Policy

UK Research and Innovation (UKRI) Data Protection Policy UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager

More information

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy for The Astor Bannerman Group of Companies Issue Date: 3 rd January 2014 Version: 01 Approval History Name Department Role/Position Date approved Signature James Stuart- Smith Director

More information

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS What is the purpose of this document? FS1 Recruitment UK Ltd is committed to protecting the privacy and security of your

More information

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?... Data Protection Guidance for Volunteers Last update 26/11/17 Contents Introduction... 2 1. Why is data protection important?... 2 2. How does it apply to volunteers?... 2 3. What volunteers need to do?...

More information

Data Protection Act 1998 Employee Fair Processing Notice

Data Protection Act 1998 Employee Fair Processing Notice Data Protection Act 1998 Employee Fair Processing Notice Reference: Document Type: Status of Document: Policy Final Version: 1.3 Date Approved: 16 th December 2014 Approved By: Director of HR & OD Publication

More information

The (Scheme) Actuary as a Data Controller

The (Scheme) Actuary as a Data Controller The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title: Data Protection Policy Ref:CP005 Version:2 Approval Body: Corporation via Audit & Risk Committee Date:24th March 2015 Review Date: 24th March 2018 Lead Person: Director, Institutional Effectiveness

More information

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over

More information

General Personal Data Protection Policy

General Personal Data Protection Policy General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,

More information

Foundation trust membership and GDPR

Foundation trust membership and GDPR 05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection

More information

Gwybodaeth Dan Reolaeth. Gwynedd Council DATA PROTECTION POLICY FINAL 2.0. September Information Management Service. Approved

Gwybodaeth Dan Reolaeth. Gwynedd Council DATA PROTECTION POLICY FINAL 2.0. September Information Management Service. Approved Gwybodaeth Dan Reolaeth Gwynedd Council DATA PROTECTION POLICY FINAL 2.0 September 2015 Information Management Service 1. Introduction The Council makes considerable use of personal information in all

More information

closer look at Definitions The General Data Protection Regulation

closer look at Definitions The General Data Protection Regulation A closer look at Definitions The General Data Protection Regulation September 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute

More information

Auditing of Swedish Enterprises and Organisations

Auditing of Swedish Enterprises and Organisations Auditing of Swedish Enterprises and Organisations March 1st 2018 version 2018:1 1 General Application 1.1 These General Terms govern the relationship between the auditor ( the Auditor ) and the client

More information

POLICY. Descriptors : 1) Conduct 2) Behaviour 3) Ethics 4) Rules

POLICY. Descriptors : 1) Conduct 2) Behaviour 3) Ethics 4) Rules POLICY Policy Title: Code of Conduct Descriptors : 1) Conduct 2) Behaviour 3) Ethics 4) Rules Category : Human Resources Intent Organisational Scope Definitions Policy Content References Contact Information

More information

Data Protection Audit Self-assessment toolkit

Data Protection Audit Self-assessment toolkit Data Protection Audit Self-assessment toolkit online preferences security passport details emergency contact details blood group email account number accuracy CCTV images tax records rights payroll number

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY LEEDS BECKETT U NIVERSI T Y DATA PROTECTION POLICY 1. INTRODUCTION 1.1 This policy document explains the framework through which the University ensures compliance with the Data Protection Act 1998 (DPA).

More information

Data Privacy Policy for Employees and Employee Candidates in the European Union

Data Privacy Policy for Employees and Employee Candidates in the European Union Data Privacy Policy for Employees and Employee Candidates in the European Union This Data Privacy Policy is effective as of February 1, 2014 1. Data Privacy Policy Overview 1.1 Under Armour, Inc. (the

More information

Humber Information Sharing Charter

Humber Information Sharing Charter External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document

More information

Archway Academy Independent School ARCHWAY ACADEMY INDEPENDENT SCHOOL DISCIPLINARY AND GRIEVANCE PROCEDURES. 24/10/14- Last Updated 15/12/16 1

Archway Academy Independent School ARCHWAY ACADEMY INDEPENDENT SCHOOL DISCIPLINARY AND GRIEVANCE PROCEDURES. 24/10/14- Last Updated 15/12/16 1 ARCHWAY ACADEMY INDEPENDENT SCHOOL DISCIPLINARY AND GRIEVANCE PROCEDURES 1 1.1 Disciplinary Rules We require high standards of discipline from our employees, together with satisfactory standards of work.

More information

Quick guide to the employment practices code

Quick guide to the employment practices code Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment

More information

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA USED FOR EMPLOYMENT PURPOSES 1 (Adopted by the Committee

More information

Data protection. The employment practices code

Data protection. The employment practices code Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the

More information

Human Resources People and Organisational Development. Disciplinary Procedure Manual Staff

Human Resources People and Organisational Development. Disciplinary Procedure Manual Staff Human Resources People and Organisational Development Disciplinary Procedure Manual Staff December 1998 Revised November 2015 Contents 1. Purpose and Scope... 3 2. General Principles... 3 3. Procedure...

More information

This has been produced as a response to the Data Protection Act 1998 and replaces the MRS Guidelines for Handling Databases.

This has been produced as a response to the Data Protection Act 1998 and replaces the MRS Guidelines for Handling Databases. The Data Protection Act 1998 & Market Research: Guidance for MRS Members September 2003 This has been produced as a response to the Data Protection Act 1998 and replaces the MRS Guidelines for Handling

More information

Data Protection Policy

Data Protection Policy Preston and District Data Protection Policy The University of the Third Age Scope of the policy This policy applies to the work of Preston & District U3A (hereafter the U3A ). The policy sets out the requirements

More information

SECTION 4 PAYMENT OF WAGES

SECTION 4 PAYMENT OF WAGES SECTION 4 PAYMENT OF WAGES Page no. Payment of Wages 92 Payment of Wages Act 1991 92 Deductions 93 Disputes 94 National Minimum Wage 95 Determining average hourly rate of pay 95 Reckonable and Non-Reckonable

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Draft Privacy Notice for employees November 2017 www.uk.coop/gdprtoolkit This is a draft document which provides a widely drafted privacy notice to allow data to be processed

More information

THE EMPLOYMENT PRACTICES DATA PROTECTION CODE:

THE EMPLOYMENT PRACTICES DATA PROTECTION CODE: THE EMPLOYMENT PRACTICES DATA PROTECTION CODE: PART 4: INFORMATION ABOUT WORKERS HEALTH. Employment Code Pt 4 v1.0 CONTENTS Section 1: About the Code. 3 Section 2: Information About Workers Health. 11

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY 1. Introduction This policy sets out how The Robert Gordon University shall comply with the requirements of the Data Protection Act 1998 and was created with reference to the JISC

More information

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The

More information

Data Protection Policy

Data Protection Policy HOLY TRINITY CE (VA) PRIMARY SCHOOL Data Protection Policy Learning and caring together, building a firm foundation for the future. FOUNDED 1865 Date of Last Review: July 2015 Date to be Revisited: July

More information

Whistle Blowing Policy

Whistle Blowing Policy Whistle Blowing Policy Introduction The Code is intended to help employees in or working with or assisting Schools in Lambeth who have major concerns over any wrong-doing within such Schools relating to

More information

PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE

PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE PRIVACY IMPACT ASSESSMENT (PIA) TEMPLATE Reference No: IG40 Version: 1.2 Purpose of Document: Ratified by: Date ratified: 27 th September 2013 Review Date September 2014 Name of originator/author: Contact

More information

DISCIPLINARY POLICY AND PROCEDURE. 1 Aims and Objectives

DISCIPLINARY POLICY AND PROCEDURE. 1 Aims and Objectives DISCIPLINARY POLICY AND PROCEDURE 1 Aims and Objectives 1.1 Intu is committed to promoting fairness and consistency in the treatment of all employees in connection with conduct and performance. In order

More information

How employers should comply with GDPR

How employers should comply with GDPR 02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact

More information

A Parish Guide to the General Data Protection Regulation (GDPR)

A Parish Guide to the General Data Protection Regulation (GDPR) A Parish Guide to the General Data Protection Regulation (GDPR) What s happening and why is it important? The law is changing. Currently, the Data Protection Act 1998 governs how you process personal data

More information

Code of Conduct: Obligation to Stakeholders

Code of Conduct: Obligation to Stakeholders Policy Owner: Contact Officers: Policy Number: Approved by: College Director/Principal Business Manager QBIPO009 Senior Management Group Date Approved: 22 October 2011 Last Reviewed: July 2016 Related

More information

Human Resources Directorate

Human Resources Directorate Name of Policy Employee Records Privacy Policy Description of Policy New Policy Revision Description of Revision Human Resources Directorate Policy and Revision Number Original Effective Date Review Due

More information

Code of Conduct INTRODUCTION

Code of Conduct INTRODUCTION INTRODUCTION Kingspan Group plc is committed to acting responsibly in its business, and maintaining high standards of ethics and integrity in all its dealings with its stakeholders, be they investors,

More information

It is our policy to provide employment equality to all, irrespective of:

It is our policy to provide employment equality to all, irrespective of: Revised: July 2012 The aim of this policy is to communicate the commitment of the Chief Executive, Board of Directors and Senior Management Team to the promotion of equality of opportunity in and by the

More information

SAI Global Full Service Team

SAI Global Full Service Team General information regarding elements of the certification process is described below. A degree of flexibility and options in the certification process are available so please feel free to contact us

More information

Humber Information Sharing Charter

Humber Information Sharing Charter External Ref: HIG 01 Insert here the logo of the signatory organisation Review date November 2016 Version No. V07 Internal Ref: ERYC CFS ILS 02 Humber Information Sharing Charter This Charter may be an

More information

SIGBI DATA PROTECTION PROTOCOLS 2018

SIGBI DATA PROTECTION PROTOCOLS 2018 SIGBI DATA PROTECTION PROTOCOLS 2018 For the purpose of this document, references to Soroptimist International Great Britain and Ireland (SIGBI) Limited and Soroptimist International may be written as

More information

Supplemental guide to the GDPR for HR professionals

Supplemental guide to the GDPR for HR professionals Supplemental guide to the GDPR for HR professionals Version 1.0, January 2018 The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, representing the most significant change

More information

Customer Advocacy. Complaints Management Policy

Customer Advocacy. Complaints Management Policy Customer Advocacy Complaints Management Policy Complaints Management Policy Page 2 1. Purpose 1.1 The purpose of this policy is to provide customers and stakeholders with an overview and understanding

More information

INSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified)

INSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified) Disciplinary Policy INSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified) Consultation Staff Forum August 2014

More information

Barnies Day Nurseries and Out of School Clubs Grievance and Disciplinary Policy and Procedures

Barnies Day Nurseries and Out of School Clubs Grievance and Disciplinary Policy and Procedures Barnies Day Nurseries and Out of School Clubs Grievance and Disciplinary Policy and Procedures Disciplinary rules and procedures are necessary to promote orderly employee relations as well as fairness

More information

Whistle Blowing (Draft)

Whistle Blowing (Draft) Whistle Blowing (Draft) Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) HR Index reference number Approved 30/03/17 Approved by

More information

Auditing data protection

Auditing data protection Data protection Auditing data protection a guide to ICO data protection audits 1 Contents Executive summary 3 1. Audit programme development 5 Audit planning and risk assessment 2. Audit approach 6 Gathering

More information

CODE OF CONDUCT. 2 General obligations Council members must take personal responsibility for ensuring that they keep to the Code.

CODE OF CONDUCT. 2 General obligations Council members must take personal responsibility for ensuring that they keep to the Code. CODE OF CONDUCT 1 Introduction Council members must comply with this Code of Conduct (the Code) whenever they act in their capacity as a member of the Council. The Code will also apply to Council members

More information

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe, Recommendation CM/Rec(2015)5 of the Committee of Ministers to member States on the processing of personal data in the context of employment (Adopted by the Committee of Ministers on 1 April 2015, at the

More information

Whistle-blowing. Policy and Procedure

Whistle-blowing. Policy and Procedure Whistle-blowing Policy and Procedure This document will be made available in other languages and formats upon request from employees and students (or their parents/carers) Date of Issue: September 2014

More information

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 DATA PROTECTION WORKING PARTY ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION

More information

Data Protection Policy

Data Protection Policy Data Protection Policy August 2017 This document will be put into corporate format but, in the interim, please see the updated un-formatted version supplied in the following pages. Document title Data

More information

Privacy Policy PURPOSE SCOPE POLICY. Data Collection

Privacy Policy PURPOSE SCOPE POLICY. Data Collection Privacy Policy PURPOSE 1. To ensure Training & Assessment Mentor maintains the privacy of personal information provided to Training & Assessment Mentor from Staff and Students. SCOPE 2. This document describes

More information

CANDIDATE DATA PROTECTION STANDARDS

CANDIDATE DATA PROTECTION STANDARDS CANDIDATE DATA PROTECTION STANDARDS I. OBJECTIVE The aim of these Candidate Data Protection Standards ( Standards ) is to provide adequate and consistent safeguards for the handling of candidate data by

More information

WHISTLE BLOWING POLICY

WHISTLE BLOWING POLICY WHISTLE BLOWING POLICY Introduction The Tandridge Learning Trust is committed to the highest possible standards of honesty, openness, probity and accountability. It seeks to conduct its affairs in a responsible

More information

STAFF CODE OF CONDUCT

STAFF CODE OF CONDUCT STAFF CODE OF CONDUCT FOREWORD This Code describes the standards of behaviour required of all members of staff of the National Assembly for Wales (employees of the Assembly Commission). As an employee

More information

General Data Protection Regulation. The changes in data protection law and what this means for your church.

General Data Protection Regulation. The changes in data protection law and what this means for your church. General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23

More information

Syntel Human Resources Privacy Statement

Syntel Human Resources Privacy Statement Syntel Human Resources Privacy Statement August 24, 2016 Privacy Statement highlights: Syntel is committed to protecting your privacy. This Privacy Statement ("Statement") addresses prospective, current,

More information

Cloud Computing Policy and Guidelines Release: 1.51

Cloud Computing Policy and Guidelines Release: 1.51 Cloud Computing Policy and Guidelines Release: 1.51 1. Introduction This document sets out the College s policy for the use of cloud computing services, also known as cloud computing, cloud services or

More information

Disciplinary/Dismissal Procedures

Disciplinary/Dismissal Procedures Disciplinary/Dismissal Procedures This policy was adopted by the Board of Directors of Armagh Credit Union Limited. Signed:- Position Position Date: STATEMENT OF POLICY The aim of Armagh Credit Union's

More information

ECOLAB INC. PRIVACY POLICY STATEMENT PERSONAL DATA

ECOLAB INC. PRIVACY POLICY STATEMENT PERSONAL DATA ECOLAB INC. PRIVACY POLICY STATEMENT PERSONAL DATA A. Ecolab Commitment to Data Privacy Protection The Statement set forth below outlines the Personal Data that Ecolab may collect, how Ecolab uses and

More information

INDIVIDUAL AND COLLECTIVE GRIEVANCES POLICY AND PROCEDURE

INDIVIDUAL AND COLLECTIVE GRIEVANCES POLICY AND PROCEDURE INDIVIDUAL AND COLLECTIVE GRIEVANCES POLICY AND PROCEDURE Individual and Collective Grievances Policy & Procedure Page: Page 1 of 19 Recommended by Approved by HR OD Committee Workforce Committee Approval

More information

CRIMINAL RECORDS CHECKS PROCEDURE

CRIMINAL RECORDS CHECKS PROCEDURE CRIMINAL RECORDS CHECKS PROCEDURE Criminal Record Checks Procedure Page: Page 1 of 18 Recommended by Approved by Director of Organisational Development Executive Management Team Approval date 20 th April

More information

Section 22. Scope of section. Accreditation. Eligibility Criteria

Section 22. Scope of section. Accreditation. Eligibility Criteria Section 22 Accreditation of Audit Firms, Reporting Accountants, Reporting Accountant Specialists and IFRS Advisers to provide accounting and/or advisory services to applicant issuers Scope of section The

More information

Grievance Policy/Procedure

Grievance Policy/Procedure Grievance Policy/Procedure Approved by The Executive Date approved October 2015 Status Approved Policy owner Head of HR Impact assessed Version 4 Date of next review Yes June 2018-1- 1.0 Purpose of Policy

More information

Disciplinary & Grievance Policy Jan 2016

Disciplinary & Grievance Policy Jan 2016 Disciplinary & Grievance Policy Jan 2016 Disciplinary Procedure: Policy statement Greenwich Mencap wants to ensure employees clearly understand the standards of conduct and behaviour (See Code of Conduct

More information

THE CRYPT SCHOOL DISCIPLINARY PROCEDURE (FORMERLY THE CONDUCT PROCEDURE AND GUIDANCE)

THE CRYPT SCHOOL DISCIPLINARY PROCEDURE (FORMERLY THE CONDUCT PROCEDURE AND GUIDANCE) THE CRYPT SCHOOL DISCIPLINARY PROCEDURE (FORMERLY THE CONDUCT PROCEDURE AND GUIDANCE) DISCIPLINARY AND APPEALS Procedure 1. This procedure does not form part of The Employee s contract of employment, except

More information

Dignity and Respect Procedure

Dignity and Respect Procedure Dignity and Respect Procedure Purpose This document outlines the University s approach to dignity and respect at work and sets out a procedure for addressing issues of bullying or harassment Scope This

More information

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,

More information

Equality and Diversity Policy

Equality and Diversity Policy Equality and Diversity Policy Warwickshire First Aid Training is a progressive training organisation providing mandatory training to a range of organisations. We provide a range of First Aid, health and

More information

Annexure B Section 22

Annexure B Section 22 Annexure B Section 22 Accreditation of Audit Firms, Reporting Accountants, Reporting Accountant Specialists and IFRS Advisers to provide accounting and/or advisory services to applicant issuers Scope of

More information

Freedom of Information (FOI) Policy

Freedom of Information (FOI) Policy Freedom of Information (FOI) Policy Subject Freedom of Information Act (2000) Policy number Tbc Approved by Trust Executive Group Date approved March 2015 Version 2 Policy owner Director of Communications

More information

WHITELEY PRE SCHOOL DISCIPLINARY PROCEDURE. 1.1 The disciplinary procedure applies to all members of staff, volunteers and committee members.

WHITELEY PRE SCHOOL DISCIPLINARY PROCEDURE. 1.1 The disciplinary procedure applies to all members of staff, volunteers and committee members. WHITELEY PRE SCHOOL DISCIPLINARY PROCEDURE 1. INTRODUCTION 1.1 The disciplinary procedure applies to all members of staff, volunteers and committee members. 1.2 The procedure will be applied in accordance

More information

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information

More information

GDPR factsheet Key provisions and steps for compliance

GDPR factsheet Key provisions and steps for compliance GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance

More information

Data Protection/ Information Security Policy

Data Protection/ Information Security Policy Data Protection/ Information Security Policy Date Policy Reviewed 27 th April 2016 Date Passed to Governors: 27 th April 2016 Approved by Governors: 7 th June 2016 Date of Next Review: June 2018 Data Protection

More information

Guideline Leaflet L13: Data Protection

Guideline Leaflet L13: Data Protection 3 Guideline Leaflet L13: Data Protection If a church holds personal data either on a computer or in a paper-based filing system it must follow the rules set out in the Data Protection Act 1998, and from

More information