Data Protection Policy

Similar documents
SHENLEY BROOK END SCHOOL

DATA PROTECTION POLICY 2016

Security of Personal Data Policy and Guidelines

General Optical Council. Data Protection Policy

Data Protection Policy

This personal information must be dealt with properly, with appropriate safeguards in place to ensure the rights and freedoms of data subjects.

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Data Protection Policy

Data Protection. Policy

POLICY ON INFORMATION, SECURITY & DATA PROTECTION

Data Protection Policy

Data Management and Protection Policy

DATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy

St Mark s Church of England Academy Data Protection Policy

Hendre Infants School DATA PROTECTION POLICY. Nurture, Believe, Achieve Headteacher: A. J. Brett-Harris

Data Protection Policy

Data Protection Policy & Procedures

Privacy Notice for Clients of RISDON HOSEGOOD Solicitors

DATA PROTECTION POLICY

Tourettes Action Data Protection Policy

Data Protection Policy, including Key Procedures

Data Protection Policy

GROUP DATA PROTECTION POLICY

Parent / Carer Privacy Notice

Data Protection Policy

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

Data Protection Policy

Data Protection Policy

DATA PROTECTION POLICY

DATA PROTECTION POLICY

Data Protection Policy

Data protection (GDPR) policy

The current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.

Data Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General

VMS Software Ltd- Data Protection Privacy Policy

DATA PROTECTION POLICY

Queen s Croft High School DATA PROTECTION POLICY AND PRIVACY NOTICE

Data Protection Policy

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

Data Protection Policy

Data Protection Policy.

Data Protection Policy Approved by: COG Approved: 9 August 2017 Review date: August 2019 Version: Statement of Intent

CHANNING SCHOOL DATA PROTECTION POLICY

LEICESTER HIGH SCHOOL DATA PROTECTION POLICY

DATA PROTECTION POLICY 2018

DATA PROTECTION POLICY

Data Protection Act Policy Statement Status/Version: 0.1 Review Information Classification: Unclassified Effective:

DATA PROTECTION POLICY

RAW MARKETING DATA PROTECTION POLICY

Data subject access policy

Data Protection Policy for the Grimsby Institute of Further & Higher Education

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

Shavington Academy. Freedom of Information Policy

SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]

Information Sharing Policy

Data Protection Policy. UK Policy May 2018

Little Gaddesden C. of E. Primary School

Project Title. Project Number. Privacy Impact Assessment

Data Protection Policy

Trinity is committed to protecting the privacy and security of personal data.

Brasenose College is committed to protecting the privacy and security of personal data.

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

LIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018

EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY

PRIVACY NOTICE FOR JOB APPLICANTS

Brasenose College Data Protection Policy Statement v1.2

PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING Greenside School

The Society of St Stephen s House Site Security and Monitoring Privacy Notice

Data Protection Policy for Staff DJJK. Apr of 10

The SENAD Group. Section 5 Data Protection Protocol

Swansea University Recruitment Privacy Policy

Scottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY

DATA PROTECTION POLICY VERSION 1.0

Baptist Union of Scotland DATA PROTECTION POLICY

HITCHIN GIRLS SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS ATTENDING HITCHIN GIRLS SCHOOL

DATA PROTECTION POLICY

HOLY TRINITY CE PRIMARY SCHOOL PRIVACY NOTICE FOR PARENTS / CARERS OF PUPILS

Section a What this Policy is for Policy Statement. 2. Why this policy is important... 3

Privacy Policy for Employees

Privacy Impact Assessment: Standard Operating Procedure

Parents / Carers of Pupils Attending St Catherine s C of E Primary School Privacy Notice

Roundwood Primary School. Privacy Notice Parents

Functional area. F Hallinan, C Abad, W Andrews Approver (s) Version 001 Effective date 25 May Privacy Notice for Emergency Contacts

PRIVACY NOTICE FOR PARENTS/CARERS OF PUPILS ATTENDING WARREN DELL PRIMARY SCHOOL

Nissa Consultancy Ltd Data Protection Policy

General Personal Data Protection Policy

DATA PROTECTION POLICY

PRIVACY NOTICE for Welsh St Donat s Community Council, May 2018

THE COMPETITION AND CONSUMER PROTECTION COMMISSION JOB APPLICANT PRIVACY NOTICE 1. INTRODUCTION... 2

DATA PROTECTION POLICY

Data Protection Policy

Data Protection Employee Privacy Notice

THE PORTSMOUTH GRAMMAR SCHOOL

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

St John's Primary School and Nursery. Privacy Notice for Governors How we use your information 2018/19

Regulates the way data controllers process personal data

NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021

P Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.

Transcription:

Data Protection Policy Name of Chair: Mr David Mann Name of Headteacher: Mrs Eileen Bissell Name of person Responsible: Mrs Eileen Bissell Adopted and Agreed on: October 2015 Date of Review: October 2018 Ref No: A5

The Governing Body of the school has overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance with Education Regulations and all other statutory provisions. The Headteacher and Governors of this School intend to comply fully with the requirements and principles of the Data Protection Act 1984 and the Data Protection Act 1998. All staff involved with the collection, processing and disclosure of personal data are aware of their duties and responsibilities within these guidelines. Introduction The Data Protection Act The Data Protection Act 1998 regulates how personal information relating to living individuals is dealt with. It applies to anyone holding data about individuals on computer and/or manual records. The Act lays down detailed conditions for the processing of personal data and gives individuals (referred to as the Data Subject ) the right to access information held about them and to have inaccurate data corrected or erased. Statement of Policy Oakdale Junior School needs to collect and use certain types of information about people with whom it deals in order to operate. These include Pupils past or present, current, past and prospective employees, suppliers and others with whom it communicates. In addition, Oakdale Junior School may occasionally be required by law to collect and use certain types of information of this kind to comply with the requirements of central government departments. Oakdale Junior School regards the correct treatment of personal information as very important to its successful operations, and to maintaining confidence between those with whom we deal and ourselves. We ensure that our organisation treats personal information lawfully and correctly however it is collected, recorded and used and regardless of whether it is in hard or electronic format. The Data Protection Act 1998 provides safeguards to ensure that this is done correctly. To this end Oakdale South Road Middle School fully endorses and adheres to the Principles of Data Protection, as set out in the Data Protection Act 1998. The Principles of Data Protection The Data Protection Act requires that organisations which handle personal information comply with eight key principles regarding privacy and disclosure. The Principles require that personal information: 1. Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met; 2. Shall be obtained only for specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes; 3. Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; 4. Shall be accurate and where necessary, kept up to date; 5. Shall not be kept for longer than is necessary; 2

6. Shall be processed in accordance with the rights of data subjects under the Act; 7. Shall be kept secure (i.e. protected by an appropriate degree of security); 8. Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection. Definition of Personal and Sensitive Personal Data Personal Data means data that relates to a living individual whereby they can be identified: (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, This includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Sensitive personal data means personal data consisting of information as to: The racial or ethnic origin of the data subject, Their political opinions Their religious beliefs or other beliefs of a similar nature Their physical or mental health or condition Their sexual life The commission or alleged commission by them of any offence, or any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. Handling Personal/Sensitive Data. Oakdale Junior School will, through appropriate management and strict application of criteria and controls: Observe fully conditions regarding the fair collection and use of information; Meet its legal obligations to specify the purposes for which information is used; Collect and process appropriate information, and only to the extent that it is needed to fulfil operational needs or to comply with any legal requirements; Ensure the quality of information used; Apply strict checks to determine the length of time information is held; Ensure that the rights of people about whom information is held can be fully exercised under the Act. (These include: the right to be informed that processing is being undertaken; the right of access to one s personal information; the right to prevent processing in certain circumstances; the right to correct rectify, block or erase information which is regarded as wrong information.); Take appropriate technical and organisational security measures to safeguard personal information; Ensure that personal information is not transferred abroad without suitable safeguards. Identification of Roles and Responsibilities Oakdale Junior School Oakdale Junior School is the data controller under the Act and is therefore ultimately responsible for implementation. It is also the school s responsibility as a data controller to make all employees aware of their individual responsibilities. 3

In particular, the school will ensure that: There is someone with specific responsibility for data protection in the organisation; Everyone managing and handling personal information understands that they are contractually responsible for following good data protection practice; Everyone managing and handling personal information is appropriately trained to do so; Everyone managing and handling personal information is appropriately supervised; Anyone wanting to make enquiries about handling personal information, whether a member of staff or a member of the public, knows what to do; Queries about handling personal information are promptly and courteously dealt with; Methods of handling personal information are regularly assessed and evaluated; Performance with handling personal information is regularly assessed and evaluated; Data sharing is carried out under a written agreement, setting out the scope and limits of the sharing. Any disclosure of personal data will be in compliance with approved procedures. Lead Officer A lead officer has been assigned to manage Data Protection within the School/Borough on a day-to-day basis. This officer will: Maintain a Register of manual personal records and process records for the National Register of electronic personal records. Provide guidance to departmental representatives on the responsibilities of their departments and any specific procedures that need to be followed. Arrange for Subject Access Requests to be carried out within departments. Arrange provision of cascade data protection training, for staff within the council. For carrying out compliance checks to ensure adherence, throughout the authority, with the Data Protection Act. Have the right to waive the fee for Subject Access Requests. Unit Representatives Designated officers have also been identified in all Units. These officers will be responsible for ensuring that the Policy is implemented within their Unit and for: Identifying and recording officers who keep personal data within their Unit. Disseminating guidance received from the DPO to officers within their Unit. Ensuring that officers are aware of the principles of the Act and the procedures for implementation. Ensure that changes or amendments to the Borough s Notification are reported. All staff of Oakdale Junior School It is not the responsibility of the Lead Officer or Unit Representatives to apply the provisions of the Data Protection Act. This is the individual responsibility of all officers who use, keep or collect personal data. Therefore, all managers and staff within the School/Borough s service units will take steps to ensure that personal data is kept secure at all times against unauthorised or unlawful loss or disclosure and in particular will ensure that: Paper files and other records or documents containing personal/sensitive data are kept in a secure environment; 4

Personal data held on computers and computer systems is protected by the use of secure passwords. Individual passwords should be such that they are not easily compromised. Personal information is transferred only by secure means of communication Personal information is not disclosed deliberately or accidentally either orally or in writing to any unauthorised third party They adhere to the school s ICT Security and Access Control Policies and Guidelines for the Remote use of ICT equipment and information. They inform their Unit representative and the Lead Officer about any existing records or any proposals to keep personal information and to supply information in the appropriate format. Contractors All contractors, consultants, partners or other servants or agents of the college must: Ensure that they and all of their staff who have access to personal data held or processed for or on behalf of Oakdale Junior School, are aware of this policy and are fully trained in and are aware of their duties and responsibilities under the Act. Any breach of any provision of the Act will be deemed as being a breach of any contract between Oakdale Junior School and that individual, company, partner or firm; Allow data protection audits by the school of data held on its behalf (if requested); Indemnify the school against any prosecutions, claims, proceedings, actions or payments of compensation or damages, without limitation. All contractors who are users of personal information supplied by the school will be required to confirm that they will abide by the requirements of the Act with regard to information supplied by the school. Notification to the Information Commissioner It is a basic principle of data protection that the public should know (or be able to find out) who is carrying out the processing of personal information as well as other details about the processing (such as for what reason it is being carried out). Notification is the process by which the Borough of Poole informs the Information Commissioner of certain details about its processing of personal information. These details are available to the public for inspection via the ICO s Register of Data Controllers. It is a statutory requirement that the Borough renews its notification on an annual basis and, in the interim, notifies the Information Commissioner of any amendments within 28 days. Failure to do so is a criminal offence. Responsibility for submitting notifications to the Information Commissioner has been designated to the Borough s Legal and Democratic Services Unit. To this end, any changes made between reviews must immediately be brought to the attention of the Head of Legal and Democratic Services. Dealing With Subject Access Requests. Individuals have a right under the Data Protection Act to make a request in writing for a copy of the information that the Borough holds about them on computer and in some manual filing systems. This is called a subject access request. They are also entitled to be given a description 5

of the information, what it is used for, who it might be passed on to, and any available insight into the source of the information. Subject to a number of exemptions, the Borough of Poole will comply with a subject access request within a maximum of forty days of receipt, provided that: The request is made in writing. The correct fee, currently 10, has been paid in advance Sufficient information is provided to identify the person making the request and the information that is being sought. The Borough has made available a Subject Access Request Form available on request or via our website (www.boroughofpoole.com), in order to enable individuals to access their data and ensure requests are processed effectively. Policy Review This policy will be reviewed on a two yearly basis to ensure that it continues to meet the requirements of the Borough and the current legislation. The Corporate Information Management Compliance Officer will carry out this review. Any changes to the policy will be notified to the Senior Management Team. CCTV The school operates a CCTV system which is in operation 24/7. In order to provide security to property and persons, a number of cameras are in operation throughout the school. The cameras are owned by the school and the system is operated by a small number of school staff, which includes the Business Manager and Site Staff. A written request for copies of a person s appearance in the recordings should be addressed to the Headteacher. Written permission from all persons present in the recording should be received before any viewing is allowed. The school reserves the right to refuse any individual access to the recordings, if this is in protection of its students and staff. The school will always provide recordings at the request of the BOP and the Police. The cameras operate so that images are saved to the hard drive this is overwritten every month. All persons entering into a letting agreement with Oakdale Junior School must inform all persons attending that a CCTV is in operation throughout the school. The school will be compliant with the Code of Practice for CCTV, Information Commissions Office. (2008). October 2015 6

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback