Data Compliance. And. Your Obligations



Similar documents
Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

CORK INSTITUTE OF TECHNOLOGY

Scottish Rowing Data Protection Policy

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

ATMD Bird & Bird. Singapore Personal Data Protection Policy

University of Limerick Data Protection Compliance Regulations June 2015

Merthyr Tydfil County Borough Council. Data Protection Policy

Data Security and Extranet

Policy and Procedure for approving, monitoring and reviewing personal data processing agreements

Human Resources Policy documents. Data Protection Policy

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

Data Protection Good Practice Note

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

AlixPartners, LLP. General Data Protection Statement

The Manitowoc Company, Inc.

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

DATA PROTECTION ACT 1998 COUNCIL POLICY

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Information Governance Policy

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

How To Protect Your Personal Information At A College

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Data Protection in Ireland

PINAL COUNTY POLICY AND PROCEDURE 2.50 ELECTRONIC MAIL AND SCHEDULING SYSTEM

DATA PROTECTION POLICY

JOB APPLICANT PRIVACY NOTICE

The Manchester College

The potential legal consequences of a personal data breach

HERTSMERE BOROUGH COUNCIL

FIDELITY APPLICANT PRIVACY AND PROTECTION NOTICE

Policy Document Control Page

John Leggott College. Data Protection Policy. Introduction

Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

DATA PROTECTION POLICY

FINAL May Guideline on Security Systems for Safeguarding Customer Information

Data Protection Policy

Data protection policy

DATA PROTECTION AND DATA STORAGE POLICY

CLOUD COMPUTING FOR ehealth DATA PROTECTION ISSUES

Data Protection Guidance

Binding Corporate Rules ( BCR ) Summary of Third Party Rights

Data protection policy

PRIVACY POLICY Personal information and sensitive information Information we request from you

Guidelines on Data Protection. Draft. Version 3.1. Published by

Appendix 11 - Swiss Data Protection Act

Evolve Financial Solutions Mortgage & Insurance Services & Costs

1. (a) Full name of proposer including trading names if any (if not a limited company include full names of partners) Date established

Data Protection Policy

Standard. Information Security - Information Classification. Jethro Perkins. Information Security Manager. Page 1 of 12

ON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS

Information Privacy Policy

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

GSK Public policy positions

Align Technology. Data Protection Binding Corporate Rules Controller Policy Align Technology, Inc. All rights reserved.

Human Resources and Data Protection

TECHNICAL AND ORGANIZATIONAL DATA SECURITY MEASURES

Code of Practice on Data Protection for the Insurance Sector

RPM INTERNATIONAL INC. AND ITS SUBSIDIARIES AND OPERATING COMPANIES SAFE HARBOR PRIVACY NOTICE. EFFECTIVE AS OF: August 12, 2015

Rick Parsons Information Governance Officer County Hall

Data Protection Act 1998 Codes of Practice. The Employment Practices DP Code Part 1: Recruitment and Selection

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Act a more detailed guide

Crimes (Computer Hacking)

Data Protection for the Guidance Counsellor. Issues To Plan For

SAFE HARBOR PRIVACY NOTICE EFFECTIVE: July 1, 2005 AMENDED: July 15, 2014

Data protection. The employment practices code

Data Protection and Privacy Policy

Summary Electronic Information Security Policy

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

HIPAA Audit Risk Assessment - Risk Factors

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

Incident reporting procedure

SCOTLAND S COMMISSIONER FOR CHILDREN AND YOUNG PEOPLE STANDARD CONDITIONS OF CONTRACT FOR SERVICES

LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT

An Executive Overview of GAPP. Generally Accepted Privacy Principles

Transcription:

Information Booklet Data Compliance And Your Obligations

What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection Acts 1988 and 2003 confer rights on individuals as well as responsibilities on those persons processing personal data. What is a Data Controller? A Data Controller is a person who, either alone or with others, controls the contents and use of personal data. Responsibilities of a Data Controller? Obtain and process information fairly Keep it only for one or more specified, explicit and lawful Use and disclose it only in ways compatible with these Keep it safe and secure. Keep it accurate, complete and up-to-date. Ensure that it is adequate, relevant and not excessive. Retain it for no longer than is necessary for the purpose or Give a copy of his/her personal data to that individual, on request.

To Ensure your Compliance to Data Protection Act Be aware of your Data Protection responsibilities -especially in relation to processing personal data fairly. Appoint a Data Protection Officer Staff must be aware of their responsibilities - through appropriate internal training and/or written procedures and regulations of the internal data protection policy which outlines the 8 fundamental rules of Data Protection. The Data Protection Officer when appointed must oversee Enforcement of the 8 Rules of Data Protection. With the Processing of Sensitive Data there are special conditions which must be met, namely: The subject must have given explicit consent to the processing and has been clearly informed of the purpose in processing the data, and has supplied the data with that understanding. OR The processing must be necessary: for the purpose of obtaining legal advice. for the administration of Justice. for medical to prevent injury to the health o the data subject where the consent cannot be reasonably expected to be obtained. for the purpose of the assessment of a tax liability. The Consequences of Non-Compliance? 1. Inspection by the Data Protection Commissioner 2. Public Naming of persons convicted 3. Conviction with a fine of up to 100,000 4. Susceptible to: Client Data Loss in event of a disaster such as server failure, water damage or fire Confidential Data Disclosure because of staff or non-secure procedures Accusations of Negligence around Data Protection.

Your Obligation Checklist Is your company registered with the Data Protection Commissioner? Has your data been obtained fairly- and is this verifiable? D Is your data used for the purpose agreed with the client when it was obtained? Is Client Data, at all times, safe and secure? (see Appendix 1) Do all your e-mails have a confidentially clause? Do all staff contracts have a confidentially clause? Have you confidentiality contract with all your I.T support? Do you have a written defined policy on retention periods for all personal data?, (see Appendix 2) Is there a written and regularly reviewed access policy for staff established around sensitive data, (see Appendix 3) Do you have a written procedure for handling access requests from individuals? Do you have a procedure for archiving or deleting data relating to former clients? Are all your computers password protected? Are all computers screens details hidden from to callers to your office? Are all staff aware of their responsibilities under the Data Protection Act? Have you an appointed Data Compliance officer? Can you guarantee the Confidentially, integrity and Availability of your Clients Data?

Appendix 1 - Definition of Secure Data Is all data encrypted when leaving your office? Is client data stored off-site in a secure environment? Do you have a documented disaster recovery plan? Appendix 2 - Financial Regulator Requirements. Investment Intermediaries shall retain in readily accessible form, for a period of at least 6 years from the date of the transaction a full record of each transaction enter into. All records shall be made available for inspection by the FINANCIAL REGULATOR promptly on request and where not retained in legible form, must be capable of being produced in that form. An investment intermediary must have adequate procedures for the maintenance, security, privacy and preservation of records...so that they are reasonably safeguarded against loss, unauthorised access, alteration or destruction. Appendix 3 - Definition of 'Sensitive Personal Data Data which refers to: Racial or ethnic origins Political opinions Religious beliefs Trade union membership Physical or mental health and conditions sex life or sexual orientations Criminal (or alleged criminal) activities Criminal proceedings, criminal convictions (or any sentences imposed by the courts).

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information