Index. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection



Similar documents
Data Compliance. And. Your Obligations

Office of the Data Protection Commissioner of The Bahamas. Data Protection (Privacy of Personal Information) Act, A Guide for Data Controllers

CORK INSTITUTE OF TECHNOLOGY

Data Protection in Ireland

Data Protection Act. Privacy & Security in the Information Age. April 26, Ministry of Communications, Ghana

ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY

Data Protection Policy

Corporate ICT & Data Management. Data Protection Policy

Protection. Code of Practice. of Personal Data RPC001147_EN_WB_L_1

Protection. Code of Practice. of Personal Data RPC001147_EN_D_19

DATA PROTECTION POLICY

DATA PROTECTION ACT 1998 COUNCIL POLICY

University of Limerick Data Protection Compliance Regulations June 2015

OBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;

2. Scope 2.1 This policy covers all the activities and processes of the University that uses personal information in whatever format.

Merthyr Tydfil County Borough Council. Data Protection Policy

The Manitowoc Company, Inc.

AlixPartners, LLP. General Data Protection Statement

Little Marlow Parish Council Registration Number for ICO Z

Data Protection Good Practice Note

Data Protection Policy June 2014

Information Governance Policy

Policy Document Control Page

DATA PROTECTION POLICY

How To Understand The Data Protection Act

HERTSMERE BOROUGH COUNCIL

Data Protection Guidance

ATMD Bird & Bird. Singapore Personal Data Protection Policy

Personal data - Personal data identify an individual. For example, name, address, contact details, date of birth, NHS number.

Human Resources Policy documents. Data Protection Policy

The Manchester College

DATA PROTECTION POLICY

Data Security and Extranet

Guidelines on Data Protection. Draft. Version 3.1. Published by

Scottish Rowing Data Protection Policy

PERSONAL INJURIES ASSESSMENT BOARD DATA PROTECTION CODE OF PRACTICE

Data Protection Policy

Policy and Procedure Title: Maintaining Secure Learner Records Policy No: CCTP1001 Version: 1.0

DATA PROTECTION POLICY

Data protection. The employment practices code

DATA PROTECTION MANUAL

Human Resources and Data Protection

Rick Parsons Information Governance Officer County Hall

Data Protection Policy

Data Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document

PRESIDENT S DECISION No. 40. of 27 August Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)

Data Protection. Policy and Application July 2009

Data protection policy

DATA PROTECTION CORPORATE POLICY

Data Protection Policy A copy of this policy is published in the following areas: The school s intranet The school s website

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN better health cover shouldn t hurt

Data Protection Procedures

FIRST DATA CORPORATION SUMMARY: BINDING CORPORATE RULES FOR DATA PRIVACY AND PROTECTION

DATA PROTECTION AND DATA STORAGE POLICY

Evolve Financial Solutions Mortgage & Insurance Services & Costs

Data Protection Act a more detailed guide

Data Protection Standard

Data Protection for the Guidance Counsellor. Issues To Plan For

Standard. Information Security - Information Classification. Jethro Perkins. Information Security Manager. Page 1 of 12

DATA PROTECTION POLICY

technical factsheet 176

DATA SECURITY BREACH MANAGEMENT POLICY AND PROCEDURE

Data Protection and Information Security. Procedure for reporting a breach of data security. April 2013

about our equity release services

Data Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk

Information Security Policy. Appendix B. Secure Transfer of Information

Data Protection Acts 1988 and 2003: Informal Consolidation

Data Protection and Data security Policy

Procedures for obtaining informed consent for recordings and images of people to support Data Protection Policy

PRIVACY POLICY Personal information and sensitive information Information we request from you

So the security measures you put in place should seek to ensure that:

Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data

GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4

1. Introduction Statement of Policy The Eight Principles of Data Protection Scope Roles and Responsibilities.

Data Protection Policy

Transcription:

Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner

Index Definitions What is Data Protection? Rights of Individuals Responsibilities of DIT The 8 Principles of Data Protection Summary of DIT s Responsibilities as a Data Controller during the Data Lifecycle Further Information

Definitions Personal Data: Any data relating to a living identifiable individual. Data: Automated data or structured manual data. Manual Data: Structured by reference to individuals in a way that makes data readily accessible. Sensitive Data: Relates to physical/mental health, racial origin, political opinions, religious or other beliefs, sexual life, criminal convictions, alleged commission of offence or Trade Union membership. Data Controller: A person who controls the contents and use of personal data. Data Processor: A person who processes personal data on behalf of a data controller. Data Subject: An individual who is the subject of personal data. Processing: Anything done with personal data, from collection to disposal.

What is Data Protection? Data Protection is the safeguarding of privacy rights of individuals in relation to the processing of personal data in both paper and electronic format. DIT is obliged to comply with the provisions set out by the Data Protection Acts, 1988 and 2003 ( DP Acts ). The DP Acts create: RIGHTS for Individuals (i.e. Data Subject) RESPONSIBILITIES for Users of Personal Data (i.e. Data Controllers/ Data Processors)

Rights of Individuals Right to fairness when giving information; Right to request a copy of own personal information; Right to have wrong information corrected; Right to opt out of marketing; Right to make a complaint to the Data Protection Commissioner.

Responsibilities of DIT DIT, as a data controller, must comply with certain rules about how it collects and uses personal information. These rules are known as: The 8 Principles of Data Protection* 1) Obtain and process information fairly; 2) Keep it only for one or more specified and lawful purposes; 3) Process it only in ways compatible with the purposes for which it was given to you initially; 4) Keep it safe and secure; 5) Keep it accurate and up-to-date; 6) Ensure that it is adequate, relevant and not excessive; 7) Retain it no longer than is necessary for the specified purpose or purposes; 8) Give a copy of his/her personal data to any individual on request. *Further information on each of these principles is available on the following slides

The 8 Principles of Data Protection 1. Obtain and Process Information Fairly DIT must provide data subjects with full information about: its identity; the purposes for which the data subject s personal data will be used; to whom, if anyone, the personal data will be disclosed to; any other data necessary for fairness. To obtain personal information, one of the following conditions is required: Consent; Contract with Individual; Legal Obligation; Necessary to Protect Vital Interests; Necessary for legitimate interests ; Necessary for a Public Function (Justice). In order to process sensitive personal information, explicit consent is required Processing must be necessary for one of the following reasons: For the purposes of DIT s obligations under Employment Law; To prevent injury or protect vital interests; For the purpose of obtaining legal advice; For medical purposes; Statutory Function. or

The 8 Principles of Data Protection 2. Keep Information only for one or more Specified and Lawful Purposes DIT is required to inform data subjects of the reason(s) why it collects and keeps personal data. The purpose cannot be expanded without reverting to the data subject and seeking additional consent. 3. Process Information only in ways compatible with purposes for which it was initially given General Rule: Personal data should not be disclosed for any purposes other than that for which it was originally provided to DIT.

The 8 Principles of Data Protection 4. Keep Information Safe and Secure Appropriate security measures are required to ensure that personal data is kept safe and secure, e.g. s include laptop encryption, password security etc. 5. Keep Information Accurate and Up-To-Date Personal data held by DIT must be accurate, complete and up to date. Data subjects have a right to have errors relating to personal data rectified. 6. Keep Information Adequate, Relevant and Not Excessive Only the minimum amount of personal data required must be sought and retained, that is, DIT does not have a right to ask for, or hold, data which is not relevant to the service being provided.

The 8 Principles of Data Protection 7. Retain Information only as long as necessary Personal data must only be held for as long as is necessary in accordance with the purpose for which it was collected. DIT s Record Retention Schedules are available at http://www.dit.ie/recordsmanagement/recordsmanagement/ 8. Right of Access An individual has a right of access to his/her personal data on request. An individual also has a right to request that DIT corrects/erases/ blocks or ceases to process personal data on the grounds that it would cause unwarranted damage or distress. Please refer all Data Protection Access Requests immediately to the Records Manager at foi@dit.ie or telephone (01) 402 7519.

Summary of DIT s Responsibilities as a Data Controller during the Data Lifecycle Inform & Get Consent Justification To Process Keep Accurate Have A Retention Policy Beginning Middle End Getting The Data While DIT Has The Data Disposing Of Data Specify Purpose Only Gather What Is Required Respond To Access Requests Disclose Only If Compatible Or Allowable Exception Keep Secure & Dispose Securely Source: Office of the Data Protection Commissioner

Further Information Data Protection in DIT: http://www.dit.ie/recordsmanagement/dataprotection/ Office of the Data Protection Commissioner: http://dataprotection.ie/ For further information, please contact: Theresa Whelan Records Manager DIT 143-149 Lower Rathmines Road Dublin 6 Telephone: (01) 402 7519 Email: foi@dit.ie or theresa.whelan@dit.ie

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information