Policy Procedure. Data Protection Act Contents

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Policy Procedure. Data Protection Act Contents"

Transcription

1 Policy Procedure Data Protection Act 1998 New policy number: 351 Old instruction number: MAN:A030:a2 Issue date: 20 April 2004 Reviewed as current: 16 January 2015 Owner: Head of Information and Communications Technology Responsible work team: Knowledge Management Team Contents 1 Introduction Background Individuals rights to personal data The data protection principles Responsibilities What is a Subject Access Request (SAR)? Receiving a SAR Procedure for handling a SAR Exemptions Penalties Personal Record Files (PRF) Other requests for information Good records management Charging Complaints handling Information commissioner and the tribunal Notification Further guidance/advice and contact points... 9 Appendix 1 Subject access request flowchart...11 Document history...12 Review date: 16 January 2018 Last amended date: 351 Issue date: 20 April of 12

2 1 Introduction 1.1 This policy outlines the LFB s procedures when complying with the Data Protection Act 1998 and also handling a subject access request (SAR), which is a statutory right under section 7 of the Act. It will assist staff in understanding their personal responsibilities and rights under the legislation to make sure that they undertake their job roles in accordance with these requirements. Staff should be aware that when recording personal information, the information may have to be supplied to the individual, should they make a SAR. 1.2 The advice and policy statements in this policy should be followed by all employees, agency staff, contractors and Authority members. 1.3 Overall responsibility for compliance with the Data Protection Act lies with the Head of Information Management as the Authority s nominated data controller. On a day to day basis the Knowledge Management Team have responsibility for all data protection matters. 2 Background 2.1 The Data Protection Act 1998 (the DPA) provides a framework which sets out how organisations must process information about living individuals, in order to protect individuals from misuse of information that is held about them. The Act also provides individuals with a right to be provided with information that an organisation holds about them (subject to certain exemptions). The Act applies to personal information held electronically in a relevant filing system, manually and in other forms (e.g. photographs, video or audio recordings) which can constitute personal information. 2.2 The Act gives a number of rights to individuals, including the right to compensation in certain circumstances. 2.3 The Act seeks to achieve a better quality of information and processing by placing responsibilities on those in charge of personal information. These responsibilities include complying with basic principles such as keeping the information up to date and notifying the Information Commissioner as to how the personal information is used. 3 Individuals rights to personal data 3.1 All living individuals have a right to access information held about themselves, in whatever format. This could include personal information held manually (within a relevant filing system ), electronically (including s) or in any other format (e.g. photographic). To access this information, individuals can make a Subject Access Request (SAR),which is explained in section Personal data under the Act includes any information which relates to a living individual who can be identified from that information (or with other information which LFB holds). It covers information held electronically and manually. This means that all staff are affected by the provisions of the Data Protection Act in some way or another. For example, some s, a Personal Record File (PRF) or a CV may well be personal data. See appendix 1 for definitions of key terms under the Data Protection Act. 3.3 There is a specific category of personal data called sensitive personal data which is defined by the Act as consisting of information as to the data subject s: Racial or ethnic origin. Political opinions. 351 Issue date: 20 April of 12

3 Religious beliefs (or other beliefs of a similar nature). Trade union membership status. Physical or mental health or condition. Sexual life. The commission or alleged commission by an individual of any offence. Proceedings for any offence committed or alleged to have been committed by an individual, the disposal of such proceedings or the sentence of any court in such proceedings. The principles relating to individuals rights are summarised by the Information Commissioner s Office at this link: rights/. 4 The data protection principles 4.1 The Act contains eight data protection principles, which are rules as to how personal information must be handled. These principles form the backbone of the legislation and should be followed by all employees, agency staff, contractors and Authority members. Everyone has a duty to adhere to these principles regardless of job grade/function of the individual. 4.2 The principles are as follows: No. The Act says This means For example 1 Personal data shall be processed fairly and lawfully. 2 Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or purposes. The data subject should be informed who the data controller is, why the information is being processed and any other information needed to ensure that the processing of the information is fair. This principle also requires that at least one of the conditions in Schedule 2 or 3 to the Act is met. You should not collect and use information unless there is a specific and valid reason for doing so. The data subject must be told what the information will be used for. Personal information collected for one reason must not be used for any other unrelated purpose. Where forms are used to process personal information include a data protection statement. To find out more, speak to the Information Access Team. For example, names and addresses held for employment purposes must not be used for a marketing campaign which is outside of this purpose, without consent of the individuals. 351 Issue date: 20 April of 12

4 3 Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed. 4 Personal data shall be accurate and where necessary, kept up to date. 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. 6 Personal data shall be processed in accordance with the rights of data subjects under this Act. 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against loss or destruction of, or damage to, personal data. Only information needed for a specific purpose should be collected. Information that is not relevant for the purpose must not be collected simply because it might be useful in the future. Also, when filling in forms about staff, citizens or other individuals, you should only record relevant factual information not your personal remarks/opinions. Information should be recorded accurately and managers should take reasonable steps to check the accuracy of information and make sure procedures are in place to keep the information up to date. Know how long you need to keep information for and then destroy it when it passes its sell by date. See section 3: Individuals rights. Security controls need to be in place and followed by all staff. These may be technical (for example, relating to computer systems), or organisational (for example, management structures or the workplace). For example, a job application form should not ask for details that only successful applicants need to give (such as next of kin details). For example, before using information kept as part of a mailing campaign, reasonable steps should be taken to check the accuracy of the information. For example, keeping interview notes of unsuccessful candidates for longer than six months would be keeping them longer than necessary. See section 3: Individuals rights. For example, this includes access rights to personal information. Only employees who need to use personal information to carry out their work should have access to it. 351 Issue date: 20 April of 12

5 8 Personal data shall not be transferred to a country or territory outside the European Economic Area (EEA), unless that country or territory ensures adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data. Some countries outside Europe do not have the same legal requirements to protect information. Managers should take steps to make sure personal information that is transferred outside the EEA is secure. For example, when transferring personal information to the USA appropriate security checks should be undertaken. Always consult the Information Access Team for advice in these circumstances. 5 Responsibilities 5.1 It is important that the LFB handles personal information that it holds on its staff, users and third parties in a responsible and honest way. All staff who have access to personal information in any form must adhere to the requirements as set out in the Data Protection Act Staff are personally responsible and accountable for ensuring compliance with the provisions of the Act and in particular the eight data protection principles. All staff are responsible for the application and implementation of the Act within their area of responsibility and must ensure that their staff and other persons for whom they are responsible are aware of and understand their responsibilities under the Act. 6 What is a Subject Access Request (SAR)? 6.1 A subject access request (SAR) is a request from an individual (applicant) for information which relates to them (known as personal data ). Under the Data Protection Act, we must deal with a SAR within 40 days. 6.2 It is important that staff and managers know how to recognise a SAR when they see one. Any member of staff could receive a SAR. Additionally, it is useful for staff to know that they are entitled to make a SAR and how to do this. 6.3 A SAR has to be in written form (includes /fax) from either an individual or person acting on behalf of the individual (e.g. solicitors) asking for information relating to the individual. It may be vague or very descriptive but it does not have to quote the Data Protection Act or even state that it is a SAR. It can be from anyone (e.g. a member of the public or staff). 6.4 A verbal request for personal information (whether from a member of staff or from the public) cannot be treated as a SAR. If you receive a verbal request for personal information, then you should advise the applicant to put the request in writing. (See section 18: Further advice/guidance and contact points for links). The 40 day deadline starts from the date the written request is received (not the verbal request). You should also refer the applicant to the Information Access Team who will be able to offer help and advice. 6.5 For more detail on the information an individual can expect to receive by making a SAR, refer to the Information Commissioner s Office guidance which can be accessed through this link: 7 Receiving a SAR 7.1 Staff who have received a SAR should refer it to an Information Access Manager in the Knowledge Management Team immediately in order to meet the statutory deadline for the 351 Issue date: 20 April of 12

6 provision of information (40 days from receipt of the request). Please note that some minor requests for personal information can be dealt with locally by managers see section The Authority must respond to the request promptly and in any case before 40 days of receiving the request have elapsed. 8 Procedure for handling a SAR Overview 8.1 Personal information, which may be subject to a request, could be held by a variety of departments and individuals in a range of formats. It is important that a response to the SAR is comprehensive in meeting the request and that all relevant personal information is located. 8.2 The Information Access Team is responsible for liaising with relevant members of staff from departments to co-ordinate and collate all the information which is needed to meet a SAR. Staff must co-operate with the Information Access Team in order to locate the information that they may hold. 8.3 Staff may be asked to search their files, s or other records, for information held or processed about the applicant. 8.4 The Information Access Team will follow the procedure at Appendix 1 when they receive a SAR referral. Electronic information 8.5 The Information Access Team may be required to search all drives and s in order to respond to a request for information. 8.6 Where possible the Information Access Team will obtain the consent of the individual concerned to access t their s or personal drives to search for any relevant documents. However, there may be exceptional circumstances where this is not possible, in which case access to s and drivers may be obtained in accordance with Policy number ICT acceptable use policy. Manual information 8.7 The Information Access Team will request that relevant members of staff search their manual files, outlining the boundaries of the search (e.g. date ranges or subject). 8.8 The search should only cover personal information about the individual. 8.9 In preparing to send the collated information to the applicant, the Information Access Team will filter the information to: Make sure that only the information requested is included. Remove duplication (where possible). Delete personal information relating to third parties. Seek the consent of the third party(ies) to disclose the information where simply deleting the personal information relating to the third party(ies) is not practicable. Where consent to disclose information is not obtained, consult as appropriate, (including with the Head of Information Management), as to whether it would be lawful to disclose it without consent. Consider the application of exemptions where withholding certain information may be deemed necessary. 351 Issue date: 20 April of 12

7 9 Exemptions 9.1 The Act contains exemptions to the duty not to disclose personal information and also to the right of individuals to be provided with their personal information. There are two categories of exemption: Primary exemptions 9.2 These are more likely to be claimed as they cover a wide-range of areas. 9.3 Examples of primary exemptions include: national security, health, education and social work and crime and taxation. Miscellaneous exemptions 9.4 Exemptions within this category are related to a specific purpose. For example, in the specific circumstance of providing a reference. 9.5 Examples of miscellaneous exemptions include: confidential references given by LFB, legal professional privilege, negotiations with the data subject and management forecasting/planning. 9.6 The exemptions will either apply to some or all of the information. The exemption may be relied upon to: Disclose information to persons who are not listed on the notification register, and without having to inform the data subject e.g. disclosure to prevent crime or taxation fraud. Limit the data subject s access to information held about him/herself, e.g. data relating to the health of the person. Extend the length of storage of personal data, e.g. if it is being used for statistical, historical or research purposes. 9.7 Any application of an exemption must be applied through the Information Access Team. All the exemptions to the Data Protection Act are listed below: National Security. Crime and Taxation. Health, education and social work. Regulatory activity. Journalism, literature and art. Research, history and statistics. Information available to the public by law. Disclosures required by law or made in connection with legal proceedings etc. Domestic purposes. Miscellaneous exemptions. Exemptions made by Orders under the DPA. 10 Penalties 10.1 Failure to comply with the Data Protection Act can lead to enforcement action by the Information Commissioner (for further information, refer to Section 16). Where a breach of the Act is found, the Information Commissioner may serve data controllers with: Information notices, requiring data controllers to provide information about their processing operations (unless the information is self-incriminating or the subject of legal privilege). Special information notices. Enforcement notices, requiring data controllers to comply with the data protection principles. 351 Issue date: 20 April of 12

8 10.2 In addition, under certain circumstances, the Commissioner may (with a warrant from the court) exercise powers of entry, inspection and seizure of documents and equipment The Information Commissioner can also serve a monetary penalty notice for serious breaches of the DPA, the maximum penalty being 500, Individual members of staff may also be liable in certain circumstances. For example, where they knowingly withhold information, upon request, as part of a SAR Proceedings can be brought against the Authority itself, directors, managers, or any other member of staff concerned For further details about individual s rights and compensation, refer to: 11 Personal Record Files (PRF) 11.1 All staff have a right to view their personal record file. Since the DPA applies to manual records in a relevant filing system, a request to view a PRF is also technically a SAR. This means that PRF requests should be handled in the same way as general SARs. The Human Resources and Development department are responsible for PRFs and work with the Document Management Team (in the Information and Communications Technology Department) who manage the PRFs Alternatively, PRFs can be accessed by selecting this link: then clicking on the link 'view my employment record'. 12 Other requests for information 12.1 Other requests for personal information, for example, a request from an individual asking their manager to see their interview notes or details held about them on the training database are also technically SARs. Therefore, the same rules apply If you receive a request for personal information (such as the above examples) then either: Pass this request to Information Access Team. Deal with the request if it is part of your normal working practice in accordance with the requirements of the data protection series policies If you intend to withhold the information from the individual, for whatever reason, then you should contact the Information Access Team for further advice and guidance. See section 18: Further advice/guidance and contact points. 13 Good records management 13.1 It is essential that staff and managers adopt good records management practices and processes so that personal information can be easily located, within a reasonable time, whilst ensuring that personal information is not kept for longer than necessary and is kept up to date For further information on good records management, contact the Document Management Team on extension Charging 14.1 Although the Authority is able to make a charge for handling a SAR, there is currently no charge for this. 351 Issue date: 20 April of 12

9 15 Complaints handling 15.1 If an individual is dissatisfied with the service they have received in relation to their request for information, they have a right to complain to the Authority. If an individual is dissatisfied with the information provided (or the decision not to provide certain information) then they have a right for their request to be reviewed. Complaint about standard of service: 15.2 You must deal with such complaints under Policy number 639 External compliments and complaints procedure. Complaint about the information provided: 15.3 The following link provides information about complaints relating to the handling of requests for information: 16 Information commissioner and the tribunal 16.1 The Information Commissioner (IC), a government appointee, has various responsibilities, including the issuing of guidance on the interpretation and application of the legislation The IC reports directly to Parliament. The IC s responsibilities include data protection and freedom of information. In essence the IC: Promotes good practice by data controllers, and in particular promotes compliance with the requirements of the Act. Publicises information about the Act and how it works. Encourages, where appropriate, the development of codes of practice for guidance as to good practice. Takes enforcement action where necessary The Information Tribunal hears cases about alleged breaches of the DPA and also Freedom of Information. Breaches of the Data Protection Act 1998 sometimes involve offences which are punishable. 17 Notification 17.1 The Authority is required to notify the Information Commissioner, annually, of certain details about how we process personal information. This notification process replaced registration under the 1984 Act. Notification and details of processing must be kept up to date at all times. Failure to keep notification registers up to date is an offence under the Act. The notification is written in very broad terms, but where there is a change to processing, the Information Commissioner must be informed, in order to amend the entry on the notification. You can access the LFB s notification on the Information Commissioner s website (details below) If managers think the entry on the notification is out of date (or have a query), then they should contact an Information Access Manager in the Knowledge Management Team immediately who will update the notification (if necessary). 18 Further guidance/advice and contact points Knowledge Management Team Further advice and guidance is available from the Information Access Team (extensions and 30086). Record Services For information on records management contact (extension 38380). 351 Issue date: 20 April of 12

10 Website Information Commissioner You can also find more information on hotwire and London-fire: or Detailed guidance from the Information Commissioner s office can be found on their website at Issue date: 20 April of 12

11 Appendix 1 Appendix 1 Subject access request flowchart Confirm the identity of the individual to make sure that the correct information is supplied to the correct person. - If someone (other than a solicitor) is acting on behalf of the individual, then written proof/consent from the individual must first be obtained. Where a request for information is open-ended or vague, the Information Access Team will seek further clarification to define the search. This can be done, in line with the Data Protection Act, by asking the applicant for: The date range What the information is about The Information Access Team will liaise with their data protection contact in the Legal and Democratic Services Department in cases where it is necessary to seek legal advice and agree how to handle the request. The Information Access Team will contact the relevant members of staff/departments who they believe may hold the information requested taking into account the nature or the subject of the request. Staff should respond to the Knowledge Management Team promptly and without delay, with confirmation of whether they hold the information or not. If staff do hold the information they should make it available, making sure that the information is not deleted, amended or changed in any way in order to make it suitable for the applicant. 351 Issue date: 20 April of 12

12 Document history Assessments An equality, sustainability or health, safety and welfare impact assessment and/or a risk assessment was last completed on: EIA 12/02/2008 SDIA 01/09/2011 HSWIA RA Audit trail Listed below is a brief audit trail, detailing amendments made to this policy/procedure. Page/para nos. Brief description of change Throughout Throughout, policy departmental changes - from Democratic Services Team to Knowledge Management Team Human Resources updated to Human Resources and Development in accordance with Top Management Review. Date 19/05/ /02/2011 Throughout Reviewed as current paragraphs 5.2 and 7.2 added and other 11/03/2011 minor changes made. Appendix 1 Reference to Records Services has been replaced by Document 24/11/2011 Management Team. Page 6-7 Section 13 amended. 06/12/2011 Throughout Department name change: Knowledge and Document 21/03/2012 Management Team has been replaced by Knowledge Management Team. Page 4, para 6.5 Removal of reference to PN485 after update of the policy caused 30/04/2012 the relevant content to be removed. Review dates Reviewed as current, no changes made. Review dates amended. 18/06/2014 Page Subject list and FOIA exemptions tables updated. 16/12/2014 Throughout Major changes made throughout. The content of PN381 data protection act 1988: overview has been merged into this policy. 16/01/2015 Subject list You can find this policy under the following subjects. Data protection Regulations Legal Freedom of Information Act exemptions This policy/procedure has been securely marked due to: Considered by: (responsible work team) FOIA exemption Security marking classification 351 Issue date: 20 April of 12

Corporate ICT & Data Management. Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy 90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control

More information

DATA PROTECTION ACT 1998 COUNCIL POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction to the Data Protection Policy Everyone who works for Chorley Council uses personal data in the course of their duties. Chorley Council must gather and process personal

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection

More information

Human Resources and Data Protection

Human Resources and Data Protection Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council

More information

Data Protection Policy

Data Protection Policy Data Protection Policy BMBC Data Protection Policy V1 Page 1 of 7 Table of Contents 1 INTRODUCTION... 3 2 POLICY STATEMENT... 3 3. SCOPE... 3 4 DATA PROTECTION PRINCIPLES... 4 5 PREREQUISITE CONDITIONS

More information

Little Marlow Parish Council Registration Number for ICO Z3112320

Little Marlow Parish Council Registration Number for ICO Z3112320 Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with

More information

Data Protection Policy

Data Protection Policy Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and

More information

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data

More information

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection

More information

HERTSMERE BOROUGH COUNCIL

HERTSMERE BOROUGH COUNCIL HERTSMERE BOROUGH COUNCIL DATA PROTECTION POLICY October 2007 1 1. Introduction Hertsmere Borough Council ( the Council ) is fully committed to compliance with the requirements of the Data Protection Act

More information

Data Protection Policy

Data Protection Policy Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's

More information

Data Protection Act a more detailed guide

Data Protection Act a more detailed guide Data Protection Act a more detailed guide What does the Act do? The Data Protection Act 1998 places considerable duties on organisations which process personal data; increases the rights of access by data

More information

Policy Document Control Page

Policy Document Control Page Policy Document Control Page Title Title: Data Protection Policy Version: 3 Reference Number: CO59 Keywords: Data, access, principles, protection, Act. Data Subject, Information Supersedes Supersedes:

More information

Information Governance Policy

Information Governance Policy Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its

More information

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format. University of Westminster Personal Data Protection Policy For Compliance with the Data Protection Act 1998 1. Background 1.1 The Data Protection Act 1998 (DPA) defines personal data as data and information

More information

Data Protection Policy

Data Protection Policy 1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The

More information

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY

WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY WEST LOTHIAN COUNCIL DATA PROTECTION ACT 1998 POLICY Version 3.0 DATA PROTECTION ACT 1998 POLICY CONTENTS 1. INTRODUCTION... 3 2. PROVISIONS OF THE ACT... 4 3. SCOPE... 4 4. GENERAL POLICY STATEMENT...

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT

More information

Data Protection and Community Councils Briefing Note

Data Protection and Community Councils Briefing Note Data Protection and Community Councils Briefing Note This briefing note has been prepared in response to specific queries raised by Community Councils in Marr in relation to their Data Protection requirements.

More information

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation

More information

Merthyr Tydfil County Borough Council. Data Protection Policy

Merthyr Tydfil County Borough Council. Data Protection Policy Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. Introduction and purpose 1.1 Children s Hearings Scotland (CHS) is required to maintain certain personal data about individuals for the purposes of satisfying our statutory, operational

More information

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control Information Title Data Protection Policy Version V1.0 Author Diana Watt Date Approved 21 February 2013 Review Date Annually, on the anniversary

More information

Data Protection Policy

Data Protection Policy Internal Ref: NELC 16.60 Review date December 2016 Version No. V04 Data Protection Policy 1 Data Protection Statement Data Protection Policy 1.1 North East Lincolnshire Council recognises that in order

More information

Paperless World Limited

Paperless World Limited Paperless World Limited Security Policy Statement Contents Section 1: Paperless World Limited Security Policy Statement... 2 Section 2: The Data Protection Act 1998... 2 Section 3: Definitions... 2 Personal

More information

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana

Data Protection Act. Privacy & Security in the Information Age. April 26, 2013. Ministry of Communications, Ghana Data Protection Act Privacy & Security in the Information Age April 26, 2013 Agenda Privacy in The Information Age The right to privacy Why We Need Legislation Purpose of the Act The Data Protection Act

More information

Data protection policy

Data protection policy Data protection policy Introduction 1 This document is the data protection policy for the Nursing and Midwifery Council (NMC). 2 The Data Protection Act 1998 (DPA) governs the processing of personal data

More information

Dublin City University

Dublin City University Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY Title Author Approved By and Date Review Date Mike Pilling Latest Update- Corporation May 2008 1 Aug 2013 DATA PROTECTION ACT 1998 POLICY FOR ALL STAFF AND STUDENTS 1.0 Introduction 1.1 The Data Protection

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Owner : Head of Information Management Document ID : ICT-PL-0099 Version : 2.0 Date : May 2015 We will on request produce this Policy, or particular parts of it, in other languages

More information

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE ADOPTED ON 9 th January 2008 TABLE OF CONTENTS Page No. 1 Introduction...3 2 Glossary...3 3 Types of Personal Data held by Us...3 4 Obligations

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY The information and guidelines within this Policy are important and apply to all members, Fellows and staff of the College 1. INTRODUCTION Like all educational establishments, the

More information

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY

MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency

More information

Data Protection Policy

Data Protection Policy Data Protection Policy April 2014 Author: Jennifer McLaren, Assistant Principal, Curriculum Support & Finance Impact Assessment Date: 15 February 2010 Date: April 2014 Contents 1 Purpose... 2 2 Policy...

More information

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website Date created: November 2015 Date for review: July 2016 Created by: Mark Vanstone,

More information

Data Protection Policy. Leeds City Council. Information Governance team, Intelligence & Performance - 1 -

Data Protection Policy. Leeds City Council. Information Governance team, Intelligence & Performance - 1 - Leeds City Council Data Protection Policy - 1 - Document Control Organisation Leeds City Council Title Data Protection Policy Author Mark Turnbull, Legal Services Filename DPA policyvr1.doc Owner Assistant

More information

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION

UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION UNIVERSITY OF ABERDEEN POLICY ON DATA PROTECTION The Data Protection Act 1998 (DPA) was passed in order to implement the EU Data Protection Directive (95/46/EC) and applies to all data relating to, and

More information

Glyncoed Primary School. Data Protection Policy

Glyncoed Primary School. Data Protection Policy Glyncoed Primary School Data Protection Policy Date agreed: March 2015 Review date: March 2017 1 Data Protection Policy Glyncoed Primary School collects and uses personal information about staff, pupils,

More information

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;

DATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each; DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules

More information

CORK INSTITUTE OF TECHNOLOGY

CORK INSTITUTE OF TECHNOLOGY CORK INSTITUTE OF TECHNOLOGY DATA PROTECTION POLICY APPROVED BY GOVERNING BODY ON 30 APRIL 2009 INTRODUCTION Cork Institute of Technology is committed to a policy of protecting the rights and privacy of

More information

Data Security and Extranet

Data Security and Extranet Data Security and Extranet Derek Crabtree Schools ICT Support Manager derek.crabtree@merton.gov.uk Target Operating Model 2011 Merton Audit Organisation name: London Borough of Merton Periodic plan date:

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Version 1.3 April 2014 Contents 1 POLICY STATEMENT...2 2 PURPOSE....2 3 LEGAL CONTEXT AND DEFINITIONS...2 3.1 Data Protection Act 1998...2 3.2 Other related legislation.....4 3.3

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Prepared By: Malkiat Thiarai Head of Corporate Information Management Date of Publication: 23/01/2013 Version: 5.0 Classification: Not Protectively Marked Page 1 Table of Contents

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY MILNBANK HOUSING ASSOCIATION DATA PROTECTION POLICY LS/NOV.2011/REF.P14 1) INTRODUCTION Milnbank Housing Association recognises that the Data Protection Act 1998 is an important piece of legislation to

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Approved by Governors Date: 15 March 2016 Signed Chair of Governors Date of Review: Introduction Blessed Trinity RC College collects and uses personal information about staff, pupils,

More information

INFORMATION PRIVACY STATEMENT

INFORMATION PRIVACY STATEMENT INFORMATION PRIVACY STATEMENT Victoria Police is bound by the Privacy and Data Protection Act 2014 in how it manages personal information. Victoria Police is committed to protecting the personal information

More information

Access to Information: Data Protection and Freedom of Information

Access to Information: Data Protection and Freedom of Information Access to Information: Data Protection and Freedom of Information Records Management Section Data protection: key concepts Personal data Sensitive personal data Data subjects Data protection principles

More information

An overview of UK data protection law

An overview of UK data protection law An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44

More information

DATA PROTECTION ACT 2002 The Basics

DATA PROTECTION ACT 2002 The Basics DATA PROTECTION ACT 2002 The Basics Purpose of the Act Balance the rights of an individual with an organisation s legitimate need to process personal data Promote openness and transparency Establish and

More information

Chapter 1 Introduction and guidance for employers

Chapter 1 Introduction and guidance for employers A Thorogood Special Briefing Chapter 1 Introduction and guidance for employers Introduction Subject access request Compliance Changing law The Employment Practices Code Personal data Making access requests

More information

Subject Access Request, Procedure, Guidance and Information

Subject Access Request, Procedure, Guidance and Information Subject Access Request, Procedure, Guidance and Information Updated: July 2015 Page 1 of 61 CONTENTS 1. Introduction 5 2. Legal Context 5 3. Subject Access Request to Personal Records Guidance 6 Guidance

More information

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015

Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 Hampstead Parochial CofE Primary School Data Protection Policy Spring 2015 1. Introduction and Scope 1.1 The Data Protection Act 1998 is the law that protects personal privacy and applies to any school

More information

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements Policy and Procedure for approving, monitoring and reviewing personal data processing agreements 1 Personal data processing by external suppliers, contractors, agents and partners Policy and Procedure

More information

Data controllers and data processors: what the difference is and what the governance implications are

Data controllers and data processors: what the difference is and what the governance implications are ICO lo : what the difference is and what the governance implications are Data Protection Act Contents Introduction... 3 Overview... 3 Section 1 - What is the difference between a data controller and a

More information

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session

Everyone in the workplace has a legal duty to protect the privacy of information about individuals. AEP/BELB/LJ/2010 Awareness Session Everyone in the workplace has a legal duty to protect the privacy of information about individuals AEP/BELB/LJ/2010 Awareness Session During 2007 alone, 36,989,300 people in the UK have had their private

More information

John Leggott College. Data Protection Policy. Introduction

John Leggott College. Data Protection Policy. Introduction John Leggott College Data Protection Policy Introduction The College needs to keep certain information about its employees, students and other users to allow it to monitor performance, achievements, and

More information

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose

MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY. Ensuring Information is Accurate and Fit for Purpose MENTAL HEALTH TRIBUNAL FOR SCOTLAND: RECORDS MANAGEMENT POLICY Index: Introduction Information is a Corporate Resource Personal Responsibility Information Accessibility Keeping Records of what we do Ensuring

More information

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk

Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk Rick Parsons Information Governance Officer County Hall 01865 323593 rick.parsons@oxfordshire.gov.uk 1 THE DATA PROTECTION ACT 1998 2 Requirements of the Act Roles & Responsibilities Best Practice 3 The

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Rev No. 0 New Document 1 2 3 4 5 6 7 Revision Status Details of Amendments Name Date Update of College DPA statement New Reference to Appendix 4 Staff Guidelines ESF document retention

More information

ATMD Bird & Bird. Singapore Personal Data Protection Policy

ATMD Bird & Bird. Singapore Personal Data Protection Policy ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:

More information

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions

Data Protection Policy. Information Security Review Group. Version Date Author Notes on Revisions Document Control Table Document Title: Author(s) (name, job title and Division): Version Number: Document Status: Date Approved: Approved By: Effective Date: Date of Next Review: Superseded Version: Data

More information

Caedmon College Whitby

Caedmon College Whitby Caedmon College Whitby Data Protection and Information Security Policy College Governance Status This policy was re-issued in June 2014 and was adopted by the Governing Body on 26 June 2014. It will be

More information

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information.

1.2 Scope This policy and guidance applies to all University staff, students and others who use or process any personal information. MANCHESTER METROPOLITAN UNIVERSITY DATA PROTECTION POLICY This policy should be read in conjunction with the Data Protection Guidance, which is attached as: Appendix A Dealing with Personal Data Appendix

More information

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD

DATA PROTECTION POLICY. DATA PROTECTION POLICY Reviewed and Adopted April Signed...COG...HEAD DATA PROTECTION POLICY DATA PROTECTION POLICY Reviewed and Adopted April 2016 Signed...COG...HEAD Next review April 2018 Data Protection Policy AIMS This policy sets out the Council s commitment to the

More information

DATA PROTECTION CORPORATE POLICY

DATA PROTECTION CORPORATE POLICY DATA PROTECTION CORPORATE POLICY Information Management V1.1 03 July 2012 Not protectively marked This policy must be complied with fully by all Members, Officers Agents and Contractors of Plymouth City

More information

The Manitowoc Company, Inc.

The Manitowoc Company, Inc. The Manitowoc Company, Inc. DATA PROTECTION POLICY 11FitzPatrick & Associates 4/5/04 1 Proprietary Material Version 4.0 CONTENTS PART 1 - Policy Statement PART 2 - Processing Personal Data PART 3 - Organisational

More information

Data Protection and Privacy Policy

Data Protection and Privacy Policy Data Protection and Privacy Policy 1. General This policy outlines Conciliation Resources commitments to respect the privacy of people s personal information and observe the relevant data protection legislation.

More information

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy

Data Protection policy approved by the Governing Body of Ifield Community College. Ifield Community College Data Protection Policy Data Protection policy approved by the Governing Body of Ifield Community College Ifield Community College Data Protection Policy Introduction The school collects and uses certain types or personal information

More information

The Chafford School. Data Protection and Freedom of Information Policy

The Chafford School. Data Protection and Freedom of Information Policy The Chafford School Data Protection and Freedom of Information Policy INDEX Aims & Objectives... 3 Data Protection The law... 3 Processing, storing, archiving and deleting personal data: Guidance... 3

More information

Complaints Policy. Complaints Policy. Page 1

Complaints Policy. Complaints Policy. Page 1 Complaints Policy Page 1 Complaints Policy Policy ref no: CCG 006/14 Author (inc job Kat Tucker Complaints & FOI Manager title) Date Approved 25 November 2014 Approved by CCG Governing Body Date of next

More information

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013 Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is

More information

Scottish Rowing Data Protection Policy

Scottish Rowing Data Protection Policy Revision Approved by the Board August 2010 1. Introduction As individuals, we want to know that personal information about ourselves is handled properly, and we and others have specific rights in this

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Policy Details Produced by Assistant Principal Information Systems Date produced Approved by Senior Leadership Team (SLT) Date approved July 2011 Linked Policies and Freedom of Information

More information

Information Governance Policy

Information Governance Policy Information Governance Policy Implementation date: 30 September 2014 Control schedule Approved by Corporate Policy and Strategy Committee Approval date 30 September 2014 Senior Responsible Officer Kirsty-Louise

More information

Data Protection. Policy and Application July 2009

Data Protection. Policy and Application July 2009 Data Protection Policy and Application July 2009 Produced for staff of the House of Commons Service by the Department of Resources Information Rights and Information Security (IRIS) Service Data Policy:

More information

Staple Hill Primary School. Data Protection Policy

Staple Hill Primary School. Data Protection Policy Staple Hill Primary School Data Protection Policy Staple Hill Primary School collects and uses personal information about staff, pupils, parents and other individuals who come into contact with the school.

More information

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.

Align Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved. Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Responsible Officer Author Date effective from July 2009 Ben Bennett, Business Planning & Resources Director Julian Lewis, Governance Manager Date last amended December 2012 Review

More information

RECORDS MANAGEMENT POLICY

RECORDS MANAGEMENT POLICY [Type text] RECORDS MANAGEMENT POLICY POLICY TITLE Academic Year: 2013/14 onwards Target Audience: Governing Body All Staff and Students Stakeholders Final approval by: CMT - 1 October 2014 Governing Body

More information

DATA PROTECTION AUDIT GUIDANCE

DATA PROTECTION AUDIT GUIDANCE DATA PROTECTION AUDIT GUIDANCE CONTENTS Section I: Section II: Audit of Processing of Personal Data Audit Procedure Appendices: A B C D E Audit Form List of Purposes List of data subjects List of data

More information

Human Resources Policy documents. Data Protection Policy

Human Resources Policy documents. Data Protection Policy Policy documents Aims of the Policy apetito is committed to meeting its obligations under data protection law. As a business, apetito handles a range of Personal Data relating to its customers, staff and

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual 1 Invest NI Subject Access Request Procedure Manual 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What

More information

PRIVACY AND CREDIT REPORTING POLICY

PRIVACY AND CREDIT REPORTING POLICY PRIVACY AND CREDIT REPORTING POLICY 12 March 2014 CONTENTS What is personal information?...3 Information we may collect, use and disclose about you...4 Collection of sensitive information...6 How personal

More information

Our Client Agreement for Mortgages & Insurance

Our Client Agreement for Mortgages & Insurance 1. This agreement is issued on behalf of Duchy Independent Financial Advisers Ltd of Chy Jenner, Newham Quay, Truro, Cornwall TR1 2DP whom can be contacted at 01872 240368. Authorisation Statement Duchy

More information

PRIVACY POLICY. comply with the Australian Privacy Principles ("APPs"); ensure that we manage your personal information openly and transparently;

PRIVACY POLICY. comply with the Australian Privacy Principles (APPs); ensure that we manage your personal information openly and transparently; PRIVACY POLICY Our Privacy Commitment Glo Light Pty Ltd A.C.N. 099 730 177 trading as "Lighting Partners Australia of 16 Palmer Parade, Cremorne, Victoria 3121, ( LPA ) is committed to managing your personal

More information

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017

Version 1. Chair of Governors Signature.. Review Date: Spring term 2017 Version 1 Chair of Governors Signature.. Date of Adoption/Ratification: 4 th February 2015 Review Date: Spring term 2017 Purpose Cliff Park School s Trust collects and uses personal information about staff,

More information

SUBJECT ACCESS REQUEST PROCEDURE

SUBJECT ACCESS REQUEST PROCEDURE SUBJECT ACCESS REQUEST PROCEDURE Document History Document Reference: Document Purpose: IG31 This procedure sets out the responsibility for staff when receiving requests for information provided under

More information

Data Protection Policy June 2014

Data Protection Policy June 2014 Data Protection Policy June 2014 Approving authority: Consultation via: Court Audit and Risk Committee, University Executive, Secretary's Board, Information Governance and Security Group Approval date:

More information

Terms of Business for Registered Support Providers

Terms of Business for Registered Support Providers Terms of Business for Registered Support Providers The National Disability Insurance Scheme Act 2013 provides for the making of Rules and requirements for registered providers of support. The Rule National

More information

DATA PROTECTION AND DATA STORAGE POLICY

DATA PROTECTION AND DATA STORAGE POLICY DATA PROTECTION AND DATA STORAGE POLICY 1. Purpose and Scope 1.1 This Data Protection and Data Storage Policy (the Policy ) applies to all personal data collected and dealt with by Centre 404, whether

More information

INFORMATION GOVERNANCE POLICY

INFORMATION GOVERNANCE POLICY INFORMATION GOVERNANCE POLICY Primary Intranet Location Information Management & Governance Version Number Next Review Year Next Review Month 7.0 2018 January Current Author Phil Cottis Author s Job Title

More information

Corporate Data Protection Policy

Corporate Data Protection Policy Corporate Data Protection Policy September 2010 Records Management Policy RMP-09 GOLDEN RULE When you think about Data Protection remember that we are all data subjects. Think about how appropriately and

More information

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012

2012 No. 1204 POLICE, ENGLAND AND WALES. The Police (Complaints and Misconduct) Regulations 2012 STATUTORY INSTRUMENTS 2012 No. 1204 POLICE, ENGLAND AND WALES The Police (Complaints and Misconduct) Regulations 2012 Made - - - - 1st May 2012 Laid before Parliament 3rd May 2012 Coming into force - -

More information

Document 12. Open Awards Malpractice and Maladministration Policy and Procedures

Document 12. Open Awards Malpractice and Maladministration Policy and Procedures Open Awards Malpractice and Maladministration Policy and Procedures Page 1 of 14 Open Awards Malpractice and Maladministration Policy and Procedures Policy Statement Open Awards is committed to ensuring

More information

Falkirk Council Data Protection Guidelines

Falkirk Council Data Protection Guidelines Falkirk Council Data Protection Guidelines Contents Contents 2 Objectives 3 What does the Data Protection Act 1998 do? 3 Who is who under the Data Protection Act 1998? 4 Definitions 4 The Eight Principles

More information

Subject Access Request (SAR) Procedure

Subject Access Request (SAR) Procedure Subject Access Request (SAR) Procedure East and North Hertfordshire Clinical Commissioning Group Page 1 of 16 DOCUMENT CONTROL SHEET Document Owner: Chief Finance Officer Document Author(s): Anne Ephgrave

More information

Data Protection Policy

Data Protection Policy Data Protection Policy 1. INTRODUCTION 1.1. The Data Protection Act gives you as an individual the right to know what information is held about you. It provides a framework to ensure that personal information

More information