General Optical Council. Data Protection Policy

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "General Optical Council. Data Protection Policy"

Transcription

1 General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet

2 Document History Version Date December September October 2013 Description of Change Draft Content changes as discussed at SMT Content changes as discussed at Audit & Risk Committee Author L Sparkes L Sparkes L Sparkes Authorisation 2 P a g e

3 Contents 1 Policy Statement Purpose and Scope Policy Satisfaction of Principles... 6 Subject Access... 7 Employee Responsibilities... 7 Data Security... 7 Rights to Access Information... 8 Publication of GDC information... 8 Subject Consent... 9 Retention of Data... 9 Accountability P a g e

4 1 Policy Statement The General Optical Council (GOC) is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. The GOC recognises the importance of the correct and lawful treatment of personal data; it maintains confidence in the organisation and provides for successful operations. The Data Protection Act 1998 (DPA) aims to strike a balance between the rights of individuals to privacy and the ability of organisations to use personal information for the purposes of their business. The types of personal data that the GOC holds will include information about current, past and prospective staff, those working on behalf of the GOC i.e Council, Committees and panel members; registrants; suppliers and others with whom it communicates. This personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act The GOC fully endorses and adheres to the eight principles of the DPA. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Staff and those working on behalf of the GOC who obtain, handle, process, transport and store personal data for the GOC must adhere to these principles. 2 Purpose and Scope The purpose of this policy is to outline the key measures that need to be taken in order to adhere to the eight principles of the DPA. This policy applies to all employees of the GOC and any others who obtain, handle, process, transport and store personal data for the GOC. 3 Policy 3.1 Data Protection Principles In processing information the GOC complies with the requirements of the Data Protection Act 1998, the Human Rights Act 1998, and common law on duty of confidentiality. The GOC complies fully with the Data Protection Act 1998, and its eight principles when processing personal data. The principles say that personal data must be: processed fairly and lawfully and in line with specific conditions set out in the DP Act; processed for a specific purpose or purposes; adequate, relevant and not excessive; 4 P a g e

5 accurate and up to date; not kept for longer than is necessary; processed in accordance with the data subjects rights; secure; not transferred to a country outside the European Economic Area that does not have adequate data protection rules. Fair and Lawful The GOC ensures that we tell people what we do with the information that we hold about them. The data subject should be told: who the data controller is (i.e. the GOC) the purpose or purposes for which the data is to be processed; any other information to make the processing fair for example, this could be information about third parties to whom the data may be disclosed. Personal data processing may only take place if specific conditions set out in the DPA are met. For processing sensitive personal data there are additional, more stringent conditions to fulfill. Conditions particularly relevant to our business might be: when we have the data subject's consent; when processing information is necessary for us to carry out our legal obligations; and when it is necessary for the exercise of a public function in the public interest. Specified purpose The GOC will only use the personal data we have collected for the purposes we have stated both in our notification to the Information Commissioner and those that we have told the data subject when we collected the information. If we have gathered information for one specific purpose we cannot go ahead and use the same information for another purpose. If any new processing is proposed, the Registrar should be consulted to check whether this is compatible with the original purpose. 5 P a g e

6 Adequate, accurate and kept no longer than necessary The GOC ensures that we collect sufficient personal data or sensitive personal data to enable us to carry out our work, and no more. We use our best endeavours to ensure that the records we keep about optometrists, patients and complainants are accurate and up to date. Data subject rights A data subject has certain rights conferred under the DPA including: request access to his or her personal data; prevent processing likely to cause damage or distress. Security The GOC takes appropriate technical, physical and organisational measures to ensure that our information is held securely and safeguarded from; destruction, loss, unauthorised access and disclosure. Transfer of personal data We will not transfer data outside of the EEA except as part of a publicly held register, when we are confident that it is in the substantial public interest to do so, or if another Data Protection Act exemption applies. 3.2 Satisfaction of Principles In order to meet the requirements of the principles, the GOC: observes fully the conditions regarding the fair collection and use of personal data; meets its obligations to specify the purposes for which personal data is used; collects and processes appropriate personal data only to the extent that it is needed to fulfil operational or any legal requirements; ensures the quality of personal data used; applies strict checks to determine the length of time personal data is held; ensures that the rights of individuals about whom the personal data is held, can be fully exercised under the Act; takes appropriate technical and organisational security measures to safeguard personal data; 6 P a g e

7 and ensures that personal data is not transferred abroad without suitable safeguards. 3.3 Subject Access All individuals who are the subject of personal data held by the GOC are entitled to: Ask what information the GOC holds about them and why; Ask how to gain access to it; Be informed how to keep it up to date; Be informed what the GOC is doing to comply with its obligations under the DPA. 3.4 Responsibilities All staff and those working on behalf of the GOC are responsible for: Checking that any personal data that they provide to the GOC is accurate and up to date; Informing the GOC of any changes to information which they have provided, e.g. changes of address; Checking any information that the GOC may send out from time to time is accurate; Sending personal data in a secure way with envelopes marked Private and Confidential with a return address. Recorded delivery should generally be used where personal data is being sent to a third party. If the data is of a sensitive nature then registered post shall be used; If, as part of their responsibilities, staff and those working on behalf of the GOC collect information about other people (e.g. about personal circumstances which would contain sensitive personal data), they must comply with the DPA. 3.5 Data Security The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restricted. All staff and those working on behalf of the GOC are responsible for ensuring that: Any personal data which they hold is kept securely Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Please refer to the GOC Information Security Policy. 7 P a g e

8 3.6 Sensitive Personal Data Sensitive personal data means personal data consisting of information as to a) the racial or ethnic origin of the data subject, b) his/her political opinions, c) his/her religious beliefs or other beliefs of a similar nature, d) whether he/she is a member of a trade union, e) his/her physical or mental health or condition, f) his/her sexual life g) the commission or alleged commission by him/her of any offence, or h) any proceedings for any offence committed or alleged to have been committed by him/her, the disposal of such proceedings or the sentence of any court in such proceedings. 3.7 Rights to Access Information Staff, those working on behalf of the GOC and other subjects of personal data held by the GOC have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. This right is subject to certain exemptions which are set out in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing to the GOC's Information Governance Project Manager. The GOC reserves the right to charge the maximum fee payable (currently 10.00) for each subject access request. If personal details are inaccurate, they can be amended upon request. The GOC aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 calendar days of receipt of a request and appropriate payment unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request. 3.8 Publication of GOC information Information that is already in the public domain is exempt from the 1998 Act. This would include, for example, information on staff and those working on behalf of the GOC contained within externally circulated publications. Any individual who has good reason for wishing details in such publications to remain confidential should contact the GOC's Information Governance Project Manager. 8 P a g e

9 3.9 Subject Consent The need to process data for normal purposes has been communicated to all data subjects. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained. Processing may be necessary to operate GOC policies, such as health and safety and equal opportunities Retention of Data The GOC keeps some forms of information for longer than others. All staff and those working on behalf of the GOC are responsible for ensuring that information is not kept for longer than necessary. Please refer to the GOC Document Retention and Disposal Policy. 4. Accountability 4.1 Registrar The Registrar has an overall duty to ensure that the GOC complies with legislation affecting the handling of personal data and with supporting regulations and codes. 4.2 All staff, Council, Committee and Panel Members All staff and those working on behalf of the GOC are accountable for compliance with this policy and with related policies, standards and guidance. They have a responsibility to handle personal data in accordance with the principles of the DPA. Individual can be liable in law under the terms of the DPA. Deliberate misuse of personal data or a serious breach of DPA may result in disciplinary action being taken. 4.3 Associates and externals Many people contribute to the work of the GOC whether in a paid or contractual basis. The GOC are responsible for ensuring that associates and externals are aware of and comply with the principles of the DPA in the course of the work they undertake for the GOC. The responsibility of externals and associates to comply with the DPA will be made known to them when they begin working for the GOC. 9 P a g e

Data Protection Policy

Data Protection Policy Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018

More information

DATA PROTECTION POLICY 2016

DATA PROTECTION POLICY 2016 DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of

More information

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control History Title Data Protection Policy Version no. 1.0 Date of publication May 2018 Author(s) Amanda Cramb, HR Manager Next review date May 2021 Page 1 Introduction

More information

Tourettes Action Data Protection Policy

Tourettes Action Data Protection Policy Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version

More information

VMS Software Ltd- Data Protection Privacy Policy

VMS Software Ltd- Data Protection Privacy Policy VMS Software Ltd- Data Protection Privacy Policy Introduction The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of VMS Software Ltd. This includes

More information

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00 Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed

More information

POLICY ON INFORMATION, SECURITY & DATA PROTECTION

POLICY ON INFORMATION, SECURITY & DATA PROTECTION POLICY ON INFORMATION, SECURITY & DATA PROTECTION As a recruitment company, First Recruitment is a data controller. This means it processes personal data about its work seekers, individual client contacts

More information

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions. Page 2 of 10 Data Protection Policy Chief Information Officer Chief Information Officer Data Protection Officer The current version (July 2018) is derived from, and supersedes, the version published in

More information

Data Protection. Policy

Data Protection. Policy Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all

More information

SHENLEY BROOK END SCHOOL

SHENLEY BROOK END SCHOOL SHENLEY BROOK END SCHOOL DATA PROTECTION POLICY Linked Policies: CCTV Review Information Reviewed by Finance Pay and Personnel Committee 15 May 2012 Reviewed by Policy Committee August 2013 Adopted by

More information

Data Management and Protection Policy

Data Management and Protection Policy Data Management and Protection Policy Approved by Governor committee: Finance and Audit Date to be reviewed: June 2018 Responsibility of : Director of Finance and Operations Date ratified by Governing

More information

Data Protection Policy for the Grimsby Institute of Further & Higher Education

Data Protection Policy for the Grimsby Institute of Further & Higher Education Data Protection Policy for the Grimsby Institute of Further & Higher Education Data Protection Policy Change Control Version: V1.1 New or Replacement: Approved by: Replacement Executive Management Team

More information

Data Protection Policy

Data Protection Policy Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:

More information

Data Protection Policy

Data Protection Policy Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,

More information

GROUP DATA PROTECTION POLICY

GROUP DATA PROTECTION POLICY GROUP DATA PROTECTION POLICY Conducting business the right way Safeguarding our customer and employee personal data Version 1 [August 2016] CONDUCTING BUSINESS THE RIGHT WAY Our Values, Doing the Right

More information

RAW MARKETING DATA PROTECTION POLICY

RAW MARKETING DATA PROTECTION POLICY RAW MARKETING DATA PROTECTION POLICY Introduction We take your privacy very seriously and have updated our Privacy Statement in line with the upcoming GDPR regulation. Were absolutely committed to reflecting

More information

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make. What is the purpose of this document? NORTHERN IRELAND SCREEN COMMISSION (Company Number NI031997) whose registered office is at 3 rd Floor Alfred House, 21 Alfred Street, Belfast, BT2 8ED is committed

More information

DATA PROTECTION POLICY 2018

DATA PROTECTION POLICY 2018 DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information

More information

Baptist Union of Scotland DATA PROTECTION POLICY

Baptist Union of Scotland DATA PROTECTION POLICY Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information

More information

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that

More information

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects. BELFAST ROYAL ACADEMY Data Protection Policy Introduction Belfast Royal Academy recognises and accepts its responsibilities as set out in the Data Protection Act 1998. The School will take all reasonable

More information

Data Protection Policy

Data Protection Policy Data Protection Policy (Data Protection Act 1998) (This policy will be updated to incorporate GDPR by May 2018) Page 1 of 9 Data Protection Policy 1 Statement of Policy The Constellation Trust needs to

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY 1. Introduction This policy is intended to provide information about how the School will use (or process ) personal data about individuals including: Current, past and prospective pupils; Parents, carers

More information

Data protection (GDPR) policy

Data protection (GDPR) policy Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL

More information

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ] SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work

More information

Data Protection Policy

Data Protection Policy THE CIPPENHAM SCHOOLS TRUST Data Protection Policy *Date for revision: Summer Term 2018 Responsibility for policy: Responsibility for operational: Trustees Trustees Reviewed by Directors: *subject to any

More information

Data Protection Policy

Data Protection Policy Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:

More information

Data Protection Policy

Data Protection Policy Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:

More information

GENERAL DATA PROTECTION REGULATION Guidance Notes

GENERAL DATA PROTECTION REGULATION Guidance Notes GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in

More information

Data Protection Policy

Data Protection Policy Data Protection Policy University of London Data Protection UoL website link: http://www.london.ac.uk/238.html Email: records.managament@london.ac.uk Contents 1 Policy statement... 3 2 Introduction and

More information

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE Prepared by: Peter Hawksworth, Headteacher Checked by: Jackie Hesslegrave, Business Manager Adopted by Governors: November 2017 Review

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Version Date Revision Author Summary of Changes 1.0 21 st May 2018 Ashleigh Morrow EXECUTIVE STATEMENT At CASTLEREAGH NURSERY SCHOOL (the School ), we believe privacy is important.

More information

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems

LAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and

More information

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you: Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes

More information

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to

More information

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3 Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work

More information

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we

More information

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018 LIFE STYLE CARE PLC Privacy Statement for Employees August 2018 Key points Why we use your personal data: We typically use your personal information for purposes related to your employment relationship

More information

St Mark s Church of England Academy Data Protection Policy

St Mark s Church of England Academy Data Protection Policy St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY APPENDIX. DATA PROTECTION POLICY Document Status Author Director of Registry Services (Data) Date of Origin 27 th July 2011 This Version July 2014 Review requirements Date of next review July 2016 Approval

More information

PRIVACY POLICY. Your Village Pty Ltd ABN ( Steam Capital ) is committed to protecting your privacy.

PRIVACY POLICY. Your Village Pty Ltd ABN ( Steam Capital ) is committed to protecting your privacy. PRIVACY POLICY 1. Overview Your Village Pty Ltd ABN 31 010 442 770 ( Steam Capital ) is committed to protecting your privacy. Steam Capital is bound by the Privacy Act 1988 (Cth) ( the Privacy Act ), including

More information

REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE

REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE Overview Reddish Vale High School is committed to ensuring that we re transparent about the ways in which we use your personal information and that we have

More information

Next Ventures Group and its Subsidiaries ( the Company )

Next Ventures Group and its Subsidiaries ( the Company ) Introduction Company Name: Document DP3 Topic: Next Ventures Group and its Subsidiaries ( the Company ) General Data Protection Policy Data protection Date: April 2018 Version: 1 Contents Introduction

More information

Virtuo Executive Ltd ( the Company ) Data protection. Date: May Version: 1. Contents. Introduction

Virtuo Executive Ltd ( the Company ) Data protection. Date: May Version: 1. Contents. Introduction Introduction Company Name: Document DP3 Topic: Virtuo Executive Ltd ( the Company ) Data Protection Policy Data protection Date: May 2018 Version: 1 Contents Introduction Definitions Data processing under

More information

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.

More information

Data Protection Policy & Procedures

Data Protection Policy & Procedures Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who

More information

Privacy Impact Assessment: Standard Operating Procedure

Privacy Impact Assessment: Standard Operating Procedure Corporate Privacy Impact Assessment: Standard Operating Procedure Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims

More information

Data Protection Employee Privacy Notice

Data Protection Employee Privacy Notice Data Protection Employee Privacy Notice Data Protection Employee Privacy Notice Page 1 of 7 Contents 1. Introduction... 3 2. What is personal data/special categories of personal data?... 3 3. What information

More information

Regulates the way data controllers process personal data

Regulates the way data controllers process personal data GUIDANCE NOTE ON THE DATA PROTECTION ACT 1998 This guidance note gives an overview of how the Data Protection Act 1998 (the Act ) applies to clubs (including class associations) and recognised training

More information

Regulates the way data controllers process personal data

Regulates the way data controllers process personal data GUIDANCE NOTE ON THE DATA PROTECTION ACT 1998 This guidance note gives an overview of how the Data Protection Act 1998 (the Act ) applies to clubs (including class associations) and recognised training

More information

Data Protection Policy and Handbook. Scottish Information Commissioner

Data Protection Policy and Handbook. Scottish Information Commissioner Data Protection Policy and Handbook Scottish Information Commissioner Contents Glossary and abbreviations... i Introduction... 2 Policy Statement... 2 Data subject to the Data Protection Act 1998... 2

More information

Data Protection Policy

Data Protection Policy Data Protection Policy for The Astor Bannerman Group of Companies Issue Date: 3 rd January 2014 Version: 01 Approval History Name Department Role/Position Date approved Signature James Stuart- Smith Director

More information

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: 4 1. Statement of Intent 1.1 Radian 1 must collect, store and process information about its customers,

More information

Data subject access policy

Data subject access policy Data subject access policy Introduction 1. This is our Data subject access requests policy. 2. We are the professional regulator for nurses and midwives in the UK. Our principal functions include setting

More information

Data Protection Policy for Staff DJJK. Apr of 10

Data Protection Policy for Staff DJJK. Apr of 10 Data Protection Policy for Staff DJJK Apr 2018 1 of 10 Review and Amendment Record Date Person Conducting the Review Mar 2018 PMS New Policy, GDPR Apr 2018 DJJK Review Changes Made 2 of 10 1 Introduction

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019

More information

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers

GDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate

More information

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection

More information

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2 THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE CONTENT 1. INTRODUCTION... 2 2. IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION... 2 3. CONTACT DETAILS OF THE DATA PROTECTION

More information

Brasenose College Data Protection Policy Statement v1.2

Brasenose College Data Protection Policy Statement v1.2 Brasenose College Data Protection Policy Statement v1.2 1. Introduction All documents referred to in this policy can be found online at the address below: https://www.bnc.ox.ac.uk/privacypolicies 1.1 Background

More information

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company ) RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:

More information

Orion Electrotech Ltd the Company. Data Protection. Date: April 2018 Issue No: 7. Contents

Orion Electrotech Ltd the Company. Data Protection. Date: April 2018 Issue No: 7. Contents Company Name: Form No: EQF3218 Topic: Orion Electrotech Ltd the Company Data Protection Policy Data Protection Date: April 2018 Issue No: 7 Contents Introduction Definitions Data processing under the Data

More information

PRIVACY NOTICE FOR JOB APPLICANTS

PRIVACY NOTICE FOR JOB APPLICANTS PRIVACY NOTICE FOR JOB APPLICANTS 1. General Information 1.1 Derby County Football Club are committed to protecting the privacy and security of your personal information. 1.2 Under data protection law,

More information

KRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012

KRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012 . SAFE HARBOR PRIVACY POLICY Amended and Restated as of July 20, 2012 I. OBJECTIVES The objective of this policy is to comply with applicable laws and regulations and document the processes and procedures

More information

Parent / Carer Privacy Notice

Parent / Carer Privacy Notice Document No. PP Issue No. 1 Issue Date: 2018-05-24 Renewal Date: 2019-05-24 Originator: Kate Frith Responsibility: Director of Resources 1. Policy statement Parent / Carer Privacy Notice We are Fullhurst

More information

Freedom of Information/Environmental Information Regulations Policy and Procedure

Freedom of Information/Environmental Information Regulations Policy and Procedure Policy Number: 8.3 Version number: 01 Date of issue: Date Archived: Reason for policy: (Redraft/new) New policy to ensure compliance with current legislation Authorised by: On Behalf of Management (Signature)

More information

IQ Data Protection Policy

IQ Data Protection Policy IQ Data Protection Policy Statement of purpose IQ Ltd is registered on the Data Protection register as a statutory requirement for organisations that hold personal data. Registration was first completed

More information

Data Protection Policy

Data Protection Policy Policy Current Status Operational Last Review: May 2018 Responsibility for Review: Director of Administration, Contracts and Health Next Review: September 2019 Internal Approval: & Safety SLT Originated:

More information

Data protection. Date: 1 st April Version: 1. Contents. Introduction

Data protection. Date: 1 st April Version: 1. Contents. Introduction Introduction Company Name: Document DP3 Topic: Proman is the trading name of all companies of the Proman group including HEADS Recruitment Ltd, HEADS Engineering Ltd and Proman Recruitment Ltd ( the Company

More information

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH, NORTHALLERTON (referred to in this policy as NLBC) is committed to

More information

UK Research and Innovation (UKRI) Data Protection Policy

UK Research and Innovation (UKRI) Data Protection Policy UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager

More information

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy Responsible Business Alliance Data Privacy and GDPR Compliance Policy 1. INTRODUCTION 1.1 As a global non-profit membership organisation, the Responsible Business Alliance ( RBA ) has a responsibility

More information

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS What is the purpose of this document? FS1 Recruitment UK Ltd is committed to protecting the privacy and security of your

More information

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?... Data Protection Guidance for Volunteers Last update 26/11/17 Contents Introduction... 2 1. Why is data protection important?... 2 2. How does it apply to volunteers?... 2 3. What volunteers need to do?...

More information

The SENAD Group. Section 5 Data Protection Protocol

The SENAD Group. Section 5 Data Protection Protocol The SENAD Group Section 5 Data Protection Protocol Issue: April 2016 Reviewed: April 2016 Next Review: April 2018 Version: 1 Policy Ref: 513.0 Owners: RA/NH Section 5/513.0/V1/APR16/NH/RA Page 1 of 5 SENAD

More information

Privacy Statement About this privacy policy Who are we and how to contact us

Privacy Statement About this privacy policy Who are we and how to contact us Privacy Statement We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...

More information

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance

More information

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust

More information

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris Hendre Infants School DATA PROTECTION POLICY Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris Data Protection Policy OBJECTIVES Administration and delivery of quality services involves processing

More information

DATA PROTECTION POLICY VERSION 1.0

DATA PROTECTION POLICY VERSION 1.0 VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...

More information

DATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy

DATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy DATA PROTECTION POLICY WINCHESTER CITY COUNCIL Document Title: Author: Fiona Sutherland Revision History Version Revision Date Summary of Change Distribution 1.0 08/03/16 Internet Intranet WINCHESTER CITY

More information

Data Protection Policy, including Key Procedures

Data Protection Policy, including Key Procedures Data Protection Policy, including Key Procedures Revision Number :- 0 Date :- 16 April 2018 Status :- Approved Issue Date :- 22 March 2018 HEADING Aims of this Policy SECTION CONTENT Milton s Cottage Trust

More information

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title: Data Protection Policy Ref:CP005 Version:2 Approval Body: Corporation via Audit & Risk Committee Date:24th March 2015 Review Date: 24th March 2018 Lead Person: Director, Institutional Effectiveness

More information

GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT

GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT A Data Privacy Impact Assessment (DPIA) helps the University to assess the necessity and proportionality of processing personal data. A DPIA will enable the

More information

Data Protection Policy.

Data Protection Policy. Data Protection Policy. The Leonardo Trust needs to keep certain information on its Employees, Volunteers, Service Users (clients) and Trustees to carry out its day to day operations, to meet its objectives

More information

Orbit Recruitment Privacy Policy

Orbit Recruitment Privacy Policy Orbit Recruitment Privacy Policy Introduction Orbit are the controllers of the information ( personal data ) that we collect about you, our data subjects, which means we are responsible for how your data

More information

Swansea University Recruitment Privacy Policy

Swansea University Recruitment Privacy Policy 1 General Information We are committed to protecting the privacy and security of your personal information. Under data protection law, we are a data controller. This means that we hold personal information

More information

General Personal Data Protection Policy

General Personal Data Protection Policy General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,

More information

CHANNING SCHOOL DATA PROTECTION POLICY

CHANNING SCHOOL DATA PROTECTION POLICY CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During

More information

Data Protection Act 1998 Employee Fair Processing Notice

Data Protection Act 1998 Employee Fair Processing Notice Data Protection Act 1998 Employee Fair Processing Notice Reference: Document Type: Status of Document: Policy Final Version: 1.3 Date Approved: 16 th December 2014 Approved By: Director of HR & OD Publication

More information

The (Scheme) Actuary as a Data Controller

The (Scheme) Actuary as a Data Controller The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations

More information

The Data Controller for all personal data stored and processed by Horiba MIRA Ltd is:

The Data Controller for all personal data stored and processed by Horiba MIRA Ltd is: Page 1 of 8 Owned By: Data Protection Officer Review Due: March 2020 DATA PRIVACY POLICY It is the policy of Horiba MIRA Ltd (MIRA) that it shall at all times respect the privacy of individuals by processing

More information

Information Sharing Policy

Information Sharing Policy Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible

More information

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over

More information

HR Garda Vetting Privacy Notice. Kerry County Council Comhairle Contae Chiarraí

HR Garda Vetting Privacy Notice. Kerry County Council Comhairle Contae Chiarraí HR Garda Vetting Privacy Notice Kerry County Council Comhairle Contae Chiarraí - REVISION CONTROL - Version Date Audience Notes 0.1 11-Apr-2018 GDPR Compliance Team Steering Committee draft for approval

More information

Privacy notice for the school workforce

Privacy notice for the school workforce Privacy notice for the school workforce Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right

More information

Security of Personal Data Policy and Guidelines

Security of Personal Data Policy and Guidelines Kensington & Chelsea College Security of Personal Data Policy and Guidelines Written by Richard Lane, April 2009 Updated for subject access requests February 2011 1 Introduction KCC holds personal data

More information