Human Resources and Data Protection

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Human Resources and Data Protection"

Transcription

1 Human Resources and Data Protection Contents 1. Policy Statement Scope What is personal data? Processing data The eight principles of the Data Protection Act Council obligations Employees obligations Individual s rights under the Act Making a request for information What information do we need from the applicant? What is the timescale for gaining access to the information? What if the applicant is not happy with our response? What if the data is incorrect? Policy Monitoring Policy Statement 1.1. The Data Protection Act 1998 ( the Act ) regulates the way in which certain personal data about an employee is held and used The general aim of the Act is to ensure that where personal data is held, the data is adequate, relevant and not excessive. The Act also ensures that employees are able to access and review the contents of any files held on them

2 1.3. Throughout employment and for as long a period as is necessary following the termination of employment, the Council will need to keep information for purposes connected with an employee s employment. The Council will also hold information to ensure that required services are provided in an efficient, effective manner The Council endorses and adheres to the Data Protection principles and requires all employees to comply with the Act in relation to all personal data held by the Council including the personal data about staff Employees should at all times value the right to privacy of the people about whom information is held and manage personal information professionally. It is each employee's responsibility to ensure that personal data remains confidential and secure. The aim of this document is to provide employees with information relating to the Council s obligations in relation to Data Protection and guidance on how employees are expected to handle personal data or make a Subject Access Request under the Act. The Council also has a Corporate Legal Policy on the Data Protection Act to which employees should also refer Failure to comply with this Guidance and the principles set out in the Data Protection Act will be regarded as serious misconduct and will be dealt with in accordance with the Council s disciplinary policy. Misuse and unauthorised disclosure of personal data can lead to personal prosecution. 2. Scope 2.1. This document applies to all employees other than those in educational establishments with delegated powers The principles in this document also apply to: Former employees Job applicants (successful and unsuccessful) Former job applicants (successful and unsuccessful) Agency workers (current and former) Casual workers (current and former) Contract workers (current and former) Volunteers (current and former) Trainees / work placement students (current and former) 3. What is personal data? 3.1. As outlined in section 1, the Act applies to any personal data. The term personal data is information about a living individual who is identified or who is identifiable. Personal data may be: photographs CCTV footage information held on computer disk - 2 -

3 3.2. These records may include: information gathered about an employee and any references obtained during recruitment details of terms of employment payroll, tax and National Insurance information performance information details of grade and job duties health records absence records, including holiday records and self-certification forms details of any disciplinary investigations and proceedings training records contact names and addresses Correspondence with the Council and other information provided to the Council Some personal data is also classed as sensitive and attracts a higher level of protection under the Act. Sensitive personal data is information relating to: Race or ethnic origin Political opinions Religion or belief Trade union membership Disability Sexual orientation Gender identity The commission or alleged commission of an offence or any proceedings for any offence committed or alleged to have been committed, the disposal of such proceedings or the sentence of any court in such proceedings 3.4. Such information, if disclosed by the employee to the Council is classed as sensitive under the Act and will not ordinarily be disclosed to a third party. 4. Processing data 4.1. The definition of processing is very wide and encompasses almost everything from the collection and storage of data to its eventual destruction If the Council intends to process data it must be processed fairly and lawfully and must comply with the conditions for processing set out in first data protection principle in the Act. The Council must ensure: consent is obtained where relevant, and the Information Commissioner (who is responsible for policing compliance with the Act) must be notified and given the reasons for the processing. The Council is required to maintain its registration with the Information Commissioners Office (ICO) and its registration can be found on the ICO web site

4 4.3. If the Council disclose personal data, consent is required unless the Council is required to provide the information by law. 5. The eight principles of the Data Protection Act 5.1. The Act contains statutory guidelines called 'data protection principles' to govern the manner in which personal data is processed. The principles mean that personal data shall: be processed fairly and lawfully and in particular shall not be processed unless specific conditions are met be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes. be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. be accurate and when necessary kept up to date. not be kept for longer than is necessary for that purpose or those purposes be processed in accordance with the rights of the Data subject under the Act Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of or damage to personal data. not be transferred to a country of territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedom of data subjects in relation to the processing of personal data. 6. Council obligations 6.1. As part of the Council s commitment to maintaining public confidence and the successful operation of this policy, the Council will:- Ensure there is a designated Data Protection Officer with specific responsibility for data protection. Ensure that employees handling personal data understand that they are contractually responsible for compliance with the data protection policy and are appropriately trained and supervised for these purposes. Formulate a data subject access request procedure for corporate use. Conduct a regular review, assessment, evaluation and audit of the way personal data is managed within the Council. Ensure that persons making enquiries about personal data are dealt with promptly and are appropriately advised of their rights and the Council's policy in making requests for personal data under the Data Protection Act, Employees obligations 7.1. Employees must work within the requirements of the Act at all times and: - 4 -

5 ensure that personal data is only disclosed to those who are entitled to receive it ensure that they understand any departmental guidelines on data disclosure e.g. adopted practice in establishing identity of telephone callers take care to ensure that data stored both manually and on computer is accurate and up to date ensure that they are aware of their Section / Service security procedures in place for protecting data and follow those procedures 7.2. Employees MUST NOT: Disclose confidential information unless permission is granted Use any personal data held by the Council for personal uses Hold any personal data for any purpose unless certain that the Council is registered to hold information for that use 7.3. Employees MAY: Handle and use personal data where it is necessary to carry out their work Transfer personal data within the Council between departments provided that one or more of the following apply: permission from supervisor is obtained any Information Sharing Protocol in place is followed transferred data is used only for the purposes for which it was obtained consent of the data subject is obtained 7.4. If an employee is in any doubt about whether to disclose information, legal advice should be sought from the Head of Legal Services. 8. Individual s rights under the Act 8.1. Section 2 sets out a list of individuals to whom this policy applies, the key principle being both current employees and individuals not employed by the Council are entitled to request certain information under the Act. These individuals have the right:- To ask the Council if it holds personal information about them To ask what it is used for To be given a copy of the information (subject to certain fees and exemptions) To be given details about the purposes for which the Council uses the information and of other organisations or persons to whom it is disclosed. To ask for incorrect data to be corrected. to be given a copy of the information with any unintelligible terms explained; to be given an explanation as to how any automated decisions taken about them have been made. To ask the Council not to use personal information:- for direct marketing; - 5 -

6 which is likely to cause unwarranted substantial damage or distress; to make decisions which significantly affect the individual, based solely on the automatic processing of the data There are some limited circumstances in which personal data relating to the applicant may be withheld. Examples of this include repeat access requests, confidential references, and third party information. 9. Making a request for information 9.1. A request for a copy of information held about an individual is known as a "Subject Access Request" All requests must be made in writing A fee of 10 will be payable to the Council to provide this information Different fee structures apply to some 'accessible records' such as health, education or social services files and a maximum fee of 50 for copies of these records can be charged Copies of Education records are free but photocopying charges may be made. Viewing of records is free of charge. 10. What information do we need from the applicant? When a subject access request is received, the Council may ask for information they reasonably need to verify the identity of the person making the request and to locate the data This means the Council must ask for proof of identity and information such as whether they are/were a customer or employee of the Council. 11. What is the timescale for gaining access to the information? The Act requires data controllers i.e. the Council to comply with subject access requests promptly and, in any event, within forty days from receipt of the request or, if later, forty days from the day on which the data controller has both the required fee and the necessary information to confirm the identity of the applicant and to locate their data A deliberate delay on the part of the Council is not acceptable and the Commissioner may impose penalties for doing so, which could lead to bad publicity for the Council There are different periods for requests for copies of school pupil records, which is fifteen school days. However, requests for these records should be made to the Governing Body of the school in question

7 12. What if the applicant is not happy with our response? If an applicant who considers his/her request has not been complied with they should write to the Corporate Complaints Officer setting out why they think that the information should have been provided to them If, following the response from the Corporate Complaints Officer the individual remains dissatisfied with the response, the following options are available:- They may apply to the court alleging a failure to comply with the subject access provisions of the Act. The court may make an order requiring compliance with those provisions and may also award compensation for any damage they have suffered as a result and any associated distress. They may write to the Information Commissioner. The Commissioner may do one of the following:- make an assessment as to whether it is likely or unlikely that we have complied with the Act issue enforcement proceedings if they are satisfied that we have contravened one of the Data Protection Principles recommend that the applicant apply to court alleging a failure to comply with the subject access provisions of the Act All complaints must first be directed to the Corporate Complaints Officer. Neither a Court nor the Office of the Information Commissioner will deal with complaints regarding the handling of a subject access request unless the applicant has first exhausted the Council s internal complaints procedure. 13. What if the data is incorrect? If data is incorrect, the individual should write to the Council stating what data is incorrect and ask for the data to be corrected The Council must tell the individual what has been done within 21 days of receiving the request If the Council does not agree that the information is incorrect the individual can ask that the disagreement is noted within the personal records held on them. The individual can also appeal to the Information Commissioner or the courts if the information is not corrected. 14. Policy Monitoring The Council will monitor the application of this policy and has discretion to review it at any time Responsibility for the implementation, monitoring and development of this policy lies with the Head of Human Resources. Day to day operation of the policy is the responsibility of nominated officers who will ensure that this policy is adhered to

8 Version Details of Change Date Number 1.0 Introduction of Single Status 1 st April

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Page 1 of 10 Table of Contents 1. Points of Contact for this Policy 4 2. Purpose of Data Protection Policy 4 3. Overview of the Data Protection Act 1998 5 4. Confidentiality and

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1

ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 ORBIT POLICY O-DPA01 DATA PROTECTION POLICY V1.1 1 Document Control Document Title DATA PROTECTION POLICY References O-DPA01 Version V1.1 Classification Unclassified Status Issued Last Review August 2011

More information

Data Protection Procedure

Data Protection Procedure Data Protection Procedure [QP2.28] Procedure Number: QP2.28 Revision Number: 3 Date of issue: January 2006 Status: Approved Date of approval: May 2006 Responsibility for procedure: Director of Information

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

West Sussex County Council. Guidance on Information Law for Schools

West Sussex County Council. Guidance on Information Law for Schools This guidance recognises that schools already deal with a great variety and number of requests for information and provides a straightforward approach to compliance with the following legislation: Education

More information

Historic Environment Scotland

Historic Environment Scotland Historic Environment Scotland Data Protection Policy September 2015 Document Control Title Data Protection Policy Author Head of Records Management Approved by HES Board Date of Approval 16/11/2015 Version

More information

Data protection policy

Data protection policy document: 1) Introduction The Data Protection Act 1998, places legal responsibilities on organisations who collect and use personal information and gives individuals certain rights of access. The Act covers

More information

June Fair processing notice Our policy for handling personal data

June Fair processing notice Our policy for handling personal data June 2016 Fair processing notice Our policy for handling personal data The Government Actuary s Department (GAD) handles personal information in compliance with the Data Protection Act 1998 (the Act).

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Data Protection Policy

Data Protection Policy London Borough of Enfield Data Protection Policy Author Mohi Nowaz Classification UNCLASSIFIED Date of First Issue 10/08/2012 Owner IGB Issue Status DRAFT Date of Latest Re-Issue 12/09/2012 Version 0.6

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

Vyners Learning Trust Data Protection and Retention Policy

Vyners Learning Trust Data Protection and Retention Policy Vyners Learning Trust Data Protection and Retention Policy 1. Background Vyners Learning Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

Policy Procedure. Data Protection Act Contents

Policy Procedure. Data Protection Act Contents Policy Procedure Data Protection Act 1998 New policy number: 351 Old instruction number: MAN:A030:a2 Issue date: 20 April 2004 Reviewed as current: 16 January 2015 Owner: Head of Information and Communications

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

The Manchester College

The Manchester College The Manchester College The Manchester College Produced by TMC Prin DataProtect pol v1 11/2010 All rights reserved; no part of this publication may be photocopied, recorded or otherwise reproduced, stored

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

East Northamptonshire Council Policy & Community Development. Data Protection Policy December 2007

East Northamptonshire Council Policy & Community Development. Data Protection Policy December 2007 East Northamptonshire Council Policy & Community Development Data Protection Policy December 2007 If you would like to receive this publication in an alternative format (large print, tape format or other

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction This policy sets out the framework for a consistent SDS wide approach to handling information relating to identifiable individuals (Personal Data). Skills Development

More information

School Policy. Data Protection Policy and Procedures

School Policy. Data Protection Policy and Procedures School Policy Data Protection Policy and Procedures Introduction Our school gathers and uses personal information about staff, pupils, parents and other individuals who come into contact with the school

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Data Protection and Research. Guidance Note

Data Protection and Research. Guidance Note Data Protection and Research Guidance Note 1. Introduction Personal Data used for research purposes by University staff must be dealt with in accordance with the Data Protection Act 1998 and its 8 Data

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Type: Status: Policy Statutory Issue Status:- Date Version Comment Owner April 2014 1 Original document Julie Taylor Electronic copies of this document are available to download

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each; DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules

More information

Guidance on the Processing of Personal Data for Research Purposes 1

Guidance on the Processing of Personal Data for Research Purposes 1 Guidance on the Processing of Personal Data for Research Purposes 1 1. Background The University of the West of Scotland has a reputation as a provider of high quality applied research. Some of the research

More information

Data Protection and Community Councils Briefing Note

Data Protection and Community Councils Briefing Note Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.

More information

BHCC Policy Summary. This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act 1998.

BHCC Policy Summary. This policy outlines BHCC s obligations and responsibilities in relation to the Data Protection Act 1998. BHCC Policy Summary 1 Policy Name Data Protection Policy. 2 Purpose of Policy To define the standards expected of all Brighton & Hove City Council employees, and any third parties, when processing information

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

Trafford Council. Data Protection. Policy, Statement and Guidance for Employees

Trafford Council. Data Protection. Policy, Statement and Guidance for Employees Trafford Council Data Protection Policy, Statement and Guidance for Employees Author Nick Evans Date August 2009 Status Final Version 1.3 Review Date October 2015 Review By Kathryn Wright Next Review October

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction

LCAT-Data Protection Policy-U LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY. Introduction LOOE COMMUNITY ACADEMY TRUST DATA PROTECTION POLICY Introduction 1. Looe Community Academy Trust (the Academy) is required to maintain certain personal data about living individuals for the purposes of

More information

THE DATA PROTECTION ACT 1998 A GUIDE FOR CUSTOMERS

THE DATA PROTECTION ACT 1998 A GUIDE FOR CUSTOMERS THE DATA PROTECTION ACT 1998 A GUIDE FOR CUSTOMERS Do you know what personal information is held about you by Angus Council and why the Council needs this information? In this leaflet Angus Council explains

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will:

Satisfaction of principles In order to meet the requirements of the principles, Team Bees will: Data Protection Policy Introduction. Team Bees is required to maintain certain personal data about living individuals for the purposes of satisfying operational and legal obligations. Team Bees recognises

More information

ILM Factsheet Dealing with data under the Data Protection Act 1998

ILM Factsheet Dealing with data under the Data Protection Act 1998 Prepared for ILM by Lester Aldridge Introduction Key issues for Charity Legacy Departments The Data Protection Act 1. What sort of information is protected by the Data Protection Act? 2. Is my charity

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Approved by Governors Date: 15 March 2016 Signed Chair of Governors Date of Review: Introduction Blessed Trinity RC College collects and uses personal information about staff, pupils,

More information

St Margaret s CE Primary school, Withern Data Protection Policy

St Margaret s CE Primary school, Withern Data Protection Policy St Margaret s CE Primary school, Withern Data Protection Policy Reference Points Data Protection Act 1998 See https://www.gov.uk/data-protection/the-data-protection-act Information Commissioners' Office

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Approval date: June 2014 Approved by: Board Responsible Manager: Executive Director of Resources Next Review June 2016 Data Protection Policy 1. Introduction Data Protection Policy

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

Disciplinary Procedure

Disciplinary Procedure Disciplinary Procedure 1. Scope and purpose 1.1 This procedure applies to all members of staff other than holders of senior posts as defined in Appendix 1. 1.2 The purposes of this procedure are to: Ensure

More information

ffi Data Protection Policy *S,,?fi. i?#.#+"*# *S,#*'*#' #+ *S FKOADLEA THMARY SCHOOL

ffi Data Protection Policy *S,,?fi. i?#.#+*# *S,#*'*#' #+ *S FKOADLEA THMARY SCHOOL *S,,?fi. i?#.#+"*# *S,#*'*#' #+ *S FKOADLEA THMARY SCHOOL Aahiwo Bcliovc *ehbrefe Headteacher: Mrs Sharon Freeley BA (Hons) ATS Newport Road Lake lsle of Wight PO36 gpe Tel: 01983 402403 admin@broadleapri.

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information

More information

Staple Hill Primary School. Data Protection Policy

Staple Hill Primary School. Data Protection Policy Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

technical factsheet 176

technical factsheet 176 technical factsheet 176 Data Protection CONTENTS 1. Introduction 1 2. Register with the Information Commissioner s Office 1 3. Period protection rights and duties remain effective 2 4. The data protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Date approved by Heads of Service 3 June 2014 Staff member responsible Director of Finance and Corporate Services Due for review June 2016 Data Protection Policy Content Page 1 Purpose

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Data Protection. Policy and Application July 2009

Data Protection. Policy and Application July 2009 Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:

More information

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters

15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters 15 Principles on the protection of personal data processed in the framework of police and judicial cooperation in criminal matters Principle 1 (Protection of rights and freedoms) 1. Personal data must

More information

HUMAN RESOURCES POLICIES & PROCEDURES

HUMAN RESOURCES POLICIES & PROCEDURES HUMAN RESOURCES POLICIES & PROCEDURES Policy title: Data protection policy Application: All employees CONTENTS PAGE Introduction 2 Status of the Data Protection Policy 2 Notification of data held and processed

More information

37. Data Protection Act - Registration by Schools

37. Data Protection Act - Registration by Schools 37. Data Protection Act - Registration by Schools The Data Protection Act 1998 has replaced the Data Protection Act 1984. Whereas the 1984 Act only related to personal data that could be automatically

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information

More information

Human Resources People and Organisational Development. Disciplinary Procedure for Senior Staff

Human Resources People and Organisational Development. Disciplinary Procedure for Senior Staff Human Resources People and Organisational Development Disciplinary Procedure for Senior Staff AUGUST 2015 1. Introduction 1.1 This procedure applies to Senior Staff. Senior Staff includes: 1.1.1 the Vice-Chancellor

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

ADLS GUIDANCE NOTE. Therefore, in order to process sensitive personal data fairly and lawfully specifically for research purposes:

ADLS GUIDANCE NOTE. Therefore, in order to process sensitive personal data fairly and lawfully specifically for research purposes: ADLS GUIDANCE NOTE Can a researcher legitimately process sensitive personal data for research purposes? This guidance note provides information on processing sensitive personal data for research purposes.

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Document Management: Date Policy Approved: 29 April 2015 Date Amended: Next Review Date: April 2017 Version: 1 Approving Body: Resources Committee 1 1. Introduction The Data Protection

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data Protection Acts 1988 and A Guide to Your Rights

Data Protection Acts 1988 and A Guide to Your Rights Data Protection Acts 1988 and 2003 A Guide to Your Rights :1 Definitions As with any legislation, certain terms have particular meaning. The following are some useful definitions: Data means information

More information

INFORMATION SHARING AGREEMENT

INFORMATION SHARING AGREEMENT University of Essex And Essex Police INFORMATION SHARING AGREEMENT September 2011 Version Published 1 1. INTRODUCTION 2. PURPOSE AND SCOPE OF THIS AGREEMENT 3. BENEFITS OF SHARING THIS INFORMATION 4. AGREEMENT

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017 Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,

More information

Data Protection Policy

Data Protection Policy Data Protection Policy January 2016 Next Review Due: January 2017 Co-ordinator: Miss M Rudge/Mrs J McColl 1 ACADEMY DATA PROTECTION POLICY POLICY DATE: JANUARY 2016 REVIEW DATE: JANUARY 2017 Introduction

More information

Data Protection and Data security Policy

Data Protection and Data security Policy Data Protection and Data security Policy Statement of policy and purpose of Policy 1. Somer Valley Community Radio Ltd (the Employer) is committed to ensuring that all personal information handled by us

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

Data protection policy

Data protection policy Data protection policy Introduction The College is required to keep certain information about employees, students and other users to allow it to monitor performance, achievements, health and safety, recruitment

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: December 2015 Version: 6.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

DISCIPLINARY PROCEDURE

DISCIPLINARY PROCEDURE DISCIPLINARY PROCEDURE May 2012 1 Introduction The Disciplinary Procedure applies to all SESTRAN employees. Its main aims are to promote fairness, equity and order in the treatment of individuals and in

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection Data Protection Act 1998 Codes of Practice The Employment Practices Data Protection Code CONTENTS CONTENTS... 1 Who is the Code for?... 3 Why should you use it?... 3 Other parts of the Code... 3 Five sections...

More information

Personal Data Act (1998:204);

Personal Data Act (1998:204); Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their

More information

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD DATA PROTECTION POLICY DATA PROTECTION POLICY Reviewed and Adopted April 2016 Signed...COG...HEAD Next review April 2018 Data Protection Policy AIMS This policy sets out the Council s commitment to the

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

Data Protection in Ireland

Data Protection in Ireland Data Protection in Ireland 0 Contents Data Protection in Ireland Introduction Page 2 Appointment of a Data Processor Page 2 Security Measures (onus on a data controller) Page 3 8 Principles Page 3 Fair

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information