DATA PROTECTION POLICY WINCHESTER CITY COUNCIL. Data Protection Policy

Similar documents
Data Protection Policy

Data Protection Policy

Breakthrough Data Protection Policy Approved by Lead Organisation: November 2017 Next Review Date: November 2018

Data Protection Policy

Data Protection/ Information Security Policy

General Optical Council. Data Protection Policy

Data Protection Policy

Data Protection Policy

General Data Protection Regulation. What should community energy organisations be doing to prepare?

Data protection (GDPR) policy

TECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients

PARK HIGH SCHOOL FREEDOM OF INFORMATION POLICY PUBLICATION SCHEME GUIDANCE. (Please also refer to the Schools Management of Records Policy)

Data Protection Policy

Data Protection. Policy

Data Protection Policy & Procedures

St Mark s Church of England Academy Data Protection Policy

DATA PROTECTION POLICY

General Personal Data Protection Policy

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

DATA PROTECTION POLICY

Tourettes Action Data Protection Policy

Data Protection Policy

Data Protection Audit Self-assessment toolkit

UK Research and Innovation (UKRI) Data Protection Policy

Quick guide to the employment practices code

THE HEATH ACADEMY TRUST DATA PROTECTION POLICY

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

Conducting privacy impact assessments code of practice

DATA PROTECTION POLICY

The Information Commissioner s response to the Competition and Market Authority s Energy market investigation: notice of possible remedies paper.

DATA PROTECTION POLICY

Park Hall Academy FOI Policy & Publication Scheme

Comments, Complaints & Compliments policy

Customer Advocacy. Complaints Management Policy

Human Resources. Data Protection Policy IMS HRD 012. Version: 1.00

General Data Protection Regulation (GDPR) A brief guide

The Sage quick start guide for businesses

Data Protection Policy and General Data Protection Regulations (GDPR)

Introduction Why is data protection important? How does it apply to volunteers? What volunteers need to do?...

The General Data Protection Regulation: What does it mean for you?

Depending on the circumstances, we may collect, store, and use the following categories of personal information about you:

Foundation trust membership and GDPR

DATA PROTECTION POLICY

The Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,

SIGBI DATA PROTECTION PROTOCOLS 2018

Data Protection Policy

A Parish Guide to the General Data Protection Regulation (GDPR)

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

Regulates the way data controllers process personal data

Thank you for your request under the Freedom of Information Act 2000 (the Act) received on 16 February 2011, seeking the following information:

Information Governance Policy

Ewyas Harold Group Parish Council. Freedom of Information Policy

Policy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent

COUNCIL OF EUROPE COMMITTEE OF MINISTERS. RECOMMENDATION No. R (89) 2 OF THE COMMITTEE OF MINISTERS TO MEMBER STATES

Code of Conduct. Integral Diagnostics Limited ACN

The. Code of Practice

GDPR DATA PROCESSING NOTICE FOR FS1 RECRUITMENT UK LTD FOR APPLICANTS AND WORKERS

INFORMATION GOVERNANCE MANAGEMENT FRAMEWORK POLICY

General Data Protection Regulation (GDPR) Frequently Asked Questions

GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector

Getting Ready for the GDPR

Gwybodaeth Dan Reolaeth. Gwynedd Council DATA PROTECTION POLICY FINAL 2.0. September Information Management Service. Approved

Information Governance Policy and Management Framework

GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

Positioning Technology in Working Life

ARTICLE 29 DATA PROTECTION WORKING PARTY

Whistle Blowing Policy

This has been produced as a response to the Data Protection Act 1998 and replaces the MRS Guidelines for Handling Databases.

Conducting privacy impact assessments code of practice

Equality, diversity and inclusion policy

EDINBURGH NAPIER UNIVERSITY A GUIDE TO PRIVACY IMPACT ASSESSMENTS

Customer Services Charter

LEISURE VOUCHERS TERMS AND CONDITIONS

General Data Protection Regulation. The changes in data protection law and what this means for your church.

How employers should comply with GDPR

College Policy. Freedom of Information Act Publication Scheme

Privacy Policy PURPOSE SCOPE POLICY. Data Collection

closer look at Definitions The General Data Protection Regulation

IQ Data Protection Policy

Tetney Primary School. Policy for Whistleblowing

PUBLIC WIFI FROM EE SOLUTION TERMS

Guidance on the General Data Protection Regulation: (1) Getting started

12 STEPS TO PREPARE FOR THE GDPR

Appointment of GCC Education Visitors. Information Pack for Applicants. Closing date: 11 th August 2017 at noon

ARTICLE 29 Data Protection Working Party

MRS Guidelines for MRS Company Partners: Qualitative Recruitment

INSERT TITLE AND BRANDING Dr A Gill s signature and front cover to be placed on policy when received from Communications. (Policy fully ratified)

Operating procedure. Managing customer contacts

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

Policy and Procedure Manual HR01 Effective Date: 7 February 2014 Rev 1: 7 February 2014 CODE OF CONDUCT AND ETHICS POLICY

Doncaster Council Data Quality Strategy

Date: INFORMATION GOVERNANCE POLICY

WHISTLE BLOWING POLICY

LinkMeUp Personal Assistant (PA) Register & Recruitment Support Terms & Conditions

SSCL Recruitment Service Implementation Environment Agency. Data Protection

Code of Practice Date of last update: 26th April 2017

Processing of personal data in a trust network for electronic identification

WHISTLE-BLOWING POLICY Guidance for Managers

1. Have you translated principle 1 into clear objectives? Yes No If so what are they?

Transcription:

DATA PROTECTION POLICY WINCHESTER CITY COUNCIL

Document Title: Author: Fiona Sutherland Revision History Version Revision Date Summary of Change Distribution 1.0 08/03/16 Internet Intranet

WINCHESTER CITY COUNCIL DATA PROTECTION POLICY 1.0 INTRODUCTION 1.1 This is the of Winchester City Council and applies to all employees, elected members, public representatives, business partners, agents and third parties acting on the Council s behalf. 1.2 The Council needs to collect, use and store certain types of information about the people we deal with in order to carry out our business as a local authority. These people include current, past and prospective employees, suppliers, clients/customers and others. In addition, the Council may sometimes be required by law to collect and use certain types of personal information to comply with Government requirements. Personal information must be dealt with properly however it is collected, recorded and used whether on paper, in a computer or recorded on other material such as CCTV. 1.3 The Council regards the lawful and correct treatment of personal information as very important in order to maintain confidence between us and the people we deal with. We ensure that the Council treats personal information lawfully and correctly. 1.4 The Council is therefore fully committed to the eight Data Protection principles, set out in Schedule 1 of the Data Protection Act 1998 (DPA). 2.0 DATA PROTECTION PRINCIPLES The Data Protection Principles are as follows: Principle 1 - Personal data shall be processed fairly and lawfully, and, in particular, shall not be processed unless specific conditions for processing are met. Principle 2 - Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Principle 3 - Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. Principle 4 - Personal data shall be accurate, and, where necessary, kept up to date.

Principle 5 - Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. Principle 6 - Personal data shall be processed in accordance with the rights of individuals under this Act. Principle 7 - Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss, or destruction of, or damage to, personal data. Principle 8 - Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of individuals in relation to the processing of personal data. 3.0 WHAT THE COUNCIL WILL DO 3.1 Winchester City Council will: Observe fully the conditions regarding the fair collection and use of personal information. Meet its legal obligations to specify the purposes for which information is used. Collect and process personal information, only to the extent that it is needed to enable us to carry out our business as a local authority or to comply with any legal requirements. Ensure the quality of information we use is accurate and kept up to date. Ensure that we do not keep personal information for any longer than we need to (and in accordance with our Retention Schedule). Guarantee that when we hold information about people, they can exercise their rights under the DPA (these include the right to be informed that processing is being undertaken, the right to access information that we hold about them, the right to prevent processing in certain circumstances and the right to correct, rectify, block or erase information which is not correct. Ensure that appropriate security measures are taken, both technically & organisationally, to protect against damage, loss or abuse of personal data. Ensure that personal information is not transferred abroad without suitable safeguards. Maintain a central log of data protection breaches, investigate all breaches that are reported, and take appropriate steps to prevent recurrence. Ensure that Winchester City Council s Data Protection Registration is kept up to date ( the Registration number is Z5730734). Regularly review this policy and safeguards that relate to it, to ensure that the contents are still relevant, efficient and effective.

Ensure CCTV systems are used in compliance with the DPA. Ensure the privacy of our employees and customers and people that we deal with. 3.2 In addition Winchester City Council will ensure that: There is someone with specific responsibility for data protection in the Council. This is the Head of Legal and Democratic Services. Everyone managing and handling personal information understands that they are responsible for following good data protection practice. Everyone managing and handling personal information is appropriately trained to do so. Everyone managing and handling personal information is appropriately supervised. Anybody wanting to make enquiries about handling personal information knows what to do. Queries about handling personal information are promptly and courteously dealt with. A regular review and audit is made of the way personal information is managed. Methods of handling personal information are regularly assessed. 4.0 SUMMARY 4.1 When we ask you for information, Winchester City Council will: Ensure you know why we need it. Protect it and make sure nobody has access to it that should not have. Ensure you know if you have a choice about giving us information. Let you know if we need to share the information with other organisations to give you better public services and whether you can say no. Make sure we do not keep the information longer than necessary. 4.2 In return we ask you to: Give us accurate information. Tell us as soon as possible of any changes.

Tell us as soon as possible if you notice mistakes in the information we hold about you, as this helps us keep our information reliable and up to date. 5.0 FURTHER INFORMATION 5.1 If you wish to be supplied with personal information we hold about you (a subject access request), or if you have any queries or complaints please write to the Head of Legal and Democratic Services, Winchester City Council, City Offices, Colebrook Street, Winchester, Hampshire SO23 9LJ. You can also contact Legal Services by email: legalwork@winchester.gov.uk 5.2 If you would like to see Winchester City Council s Data Protection Registration details, as notified to the Information Commissioner, you can visit the Information Commissioner s website (www.ico.org.uk) and simply enter the Council s registration number Z5730734 in the appropriate box. 5.3 For independent advice about data protection, please contact the Information Commissioner, By Post: The Information Commissioner s Office Wycliffe House Water Lane Wilmslow Cheshire SK9 5AF By Phone: 0303 123 1113 (local rate) By Email: casework@ico.org.uk

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback