The SENAD Group Section 5 Data Protection Protocol Issue: April 2016 Reviewed: April 2016 Next Review: April 2018 Version: 1 Policy Ref: 513.0 Owners: RA/NH Section 5/513.0/V1/APR16/NH/RA Page 1 of 5
SENAD Data Protection Protocol Overview SENAD is fully committed to compliance with the Data Protection Act (1998) and recognises the rights and obligations enforced by the act in the processing of personal data within the organisation. This protocol sets out what SENAD does to meet the requirements of Data Protection legislation. Introduction In order to operate efficiently and effectively, SENAD has to collect and use personal information about people with whom it works. These include pupils and service users, current, past and prospective employees, clients, purchasers and suppliers. In addition, it may be required by law to collect and use information in order to comply with the requirements of government bodies. SENAD regards the lawful and correct handling of personal information as very important to its successful operations and to maintaining confidence between the organisation and those to whom it provides its services. Scope This protocol covers personal data held electronically by SENAD on school, service and central IT systems and PC s, in addition to data stored in paper files. Personal Data is defined as any information from which a living individual can be identified. The protocol applies to all SENAD employees and any other third party who is authorised to process information on behalf of the organisation. Aim The aim of this protocol is to ensure that the organisation treats personal information lawfully and correctly in accordance with the Data Protection Act 1998 regardless of the format in which it is stored and collected. Section 5/513.0/V1/APR16/NH/RA Page 2 of 5
Owner The protocol is owned by the Data Protection Officer. The organisation's current Data Protection Officer is: Richard Atkinson - Finance Director The following officers can also assist with any Data Protection issues: Neil Hickingbottom - Group IT Manager Mark Flynn - Chief Operations Officer Principles SENAD is fully committed to the eight main principles of the Data Protection Act (1998). When collecting and processing personal data the following principles will be applied: Personal data shall be processed fairly, lawfully and, in particular, shall not be processed unless specific conditions are met The organisation will ensure that the collection and processing of information is not excessive and that it is appropriate to fulfil the operational needs of the organisation or to comply with any legal requirements. Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes The organisation will ensure that when information is collected, on forms or by other methods, specific advice is given as to the purpose(s) of gathering and using the information. Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed The organisation will ensure the quality and accuracy of any information used and that any information held is factually relevant to the area of work concerned. Section 5/513.0/V1/APR16/NH/RA Page 3 of 5
Personal data shall be accurate and, where necessary, kept up to date The organisation will endeavour to ensure that any personal data is accurate and current and where discrepancies are found, the data will be amended. Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes The organisation will ensure that any personal information is not held for longer than required and, by applying checks to determine the length of time information is held, make sure that personal data is destroyed in an appropriate manner once the retention period has expired. Personal data shall be processed in accordance with the rights of data subjects under the Act The organisation will ensure that an effective process exists to allow data subjects to fully exercise their rights to request to see any of the information held about them within the organisation and to ensure that any such request is responded to within the legal time scale of 40 calendar days. Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to personal data The organisation will ensure that appropriate procedures are in place to safeguard personal information and ensure that access is restricted only to those managers who require it. Personal data shall not be transferred to a country or territory outside the European Economic area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data SENAD will ensure that personal information is not transferred abroad without suitable safeguards. SENAD will also ensure that: Our notification entry on the Public Register of Data Controllers is current and up to date. Any partners or third parties who have access to or share our data follow our policies and procedures and are covered by either a data sharing agreement or outsourcing contract which allows them to lawfully act on our behalf as data processors. Section 5/513.0/V1/APR16/NH/RA Page 4 of 5
A dedicated resource is provided to oversee data protection issues across the organisation. All employees (including contractors) involved in the collection and processing of personal data are aware of their legal responsibilities to provide adequate protection of personal information and safeguard against unlawful disclosure. Contact us Data Protection Officer The SENAD Group 1 St Georges House Vernon Gate Derby DE1 1UQ Telephone: 01332 378840 Email: info@senadgroup.com Section 5/513.0/V1/APR16/NH/RA Page 5 of 5