Data protection legal jungle or common sense Susan Healy. Religious Archives Group 22 Mar 2010

Similar documents
Subject: Kier Group plc Data Protection Policy

The British Museum. Data Protection Code of Practise. 1 Introduction

The Data Protection Act 1998

UWTSD Group Data Protection Policy

Data Protection Policy

DATA PROTECTION POLICY THE HOLST GROUP

ADMA Briefing Summary March

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Brasenose College ICT Systems Privacy Notice (v1.2)

Islam21c.com Data Protection and Privacy Policy

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

Data Protection Policy

Motorola Mobility Binding Corporate Rules (BCRs)

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

PS Mailing Services Ltd Data Protection Policy May 2018

Data Protection Policy

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

UWC International Data Protection Policy

Our privacy statement Who are we? Your acceptance of this statement Changes to this privacy statement What is personal data?

DATA PROTECTION IN RESEARCH

Frequently Asked Questions

HOW WE USE YOUR INFORMATION

DATA PROTECTION POLICY

If you have any questions about this notice, please contact the Head Master.

Information Handling and Classification Table

General Data Protection Regulation (GDPR) Key Facts & FAQ s

TINOPOLIS PRIVACY NOTICE

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Introductory guide to data sharing. lewissilkin.com

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

INNOVENT LEASING LIMITED. Privacy Notice

Policy on Privacy and Management of Personal Information

THE DATA PROTECTION ACT (1998) AND YOUR CLUB/COUNTY ASSOCIATION

Data Protection Policy

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

Cognizant Careers Portal Privacy Policy ( Policy )

The Provincial Grand Lodge and Chapter of East Lancashire. Data Protection Act 1998

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

Promise Dreams Privacy Policy

Polemic is a business involved in the collection of personal data in the course of its business activities and on behalf of its clients.

Creative Funding Solutions Limited Data Protection Policy

UUEAS Privacy policy - Members

About the information we collect We collect and process personal data including but not limited to:-

Privacy Policy GENERAL

Breach Notification Form

Ambition Training. Privacy Policy

Motor Sports Association. Data Protection Policy

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

DATA PROTECTION POLICY

PRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust

Privacy Shield Policy

Data Protection Policy

University College Cork National University of Ireland, Cork Data Access Request Procedure

Data Protection Policy

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Heavers Farm Primary School DATA PROTECTION AND INFORMATION MANAGEMENT POLICY Updated 2017

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Data Protection Training Module Legal Department 2017

Privacy Policy Wealth Elements Pty Ltd

Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015

Data Protection. Guidance Notes

Data Protection Policy - Sustainable Hackney

INFORMATION TO BE GIVEN 2

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

Rights of Individuals under the General Data Protection Regulation

Data protection. 3 April 2018

Privacy Notice. General Information Protection Regulation ( GDPR )

NCG Carlisle College Privacy Statement

Index Introduction... 3

GRANDSTREAM PRIVACY STATEMENT

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Privacy and Data Protection Policy

Cayman Islands Data Protection Law Guide Book

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Element Finance Solutions Ltd Data Protection Policy

Whiteinch and Scotstoun Housing Association and WS Property Management Ltd. Privacy Policy

General Legal Requirements under the Act and Relevant Subsidiary Legislations. Personal data shall only be processed for purpose of the followings:

GDPR Guidance for Co-operatives Data Protection and the GDPR: what do you need to know?

This policy also applies to personal information about you that the Federation collects from any other third party.

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

Vernon Building Society Recruitment Privacy Notice. Effective from 25 th May 2018

Building Trust in the Cloud Era - Protect, Respect Personal Data

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Data processing policy

Strasbourg, 21 December / décembre 2017

Technical Requirements of the GDPR

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Privacy notice. Last updated: 25 May 2018

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy

DATA PROTECTION A GUIDE FOR USERS

GARAS Privacy Notice

De Montfort Students Union Student Data Privacy Statement

St Bernard s Primary School Data Protection Policy

Privacy Notice - General Data Protection Regulation ( GDPR )

Transcription:

Data protection legal jungle or common sense Susan Healy Religious Archives Group 22 Mar 2010

In this presentation Things you need to know Things you need to do and not do Particular issues?

Things you need to know

Data protection is A statutory regime that: Allows personal data to be collected and used ( processed ) BUT Sets rules for how it should be done Gives responsibilities to people collecting and using personal data (data controllers) Gives rights to the people the personal data is about (data subjects) Gives monitoring and enforcement powers to the Information Commissioner

Personal data is Information about a living person: Factual information e.g. name, address, date of birth, NI number Subjective information e.g. their feelings, opinions about them It includes: Anything on a computer (cat (a) and (b)) Anything in paper files or on index cards with a structure that enables particular information about someone to be found (cat (c)) accessible record health, education, social work and housing (cat (d)) But not unstructured manual records unless held by a public body that is subject to FOI (cat (e))

And sensitive personal data is about Racial or ethnic origin Political or religious opinions or beliefs Trade union membership Physical or mental health or condition Sex life Commission of offences and related proceedings

8 Data Protection Principles Processing must be fair and lawful and satisfy a condition in Sched 2 or, for sensitive personal data, Sched 3 (DPP 1) Processing must be for a declared reason only, with any later processing being compatible with the original reason (DPP 2) Personal data must be adequate, relevant and not excessive (DPP 3), accurate and up-to-date (DPP 4) and not kept for longer than necessary (DPP 5) Data subject rights must be respected (DPP 6) Personal data must be kept and handled securely (DPP 7) Limits on sending it to other countries (DPP 8)

Things you need to do and not do

Fair and lawful processing Obtain information fairly and openly Tell data subjects how their information will be used If any further use is envisaged let them opt in or out Keep records of consent Keep data subjects expectations, interests, and any possible damage from processing, in mind always Find Schedule 2 3 conditions for processing

Data quantity and quality Collect what you need for your stated purpose no more, no less Don t collect more than you need just in case it will be useful one day Keep data up to date as far as possible Dispose of it securely when no longer needed (to an archives service if worth preserving permanently as archives)

Secure processing Culture protecting personal data is a must Limit access to those with a need to have access Prevent unauthorised access, loss or damage: Electronic data protect using technology such as antivirus software, firewalls, back-ups, password access, lock-down of pcs, encryption for transmission Paper files - lock away when not in use, transmit personally or in a sealed envelope Don t give out information over the phone without checking identity Have a procedure for handling security breaches Ensure contracts with suppliers provide for compliance

Data subject rights To be told how their data is being used To be given access to or copies of the data To ask for processing to be stopped To prevent direct marketing To have their data corrected To get their data destroyed but only through court order

Notification Annual declaration to ICO under standard or non-standard headings e.g. Staff administration Pastoral care Realising the objectives of a charitable organisation or voluntary body Fundraising Register of data controllers http://www.ico.gov.uk/tools_and_resources/register_of_datacontr ollers.aspx

Disclosing and sharing personal data Don t share unless: The law allows it, or You have consent Don t disclose unless The requester is the data subject You have consent Someone else has a statutory right of access, e.g. Police, or The data is innocuous and disclosure seems fair and lawful

And for the archives Keep records containing personal data as archives if they are worth preserving Deal with access requests from data subjects unless exemption applies Be careful about what information about living people in archives or catalogues - is released Always consider the interests and expectations of the data subject and possible damage or distress from 3 rd party access Redact identifying details if necessary

Particular issues?

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback