The Data Protection Act 1998 Clare Hall Data Protection Policy
|
|
- Logan Blankenship
- 5 years ago
- Views:
Transcription
1 The Data Protection Act 1998 Clare Hall Data Protection Policy Introduction This document is a guide to the main requirements of the new Data Protection Act (DPA) that came into force on 24th October Full details can be found on College Staff with access to personal data need to act in accordance with the terms of the Act, and must sign the certificate of compliance at Appendix 1. The Act has wide-reaching implications and the purpose of the document is to introduce its the key elements and, most importantly, to outline the ways in which each Staff member either in possession of, or collecting so-called open data (see below) should act, in order to be DPA compliant. The main requirements of the Act are that data should be: Fairly and lawfully processed Processed for limited purposes Adequate, relevant and not excessive Accurate Not kept longer than necessary Processed in accordance with the data subject's rights Secure Not transferred to approved countries without adequate protection Data Protection Responsibilities within Clare Hall Data protection within the College is the responsibility of the Bursar (Data Protection Officer - DPO), with the Senior Tutor as his or her Deputy. Both posts are ex officio. Staff Responsibilities All staff will, through appropriate training and responsible management: Observe all forms of guidance, codes of practice and procedures about the collection and use of personal information. Understand fully the purposes for which the College uses personal information. Collect and process appropriate information only in accordance with the purposes for which it is to be used by the College to meet its needs and legal requirements. Only access personal data that they require to carry out their jobs properly. Ensure the information is recorded accurately and correctly in the College s systems by following its standard format (as attached). Ensure the information is destroyed when it is no longer required
2 On receipt of a request (Subject Access Request) from an individual for information held about them by or on behalf of the College, immediately notify the Data Protection Officer, deal with all personal information in accordance with the College s security procedures. Any breach of the 1998 Act and the College s data protection policy shall be viewed as gross misconduct and may lead to dismissal. Such training will be fully documented for all staff. Types of Data The only data that has the potential to fall within the terms of the Act is personal data; that is, data pertaining to a living person. Personal data can be divided into four categories: Open Data. That is data by which individuals can be readily identified. This data does not have to have individuals names attached to it. It could be that the constellation of data is such that it could only refer to a small group of people (in practice 50 or less), thus making individual identification a significant risk. Coded Data. That is data where the main data set has a code that identifies an individual and the code decryption that links to the individual s name is kept separate from the data set within the same institution. To all intents and purposes this data should be treated the same way as open data under the terms of the Act. Linked Anonymised Data. This is a particular form of coded data, where the code is kept by another data controller, such as the University. Unlinked Anonymised Data. This data has no individual reference within it and does not link to any code elsewhere. Such data has no implications for data protection and falls outside of the remit of the Act. Since the vast majority of any data handled by the College will be open data, the rest of the document will deal only with its treatment. Essentially, if data can be linked to any individual in any way it should be treated as open data and follow the guidelines in this document. Further advice may be obtained from one of the Data Protection Officers. Basic protection of open data The following rules apply to all open data: All open electronic data should be stored on code-word protected disk space. This also applies to portable computers, and home computers. All open paper data should be stored in a locked storage facility (e.g. filing cabinet) in a locked room/building. This might require some pruning of paper data
3 Open data taken off-site must be secure. This involves code-word protection of off-site disk space, the use of locked storage space, and the prevention of casual viewing by others. In particular steps must be taken to prevent access to the data during transportation. Open data must not be discussed in a way that can be overheard, such that individuals can be identified. It must not be left around for others to read on desks or on printers. All electronic mail that discusses identifiable individuals must be treated as open data, codeword protected and sent only to known addressees. Data should not be sent to countries that are not recognised by the Act (see the Act web site). The acquisition of data When acquiring open data it is imperative that informed consent is obtained for all of the possible future uses of the data. If staff work involves additional disposal of the data, separate consent should be obtained. It is important to be clear that the principles of Data Protection do not mean that staff cannot do things with personal data such as publish it in College publications, talk about it at conferences and meetings (even with reference to named individuals). It just means that before doing these things the written informed consent of the individuals involved must be obtained. The registration of data Under the terms of the act all of the open data acquired and kept by the College needs to be registered. In practical term this means that it is stored in College secure files and College Members personal files and afforded the appropriate degree of security. Requests to Access Open Data Under the terms of the Act individuals on whom data is kept have the right to access that data. For this reason the above guidelines on the security of data must be adhered to. In the event of a request for access to data, the member of staff concerned should: Be aware that deception may be used to obtain information. Note that telephone requests for information should rarely if ever be complied with. Establish the identity of a person requiring disclosure before responding. Confirm that they do indeed possess data on that individual. Consult with one of the data protection officers if in doubt before making any disclosure
4 Ensure that the request is made in writing. Keep a record of any routine and non-routine disclosures. Record the person who made the disclosure and authorised it and the person requesting the data and the reasons for making the disclosure in the appropriate Personal File. The date and time must also be recorded. Loss of data Guidelines for the loss of data are at Appendix 1. April
5 Appendix 1 NOTIFICATION OF COMPLIANCE WITH 2001 DATA PROTECTION ACT Name: Position: This is to confirm that the terms of 2001 Data Protection Act have been communicated to me and that I am, and will continue to be, compliant with the Act in the normal conduct of my duties I am aware of, and will implement, the appropriate procedures regarding access to data and loss of data should the circumstances arise. I confirm that if, for any reason, I am unable to continue complying with the Act, I will inform the College DPO immediately. Signed Date - 5 -
6 Appendix 2 Action in the Event of Lost or Stolen Data The first action should be for the DPO or his/her deputy to be informed about the loss. He/she will immediately take charge of the situation and establish as far as is possible what data has been lost or stolen and the associated circumstances. Risk Assessment A preliminary assessment of the risks to individuals and organisations should be undertaken to scope necessary action: Does the data contain information about people? On the personnel front data may contain information about College staff and permanent members, visiting fellows and non-college employees, third parties, contacts and mailing lists, visitors (possibly high profile) and referees. Has business data been lost? Data may contain information about organisational issues and structures, contractual arrangements, strategic planning activities, security procedures, research issues, including progress and intellectual property rights, accommodation plans and financial matters. The key issues to be determined are: If data has been stolen, what damage could be caused by its illegal use? If information about identifiable people has been lost should the individuals be informed? If data about external organisations has been lost is there a risk to their business? In this event, what embarrassment and impact on relationships might be caused? Can the data be reconstructed from back-ups etc. Notifications Consideration needs to be given to contacting the individuals or agencies concerned. Data subjects should only be contacted once a full investigation and impact assessment has been completed. College members may need to be informed if personnel data is lost. Third parties may also need to be informed
7 Recovery Recovery from a loss will be high priority. Sound backup, and effective backup storage security will of course ensure that this can be done effectively and quickly. Review of Security A review of both physical and IT security arrangements may be necessary not only to ensure that further problems will not arise, but also to establish lessons that might be productively passed on to other Colleges
DATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationSt Bernard s Primary School Data Protection Policy
St Bernard s Primary School Data Protection Policy St Bernard s RC Primary School, A Voluntary Academy Approved by Governors: 11.11.2015 Review date: Autumn 2016 St Bernard s Data Protection Policy General
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationA Homeopath Registered Homeopath
A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationThe Data Protection Act 1998
The Data Protection Act 1998 1. Terms 2. The principles of The Data Protection Act 3. Disclosure of Information 4. Subject Access 5. Enforcement 6. Data Security 7. Recording of Contact Exemptions All
More informationData protection. 3 April 2018
Data protection 3 April 2018 Policy prepared by: Ltd Approved by the Directors on: 3rd April 2018 Next review date: 31st March 2019 Data Protection Registration Number (ico.): Z2184271 Introduction Ltd
More informationCastle View Primary School Data Protection Policy
Castle View Primary School Data Protection Policy Aims The Headteacher and Governors of the school intend to comply fully with the requirements and principles of the Data Protection Act 1998. All staff
More informationEmployee Security Awareness Training Program
Employee Security Awareness Training Program Date: September 15, 2015 Version: 2015 1. Scope This Employee Security Awareness Training Program is designed to educate any InComm employee, independent contractor,
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationHeavers Farm Primary School DATA PROTECTION AND INFORMATION MANAGEMENT POLICY Updated 2017
Heavers Farm Primary School DATA PROTECTION AND INFORMATION MANAGEMENT POLICY Updated 2017 Introduction The Data Protection Act 1998 (the Act) is the primary legislation in the United Kingdom, which regulates
More informationData protection policy
Data protection policy Context and overview Introduction The ASHA Centre needs to gather and use certain information about individuals. These can include customers, suppliers, business contacts, employees
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationInformation Security Policy
Information Security Policy Author: Responsible Lead Executive Director: Endorsing Body: Governance or Assurance Committee Alan Ashforth Colin Sloey Implementation Date: September 2010 Version Number:
More informationUWC International Data Protection Policy
UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of
More informationINFORMATION SECURITY AND RISK POLICY
INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationThe Apple Store, Coombe Lodge, Blagdon BS40 7RG,
1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member
More informationRed Flags/Identity Theft Prevention Policy: Purpose
Red Flags/Identity Theft Prevention Policy: 200.3 Purpose Employees and students depend on Morehouse College ( Morehouse ) to properly protect their personal non-public information, which is gathered and
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationUKIP needs to gather and use certain information about individuals.
UKIP Data Protection Policy Context and overview Key details Policy Update Prepared by: D. Dennemarck / S. Turner Update approved by Management on: November 6, 2015 Policy update became operational on:
More informationData Breach Incident Management Policy
Data Breach Incident Management Policy Policy Number FCP2.68 Version Number 1 Status Draft Approval Date: First Version Approved By: First Version Responsible for Policy Responsible for Implementation
More informationDATA PROTECTION SELF-ASSESSMENT TOOL. Protecture:
DATA PROTECTION SELF-ASSESSMENT TOOL Protecture: 0203 691 5731 Instructions for use touches many varied aspects of an organisation. Across six key areas, the self-assessment notes where a decision should
More informationPCA Staff guide: Information Security Code of Practice (ISCoP)
PCA Staff guide: Information Security Code of Practice (ISCoP) PCA Information Risk and Privacy Version 2015.1.0 December 2014 PCA Information Risk and Privacy Page 1 Introduction Prudential Corporation
More informationClyst Vale Community College Data Breach Policy
Clyst Vale Community College Data Breach Policy Contents 1. Aim Page 2 2. Definition Page 2-3 3. Scope Page 3 4. Responsibilities Page 3 5. Reporting a data breach Page 3-4 6. Data breach plan Page 4 7.
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationPrivacy Policy Inhouse Manager Ltd
Privacy Policy Inhouse Manager Ltd April 2018 This privacy statement is designed to tell you about our practices regarding the collection, use and disclosure of information held by Inhouse Manager Ltd.
More informationCardiff University Security & Portering Services (SECTY) CCTV Code of Practice
Cardiff University Security & Portering Services (SECTY) CCTV Code of Practice Document history Author(s) Date S Gamlin 23/05/2018 Revision / Number Date Amendment Name Approved by BI annual revision Date
More informationIdentity Theft Prevention Policy
Identity Theft Prevention Policy Purpose of the Policy To establish an Identity Theft Prevention Program (Program) designed to detect, prevent and mitigate identity theft in connection with the opening
More informationEnviro Technology Services Ltd Data Protection Policy
Enviro Technology Services Ltd Data Protection Policy 1. CONTEXT AND OVERVIEW 1.1 Key details Rev 1.0 Policy prepared by: Duncan Mounsor. Approved by board on: 23/03/2016 Policy became operational on:
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the Ordinance
More informationInformation Security Policy for Associates and Contractors
Information Security Policy for Associates and Contractors Version: 1.13 Date: 11 October 2016 Reference: 67972761 Location: Livelink Contents Introduction... 3 Purpose... 3 Scope... 3 Responsibilities...
More informationDATA SUBJECT ACCESS REQUEST PROCEDURE
DATA SUBJECT ACCESS REQUEST PROCEDURE DATA PROTECTION ACT 1998 This procedure seeks to ensure that the Transport Executive receives and processes Data Subject Access Requests in accordance with the Data
More informationINFORMATION ASSET MANAGEMENT POLICY
INFORMATION ASSET MANAGEMENT POLICY Approved by Board of Directors Date: To be reviewed by Board of Directors March 2021 CONTENT PAGE 1. Introduction 3 2. Policy Statement 3 3. Purpose 4 4. Scope 4 5 Objectives
More informationData Breach Notification Policy
Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent
More informationData Protection. Policy
Data Protection Policy Policy adopted: April 2016 Policy review date: April 2018 OAT Model Policy 1 Contents 1. Policy statement and principles... 3 1.1 Policy aims and principles... 3 1.2 Data protection
More information1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.
1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the
More informationUniversity Facilities Management (UFM) Access Control Procedure (non-residence areas)
University Facilities Management (UFM) Access Control Procedure (non-residence areas) Date of Issue: October 1, 2015 A. PURPOSE University Facilities Management s (UFM) Lock Shop Access Control Procedure
More informationInformation Security Policy
April 2016 Table of Contents PURPOSE AND SCOPE 5 I. CONFIDENTIAL INFORMATION 5 II. SCOPE 6 ORGANIZATION OF INFORMATION SECURITY 6 I. RESPONSIBILITY FOR INFORMATION SECURITY 6 II. COMMUNICATIONS REGARDING
More informationDATA BREACH POLICY [Enniskillen Presbyterian Church]
DATA BREACH POLICY [Enniskillen Presbyterian Church] Enniskillen Presbyterian Church is committed to complying with data protection legislation and will take appropriate technical and organisational measures
More informationLittle Blue Studio. Data Protection and Security Policy. Updated May 2018
Little Blue Studio Data Protection and Security Policy Updated May 2018 Contents Introduction... 3 Purpose... 3 Application... 3 General Data Protection Regulation (GDPR)... 3 Handling personal information,
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationHabitat for Humanity Singapore Ltd
This decision is subject to final editorial corrections approved by the tribunal and/or redaction pursuant to the publisher s duty in compliance with the law, for publication in LawNet. Habitat for Humanity
More informationCredit Card Data Compromise: Incident Response Plan
Credit Card Data Compromise: Incident Response Plan Purpose It is the objective of the university to maintain secure financial transactions. In order to comply with state law and contractual obligations,
More informationThis procedure sets out the usage of mobile CCTV units within Arhag.
CCTV PROCEDURE Statement This procedure sets out the usage of mobile CCTV units within Arhag. Arhag is a registered charitable housing association and is not considered an appropriate authority with regards
More informationDCU Guide to Subject Access Requests. Under Irish Data Protection Legislation
DCU Guide to Subject Access Requests Under Irish Data Protection Legislation Context Under section 4 of the Irish Data Protection Acts 1988 & 2003 an individual, on making a written request to DCU, may
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationData Protection Policy
The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this
More informationFreedom of Information and Protection of Privacy (FOIPOP)
Freedom of Information and Protection of Privacy (FOIPOP) No.: 6700 PR1 Policy Reference: 6700 Category: FOIPOP Department Responsible: Records Management and Privacy Current Approved Date: 2008 Sep 30
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationPathways CIC Privacy Policy. Date Issued: May Date to be Reviewed: May Issued by Yvonne Clarke
Prepared by: M Franklin Issued: May 2018 Pathways Community Interest Company Review due: May 2020 Pathways CIC Privacy Policy Version 0.3 Approved by: Yvonne Clarke Approval date: 21.05.2018 Pathways CIC
More informationData Subject Access Request
Data Subject Access Request DATA PROTECTION ACT 1998 Version: 10.0 Approval Status: Approved Document Owner: Graham Feek Classification: Internal Review Date: 03/07/2017 Effective from: 1 July 2015 Table
More informationData Protection Policy
Data Protection Policy Status: Released Page 2 of 7 Introduction Our Data Protection policy indicates that we are dedicated to and responsible of processing the information of our employees, customers,
More informationSubject: University Information Technology Resource Security Policy: OUTDATED
Policy 1-18 Rev. 2 Date: September 7, 2006 Back to Index Subject: University Information Technology Resource Security Policy: I. PURPOSE II. University Information Technology Resources are at risk from
More informationData Protection policy
DULWICH SYMPHONY ORCHESTRA Data Protection policy 1. Overview Policy prepared by: Dan Sullivan and Jeremy Crump Approved by committee on: 3 May 2018 Next review date: 1 May 2020 Introduction In order to
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationDate of Next Review: May Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act
Date Approved: January 27, 2010-Board Date of Next Review: May 2023 Dates of Amendments: May 17, 2018 Cross References: Electronic Communication Systems- Acceptable Use policy (A.29) Highway Traffic Act
More informationWesley House data protection statement and privacy notice (short-course delegates)
Wesley House data protection statement and privacy notice (short-course delegates) This statement explains how Wesley House handles and uses personal data we collect about delegates on short courses held
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationGeneral Data Protection Regulation
General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced
More informationPolicy and Procedure: SDM Guidance for HIPAA Business Associates
Policy and Procedure: SDM Guidance for HIPAA Business (Adapted from UPMC s Guidance for Business at http://www.upmc.com/aboutupmc/supplychainmanagement/documents/guidanceforbusinessassociates.pdf) Effective:
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationMade In Hackney Data Protection Policy Last Updated:
Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection
More informationGDPR Compliance. Clauses
1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The
More informationNDIS Quality and Safeguards Commission. Incident Management System Guidance
NDIS Quality and Safeguards Commission Incident Management System Guidance Version 1 - May 2018 Acknowledgment This guidance is published by the Australian Government, using resources developed by the
More informationVirginia State University Policies Manual. Title: Information Security Program Policy: 6110
Purpose Virginia State University (VSU) uses information to perform the business services and functions necessary to fulfill its mission. VSU information is contained in many different mediums including
More informationData Protection policy (GDPR)
Data Protection policy (GDPR) This is the statement of general policy and arrangements for: Overall and final responsibility for health and safety is that of: Day-to-day responsibility for ensuring this
More informationDATA PROTECTION IN RESEARCH
DATA PROTECTION IN RESEARCH Document control Applicable to: All employees and research students Date first approved February 2006 Date first amended May 2015 Date last amended May 2015 Approved by Approval
More informationData Protection Policy
Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its
More informationHealing School - A Science Academy GDPR Policy (Exams) 2018/19
Healing School - A Science Academy GDPR Policy (Exams) 2018/19 This policy is reviewed annually to ensure compliance with current regulations Author Date adopted by MAT Directors Mrs D Barnard Review Date
More informationUlster University Policy Cover Sheet
Ulster University Policy Cover Sheet Document Title DATA CENTRE ACCESS POLICY 3.2 Custodian Approving Committee Data Centre & Operations Manager ISD Committee Policy approved date 2017 09 08 Policy effective
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationCell and PDAs Policy
Cell and PDAs Policy CHAPTER: 13 Information Services Department SECTION: 13 SUBJECT: Cell Phones and PDAs POLICY #: 13.13.00 Revised OFFICE/DEPARTMENT: Information Services EFFECTIVE DATE: October 1,
More informationNCAS SUBJECT ACCESS REQUEST FORM (DATA PROTECTION ACT 1998)
(Please note that this form should not be used by a patient wishing to access health records about them held by a local healthcare organisation (e.g. hospital, GP surgery, dental practice, pharmacy). The
More informationSPRING-FORD AREA SCHOOL DISTRICT
No. 801.1 SPRING-FORD AREA SCHOOL DISTRICT SECTION: TITLE: OPERATIONS ELECTRONIC RECORDS RETENTION ADOPTED: January 25, 2010 REVISED: October 24, 2011 801.1. ELECTRONIC RECORDS RETENTION 1. Purpose In
More informationApex Information Security Policy
Apex Information Security Policy Table of Contents Sr.No Contents Page No 1. Objective 4 2. Policy 4 3. Scope 4 4. Approval Authority 5 5. Purpose 5 6. General Guidelines 7 7. Sub policies exist for 8
More informationRed Flags Program. Purpose
Red Flags Program Purpose The purpose of this Red Flags Rules Program is to document the protocol adopted by the University of Memphis in compliance with the Red Flags Rules. Many offices at the University
More informationAccess Control Policy
Access Control Policy Version Control Version Date Draft 0.1 25/09/2017 1.0 01/11/2017 Related Polices Information Services Acceptable Use Policy Associate Accounts Policy IT Security for 3 rd Parties,
More informationCERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION
CERTIFICATION BODY (CB) APPROVAL REQUIREMENTS FOR THE IFFO RESPONSIBLE SUPPLY (IFFO RS) AUDITS AND CERTIFICATION Introduction The IFFO RS Certification Programme is a third party, independent and accredited
More informationWhat options NETIM offers, including those related to gaining of access to and updating of information.
NETIM - Personal data processing policy Effective as of May 25, 2018 DEFINITIONS Data Subject means an identified or identifiable natural person; an identifiable natural person is one who can be identified,
More informationInformation Security Incident Response Plan
Information Security Incident Response Plan Purpose It is the objective of the university to maintain secure systems and data. In order to comply with federal, state, and local law and contractual obligations,
More informationGovernance of the use of as a valid UNC communication
Stage 01: : u Governance of the use of email as a valid UNC communication At what stage is this document in the process? This modification proposes business rules to ensure that appropriate assurance is
More informationGeneral Data Protection Regulation policy (exams) 2017/18
General Data Protection Regulation policy () 2017/18 This policy is annually reviewed to ensure compliance with current regulations This policy can beviewed on the school website Approved/reviewed by Gail
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationIntroduction to the Personal Data (Privacy) Ordinance
Introduction to the Personal Data (Privacy) Ordinance 1 Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December 1996 Amendment of the
More informationUniversity Privacy Campaign. Introduction to the Personal Data (Privacy) Ordinance
University Privacy Campaign Introduction to the Personal Data (Privacy) Ordinance 1 Personal Data (Privacy) Ordinance Legislative Background Personal Data (Privacy) Ordinance came into effect on 20 December
More informationThis information accompanies the online data sharing best practice guidance commissioned by ACE
Data Protection - What the regulations say This information accompanies the online data sharing best practice guidance commissioned by ACE The guidance cannot be relied upon as legal advice. This document
More informationInstitute of Technology, Sligo. Information Security Policy. Version 0.2
Institute of Technology, Sligo Information Security Policy Version 0.2 1 Document Location The document is held on the Institute s Staff Portal here. Revision History Date of this revision: 28.03.16 Date
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationControls Electronic messaging Information involved in electronic messaging shall be appropriately protected.
I Use of computers This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security policy. To
More informationJust-Property Ltd GDPR Client Data Register
GDPR Client Data Register Company Name Contact Justin Coughlan Role Managing Director Email jcoughlan@just-property.ie Contact number 01 631 52 51 1. Point of Contact with responsibility for Data Protection
More informationSAFE USE OF MOBILE PHONES AT WORK POLICY
SAFE USE OF MOBILE PHONES AT WORK POLICY Links to Lone Working Policy, Personal Safety Guidance, Lone Working Guidance, Information Governance Policy Document Type General Policy Unique Identifier GP31
More information