General Data Protection Regulation Questionnaire for Businesses
|
|
- Kimberly Evans
- 6 years ago
- Views:
Transcription
1 General Data Protection Regulation Questionnaire for Businesses
2
3 This short questionnaire is a useful tool to help begin the process of identifying how your organisation collects, processes, and stores personal data. We hope that it may help you identify certain short-falls in your data processing activities and narrow down key areas of focus on. GENERAL MANAGEMENT Please circle the most appropriate choice 1. Do you have a policy that covers data protection matters? 1A. If the answer to the above question is Yes, how do you judge that policy? e.g.) 1 = Clear, useful, up to date 5 = Unclear, useless, out of date 1B. If Yes, when was your policy last reviewed? e.g.) 1 = Less than one year ago 5 = More than four years ago 2. Is your data protection policy adequately resourced, and supported by a management infrastructure that can sustain, monitor and review your policy and generate reports on its effectiveness? 2A. If the answer to the above question Yes, then how well do you think your policy is promoted and supported by management? e.g). 1 = Actively supported 5 = Unsupported 3. Is there an identifiable person responsible for data protection matters?
4 3A. If the answer to the previous question is Yes then how well do you think that person is supported by management? e.g.) 1 = Actively supported 5 = Unsupported 4. Do all individuals who are authorised to process personal data receive appropriate training, instruction or guidance on data protection matters? 4A. If the answer to the above question is Yes, how do you judge the training given? e.g.) 1 = All individuals receive appropriate training/instruction/guidance 5 = Individuals do not receive any training/instruction/guidance 4B. Are you confident that all individuals who process personal data understand their data protection obligations associated with that processing? e.g.) 1 = Very confident 5 = Very unsure 5. If there are contracts, associated with the processing of personal data, which allow contractors and other third parties access to personal data, do these contracts specify adequate data protection requirements? 5A. If the answer to the above question is Yes, then how well do you judge the effectiveness of the monitoring and/or auditing of contractual controls? e.g.) 1 = Compliance with contracts is audited/monitored regularly 5 = No auditing/monitoring is undertaken
5 6. Is there a folder of documents, or other documentation, which will help to manage and demonstrate compliance with your data protection obligations? 6A. If the answer to the above question is Yes, then what is your view on the quality of the information in the folder or in other documentation? e.g.) 1 = Clear, complete, up to date 5 = Unclear, incomplete, out of date LAWFULNESS OF PROCESSING 7. Has the full extent of processing, which is authorised by law or regulation, been identified? 8. Has proof of lawful processing been retained? 9. Are data subjects made aware, before they provide personal data, of why personal data is being collected and which organisations will use their data? 10. Are there significant practical or technical difficulties in providing the details identified in the above question? 11. Are there reasons (e.g. public interest) for not providing such information? 12. When personal data about a data subject are provided to you by other organisations or individuals, are these data subjects made aware of why personal data is collected and which organisations will use that data? Always Sometimes Never Don t Know
6 13. Is there a significant practical or technical difficulty in providing the details identified in the previous question? 14. Are there reasons (e.g. public interest) for not providing such information? QUALITY OF PERSONAL DATA 15. Is personal data assessed as to whether it is adequate, relevant and not excessive in the context of each particular purpose? Always Sometimes Never Don t Know 16. Are there significant practical or technical difficulties in meeting the above criteria in all circumstances? 17. Are there reasons (e.g. in the public interest) retaining the personal data since the data might become relevant in the future? 18. Is personal data assessed for accuracy and checked whether it is up to date? At appropriate intervals Sometimes Never Don t Know 19. Are there significant practical or technical difficulties in carrying out such assessments? 20. Before action is taken against a data subject, is the accuracy of the personal data checked? Always Sometimes Never Don t Know 21. Are there practical or technical difficulties in carrying out such checks?
7 22. Do formal criteria/procedures for the deletion of personal data exist? 23. Are there significant practical or technical difficulties in deleting personal data? 24. Are there reasons (e.g. in the public interest) for not deleting some or all of the personal data? SECURITY 25. Is there a security policy that covers all aspects of the processing and collecting of personal data? 25A. If the answer to the above question is Yes, how do you judge the security policy? e.g.) 1 = Clear, concise, useful 2 = Unclear, verbose, useless 25B. If the answer to the above question is Yes, how well is the security policy promoted and supported by management? e.g.) 1 = Actively supported 5 = Wholly unsupported 26. Do security controls or procedures include measures to ensure the integrity of the personal data and of its processing?
8 26A. How effective do you consider these controls/procedures to be? e.g.) 1 = Very effective 2 = Wholly ineffective 27. Do security controls or procedures include measures to permit user identification and authorisation for processing? 27A. How effective do you consider the controls/procedures to be? e.g.) 1 = Very effective 5 = Wholly ineffective 28. Do security controls or procedures include measures to safeguard operating procedures? 28A. How effective do you consider the controls/procedures to be? e.g.) 1 = Very effective 5 = Wholly ineffective 29. Do security controls or procedures include measures that include encryption? 30. Do security controls or procedures include measures to invoke a business continuity/ disaster recovery plan? 30A. Are there significant practical or technical difficulties in forming such a plan?
9 31. Do security controls or procedures include measures to establish adequate audit and monitoring arrangements? 31A. How effective do you consider these arrangements to be? e.g.) 1 = Very effective 5 = Wholly ineffective 32. Do security controls or procedures include measures to safeguard the physical security of the processing environment? 32A. How physically secure do you consider your processing of personal data to be? e.g.) 1 = Very secure 5 = Wholly insecure 33. Are staff trained in the necessary security controls and procedures? 33A. If the answer to the above question is Yes, then how do you judge the training given? e.g.) 1 = Staff receive appropriate security training 5 = Staff wholly untrained 33B. When did you last receive training/instruction on IT security requirements? e.g.) 1 = Less than one year ago 5 = More than four years ago
10 DATA SUBJECTS RIGHTS Data Protection Seminar 34. Do procedures allow for data subjects to be informed of the nature of the processing of personal data, and to receive confirmation as to whether or not personal data about them is processed? Yes Sometimes No Don t Know 35. Are there significant practical or technical difficulties in providing such information? 36. Are there reasons (e.g. in the public interest) for not providing such information? 37. Do procedures allow data subjects to exercise their right of access to personal data which relate to them? Yes Sometimes No Don t Know 38. Are there significant practical or technical difficulties in providing such data to the data subject? 39. Are there reasons (e.g. in the public interest) for not providing such data? 40. Do procedures allow for data subjects to be informed of the logic underpinning any automated decision-making processing which significantly impacts on them and to challenge such decision? Yes Sometimes No Don t Know 41. Are there significant practical or technical difficulties in providing such information? 42. Are there reasons (e.g. in the public interest) for not providing such information?
11 43. Do procedures have the capability to correct, block or erase personal data (e.g. in compliance with requests from data subjects and/or from data protection authorities or courts) and to notify third parties who have received data subject s personal data? Yes Sometimes No Don t Know 44. Are there significant practical or technical difficulties in providing such information? 45. Do procedures allow data subjects to object to the processing of personal data? 46. Are there reasons (e.g. in the public interest) for not allowing such objection? 47. Has a comprehensive census of the processing of personal data been carried out? 47A. When was the last census carried out? e.g.) 1 = Less than one year ago 5 = More than four years ago 48. Do procedures anticipate the need to notify details of the processing to a data protection authority (e.g. the Information Commissioner s Office)? SYSTEM DESIGN 49. Are data protection considerations taken into account during the development, purchase or acquisition of hardware and software?
12 50. Are changes to the software or processing environment considered in the context of data protection obligations? Interpreting the results of the Questionnaire Each question is based on one or more of the statutory obligations in the Data Protection Act 1998 which the data controller has towards the protection of personal data of a data subject. It is important to double check that you are not overlooking something which could make your processing of personal data unlawful. Although this questionnaire uses the Data Protection Act 1998 as the basis for its questions, it is important to understand that if you identify deficiencies in your organisation based on this questionnaire then it is highly unlikely that you will be compliant with the General Data Protection Regulation because the upcoming legislation incorporates and further develops the existing legal framework. Each No answer, or a Yes answer which scores 4 or 5, identifies a potential exposure in your data protection procedures. Although lower scores cannot be ignored and should also be investigated, it would be advisable to focus on the highest scoring aspects of the questionnaire first because these are likely the source of the greatest deficiencies in your current data handling procedures. An answer that indicates a significant practical or technical problem in meeting an obligation needs further consideration. If an obligation cannot be satisfied because it is impossible or involves disproportionate effort, then in some cases the legislation permits the derogation from the obligation. That said, it is likely that the test of what is or what isn t disproportionate will more than likely increase under the General Data Protection Regulation with the addition of the Accountability Principle and the higher standard of consent that must be obtained prior to undertaking the processing of personal data, particularly in light of the increased fines regime. Any Sometimes answer, or any matter associated with the processing of personal data in the public interest, needs careful attention before you decide whether or not an exemption from a data protection obligation applies. It is crucial to understand that the exemptions are very narrow in scope and will only apply to a very small sub-set of organisations, for example, GCHQ or MI5. It cannot, and should not, be used as an excuse to try and avoid your legal obligations, particularly in light of the upcoming General Data Protection Regulation. We would be grateful if you could provide us a copy/scan of your answers by ing either Graham Millar (gmillar@) or John Kielski (jkielski@).
13 Your Contacts Derek Hamill Partner Head of Corporate T +44 (0) M +44 (0) E dhamill@ Graham Millar Partner Head of Employment T +44 (0) M +44 (0) E gmillar@ John Kielski Solicitor Corporate T +44 (0) M +44 (0) E jkielski@
14
Privacy Notice for Clients of RISDON HOSEGOOD Solicitors
Privacy Notice for Clients of RISDON HOSEGOOD Solicitors What does this document do? This Privacy Notice describes how personal data we collect from our clients will be collected, stored and processed.
More informationDocument Ref: Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager
Policy Data Protection Policy Document Ref: 471.4 Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager Data Protection Policy Entity This policy applies
More informationSelf-Assessment Questionnaire Controllers
Preparing for The Data Protection (Bailiwick of Guernsey) Law, 2017 Self-Assessment Questionnaire Controllers 1. The current data protection legislation the Data Protection (Bailiwick of Guernsey) Law,
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related
More informationGeneral Data Protection Regulation. What should community energy organisations be doing to prepare?
General Data Protection Regulation What should community energy organisations be doing to prepare? The implementation date of 25 May 2018 for the General Data Protection Regulation (GDPR) is fast approaching.
More informationComplete Funding Solutions Limited Privacy Notice
Complete Funding Solutions Limited Privacy Notice Who we are Complete Funding Solutions Limited (company number: 10619210) which is an independent Finance Broker based at Windle Hall Farm, Crank Road,
More informationData Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:
Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective: 1 Policy Statement Objective 1.1 It is the policy of Penderels Trust to demonstrate compliance
More informationKEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
KEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY Member of staff responsible Head teacher Governor responsible Chair of LGB & DPO Date
More informationThe Society of St Stephen s House Site Security and Monitoring Privacy Notice
This privacy notice applies to data processing activities undertaken by The Society of St Stephen s House for security and monitoring relating to staff, students and visitors to College premises A summary
More informationPRIVACY NOTICE FOR JOB APPLICANTS
PRIVACY NOTICE FOR JOB APPLICANTS 1. General Information 1.1 Derby County Football Club are committed to protecting the privacy and security of your personal information. 1.2 Under data protection law,
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More informationPREPARING FOR THE GENERAL DATA PROTECTION REGULATION. SELF-ASSESSMENT QUESTIONNAIRE Data Controllers
PREPARING FOR THE GENERAL DATA PROTECTION REGULATION SELF-ASSESSMENT QUESTIONNAIRE Data Controllers 1. The current data protection legislation the Data Protection (Bailiwick of Guernsey) Law, 2001 and
More informationVMS Software Ltd- Data Protection Privacy Policy
VMS Software Ltd- Data Protection Privacy Policy Introduction The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of VMS Software Ltd. This includes
More information1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General
1 Management Responsibility 1 Management Responsibility 1.1 General 1.1 General The organization s management with executive The commitment and involvement of the responsibility shall define, document
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional challenge will underpin our quest to
More informationBROOKS PERSONAL TRAINING
BROOKS PERSONAL TRAINING Data Protection Policy Data Protection Policy Lent 2017 0 DATA PROTECTION POLICY Table of Contents: 1. Document Control... 2 2. Introduction... 3 3. General Statement of Scope...
More informationNissa Consultancy Ltd Data Protection Policy
Nissa Consultancy Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments (DPIA)
More informationOrbit Recruitment Privacy Policy
Orbit Recruitment Privacy Policy Introduction Orbit are the controllers of the information ( personal data ) that we collect about you, our data subjects, which means we are responsible for how your data
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationPRIVACY NOTICE - DRIVER HIRE TRAINING
PRIVACY NOTICE - DRIVER HIRE TRAINING Introduction Driver Hire Group Services Ltd and DH People Plus Ltd t/a Driver Hire Training (Driver Hire) provide training and worker engagement support services,
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationTHE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2
THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE CONTENT 1. INTRODUCTION... 2 2. IDENTITY OF THE CONTROLLER OF PERSONAL INFORMATION... 2 3. CONTACT DETAILS OF THE DATA PROTECTION
More informationWHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT
WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More informationPensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes
Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes 1 INTRODUCTION The General Data Protection Regulation (GDPR) comes into force in all EU Member States on 25.
More informationICO s Feedback request on profiling and automated decision-making: summary of responses
ICO s Feedback request on profiling and automated decision-making: summary of responses Introduction In April 2017 the ICO issued a request for feedback on profiling. We wrote a discussion paper summarising
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationGDPR for Employers DUBLIN / BELFAST / LONDON / NEW YORK / SAN FRANCISCO / PALO ALTO
GDPR for Employers DUBLIN / BELFAST / LONDON / NEW YORK / SAN FRANCISCO / PALO ALTO 1 Consent Things you need to know about consent and the processing of employees data The EU General Data Protection Regulation
More informationWhat you need to know. about GDPR. as a Financial Broker. Sponsored by
What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues
More informationMoulsham Junior School
Moulsham Junior School Advice to Parents - Your Data Protection Rights 1. Introduction The new General Data Protection Regulations provide you with legal rights over the personal data our school holds
More informationData Protection Policy
Preston and District Data Protection Policy The University of the Third Age Scope of the policy This policy applies to the work of Preston & District U3A (hereafter the U3A ). The policy sets out the requirements
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationBulkington, Nuneaton & Bedworth (BNB) BNB U3A Data Protection Policy
Bulkington, Nuneaton & Bedworth (BNB) BNB U3A Data Protection Policy This policy applies to the work of BNB U3A. The policy sets out the requirements that BNB U3A has to gather information for membership
More informationRAW MARKETING DATA PROTECTION POLICY
RAW MARKETING DATA PROTECTION POLICY Introduction We take your privacy very seriously and have updated our Privacy Statement in line with the upcoming GDPR regulation. Were absolutely committed to reflecting
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationData Protection Impact Assessment Policy
Data Protection Impact Assessment Policy Version 0.1 1 VERSION CONTROL Version Date Author Reason for Change 0.1 16.07.18 Debby Jones New policy 2 EQUALITY IMPACT ASSESSMENT Section 4 of the Equality Act
More informationBrasenose College is committed to protecting the privacy and security of personal data.
This privacy notice (v1.2) applies to data processing activities undertaken by Brasenose College for security and monitoring relating to staff, students and visitors to College premises including CCTV,
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationData Protection Policy.
Data Protection Policy. The Leonardo Trust needs to keep certain information on its Employees, Volunteers, Service Users (clients) and Trustees to carry out its day to day operations, to meet its objectives
More informationPrivacy Notice For Our Service Providers/Suppliers
Privacy Notice For Our Service Providers/Suppliers What Is The Purpose Of This Notice? This notice applies to all businesses operating within The Alumasc Group plc group of Companies (the Group ), as follows:
More informationCHANNING SCHOOL DATA PROTECTION POLICY
CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During
More informationData Protection Policy, including Key Procedures
Data Protection Policy, including Key Procedures Revision Number :- 0 Date :- 16 April 2018 Status :- Approved Issue Date :- 22 March 2018 HEADING Aims of this Policy SECTION CONTENT Milton s Cottage Trust
More informationLEICESTER HIGH SCHOOL DATA PROTECTION POLICY
LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Document Control History Title Data Protection Policy Version no. 1.0 Date of publication May 2018 Author(s) Amanda Cramb, HR Manager Next review date May 2021 Page 1 Introduction
More informationThe General Data Protection Regulation in health & social care. 6 October 2016 Leeds
The General Data Protection Regulation in health & social care 6 October 2016 Leeds Session outline 09.05am: Roadmap of the GDPR 10.15am: Coffee break 10.30: GDPR impact: Streetview Employment Rights of
More informationBasic information form for auditing
Basic information form for statistical auditing v6.1 Statistical auditing forms part of internal quality control and development at Statistics Finland. The auditing examines the production process of an
More informationData Protection Policy. UK Policy May 2018
UK Policy May 2018 5 & 7 Diamond Court, Opal Drive, Eastlake Park, Fox Milne, Milton Keynes MK15 0DU, T: 01908 396250, F: 01908 396251 www.cognitaschools.co.uk Registered in England Cognita Limited No
More informationSwansea University Recruitment Privacy Policy
1 General Information We are committed to protecting the privacy and security of your personal information. Under data protection law, we are a data controller. This means that we hold personal information
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationGDPR POLICY. This policy complies with the requirements set out in the GDPR, which will come into effect on
GDPR POLICY Sponsors Statement All The Bishop of Winchester Academy policies exist to support the Sponsors vision, Christian ethos and values that are embedded in the day-to-day and long term running of
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationWe reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.
What is the purpose of this document? NORTHERN IRELAND SCREEN COMMISSION (Company Number NI031997) whose registered office is at 3 rd Floor Alfred House, 21 Alfred Street, Belfast, BT2 8ED is committed
More informationPASSPORT TO COMPLIANCE STAGE 1 PLANNING AND FEASIBILITY
PASSPORT TO COMPLIANCE STAGE 1 PLANNING AND FEASIBILITY SECTION 1 1.1 Justification The Passport to Compliance stage 1 planning and feasibility guidance notes will help you to build a case for the justification
More informationFunctional area. F Hallinan, C Abad, W Andrews Approver (s) Version 001 Effective date 25 May Privacy Notice for Emergency Contacts
The Charter Schools Educational Trust Privacy Notice for Emergency contacts GDPR compliant (Article 14 contact details given by someone other than the data subject) Contents: The personal data we hold
More informationPOLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018
POLICY Document Title Data Breach Notification Policy Version Version 1.0 Equality Impact Assessment Status TBC Approved by Senior Management Team Date approved 23 rd May 2018 Effective date 25 th May
More informationHEALTHY WORKPLACE PRIVACY POLICY
1 Background HEALTHY WORKPLACE PRIVACY POLICY 1.1 This privacy policy applies to the personal data we hold about employees of prospective Healthy Workplaces corporate clients. It sets out how and why we
More informationStandards. The framework for the award of the PASA accreditation for quality pension administration. October PASA Standards Version 1.
s The framework for the award of the PASA accreditation for quality pension administration October 2012 1 PASA s Version 1.11 1. Service Agreement 1.1 Agreement to provide administration services An appropriate
More informationData Protection Policy
Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018
More informationPrivacy notice counselling and support services
Privacy notice counselling and support services Individuals have a legal right to be informed about how our organisation uses any personal information that we hold about them. To comply with this, we provide
More informationPreparing for the GDPR
Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection
More informationUNITED BANK FOR AFRICA (UK) LIMITED PRIVACY NOTICE
UNITED BANK FOR AFRICA (UK) LIMITED PRIVACY NOTICE United Bank for Africa (UK) Limited is authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and Prudential
More informationCODE OF PRACTICE Appointment to Positions in the Civil Service and Public Service
CODE OF PRACTICE Appointment to Positions in the Civil Service and Public Service PUBLISHED IN 2017 BY THE COMMISSION FOR PUBLIC SERVICE APPOINTMENTS, 18 LOWER LEESON STREET, DUBLIN 2, D02 HE97 TEL: (01)
More informationRECORD OF PROCESSING OPERATIONS
RECORD OF PROCESSING OPERATIONS Record of processing operations What does the Act say? Every controller or processor shall maintain a record of all processing operations under his or its responsibility.
More informationCNPD Training: Data Protection Basics
CNPD Training: Data Protection Basics The obligations of controllers and processors Esch-sur-Alzette Mathilde Stenersen 7-8 February 2018 Legal service Outline 1. Introduction 2. Basic elements 3. The
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationPMI CONSUMER PRIVACY NOTICE
PMI CONSUMER PRIVACY NOTICE We take privacy seriously. This notice tells you who we are, what information about you we collect, and what we do with it. Please also read our terms of use relating to the
More informationALLEN & YORK is an employment agency and an employment business. We help qualified
GDPR POLICY STATEMENT ALLEN & YORK is an employment agency and an employment business. We help qualified and experienced professionals find suitable positions within their technical discipline. Privacy
More informationTrinity is committed to protecting the privacy and security of personal data.
This privacy notice applies data processing activities undertaken by Trinity College for security and monitoring relating to staff, students and visitors to Trinity premises including CCTV, other security
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationNABI/KCL Oilfield Construction Services Guyana (JV)
INTRODUCTION is in the process of pre-qualifying Contractors and Suppliers for an upcoming project in Guyana. GENERAL INSTRUCTIONS You are required to complete the following prequalification questionnaire
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationThe UK legislation is wholly retrospective and applies to all information held by public authorities regardless of its date.
FREEDOM OF INFORMATION POLICY INTRODUCTION The Freedom of Information (FOI) Act was passed in 2000 and replaces the Open Government Code of Practice that has been in place since 1994. The Act gives the
More informationGDPR Data Protection Policy
Our whole school vision is: Springbank Primary is a place where all of our children and staff will have the opportunity to excel. Everyone will be safe, happy and cared for. Our curriculum and values will
More informationOur Privacy Principles
SAXON HALL/SOUTHEND MASONIC CENTRE - PRIVACY POLICY Our Privacy Principles We will look after any personal information you share with us. This is central to our values as a company. We want everyone to
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationBreakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018
Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018 Introduction The Partner organisations within the Breakthrough Programme need to collect
More information2 What personal information are we collecting?
GDPR transparency notice for candidates (contractors and permanents) Electus Recruitment Solutions is the trading name of (we), company number 04636093 and registered office at Richmond House, Richmond
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationUniversity College Cork National University of Ireland, Cork Records Management Policy Version 1.0
University College Cork National University of Ireland, Cork Records Management Policy Version 1.0 UCC Records Management Policy, v1.0 1 Table of Contents 1 Purpose... 3 2 Scope... 3 3 Policy Requirements...
More informationTRUSTEE INDUCTION PACK (TIP) CONTENTS:
Council for Medical Scheme TRUSTEE INDUCTION PACK (TIP) CONTENTS: Objective of the Trustee Induction Pack (TIP) Ensuring that the newly elected/appointed trustees have an effective induction should not
More informationMPIL Recruitment Privacy Notice. Who we are
MPIL Recruitment Privacy Notice Who we are Pan Macmillan, Priddy Books and Macmillan Distribution (MDL) are all trading divisions of Macmillan Publishers International Limited, which is part of the Holtzbrinck
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationb. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.
Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679
More informationGeneral Data Protection Regulation - Explained
General Data Protection Regulation - Explained Bernard Cogan & Bobby Gould CUNA Mutual Group ACE Conference & AGM 2017 12 th May 13 3h May 2017 Copthorne Hotel (Birmingham) Are you familiar with GDPR Don't
More informationGDPR transparency notice for candidates (contractors and permanents)
GDPR transparency notice for candidates (contractors and permanents) Electus Recruitment Solutions is the trading name of Electus Recruitment Solutions Limited (we), company number 04636093 and registered
More informationPRIVACY NOTICE FOR STAFF
PRIVACY NOTICE FOR STAFF Under data protection law, individuals have a right to be informed about how the school uses any personal data that we hold about them. We comply with this right by providing privacy
More informationSAVINGS PRIVACY NOTICE YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT
SAVINGS PRIVACY NOTICE YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT THE MEANING OF SOME TERMS THAT WE USE IN THIS PRIVACY NOTICE Automated decision making means a process where we make decisions about
More informationData Protection Policy & Procedures
Data Protection Policy & Procedures Scope In this document, the terms we, us, our and/or Clear Sky refer to Clear Sky Children s Charity. The term you and/or your refer to all employees of Clear Sky, who
More informationFORESTRY AND LAND MANAGEMENT (SCOTLAND) BILL
FORESTRY AND LAND MANAGEMENT (SCOTLAND) BILL EXPLANATORY NOTES INTRODUCTION 1. As required under Rule 9.3.2A of the Parliament s Standing Orders, these Explanatory Notes are published to accompany the
More informationYOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT
YOUR PERSONAL INFORMATION AND WHAT WE DO WITH IT The meaning of some terms that we use in this privacy notice: Automated decision making means a process where we make decisions about you, such as your
More informationPrivacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd
Privacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd At RSL group we are very aware of the importance of managing the personal data that we hold, whether that is from a customer, a supplier
More informationData Protection Policy
THE CIPPENHAM SCHOOLS TRUST Data Protection Policy *Date for revision: Summer Term 2018 Responsibility for policy: Responsibility for operational: Trustees Trustees Reviewed by Directors: *subject to any
More informationHumber Information Sharing Charter
External Ref: HIG 01 Review date November 2016 Version No. V07 Internal Ref: NELC 16.60.01 Humber Information Sharing Charter This Charter may be an uncontrolled copy, please check the source of this document
More informationRegulatory Compliance and Enforcement Framework
Contents 1. About us... 3 1.1 Our Mission and Values... 3 2. Relevant Legislation and Obligations... 4 3. Approach to Regulatory Compliance and Enforcement... 4 3.1 Our Approach... 4 3.2 Working with Stakeholders...
More informationGDPR Checklist. O - Organisation. P - Processing. T - Technology. I - Information. N - Next OVERVIEW. Your Personal Data
OPTIN checklist OVERVIEW 1 GDPR Checklist This checklist sets out activities you will need to consider and act on by the compliance deadline of 25th May 2018. Use this to help you identify what support
More informationCOUNCIL APPOINTMENT OF EXTERNAL AUDITOR
Report No: 7/2017 PUBLIC REPORT COUNCIL 9 January 2017 APPOINTMENT OF EXTERNAL AUDITOR Report of the Director for Resources Strategic Aim: All Exempt Information Cabinet Member(s) Responsible: No Councillor
More information