A recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your

Size: px
Start display at page:

Download "A recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your"

Transcription

1 A recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your computer is un-muted and your speakers are turned on/headphones are plugged in

2 Laura Merrylees Host XpertHR Jo Broadbent Professional support lawyer Hogan Lovells Stefan Martin Partner Hogan Lovells

3 What makes data retention a hot topic The position under the GDPR Things to think about when developing your approach to data retention Particular types of data to think about Before, during and after employment Q&A

4 Jo Broadbent Professional support lawyer Hogan Lovells Stefan Martin Partner Hogan Lovells

5

6 Data Protection Act 1998 Personal data shall be adequate, relevant and not excessive in relation to the purpose for which they are processed Personal data shall be accurate and, where necessary, kept up to date Personal data shall not be kept for longer than is necessary (for the purpose of processing) GDPR Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed accurate and, where necessary, kept up to date kept in a form which permits identification of data subjects for no longer than is necessary (for the purpose of processing)

7 Principle of accountability Obligation to show that you are complying with data protection principles Appropriate technical and organisational measures to demonstrate compliance Transparency Data subjects must be told how long data is stored, or how that period is determined Privacy notices and SARs, processing records

8 Enhanced data subject rights Removal of SAR fee Need to be able to respond to SARs, including in relation to former employees The right to be forgotten applies where personal data no longer necessary for purposes for which processed How will you show that data is still necessary?

9 Risk of increased fines 4% worldwide annual turnover/ 20m for breach of data protection principles Compensation for "material or non-material damage" Minimise risk by minimising data

10 Prepare/ review document retention policy Focusing today on employee data But principles relevant to other personal data (eg customer data) No "one size fits all" answer to the question "how long should we keep this?" Starting point - only keep what is adequate and relevant in the first place

11

12 What categories of data do you process? Use your HR data audit Why do you process each category of data? Purpose is obviously relevant to how long it is "necessary" to keep data

13 How long do you currently retain each category of data? What are the risks if you do not retain data for that period versus the risks if you do? And possible implications for employees eg ability to give references

14 What statutory retention periods apply? Working time records Payroll and tax records Maternity records Specific health and safety rules Is this long enough? Cannot keep for a shorter period, but may want to keep longer

15 Consider whether there are any industry specific requirements Reference obligations in financial services industry Normal limitation period for contractual claims - 6 years Consider whether other limitation periods may be relevant (eg deed - 12 years)

16 How long to keep is a question of judgment - what is proportionate? Balance importance of reasons for processing against impact on the individual Based on clear business need/ professional guidelines Not just because "it might come in useful" Identify appropriate retention period for each category of data

17 What is system for ensuring policy is followed? Hard copy and electronic data "Triggers" to ensure data reviewed Are there exceptional circumstances where policy may need to be overridden? Risk of legal claims? What is process for deciding?

18 What security is in place for data that is retained? Remember need to access eg in response to a SAR Keeping data up to date What processes are in place for destroying data securely? Hard copy and electronic data

19 Do staff need training? Feed through to GDPR documents (eg privacy notices) Checking compliance Audits and/or spot checks?

20 Difficult to adopt a single policy that applies in every country Likely to be different mandatory retention requirements (categories and periods) Or have maximum retention periods Statement of applicable principles (eg GDPR) with detailed requirements on country-bycountry basis

21 Successful candidates Only transfer recruitment information that is relevant to ongoing employment relationship References received from former employer?

22 Successful candidates Vetting records should be destroyed after six months Keep record that vetting was carried out and result Delete information about criminal records checks unless clearly relevant to ongoing employment Keep record that check was satisfactory Delete once conviction spent

23 Unsuccessful candidates Normally only retain until time limits for bringing a claim have expired Bear impact of pre-claim conciliation in mind and "safety margin" If keeping details on file in case of other vacancies, what is relevant period? Keeping data indefinitely not best practice

24 Clear policy on what happens to expired disciplinary warnings One area where employees may seek to rely on "right to be forgotten" If warnings to be removed from files, ensure process in place so this happens If not removed when spent, what is relevant time period?

25 Often good reasons to retain during the employment relationship Do you still need to retain all information after the end of employment? Eg bank details, information about dependants Would anonymised data suffice? References Legal claims

26 Only retain data for as long as is necessary Think carefully about what is "necessary" Record that assessment - ideally in a data retention policy Take steps to communicate policy to employees Make sure policy is followed

27 Laura Merrylees Host XpertHR Jo Broadbent Professional support lawyer Hogan Lovells Stefan Martin Partner Hogan Lovells

28 How to manage the retention of employee data under the GDPR: bit.ly/manageretention-employee-data-under-gdpr Data protection policy (compliant with the GDPR): bit.ly/gdpr-data-protection-policy On-demand webinars: bit.ly/xperthrwebinars

How employers should comply with GDPR

How employers should comply with GDPR 02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact

More information

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock

More information

GDPR. Guidance on Employee Personal Data

GDPR. Guidance on Employee Personal Data GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe

More information

The Sage quick start guide for businesses

The Sage quick start guide for businesses General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing

More information

A Parish Guide to the General Data Protection Regulation (GDPR)

A Parish Guide to the General Data Protection Regulation (GDPR) A Parish Guide to the General Data Protection Regulation (GDPR) What s happening and why is it important? The law is changing. Currently, the Data Protection Act 1998 governs how you process personal data

More information

Quick guide to the employment practices code

Quick guide to the employment practices code Data protection Quick guide to the employment practices code Ideal for the small business Contents 3 Contents Section 1 About this guidance 4 Section 2 What is the Data Protection Act? 5 Section 3 Recruitment

More information

Preparing for the General Data Protection Regulation (GDPR)

Preparing for the General Data Protection Regulation (GDPR) Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation

More information

New General Data Protection Regulation - an introduction

New General Data Protection Regulation - an introduction New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy

More information

GDPR Compliance Checklist

GDPR Compliance Checklist GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May

More information

Guidance on the General Data Protection Regulation: (1) Getting started

Guidance on the General Data Protection Regulation: (1) Getting started Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1

More information

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High

More information

Data Protection Policy

Data Protection Policy Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:

More information

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information

More information

Data Protection. Policy

Data Protection. Policy Data Protection Policy Why do we need this policy? What does the policy apply to? Which parts of SQA are affected? SQA is committed to adopting best practice in protecting the personal information of all

More information

General Personal Data Protection Policy

General Personal Data Protection Policy General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,

More information

EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation

More information

Data protection. The employment practices code

Data protection. The employment practices code Data protection The employment practices code Contents 3 Contents About the code 4 Managing data protection 11 Good practice recommendations 11 Part 1: Recruitment and selection 14 About Part 1 of the

More information

Achieving GDPR Compliance with Avature

Achieving GDPR Compliance with Avature Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace

More information

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE OCTOBER 2017 EU, COMPETITION, TRADE AND REGULATORY THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE The EU General Data Protection Regulation (GDPR) becomes effective

More information

Top 10 Recruitment Compliance Metrics

Top 10 Recruitment Compliance Metrics Top 10 Recruitment Compliance Metrics Contents Introduction What is recruitment compliance? Recruitment compliance metrics Conclusion 3 4 6 17 About the Author This white paper has been written by Anna

More information

Inspiring Everyone to Learn

Inspiring Everyone to Learn Person Responsible: Governors Date Adopted: July 2010 Date of last review: Autumn Term 2016 Date of next review: Autumn Term 2019 Introduction Inspiring Everyone to Learn Safer Recruitment Policy The safe

More information

The General Data Protection Regulation: What does it mean for you?

The General Data Protection Regulation: What does it mean for you? The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up

More information

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The

More information

WILLIAM SHREWSBURY PRIMARY SCHOOL

WILLIAM SHREWSBURY PRIMARY SCHOOL WILLIAM SHREWSBURY PRIMARY SCHOOL SAFER RECRUITMENT POLICY Adopted by: William Shrewsbury Primary School Governing Body Date: 21.09.15 Updated October 2016 Date of Review: September 2017 1.0 Introduction

More information

Getting Ready for the GDPR

Getting Ready for the GDPR Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd

More information

Preparing for GDPR 27th September, Reykjavik

Preparing for GDPR 27th September, Reykjavik Preparing for GDPR 27th September, Reykjavik Introduction Who I am? Solicitor fromlondon Worked in digital industry for the last 7years Specialized in Privacy for the last 7 years and did some consulting

More information

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the

More information

PostNL group procedure

PostNL group procedure 1 January 2017 PostNL Holding B.V. Audit & Security PostNL group procedure on fraud prevention guidance on bribery and corruption Author Director Audit & Security Title PostNL group procedure on Fraud

More information

General Data Protection Regulation. The changes in data protection law and what this means for your church.

General Data Protection Regulation. The changes in data protection law and what this means for your church. General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23

More information

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA

More information

Regulates the way data controllers process personal data

Regulates the way data controllers process personal data GUIDANCE NOTE ON THE DATA PROTECTION ACT 1998 This guidance note gives an overview of how the Data Protection Act 1998 (the Act ) applies to clubs (including class associations) and recognised training

More information

Portslade Aldridge Community Academy

Portslade Aldridge Community Academy Portslade Aldridge Community Academy Safer Recruitment Policy Date adopted: 23 rd July 2014 Date to be reviewed: Owned by: Neil Robinson This policy has been adopted from the local authority and should

More information

Personal Data Protection in the Workplace promoting the awareness of data protection in Singapore, and administrating and enforcing the PDPA.

Personal Data Protection in the Workplace promoting the awareness of data protection in Singapore, and administrating and enforcing the PDPA. 15 With the Personal Data Protection Act ( PDPA ) coming into full force on 2 July 2014, it is time for employers to revise workplace policies to ensure that they comply with the new legislation and adequately

More information

Syntel Human Resources Privacy Statement

Syntel Human Resources Privacy Statement Syntel Human Resources Privacy Statement August 24, 2016 Privacy Statement highlights: Syntel is committed to protecting your privacy. This Privacy Statement ("Statement") addresses prospective, current,

More information

Conducting privacy impact assessments code of practice

Conducting privacy impact assessments code of practice ICO lo Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 About this code... 3 Chapter 1 - Introduction to PIAs... 5 What the ICO means by PIA...

More information

Disclosure & Barring Service (DBS) Check Policy

Disclosure & Barring Service (DBS) Check Policy Disclosure & Barring Service (DBS) Check Policy Version: Final Author: HR Manager Date Issued: December 16 Date Approved by SMT: January 17 Impact Assessment Completed Yes Date of Next Review: January

More information

EU GENERAL DATA PROTECTION REGULATION

EU GENERAL DATA PROTECTION REGULATION EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic

More information

CRIMINAL RECORDS CHECKS PROCEDURE

CRIMINAL RECORDS CHECKS PROCEDURE CRIMINAL RECORDS CHECKS PROCEDURE Criminal Record Checks Procedure Page: Page 1 of 18 Recommended by Approved by Director of Organisational Development Executive Management Team Approval date 20 th April

More information

SIGBI DATA PROTECTION PROTOCOLS 2018

SIGBI DATA PROTECTION PROTOCOLS 2018 SIGBI DATA PROTECTION PROTOCOLS 2018 For the purpose of this document, references to Soroptimist International Great Britain and Ireland (SIGBI) Limited and Soroptimist International may be written as

More information

Care worker application form

Care worker application form Care worker application form If you need this form in large print, please contact the local office. Please complete all fields in black or blue ink and using block capitals. If you need any help, please

More information

Data Privacy Policy for Employees and Employee Candidates in the European Union

Data Privacy Policy for Employees and Employee Candidates in the European Union Data Privacy Policy for Employees and Employee Candidates in the European Union This Data Privacy Policy is effective as of February 1, 2014 1. Data Privacy Policy Overview 1.1 Under Armour, Inc. (the

More information

CHILD PROTECTION POLICY. 1. Introduction

CHILD PROTECTION POLICY. 1. Introduction 1. Introduction Throughout this Policy, the words Translink Company and/or the Group refer to all corporate entities under the ownership of the Northern Ireland Transport Holding Company (NITHC). This

More information

UK Research and Innovation (UKRI) Data Protection Policy

UK Research and Innovation (UKRI) Data Protection Policy UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager

More information

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

GDPR Webinar : Overview & practical compliance steps. 23 October 2017 GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About

More information

FURTHER PARTICULARS. INDEPENDENT FINANCIAL ADVISER Private Client National Opportunities

FURTHER PARTICULARS. INDEPENDENT FINANCIAL ADVISER Private Client National Opportunities FURTHER PARTICULARS INDEPENDENT FINANCIAL ADVISER Private Client National Opportunities THE COMPANY In the increasingly complex UK financial services market Chase de Vere are known as experts in our field.

More information

Slavery and Human Trafficking Statement 2016

Slavery and Human Trafficking Statement 2016 Temenos Group AG At Temenos, we are committed to achieving business excellence and long-term value through superior financial performance while managing our operations in a responsible and sustainable

More information

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.

More information

Compliance with South African POPI Acts

Compliance with South African POPI Acts Compliance with South African POPI Acts www.tdw.co.za Ebook Developed by Virginia Hendricks THE POPI ACT Ensuring that your organisation is abiding by both your own industry regulations and government

More information

Preparing for the GDPR: Attaining and Demonstrating Compliance

Preparing for the GDPR: Attaining and Demonstrating Compliance Preparing for the GDPR: Attaining and Demonstrating Compliance IAPP Privacy. Security. Risk. September 16, 2016. San Jose (CA) Copyright 2016 by Nymity Inc. All rights reserved. This document is provided

More information

ECDPO 1: Preparing for the EU General Data Protection Regulation

ECDPO 1: Preparing for the EU General Data Protection Regulation ECDPO 1: Preparing for the EU General Data Protection Regulation GDPR comes with a raft of changes that will affect every organisation that process personal data. While some organizations are prepared

More information

THE EMPLOYMENT PRACTICES DATA PROTECTION CODE:

THE EMPLOYMENT PRACTICES DATA PROTECTION CODE: THE EMPLOYMENT PRACTICES DATA PROTECTION CODE: PART 4: INFORMATION ABOUT WORKERS HEALTH. Employment Code Pt 4 v1.0 CONTENTS Section 1: About the Code. 3 Section 2: Information About Workers Health. 11

More information

Data Flow Mapping and the EU GDPR

Data Flow Mapping and the EU GDPR Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business

More information

Data Protection Policy & Procedures

Data Protection Policy & Procedures Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who

More information

FIXED TERM CONTRACT POLICY. Recruitment and Selection Policy Secondment Policy. Employment Policy. Officer / CSP

FIXED TERM CONTRACT POLICY. Recruitment and Selection Policy Secondment Policy. Employment Policy. Officer / CSP FIXED TERM CONTRACT POLICY Reference No: UHB 173 Version No: 2 Previous Trust / LHB Ref No: T 297 Documents to read alongside this Policy Recruitment and Selection Policy Secondment Policy Redeployment

More information

Employment manual A guide to redundancy

Employment manual A guide to redundancy Employment manual A guide to redundancy CONTENTS INTRODUCTION 1 page 3 Introduction 1.1 3 Disclaimer 1.2 3 REDUNDANCY GUIDANCE NOTES 2 5 Redundancy guide for employers 2.1 5 Redundancy checklist 2.2 5

More information

Document Management, Retention, and Destruction Policy

Document Management, Retention, and Destruction Policy RMOUG s mission RMOUG s mission is an independent, non-profit organization formed to empower its members with the best education in database, application, development and personal networking opportunities

More information

Social Sector Accreditation Standards Level 4

Social Sector Accreditation Standards Level 4 Social Sector Accreditation Standards Level 4 Introduction These standards for accreditation are produced by the New Zealand Government for the accreditation of providers funded to deliver social services.

More information

Antitrust law rule. Infineon Technologies AG.

Antitrust law rule. Infineon Technologies AG. Antitrust law rule Infineon Technologies AG www.infineon.com Content Scope 3 Rule content 3 I. General cooperation responsibilities 5 II. Approval and notification duties 6 A. Approval of contacts to competitors

More information

The General Data Protection Regulation An Overview

The General Data Protection Regulation An Overview The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter

More information

Trethowans LLP. Recruitment Agency Preferred Supplier List (PSL) Invitation to Tender

Trethowans LLP. Recruitment Agency Preferred Supplier List (PSL) Invitation to Tender Trethowans LLP Recruitment Agency Preferred Supplier List (PSL) Invitation to Tender 1. Tender Process 1.1. Trethowans LLP ( Firm ) is providing this Invitation to Tender ( ITT ) to various interested

More information

WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY

WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY This month s World Media Group Breakfast Briefing Everything You Need to Know about GDPR - was one of our best-ever attended sessions.

More information

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES COUNCIL OF EUROPE COMMITTEE OF MINISTERS RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES ON THE PROTECTION OF PERSONAL DATA USED FOR EMPLOYMENT PURPOSES 1 (Adopted by the Committee

More information

Conducting privacy impact assessments code of practice

Conducting privacy impact assessments code of practice Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 Information Commissioner s foreword... 2 About this code... 3 Chapter 1 Introduction to PIAs...

More information

WSGR Getting Ready for the GDPR Series

WSGR Getting Ready for the GDPR Series WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,

More information

Data Protection Policy

Data Protection Policy HOLY TRINITY CE (VA) PRIMARY SCHOOL Data Protection Policy Learning and caring together, building a firm foundation for the future. FOUNDED 1865 Date of Last Review: July 2015 Date to be Revisited: July

More information

Standard on Quality Control (SQC)-1 Need for Documentaton. Abhay Vasant Arolkar

Standard on Quality Control (SQC)-1 Need for Documentaton. Abhay Vasant Arolkar Standard on Quality Control (SQC)-1 Need for Documentaton By Abhay Vasant Arolkar Audit Scenario World over auditors are hauled up before courts and faced with huge punitive damages where they could not

More information

What is GDPR and Should You Care?

What is GDPR and Should You Care? What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what

More information

Applicants will receive a job description and person specification for the role applied for.

Applicants will receive a job description and person specification for the role applied for. Recruitment, selection and disclosure policy and procedure 1 Introduction The Bedford Charity (The Harpur Trust) is committed to providing the best possible care and education to its pupils and to safeguarding

More information

Gender Pay Gap Reporting

Gender Pay Gap Reporting x Gender pay gap reporting: a five step plan to ensure compliance Gender Pay Gap Reporting kpmg.ie 1 Gender pay gap reporting: a five step plan to ensure compliance Contents 1 Gender pay gap? 2 2 Sample

More information

ICT and introduction to GDPR

ICT and introduction to GDPR ICT and introduction to GDPR Presented by Anthony Murray Dalata Hotel Group plc Seán Graham PREM Group/Trinity Hospitality ICT-Building for the future a bottom up approach. Planning for the IT future is

More information

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation

More information

IPSWICH SCHOOL. Permanent Address. Telephone Number (land line and mobile if you have one) address

IPSWICH SCHOOL. Permanent Address. Telephone Number (land line and mobile if you have one)  address Application for employment a IPSWICH SCHOOL Ipswich School is committed to safeguarding promoting the welfare of children young people expects all staff to share this commitment. Applicants must be willing

More information

Analysis of ISO 9001:2015 against the ICoCA Certification Assessment Framework

Analysis of ISO 9001:2015 against the ICoCA Certification Assessment Framework Analysis of ISO 9001:2015 against the ICoCA Certification Assessment Framework As detailed in the ICoCA Certification Procedure, the Board of Directors assesses and recognizes standards for potential recognition

More information

The (Scheme) Actuary as a Data Controller

The (Scheme) Actuary as a Data Controller The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations

More information

PERSONAL DATA PROTECTION POLICY

PERSONAL DATA PROTECTION POLICY PERSONAL DATA PROTECTION POLICY 1. Reasons 2. Principles and rights of personal data protection 3. Personal data protection policy 3.1 Purpose 3.2 Scope of application 3.3 Commitments 4. Responsibilities

More information

Fierté Multi Academy Trust Safer Recruitment Policy

Fierté Multi Academy Trust Safer Recruitment Policy Fierté Multi Academy Trust Safer Recruitment Policy 2016-2017 Policy Statement The safe recruitment of staff in Trusts is the first step to safeguarding and promoting the welfare of the children in education.

More information

APPLICATION PACK. MEDICAL RECEPTIONIST (Maternity Cover) Sid Valley Practice Blackmore Drive Sidmouth Devon EX10 8ET

APPLICATION PACK. MEDICAL RECEPTIONIST (Maternity Cover) Sid Valley Practice Blackmore Drive Sidmouth Devon EX10 8ET APPLICATION PACK MEDICAL RECEPTIONIST (Maternity Cover) Sid Valley Practice Blackmore Drive Sidmouth Devon EX10 8ET 01395 512601 About Us Sid Valley Practice is a coastal practice with five full time and

More information

GUIDE TO POLICE CHECKS. for Employees.

GUIDE TO POLICE CHECKS. for Employees. GUIDE TO POLICE CHECKS for Employees www.mypolicecheck.com.au How Safe is your Organisation? The 2016 PwC Global Economic Crime Survey found that 33% of organisations have experienced economic crime and

More information

Clapton Girls Technology College & Sixth Form Centre

Clapton Girls Technology College & Sixth Form Centre Recruitment and Selection Guidance for Teaching and Support Staff Applicants INTRODUCTION At Clapton Girls Technology College we are committed to providing the best possible education service to our students.

More information

Software-as-a-service reseller agreement 'SaaS-Pakket'

Software-as-a-service reseller agreement 'SaaS-Pakket' Software-as-a-service reseller agreement 'SaaS-Pakket' Leverancier has developed the software-as-a-service (SaaS) product SaaS-Pakket. Leverancier offers authorized third parties ("Resellers") the possibility

More information

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR) Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions

More information

XpertHR Podcast. Original XpertHR podcast: 22 September 2017

XpertHR Podcast. Original XpertHR podcast: 22 September 2017 XpertHR Podcast Original XpertHR podcast: 22 September 2017 Hi and welcome to this week s XpertHR podcast with me, Ellie Gelder. Now TUPE, possibly not a term that inspires enthusiasm amongst a lot of

More information

Recruitment and Selection Policy. Chichester College. 1. Introduction

Recruitment and Selection Policy. Chichester College. 1. Introduction 1. Introduction 1.1 To help achieve the College s aims and objectives, it is essential that people with the relevant skills, attitude, qualifications and experience, are recruited by the College. 1.2 The

More information

Greasbrough Primary School. Recruitment & Selection

Greasbrough Primary School. Recruitment & Selection Greasbrough Primary School Recruitment & Selection December 2016 INTRODUCTION The safe recruitment of staff in schools is the first step to safeguarding and promoting the welfare of children in education.

More information

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS

GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS GOVERNANCE GUIDELINES OF THE NATIONAL ASSOCIATION OF CORPORATE DIRECTORS TABLE OF CONTENTS Title Page 1. History 3 2. Foreword 4 3. Mission and Vision Statement 5 4. Board Membership 5 Size of Board Mix

More information

CANDIDATE DATA PROTECTION STANDARDS

CANDIDATE DATA PROTECTION STANDARDS CANDIDATE DATA PROTECTION STANDARDS I. OBJECTIVE The aim of these Candidate Data Protection Standards ( Standards ) is to provide adequate and consistent safeguards for the handling of candidate data by

More information

On Job Coach & Mentor (OJC)

On Job Coach & Mentor (OJC) Position Title Award Time Fraction/Tenure Service/Business Area Location Accountable & Reports to Position/s Accountable for (OJC) Labour Market Assistance Industry Award Part time or Fulltime up to 38

More information

Children s Services Safeguarding Children : Safer Recruitment and Selection in Education Settings - Criminal Record Checks

Children s Services Safeguarding Children : Safer Recruitment and Selection in Education Settings - Criminal Record Checks Children s Services Safeguarding Children : Safer Recruitment and Selection in Education Settings - Criminal Record Checks Revised: March 2009 This Policy document sets out the procedures for Criminal

More information

Ethics Decision Tree. For CPAs in Government

Ethics Decision Tree. For CPAs in Government Ethics Decision Tree For CPAs in Government April 2015 2015 American Institute of CPAs. All rights reserved. DISCLAIMER: The contents of this publication do not necessarily reflect the position or opinion

More information

Managing the workforce. Cutting costs and restructuring

Managing the workforce. Cutting costs and restructuring Managing the workforce Cutting costs and restructuring Introduction Schools are having to consider ways in which to manage the workforce in order to reduce overheads. As a school's biggest regular outgoing,

More information

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018 . EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary

More information

Recruitment Pack General Data Protection Regulation Project Manager Battersea Dogs & Cats Home

Recruitment Pack General Data Protection Regulation Project Manager Battersea Dogs & Cats Home Recruitment Pack General Data Protection Regulation Project Manager Battersea Dogs & Cats Home Dear Applicant, Thank you for requesting further information for our General Data Protection Regulation Project

More information

Public Procurement Challenges - Modern Slavery Act March 2018

Public Procurement Challenges - Modern Slavery Act March 2018 Challenges - Modern Slavery Act 2015 15 March 2018 Introduction High volume of procurement challenges in UK o 11% of cases in Technology & Construction Court in London are procurement challenges. o Numerous

More information

Records Retention and Destruction

Records Retention and Destruction s and Destruction This policy is in effect for all directors, officers, and employees of the National Council of Juvenile and Family Court Judges aand its related entities, which are designated as the

More information

Rexel Shredding. Why a paper security policy is integral to GDPR compliance.

Rexel Shredding. Why a paper security policy is integral to GDPR compliance. Rexel Shredding Why a paper security policy is integral to GDPR compliance. Disclaimer Nothing contained herein should be construed as legal advice. Organisations should consult legal counsel with regard

More information

GUIDANCE REGARDING CONDUCTING INVESTIGATIONS FOR SCHOOL BASED STAFF

GUIDANCE REGARDING CONDUCTING INVESTIGATIONS FOR SCHOOL BASED STAFF GUIDANCE REGARDING CONDUCTING INVESTIGATIONS FOR SCHOOL BASED STAFF Name of School: Date by which School have adopted procedure: Date by which the procedure was last reviewed: May 2012 Anticipated review

More information

Data protection (GDPR) policy

Data protection (GDPR) policy Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL

More information

Prepare for GDPR today with Microsoft 365

Prepare for GDPR today with Microsoft 365 Prepare for GDPR today with Microsoft 365 2 Table of contents 01. 02. 03. 04. 05. Executive Sumary Landscape Assess and manage your compliance risk Protect your most sensitive data Closing 3 01. Executive

More information

Terms of Reference. Quality and Value Audits

Terms of Reference. Quality and Value Audits Terms of Reference Quality and Value Audits Table of Contents SECTION 1 General 3 1.1 Introduction 3 1.2 Statutory authority 3 1.3 Purpose and Scope 4 SECTION 2 Methodology 6 2.1 The audit programme 6

More information

5-Step Guide For GDPR Compliance

5-Step Guide For GDPR Compliance 5-Step Guide For GDPR Compliance A Guide For Constructing Your Planning Timeline www.avr.co.uk This document provides a framework for all companies that have customers in Europe, as they have to prepare

More information