General Data Protection Regulation (GDPR) Readiness
|
|
- Edmund Ray
- 6 years ago
- Views:
Transcription
1 For External Distribution Canada Life UK General Data Protection Regulation (GDPR) Readiness Customers, Clients and Business Partners FAQ GDPR TP FAQ January 2018
2 Frequently Asked Questions (FAQ) Document Purpose The purpose of this document is to answer the main queries a customer, client or business partner may have about how Canada Life is preparing for the implementation of GDPR, and what it means to our business. GDPR TP FAQ January
3 Frequently Asked Questions (FAQ) 1 What is Canada Life s position on GDPR? Canada Life welcomes the privacy enhancements that GDPR is expected to bring to the European data protection landscape. Furthermore, GDPR compliments the values embedded at Canada Life, values which underpin the decisions we make in our business. Putting customers at the heart of our business is fundamental to these values and includes a commitment to protect the personal information of our customers, potential customers, or employees. This applies to data that we control and process. Furthermore, we believe GDPR delivers wider business benefits, in particular enhancing our reputation with our customers as a well-managed, customer focused business they can trust. We believe that it will also help us achieve efficiency in our operations and processes. 2 What is Canada Life doing to prepare for the GDPR? We have initiated a European-wide GDPR programme to ensure that we meet our obligations. The UK has a dedicated programme focused on delivering the requirements working to a structured project plan. We aim to deliver compliance in May We have already completed all activities associated with collating records of data processing activities. 3 How are you resourcing your GDPR Readiness programme? The programme is structured under a standard programme governance model, including steering committees, working groups, and a programme management team. We have additionally recruited and appointed Subject Matter Experts and Legal counsel to ensure that any additional data privacy readiness work identified, will ensure that Canada Life meets its obligations. Appropriate budgets have been approved to ensure that both resource and technical input is sufficient to meet our commitments. 4 How is progress with your programme deliverables being assessed? A detailed task breakdown by business function is in place including more detailed assignments of activities across those functions, and allocated to work-stream leads. The progress of those tasks is overseen by a dedicated programme team reporting in to steering committees, audit and executive sponsors. 5 With regard to the services you provide do you consider yourself to be the Data Controller or the Data Processor? We are registered with the UK Information Commissioner s Office as a Data Controller. Canada Life regards itself as a Data Controller of personal data disclosed to us by the data subject and by other entities such as professional advisers, trustees and employers in connection with the services we provide. GDPR TP FAQ January
4 6 How does Canada Life ensure overall personal data governance? We have in place, and are reviewing/updating, a full range of GDPR governance documentation, appropriate to the needs of our business, to comply with the GDPR, particularly Article 30. This is supported by a 3 Lines of Defence model for Personal Data monitoring and assurance and includes: Updated Data Protection policy and standards with appropriate Data stewardship/ownership; Review of Information Security and Cyber Security policies and procedures against GDPR requirements; Design and implementation of an approved Data Governance Model incorporating Privacy by Design standards; Updated processes for Data Privacy Impact Assessments; Review all local Record Retention and Disposal Guides against the regulations; and Maintenance of a comprehensive Data Register that catalogues both structured and unstructured data across our organisation. 7 How is personal data collected in Canada Life? We collect data in a variety of ways (including via application forms or from our business partners), including from customers and suppliers but only for legitimate purposes to assist our running of the business. We have analysed our data sources, the types of data collected, validated our reasons for processing and included where data is shared for legitimate administration purposes. Our activities in this respect include: Producing a Data Register covering both structured data (system) and unstructured data (e.g. s, Word documents) that contain personal and sensitive information. Creating data flow maps, including referencing to our IT systems/data stores, for all personal data processes. 8 Do you supply personal data relating to Pension Schemes to other suppliers (e.g. actuaries)? The parties we share information with, and how we do so is set out in our approved Data Protection Notices. We only share data for legitimate or statutory purposes concerned with the administration or analysis of policies, or with the express consent of the data subject. We have a strict policy of not selling or leasing data to any third-party. 9 Can all of the personal data Canada Life holds, relating to a particular individual, be identified across the organisation? We recognise that the GDPR establishes set time periods for responding to requests regarding personal data, including the possibility of an extension of that time where the situation warrants. We fully expect to be able to meet these requirements. We will do this by: Referring to our data catalogues where personal information flows between our business areas. Using our structured data systems (indexed databases) to locate personal records. Using a suite of systems tools to verify the location and type of any unstructured data relating to a data subject. 10 How will you prioritise all the required changes? Due to the nature and complexity of IT changes, we will prioritise system changes, so that the rights and interests of individuals, who provide their personal data, are protected on a risk based approach. GDPR TP FAQ January
5 11 How are you approaching customer interfaces/interactions to ensure they are GDPR compliant? Our objective is to ensure that our procedures and processes cover all the rights that a customer has under GDPR. This includes: Updating existing Data Protection Notices and consent clauses for customers. This includes any process where the customer interacts via a web-based portal, application or other electronic interface. Continual audit and review of our existing processes to manage breaches and complaints. Continual audit and testing of our Data Subject Access Request (SAR) process. Continual review and update of our current data rectification processes. 12 How will Canada Life ensure its third-party business partners are GDPR compliant? As part of our GDPR programme, Canada Life is undergoing a thorough exercise to update all relevant contracts with third parties. This is to ensure that any such processing of personal data takes place under appropriate contractual terms, and only where necessary and proportionate to the business need. Any Canada Life controlled customer data held by third parties will be managed though appropriate contractual arrangements, including security and retention schedules that outlines our expectations of that business partner. Relevant activities in this respect will include: Contract reviews, amendment where necessary and inclusion of Data Sharing Agreements (DSAs). Clarifying any potential co-controller relationships. Review of non-european Economic Area (EEA) data transfers and any subsequent sub-processing by our partners. Oversight and audit of third party data processing. 13 What is Canada Life s approach to record retention and data disposal? We have a Record Retention Standard and Departmental Record Retention and Disposal Guides which comply with regulatory and legal requirements. These cover data held in both structured and unstructured systems and applications. We are also supporting these Standards and Guides with the use of a data discovery and indexing tool. 14 How are printed media and other disposable material destroyed? Confidential waste paper bins will continue to be provided on all floors and business units which are, in turn, supported by an active clear desk policy. This destruction process will continue to be utilised within the business areas and overseen by function managers and data champions. 15 How does Canada Life control the transfer of data outside of the EEA? We observe all requirements for transferring personal data outside of the EEA by assessing and updating existing controls against all associated data protection rules. We will continue to do so when GDPR comes into effect. We use Model Clauses approved by the European Commission to ensure that personal data is appropriately protected when transferred outside of the EEA. We do benefit from our main headquarters being based in Canada; a country acknowledged by the European Commission as an Approved Country, due to it having strong data privacy laws in place. We are checking to see if any additional enhancements to Information Security and Cyber controls are required to meet the GDPR and are also reviewing: Contracts, where necessary, to define controller/processor relationships and to put in place data sharing schedules. Whether our current encryption and data transport controls continue to be of sufficient strength to meet not only GDPR, but also the forthcoming NISD (Network and Information Security Directive). GDPR TP FAQ January
6 16 Is a record kept of which lawful processing conditions apply to your processing activities? Our data mapping exercise includes identifying the lawful basis of data processing as appropriate. This is supported by appropriate Data Protection Notices and consent notices, robust record retention and disposal routines and ongoing audit/spot checks that processes are still in accordance with the lawful basis identified. 17 Do you have policies and procedures in place for detecting and dealing with breaches? A Risk Event Standard is in place together with a case management process to log and address incidents or breaches. Logging is managed via dedicated first line defence risk operatives. Under the GDPR programme these standards and processes are being reviewed and updated if necessary. Any updated processes will be further tested and assessed via a structured breach test and audit results. 18 Has Canada Life appointed a Data Protection Officer (DPO)? We have a designated DPO in the UK who can be contacted at the address below: Canada Life Limited, Canada Life Place, Potters Bar, Hertfordshire, EN6 5BA. Telephone How will you ensure all relevant Canada Life employees with access to personal data are properly trained? A comprehensive communication and training plan is in place, ensuring regular staff updates by a mix of communication mechanisms. This is supported by both an on-line training programme and bespoke face-to-face training activity. This programme will provide consistent, controlled, timely communications and training that aligns with our project and business goals and fosters engagement from our employees. Canada Life Limited, registered in England no Registered office: Canada Life Place, Potters Bar, Hertfordshire EN6 5BA. Telephone: Fax: Member of the Association of British Insurers. Canada Life Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority. CL R
7
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationGeneral Data Protection Regulation (GDPR) Strategy
General Data Protection Regulation (GDPR) Strategy NHS Digital s Approach to Compliance Published October 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationRole Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities
Role Title: Chief Officer Responsible to: CCG chairs - one employing CCG Job purpose/ Main Responsibilities Accountable to: All employed staff working within the 3 CCGs Within the 3 CCGs the Chief Officer
More informationNHS Digital Post Audit Review of Data Sharing Activities: University College London
Directorate / Programme Care Services Project Data Sharing Audits Status Approved Director Catherine O Keeffe Version 1.0 Owner Sean Walsh Version issue date 13/10/2017 NHS Digital Post Audit Review of
More informationInformation Governance Policy
Information Governance Policy Version: 4.0 Ratified by: NHS Bury Clinical Commissioning Group Information Governance Operational Group Date ratified: 19 th September 2017 Name of originator /author (s):
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More informationINFORMATION GOVERNANCE STRATEGY IMPLEMENTATION PLAN
INFORMATION GOVERNANCE STRATEGY & IMPLEMENTATION PLAN 2015-2018 Disclaimer The latest version of this document is located on PTHB intranet. Please check the review date and if there are any doubts contact
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationDate: INFORMATION GOVERNANCE POLICY
Date: INFORMATION GOVERNANCE POLICY Information Governance Policy IGPOL/01 Information Systems Corporate Services Division March 2017 1 Revision History Version Date Author(s) Comments 0.1 12/12/2012 Helen
More informationA questionnaire for senior management
Getting ready for GDPR Part 2: Accountability - A questionnaire for senior management Accountability is more than simple compliance with the rules - it implies a culture change organisations and not Data
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationGeneral Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationLisbon, 17 May Agustín Puente Escobar State Counsel Head of the Legal Cabinet. Agencia Española de Protección de Datos
The new GDPR. Implications in the pharmaceutical industry Lisbon, 17 May 2017 Agustín Puente Escobar State Counsel Head of the Legal Cabinet 1 New regime. Key topics Personal data: Singling-out information/
More informationGeneral Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance. Page 2 What is General Data Protection Regulation? What The general data protection
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationAchieving GDPR Compliance with Avature
Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationGeneral Data Protection Regulation
General Data Protection Regulation Draft Privacy Notice for employees November 2017 www.uk.coop/gdprtoolkit This is a draft document which provides a widely drafted privacy notice to allow data to be processed
More informationIntroduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance
The Role of the Data Protection Officer Key points of the recent ODPC guidance and the Article 29 Working Group Guidance September 2017 00 Introduction Key points of the recent ODPC guidance, and the Article
More informationEU General Data Protection Regulation, a new era in data protection
EU General Data Protection Regulation, a new era in data protection The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way
More informationPERSONAL DATA PROTECTION POLICY
PERSONAL DATA PROTECTION POLICY 1. Reasons 2. Principles and rights of personal data protection 3. Personal data protection policy 3.1 Purpose 3.2 Scope of application 3.3 Commitments 4. Responsibilities
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationConsulting Champions
Consulting Champions Get GDPR Ready with SOLA Consulting A bespoke GDPR compliance offering covering people, process, technology and data www.solagroup.com SOLA Consulting is part of SOLA Group Ltd Contents
More information2017 IBM Corporation. IBM s Journey to GDPR Readiness
IBM s Journey to GDPR Readiness IBM s Journey to GDPR Readiness At IBM, we have a deep rooted understanding that privacy is foundational to trust. We are approaching the GDPR in the same spirit, both internally
More informationDepending on the circumstances, we may collect, store, and use the following categories of personal information about you:
Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes
More informationInformation Governance Policy and Management Framework
Putting Barnsley People First Information Governance Policy and Management Framework Version: 2.0 Approved By: Governing Body Date Approved: February 2014 Name of originator / author: Richard Walker Name
More informationForeword... 3 Executive Summary... 4 Survey Results and Key Findings GDPR Impact, Organisational Readiness & Resources...
Table of Contents Foreword... 3 Executive Summary... 4 Survey Results and Key Findings... 7 1. GDPR Impact, Organisational Readiness & Resources... 7 1.1 Key Areas of Impact... 7 1.2 Top Areas of Senior
More informationSt Mark s Church of England Academy Data Protection Policy
St Mark s Church of England Academy Data Protection Policy 1 Contents Purpose:... Error! Bookmark not defined. Scope:... Error! Bookmark not defined. Procedure:... Error! Bookmark not defined. Definitions:...
More informationPrivacy governance survey. The state of privacy management in Belgian organisations
Privacy governance survey The state of privacy management in Belgian organisations January 2017 Welcome How are Belgian organisations performing when it comes to the protection of personal data? In November
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationPwC Kenya Transparency Report 2015
www.pwc.com/ke 30 September 2015 PwC Kenya Transparency Report 2015 Contents Introduction 4 Legal structure and ownership of the firm 5 Network arrangements 6 Governance structure of the firm 8 Internal
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationGuidelines on the protection of personal data in IT governance and IT management of EU institutions
Guidelines on the protection of personal data in IT governance and IT management of EU institutions Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 30 - B-1000 Brussels E-mail : edps@edps.europa.eu
More informationCode of Corporate Governance
Code of Corporate Governance 1 FOREWORD From the Chairman of the General Purposes Committee I am pleased to endorse this Code of Corporate Governance, which sets out the commitment of Cambridgeshire County
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationGeneral Data Protection Regulation. The changes in data protection law and what this means for your church.
General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23
More informationData Protection Audit Self-assessment toolkit
Data Protection Audit Self-assessment toolkit online preferences security passport details emergency contact details blood group email account number accuracy CCTV images tax records rights payroll number
More informationHumber Information Sharing Charter
External Ref: HIG 01 Insert here the logo of the signatory organisation Review date November 2016 Version No. V07 Internal Ref: ERYC CFS ILS 02 Humber Information Sharing Charter This Charter may be an
More informationCompliance standard & framework
Compliance standard & framework 1. *Compliance framework abstract Western Power s purpose is to connect people with electricity in a way that is safe, reliable and affordable. An important aspect of achieving
More informationEU General Data Protection Regulation
Steve Norledge, UKI GDPR Leader Sol Barron, Information Governance Specialist February 2017 EU General Data Protection Regulation Getting Started with GDPR GDPR significantly extends EU member-state data
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationVOLUNTARY CODE OF CONDUCT IN RELATION TO EXECUTIVE REMUNERATION CONSULTING IN THE UNITED KINGDOM
VOLUNTARY CODE OF CONDUCT IN RELATION TO EXECUTIVE REMUNERATION CONSULTING IN THE UNITED KINGDOM (December 2015) Preamble Executive remuneration consultants are business advisers who provide a valuable
More informationIMPLEMENTING THE SENIOR MANAGERS AND CERTIFICATION REGIME 1 IMPLEMENTING THE SENIOR MANAGERS AND CERTIFICATION REGIME
IMPLEMENTING THE SENIOR MANAGERS AND CERTIFICATION REGIME 1 IMPLEMENTING THE SENIOR MANAGERS AND CERTIFICATION REGIME 2 IMPLEMENTING THE SENIOR MANAGERS AND CERTIFICATION REGIME THE SENIOR MANAGERS AND
More informationMind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic
Author Rakesh Sancheti Vice President and Business Head - Analytics, Europe and Nordic July 2017 The regulatory environment has become increasingly complex, with new regulations being introduced across
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationBreakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018
Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect
More informationHSCIC Audit of Data Sharing Activities:
Directorate / Programme Data Dissemination Services Project Data Sharing Audits Status Approved Director Terry Hill Version 1.0 Owner Rob Shaw Version issue date 20/04/2016 HSCIC Audit of Data Sharing
More informationMind your business: Prepare for GDPR
Mind your business: Prepare for GDPR Practical tips for small businesses www.sfa.ie/advice Contents Foreword 1 Section 1: Setting the scene 2 Section 2: How to implement GDPR 4 Step 1: Plan and resource
More information12 STEPS TO PREPARE FOR THE GDPR
12 STEPS TO PREPARE FOR THE GDPR Presented by Henshalls Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR
More informationPrivacy Impact Assessment. Integrated Personal Commissioning (IPC) Programme
Privacy Impact Assessment Integrated Personal Commissioning (IPC) Programme Reference number: IG MAY17 Date PIA completed: May 2017 The Clinical Commissioning Group MUST comply with the Data Protection
More informationBOARD CHARTER JUNE Energy Action Limited ABN
BOARD CHARTER JUNE 2016 Energy Action Limited ABN 90 137 363 636 Contents Contents... 2 1 Overview... 3 2 Key Board Functions & Procedures... 5 3 Role of the Chairman... 9 4 Role of the Deputy Chairman...
More informationVOLUNTARY CODE OF CONDUCT IN RELATION TO EXECUTIVE REMUNERATION CONSULTING IN THE UNITED KINGDOM
1 VOLUNTARY CODE OF CONDUCT IN RELATION TO EXECUTIVE REMUNERATION CONSULTING IN THE UNITED KINGDOM Preamble Executive remuneration consultants are business advisors who provide a valuable service to companies,
More informationSyntel Human Resources Privacy Statement
Syntel Human Resources Privacy Statement August 24, 2016 Privacy Statement highlights: Syntel is committed to protecting your privacy. This Privacy Statement ("Statement") addresses prospective, current,
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationSecurity Operations. BS EN ISO 9001: 2008 Issue 1.2: 21/10/2016. Quality Manual. Managing Director. Controlled / Uncontrolled when printed
of Security Operations BS EN ISO 9001: 2008 : 21/10/2016 Manual No. 1 Issued to Managing Director Authorised By Date Issued 21/10/2016 Controlled / Uncontrolled when printed SECTION: 0 Index Page 2 Note
More informationTÜV SÜD BABT Production Quality Certification Scheme
TÜV SÜD BABT Production Quality Certification Scheme The Production Quality Certification Scheme for Manufacturers A Certification Body of Copyright TÜV SÜD BABT 2014 Page 1 of 38 CONTENTS Page AMENDMENT
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY 1. Introduction This policy sets out how The Robert Gordon University shall comply with the requirements of the Data Protection Act 1998 and was created with reference to the JISC
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationPROPOSAL OUTLINE PRIVACY IMPACT ASSESSMENT
PROPOSAL OUTLINE PRIVACY IMPACT ASSESSMENT 1. Introduction A great deal of confusion surrounds the application of the Personal Information and Electronic Documents Act (PIPEDA) and the various provincial
More informationTRANSLINK RECORDS MANAGEMENT POLICY
TRANSLINK RECORDS MANAGEMENT POLICY Version Status Revision date Document History Number 0.1 Draft February 2007 Document Created 0.2 Draft 20 th April 2007 External quality assured by consultants (C9074)
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationSTAKEHOLDER Responsibilities ACCOUNTABLE TO...
Governance Trustees Trustees set the values and strategic direction and policies of the Trust. Trustees determine the governance structures for the Trust, approve the Scheme of Delegation and Risk Register.
More informationWithin Band 6: 39,270-66,865 (pro rata) CEO and Chair of Board of Trustees as Company Secretary
Job outline JOB TITLE: JOB REF: HOURS: SALARY: CONTRACT: REPORTS TO: Company Secretary/Policy Officer HFLMAT CO002 Part time 0.8 FTE (52 weeks per year) Within Band 6: 39,270-66,865 (pro rata) Permanent
More informationRisk Management Policy
Risk Management Policy IPH Limited ACN 169 015 838 1. Introduction Organisations of all types and scale face internal and external factors and influences that make it uncertain whether and when they will
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationNHSLA Risk Management Standards for NHS Trusts Providing Community Services 2011/12
NHSLA Risk Management Standards for NHS Trusts Providing Community Services 2011/12 Milton Keynes Primary Care Trust Provider of Community and Mental Health Services Level 1 May 2011 Contents Page 1: Executive
More informationConducting privacy impact assessments code of practice
Conducting privacy impact assessments code of practice Data Protection Act Contents Data Protection Act... 1 Information Commissioner s foreword... 2 About this code... 3 Chapter 1 Introduction to PIAs...
More informationData Protection Act 1998 Employee Fair Processing Notice
Data Protection Act 1998 Employee Fair Processing Notice Reference: Document Type: Status of Document: Policy Final Version: 1.3 Date Approved: 16 th December 2014 Approved By: Director of HR & OD Publication
More informationRecords Management Policy
Records Management Policy Responsible Officer Author Business Planning & Resources Director Corporate Office Date effective from December 1999 Date last amended December 2015 Review date October 2018 1
More informationEnsure the development and delivery of internal & external communications and event management.
JOB DESCRIPTION Job Title: Reporting to: Supported by: Operations Manager Lead Minister Trustee, Human Resources Consultant Main responsibilities: Plan, develop and deliver the services needed by the Trustees
More informationGROUP DATA PROTECTION POLICY
GROUP DATA PROTECTION POLICY Conducting business the right way Safeguarding our customer and employee personal data Version 1 [August 2016] CONDUCTING BUSINESS THE RIGHT WAY Our Values, Doing the Right
More informationFind out about the General Data Protection Regulation (GDPR) and what your club will need to do to comply with the Law.
Find out about the General Data Protection Regulation (GDPR) and what your club will need to do to comply with the Law. This short guide will give you an introduction to the General Data Protection Regulation
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationKyte Broking Ltd. Conflicts of Interest Policy Summary Statement. Page 1 of 9
Kyte Broking Ltd Conflicts of Interest Policy Summary Statement Page 1 of 9 Table of Contents Page 1. Introduction... 3 2. Purpose and Summary of Policy... 3 3. Clients and counterparties... 4 4. What
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation
More informationThe SIA Approved Contractor Scheme. Self Assessment Workbook
The SIA Approved Contractor Scheme Self Assessment Workbook DRAFT PROPOSAL FOR CHANGE ACS REVIEW MARKET TESTING DRAFT PROPOSAL FOR TESTING JANUARY 2018 Page 1 of 86 NOT TO BE CIRCULATED Contents The ACS
More informationBoard Charter Z Energy Limited
Board Charter Z Energy Limited Z Energy Limited ( Z Energy ) is committed to the highest standards of corporate governance. This Board Charter ( Charter ) is the foundation document which sets out the
More informationIoD Code of Practice for Directors
The Four Pillars of Governance Best Practice Institute of Directors in New Zealand (Inc). IoD Code of Practice for Directors This Code provides guidance to directors to assist them in carrying out their
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationPreparing for GDPR 27th September, Reykjavik
Preparing for GDPR 27th September, Reykjavik Introduction Who I am? Solicitor fromlondon Worked in digital industry for the last 7years Specialized in Privacy for the last 7 years and did some consulting
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationBusiness Continuity Policy
Business Continuity Policy To ensure the effective availability of essential products and services, BCQ has raised this Business Continuity Policy in support of a comprehensive program for business continuity,
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 05/EN WP108 Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules Adopted on April 14 th, 2005 This Working Party
More information