General Optical Council. Data Protection Policy
|
|
- Anissa Cummings
- 6 years ago
- Views:
Transcription
1 General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet
2 Document History Version Date December September October 2013 Description of Change Draft Content changes as discussed at SMT Content changes as discussed at Audit & Risk Committee Author L Sparkes L Sparkes L Sparkes Authorisation 2 P a g e
3 Contents 1 Policy Statement Purpose and Scope Policy Satisfaction of Principles... 6 Subject Access... 7 Employee Responsibilities... 7 Data Security... 7 Rights to Access Information... 8 Publication of GDC information... 8 Subject Consent... 9 Retention of Data... 9 Accountability P a g e
4 1 Policy Statement The General Optical Council (GOC) is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. The GOC recognises the importance of the correct and lawful treatment of personal data; it maintains confidence in the organisation and provides for successful operations. The Data Protection Act 1998 (DPA) aims to strike a balance between the rights of individuals to privacy and the ability of organisations to use personal information for the purposes of their business. The types of personal data that the GOC holds will include information about current, past and prospective staff, those working on behalf of the GOC i.e Council, Committees and panel members; registrants; suppliers and others with whom it communicates. This personal data, whether it is held on paper, on computer or other media, will be subject to the appropriate legal safeguards as specified in the Data Protection Act The GOC fully endorses and adheres to the eight principles of the DPA. These principles specify the legal conditions that must be satisfied in relation to obtaining, handling, processing, transportation, and storage of personal data. Staff and those working on behalf of the GOC who obtain, handle, process, transport and store personal data for the GOC must adhere to these principles. 2 Purpose and Scope The purpose of this policy is to outline the key measures that need to be taken in order to adhere to the eight principles of the DPA. This policy applies to all employees of the GOC and any others who obtain, handle, process, transport and store personal data for the GOC. 3 Policy 3.1 Data Protection Principles In processing information the GOC complies with the requirements of the Data Protection Act 1998, the Human Rights Act 1998, and common law on duty of confidentiality. The GOC complies fully with the Data Protection Act 1998, and its eight principles when processing personal data. The principles say that personal data must be: processed fairly and lawfully and in line with specific conditions set out in the DP Act; processed for a specific purpose or purposes; adequate, relevant and not excessive; 4 P a g e
5 accurate and up to date; not kept for longer than is necessary; processed in accordance with the data subjects rights; secure; not transferred to a country outside the European Economic Area that does not have adequate data protection rules. Fair and Lawful The GOC ensures that we tell people what we do with the information that we hold about them. The data subject should be told: who the data controller is (i.e. the GOC) the purpose or purposes for which the data is to be processed; any other information to make the processing fair for example, this could be information about third parties to whom the data may be disclosed. Personal data processing may only take place if specific conditions set out in the DPA are met. For processing sensitive personal data there are additional, more stringent conditions to fulfill. Conditions particularly relevant to our business might be: when we have the data subject's consent; when processing information is necessary for us to carry out our legal obligations; and when it is necessary for the exercise of a public function in the public interest. Specified purpose The GOC will only use the personal data we have collected for the purposes we have stated both in our notification to the Information Commissioner and those that we have told the data subject when we collected the information. If we have gathered information for one specific purpose we cannot go ahead and use the same information for another purpose. If any new processing is proposed, the Registrar should be consulted to check whether this is compatible with the original purpose. 5 P a g e
6 Adequate, accurate and kept no longer than necessary The GOC ensures that we collect sufficient personal data or sensitive personal data to enable us to carry out our work, and no more. We use our best endeavours to ensure that the records we keep about optometrists, patients and complainants are accurate and up to date. Data subject rights A data subject has certain rights conferred under the DPA including: request access to his or her personal data; prevent processing likely to cause damage or distress. Security The GOC takes appropriate technical, physical and organisational measures to ensure that our information is held securely and safeguarded from; destruction, loss, unauthorised access and disclosure. Transfer of personal data We will not transfer data outside of the EEA except as part of a publicly held register, when we are confident that it is in the substantial public interest to do so, or if another Data Protection Act exemption applies. 3.2 Satisfaction of Principles In order to meet the requirements of the principles, the GOC: observes fully the conditions regarding the fair collection and use of personal data; meets its obligations to specify the purposes for which personal data is used; collects and processes appropriate personal data only to the extent that it is needed to fulfil operational or any legal requirements; ensures the quality of personal data used; applies strict checks to determine the length of time personal data is held; ensures that the rights of individuals about whom the personal data is held, can be fully exercised under the Act; takes appropriate technical and organisational security measures to safeguard personal data; 6 P a g e
7 and ensures that personal data is not transferred abroad without suitable safeguards. 3.3 Subject Access All individuals who are the subject of personal data held by the GOC are entitled to: Ask what information the GOC holds about them and why; Ask how to gain access to it; Be informed how to keep it up to date; Be informed what the GOC is doing to comply with its obligations under the DPA. 3.4 Responsibilities All staff and those working on behalf of the GOC are responsible for: Checking that any personal data that they provide to the GOC is accurate and up to date; Informing the GOC of any changes to information which they have provided, e.g. changes of address; Checking any information that the GOC may send out from time to time is accurate; Sending personal data in a secure way with envelopes marked Private and Confidential with a return address. Recorded delivery should generally be used where personal data is being sent to a third party. If the data is of a sensitive nature then registered post shall be used; If, as part of their responsibilities, staff and those working on behalf of the GOC collect information about other people (e.g. about personal circumstances which would contain sensitive personal data), they must comply with the DPA. 3.5 Data Security The need to ensure that data is kept securely means that precautions must be taken against physical loss or damage, and that both access and disclosure must be restricted. All staff and those working on behalf of the GOC are responsible for ensuring that: Any personal data which they hold is kept securely Personal information is not disclosed either orally or in writing or otherwise to any unauthorised third party. Please refer to the GOC Information Security Policy. 7 P a g e
8 3.6 Sensitive Personal Data Sensitive personal data means personal data consisting of information as to a) the racial or ethnic origin of the data subject, b) his/her political opinions, c) his/her religious beliefs or other beliefs of a similar nature, d) whether he/she is a member of a trade union, e) his/her physical or mental health or condition, f) his/her sexual life g) the commission or alleged commission by him/her of any offence, or h) any proceedings for any offence committed or alleged to have been committed by him/her, the disposal of such proceedings or the sentence of any court in such proceedings. 3.7 Rights to Access Information Staff, those working on behalf of the GOC and other subjects of personal data held by the GOC have the right to access any personal data that is being kept about them on computer and also have access to paper-based data held in certain manual filing systems. This right is subject to certain exemptions which are set out in the Data Protection Act. Any person who wishes to exercise this right should make the request in writing to the GOC's Information Governance Project Manager. The GOC reserves the right to charge the maximum fee payable (currently 10.00) for each subject access request. If personal details are inaccurate, they can be amended upon request. The GOC aims to comply with requests for access to personal information as quickly as possible, but will ensure that it is provided within 40 calendar days of receipt of a request and appropriate payment unless there is good reason for delay. In such cases, the reason for delay will be explained in writing to the individual making the request. 3.8 Publication of GOC information Information that is already in the public domain is exempt from the 1998 Act. This would include, for example, information on staff and those working on behalf of the GOC contained within externally circulated publications. Any individual who has good reason for wishing details in such publications to remain confidential should contact the GOC's Information Governance Project Manager. 8 P a g e
9 3.9 Subject Consent The need to process data for normal purposes has been communicated to all data subjects. In some cases, if the data is sensitive, for example information about health, race or gender, express consent to process the data must be obtained. Processing may be necessary to operate GOC policies, such as health and safety and equal opportunities Retention of Data The GOC keeps some forms of information for longer than others. All staff and those working on behalf of the GOC are responsible for ensuring that information is not kept for longer than necessary. Please refer to the GOC Document Retention and Disposal Policy. 4. Accountability 4.1 Registrar The Registrar has an overall duty to ensure that the GOC complies with legislation affecting the handling of personal data and with supporting regulations and codes. 4.2 All staff, Council, Committee and Panel Members All staff and those working on behalf of the GOC are accountable for compliance with this policy and with related policies, standards and guidance. They have a responsibility to handle personal data in accordance with the principles of the DPA. Individual can be liable in law under the terms of the DPA. Deliberate misuse of personal data or a serious breach of DPA may result in disciplinary action being taken. 4.3 Associates and externals Many people contribute to the work of the GOC whether in a paid or contractual basis. The GOC are responsible for ensuring that associates and externals are aware of and comply with the principles of the DPA in the course of the work they undertake for the GOC. The responsibility of externals and associates to comply with the DPA will be made known to them when they begin working for the GOC. 9 P a g e
Data Protection Policy
Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationBreakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018
Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Control History Title Data Protection Policy Version no. 1.0 Date of publication May 2018 Author(s) Amanda Cramb, HR Manager Next review date May 2021 Page 1 Introduction
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationVMS Software Ltd- Data Protection Privacy Policy
VMS Software Ltd- Data Protection Privacy Policy Introduction The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of VMS Software Ltd. This includes
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationPOLICY ON INFORMATION, SECURITY & DATA PROTECTION
POLICY ON INFORMATION, SECURITY & DATA PROTECTION As a recruitment company, First Recruitment is a data controller. This means it processes personal data about its work seekers, individual client contacts
More informationThe current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.
Page 2 of 10 Data Protection Policy Chief Information Officer Chief Information Officer Data Protection Officer The current version (July 2018) is derived from, and supersedes, the version published in
More informationData Protection. Policy
Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all
More informationSHENLEY BROOK END SCHOOL
SHENLEY BROOK END SCHOOL DATA PROTECTION POLICY Linked Policies: CCTV Review Information Reviewed by Finance Pay and Personnel Committee 15 May 2012 Reviewed by Policy Committee August 2013 Adopted by
More informationData Management and Protection Policy
Data Management and Protection Policy Approved by Governor committee: Finance and Audit Date to be reviewed: June 2018 Responsibility of : Director of Finance and Operations Date ratified by Governing
More informationData Protection Policy for the Grimsby Institute of Further & Higher Education
Data Protection Policy for the Grimsby Institute of Further & Higher Education Data Protection Policy Change Control Version: V1.1 New or Replacement: Approved by: Replacement Executive Management Team
More informationData Protection Policy
Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationGROUP DATA PROTECTION POLICY
GROUP DATA PROTECTION POLICY Conducting business the right way Safeguarding our customer and employee personal data Version 1 [August 2016] CONDUCTING BUSINESS THE RIGHT WAY Our Values, Doing the Right
More informationWe reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.
What is the purpose of this document? NORTHERN IRELAND SCREEN COMMISSION (Company Number NI031997) whose registered office is at 3 rd Floor Alfred House, 21 Alfred Street, Belfast, BT2 8ED is committed
More informationRAW MARKETING DATA PROTECTION POLICY
RAW MARKETING DATA PROTECTION POLICY Introduction We take your privacy very seriously and have updated our Privacy Statement in line with the upcoming GDPR regulation. Were absolutely committed to reflecting
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationSCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools
SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that
More informationThis personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.
BELFAST ROYAL ACADEMY Data Protection Policy Introduction Belfast Royal Academy recognises and accepts its responsibilities as set out in the Data Protection Act 1998. The School will take all reasonable
More informationData Protection Policy
Data Protection Policy (Data Protection Act 1998) (This policy will be updated to incorporate GDPR by May 2018) Page 1 of 9 Data Protection Policy 1 Statement of Policy The Constellation Trust needs to
More informationDATA PROTECTION POLICY
1. Introduction This policy is intended to provide information about how the School will use (or process ) personal data about individuals including: Current, past and prospective pupils; Parents, carers
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationData Protection Policy
THE CIPPENHAM SCHOOLS TRUST Data Protection Policy *Date for revision: Summer Term 2018 Responsibility for policy: Responsibility for operational: Trustees Trustees Reviewed by Directors: *subject to any
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationGENERAL DATA PROTECTION REGULATION Guidance Notes
GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in
More informationData Protection Policy
Data Protection Policy University of London Data Protection UoL website link: http://www.london.ac.uk/238.html Email: records.managament@london.ac.uk Contents 1 Policy statement... 3 2 Introduction and
More informationQueen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE
Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE Prepared by: Peter Hawksworth, Headteacher Checked by: Jackie Hesslegrave, Business Manager Adopted by Governors: November 2017 Review
More informationDepending on the circumstances, we may collect, store, and use the following categories of personal information about you:
Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes
More informationData Protection Policy
Data Protection Policy Version Date Revision Author Summary of Changes 1.0 21 st May 2018 Ashleigh Morrow EXECUTIVE STATEMENT At CASTLEREAGH NURSERY SCHOOL (the School ), we believe privacy is important.
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationEARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY
EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationLIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018
LIFE STYLE CARE PLC Privacy Statement for Employees August 2018 Key points Why we use your personal data: We typically use your personal information for purposes related to your employment relationship
More informationSt Mark s Church of England Academy Data Protection Policy
St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...
More informationScottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY
Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we
More informationDATA PROTECTION POLICY
APPENDIX. DATA PROTECTION POLICY Document Status Author Director of Registry Services (Data) Date of Origin 27 th July 2011 This Version July 2014 Review requirements Date of next review July 2016 Approval
More informationPRIVACY POLICY. Your Village Pty Ltd ABN ( Steam Capital ) is committed to protecting your privacy.
PRIVACY POLICY 1. Overview Your Village Pty Ltd ABN 31 010 442 770 ( Steam Capital ) is committed to protecting your privacy. Steam Capital is bound by the Privacy Act 1988 (Cth) ( the Privacy Act ), including
More informationREDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE
REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE Overview Reddish Vale High School is committed to ensuring that we re transparent about the ways in which we use your personal information and that we have
More informationData Protection Policy & Procedures
Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who
More informationData Protection Employee Privacy Notice
Data Protection Employee Privacy Notice Data Protection Employee Privacy Notice Page 1 of 7 Contents 1. Introduction... 3 2. What is personal data/special categories of personal data?... 3 3. What information
More informationPrivacy Impact Assessment: Standard Operating Procedure
Corporate Privacy Impact Assessment: Standard Operating Procedure Document Control Summary Status: Version: Author/Title: Owner/Title: Approved by: Ratified: Related Trust Strategy and/or Strategic Aims
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationRegulates the way data controllers process personal data
GUIDANCE NOTE ON THE DATA PROTECTION ACT 1998 This guidance note gives an overview of how the Data Protection Act 1998 (the Act ) applies to clubs (including class associations) and recognised training
More informationData Protection Policy
Data Protection Policy for The Astor Bannerman Group of Companies Issue Date: 3 rd January 2014 Version: 01 Approval History Name Department Role/Position Date approved Signature James Stuart- Smith Director
More informationData Protection Policy and Handbook. Scottish Information Commissioner
Data Protection Policy and Handbook Scottish Information Commissioner Contents Glossary and abbreviations... i Introduction... 2 Policy Statement... 2 Data subject to the Data Protection Act 1998... 2
More informationData Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent
Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: 4 1. Statement of Intent 1.1 Radian 1 must collect, store and process information about its customers,
More informationData Protection Policy for Staff DJJK. Apr of 10
Data Protection Policy for Staff DJJK Apr 2018 1 of 10 Review and Amendment Record Date Person Conducting the Review Mar 2018 PMS New Policy, GDPR Apr 2018 DJJK Review Changes Made 2 of 10 1 Introduction
More informationGDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019
More informationTHE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2
THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE CONTENT 1. INTRODUCTION... 2 2. IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION... 2 3. CONTACT DETAILS OF THE DATA PROTECTION
More informationData subject access policy
Data subject access policy Introduction 1. This is our Data subject access requests policy. 2. We are the professional regulator for nurses and midwives in the UK. Our principal functions include setting
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationBrasenose College Data Protection Policy Statement v1.2
Brasenose College Data Protection Policy Statement v1.2 1. Introduction All documents referred to in this policy can be found online at the address below: https://www.bnc.ox.ac.uk/privacypolicies 1.1 Background
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationPRIVACY NOTICE FOR JOB APPLICANTS
PRIVACY NOTICE FOR JOB APPLICANTS 1. General Information 1.1 Derby County Football Club are committed to protecting the privacy and security of your personal information. 1.2 Under data protection law,
More informationKRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012
. SAFE HARBOR PRIVACY POLICY Amended and Restated as of July 20, 2012 I. OBJECTIVES The objective of this policy is to comply with applicable laws and regulations and document the processes and procedures
More informationParent / Carer Privacy Notice
Document No. PP Issue No. 1 Issue Date: 2018-05-24 Renewal Date: 2019-05-24 Originator: Kate Frith Responsibility: Director of Resources 1. Policy statement Parent / Carer Privacy Notice We are Fullhurst
More informationFreedom of Information/Environmental Information Regulations Policy and Procedure
Policy Number: 8.3 Version number: 01 Date of issue: Date Archived: Reason for policy: (Redraft/new) New policy to ensure compliance with current legislation Authorised by: On Behalf of Management (Signature)
More informationIQ Data Protection Policy
IQ Data Protection Policy Statement of purpose IQ Ltd is registered on the Data Protection register as a statutory requirement for organisations that hold personal data. Registration was first completed
More informationData Protection Policy
Policy Current Status Operational Last Review: May 2018 Responsibility for Review: Director of Administration, Contracts and Health Next Review: September 2019 Internal Approval: & Safety SLT Originated:
More informationNEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021
NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH, NORTHALLERTON (referred to in this policy as NLBC) is committed to
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More informationGDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS
GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS What is the purpose of this document? FS1 Recruitment UK Ltd is committed to protecting the privacy and security of your
More informationResponsible Business Alliance. Data Privacy and GDPR Compliance Policy
Responsible Business Alliance Data Privacy and GDPR Compliance Policy 1. INTRODUCTION 1.1 As a global non-profit membership organisation, the Responsible Business Alliance ( RBA ) has a responsibility
More informationIntroduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...
Data Protection Guidance for Volunteers Last update 26/11/17 Contents Introduction... 2 1. Why is data protection important?... 2 2. How does it apply to volunteers?... 2 3. What volunteers need to do?...
More informationThe SENAD Group. Section 5 Data Protection Protocol
The SENAD Group Section 5 Data Protection Protocol Issue: April 2016 Reviewed: April 2016 Next Review: April 2018 Version: 1 Policy Ref: 513.0 Owners: RA/NH Section 5/513.0/V1/APR16/NH/RA Page 1 of 5 SENAD
More informationPrivacy Statement About this privacy policy Who are we and how to contact us
Privacy Statement We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never
More informationData Protection Policy
Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationHendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris
Hendre Infants School DATA PROTECTION POLICY Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris Data Protection Policy OBJECTIVES Administration and delivery of quality services involves processing
More informationDATA PROTECTION POLICY VERSION 1.0
VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...
More informationDATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy
DATA PROTECTION POLICY WINCHESTER CITY COUNCIL Document Title: Author: Fiona Sutherland Revision History Version Revision Date Summary of Change Distribution 1.0 08/03/16 Internet Intranet WINCHESTER CITY
More informationData Protection Policy, including Key Procedures
Data Protection Policy, including Key Procedures Revision Number :- 0 Date :- 16 April 2018 Status :- Approved Issue Date :- 22 March 2018 HEADING Aims of this Policy SECTION CONTENT Milton s Cottage Trust
More informationLEICESTER HIGH SCHOOL DATA PROTECTION POLICY
LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores
More informationDATA PROTECTION POLICY
Title: Data Protection Policy Ref:CP005 Version:2 Approval Body: Corporation via Audit & Risk Committee Date:24th March 2015 Review Date: 24th March 2018 Lead Person: Director, Institutional Effectiveness
More informationGUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT
GUIDANCE NOTES DATA PRIVACY IMPACT ASSESSMENT A Data Privacy Impact Assessment (DPIA) helps the University to assess the necessity and proportionality of processing personal data. A DPIA will enable the
More informationData Protection Act 1998 Employee Fair Processing Notice
Data Protection Act 1998 Employee Fair Processing Notice Reference: Document Type: Status of Document: Policy Final Version: 1.3 Date Approved: 16 th December 2014 Approved By: Director of HR & OD Publication
More informationData Protection Policy.
Data Protection Policy. The Leonardo Trust needs to keep certain information on its Employees, Volunteers, Service Users (clients) and Trustees to carry out its day to day operations, to meet its objectives
More informationOrbit Recruitment Privacy Policy
Orbit Recruitment Privacy Policy Introduction Orbit are the controllers of the information ( personal data ) that we collect about you, our data subjects, which means we are responsible for how your data
More informationSwansea University Recruitment Privacy Policy
1 General Information We are committed to protecting the privacy and security of your personal information. Under data protection law, we are a data controller. This means that we hold personal information
More informationCHANNING SCHOOL DATA PROTECTION POLICY
CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationInformation Sharing Policy
Information Sharing Policy DOCUMENT CONTROL: Version: 1 Ratified by: Risk Management Sub Group Date ratified: 19 December 2012 Name of originator/author: Information Governance Manager Name of responsible
More informationSecurity of Personal Data Policy and Guidelines
Kensington & Chelsea College Security of Personal Data Policy and Guidelines Written by Richard Lane, April 2009 Updated for subject access requests February 2011 1 Introduction KCC holds personal data
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationThe Data Controller for all personal data stored and processed by Horiba MIRA Ltd is:
Page 1 of 8 Owned By: Data Protection Officer Review Due: March 2020 DATA PRIVACY POLICY It is the policy of Horiba MIRA Ltd (MIRA) that it shall at all times respect the privacy of individuals by processing
More informationHR Garda Vetting Privacy Notice. Kerry County Council Comhairle Contae Chiarraí
HR Garda Vetting Privacy Notice Kerry County Council Comhairle Contae Chiarraí - REVISION CONTROL - Version Date Audience Notes 0.1 11-Apr-2018 GDPR Compliance Team Steering Committee draft for approval
More informationPrivacy notice for the school workforce
Privacy notice for the school workforce Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right
More informationPrivacy notice for the school workforce (all staff) The personal data we hold
In line with new General Data Protection Regulations (GDPR), effective from 25 May 2018, please find below details of the privacy notice for all students in school. Privacy notice for the school workforce
More informationSSI SERVICES (UK) LTD APPLICANT PRIVACY NOTICE
SSI SERVICES (UK) LTD APPLICANT PRIVACY NOTICE SSI Services (UK) Ltd is the parent company of the following subsidiary companies: OnSite Central Ltd, Hydrosave UK Ltd, Integrated Water Services Ltd, G
More informationLSEG Recruitment Privacy Notice
LSEG Recruitment Privacy Notice Version 1.0 16 May 2018 RECRUITMENT PRIVACY NOTICE 1. INTRODUCTION 1.1 This Privacy Notice explains how the London Stock Exchange Group plc and the London Stock Exchange
More informationThe Society of St Stephen s House Site Security and Monitoring Privacy Notice
This privacy notice applies to data processing activities undertaken by The Society of St Stephen s House for security and monitoring relating to staff, students and visitors to College premises A summary
More informationOur Volunteer Privacy Notice: protecting and respecting your information
Our Volunteer Privacy Notice: protecting and respecting your information 1. Important information and who we are This privacy notice informs you as to how The Children s Society looks after the personal
More informationDisciplinary Procedure. General Policy
Disciplinary Procedure General Policy The Charity has a number of procedures in place to ensure that high standards of performance and conduct are set and maintained at all times. York Mind will endeavour
More information