Access to Personal Information Procedure

Size: px
Start display at page:

Download "Access to Personal Information Procedure"

Transcription

1 Purpose of The sixth principle of the Data Protection Act 1998 gives rights to individuals in respect of the personal data that organisations hold about them. The Act says that: Personal data shall be processed in accordance with the rights of the data subject under this act. The purpose of this procedure is to provide guidance to staff on how to manage any requests in relation to these rights in line with the Data Protection Act, and company policy. For the purpose of clarity, these rights include: A right of access to a copy of the information held in their personal data commonly known as a Subject Access Request A right to object to any data processing that is likely to cause or is causing damage or distress A right to prevent data processing for direct marketing A right to object to decisions being taken by automated means A right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed, and A right to claim compensation for damages caused by a breach of the Act. NB. Key definitions of terms used within this procedure are provided in Appendix 1. Action Points Subject Access Requests Under Section 7 of the Data Protection Act, a Data Subject 1 can make a written request (includes ) to see a copy of the information Great Places as a data controller holds about them. A request must be made directly by the Data Subject unless there is clear evidence that a third party (i.e. an advocate or legal representative) is acting on behalf of that individual. Steps must be taken to verify that the request has come directly from the Data Subject as outlined in the Information Security before a response to the Subject Access Request is provided. This may include asking the requestor to provide proof of their identity. Under the Terms of the Data Protection Act, Great Places charge a 10 fee to cover the administrative costs of producing a Subject Access request, and this fee must be paid in full before the data is provided to the Data Subject. This fee may be waived in certain circumstances at the discretion of the Data Management Advisory Group. 1 For point of reference, a Data Subject includes anyone receiving a service from Great Places including (but not exclusively) tenants and residents, floating support clients, employees, and applicants for employment. Version date: January

2 After receipt of the request, we have 40 calendar days to supply a permanent copy of the information to the data subject in a form agreed with the individual. All Subject Access Requests should be directed to the Head of Business Assurance who will oversee the process and liaise with appropriate teams and 3 rd parties. Individuals are only entitled to their own personal data, and Great Places have a duty to protect the personal data of any other individuals who may be referred to within documents, etc. We will endeavour to provide as much information as possible by making use of redaction. Our contractors may hold personal information about our customers via their role as a data processor. In the course of compiling information for a Subject Access Request, we should contact any data processors who may hold data about the individual. Such data processors may include repairs contractors, out of hours call handlers, etc. When compiling a Subject Access Request, the data controller must take into account any exemptions that mean certain types of data do not have to be supplied to the data subject. Examples of exemption include, but are not exclusive to: Personal data processed for crime and taxation purposes including: o The prevention of detection of crime o The capture or prosecution of offenders o The assessment or collection of tax or duty Legal advice and proceedings Confidential references given in connection with education, training or employment Personal data processed for management forecasting or management planning Data consisting of our intentions in negotiating with an individual re: compensation, etc. Personal data relating to an individuals physical or mental health if granting access would be likely to cause serious harm to the individual or someone else Under section 42 of the Data Protection Act, individuals have the right to make a complaint to the Information Commissioners Office (ICO) if: We do not respond to a request satisfactorily within the 40 day time limit We are holding personal data unfairly for a different reason to that which it was originally collected for, or without appropriate security We are holding data that is inadequate, inaccurate or for longer than is necessary We fail to disclose information to the data subject outside of an accepted exemption Requests to share information with 3 rd parties Requests to share personal information can come from a variety of sources but most commonly come from the police, local authority departments, other housing providers and support agencies. We may also use the legitimate interest clause within the Data Protection Act in the following circumstances: To disclose a tenant s information to debt collection agencies if Great Places as the landlord are owed monies To pass tenant details to a utility company if the tenant has left the property with an unpaid debt on their account Version date: January

3 Where a request is made with the data subjects permission, staff should provide the information required whilst taking care not to breach the data rights of any 3 rd parties, and taking into account the exemptions within the Act. When a request is made to share data without the data subjects consent, staff should always consider whether there is a justifiable reason to share the data. If staff receive any queries that they are unsure about, they should contact the Data Management Advice Group who will consider the request. Where a request is made outside of office hours (8am 6pm) the individual dealing with the request should take a common sense approach to sharing the required information particularly in the case of a serious police or safeguarding incident and seek retrospective permission from the Data Management Advice Group at the earliest opportunity. Any decisions to share, or withhold, information should be recorded on the Data Protection Incident Log to enable us to defend any decisions accurately if the need arises. Requests for information about other individuals or general information The Data Protection Act does not grant individuals access to information about other people, or to general information about the company, our decision making processes, financial status, etc. Any requests of this nature should be directed to the Head of Business Assurance who will provide the required response. Data Breaches A data breach can occur where any of the 8 principles of the Data Protection Act are not complied with. The Information Commissioners Office can fine organisations for breaching the Act, and many of the fines to date have been in relation to breaches of the 7 th principle keeping personal information secure. With this in mind, staff must appreciate the importance of protecting the data we hold and ensuring its security at all times. Great Places has information security procedures in place to minimise the risk of data breaches. If a member of staff thinks that a data breach has occurred either directly or by a colleague or partner organisation they must notify the Data Management Advice Group within 1 working day to enable a thorough investigation to be carried out and a decision made on whether the breach is reportable to the Information Commissioners Office (based on its severity). All near misses should also be reported to ensure that appropriate preventative or corrective action can be taken to minimise any future risk. Staff should note that a data breach, or a near miss, may lead to action under the company Disciplinary Policy if the investigation indicates that the individual acted with malice or in direct contravention of information security procedures. Version date: January

4 Freedom of Information Requests Great Places Housing Group are not currently classified as a public body under the terms of the Freedom of Information Act 2000 and, as such, are not required to comply with any direct requests under this legislation. However, our local authority partners are covered by the Act and any information we have shared with them, i.e. s, joint working documents, etc. by be subject to disclosure. Any requests relating to the Freedom of Information Act should be directed to the Head of Business Assurance who will respond appropriately. Responsibilities All Great Places employees and partners have a responsibility to act in accordance with the Data Protection Act 1998, however, the following roles have a direct responsibility: Director of Business Intelligence named Data Controller with the Information Commissioners Office Head of Business Assurance delegated responsibility for compliance with the Act Members of Data Management Advice Group nominated points of contact for staff advice Links to Related Strategies, Policies, s and Forms Data Protection Policy Privacy Policy Information Security Version date: January

5 Appendix 1 Key Definitions Term Data Personal Data Sensitive Personal Data Data Processing Data Processor Data Subject Data Controller Definition Information which: a) Is being processed by means of equipment operating automatically in response to instructions given for that purpose b) Is recorded with the intention that it should be processed by means of such equipment c) Is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system d) Does not fall within points a-c above, but forms part of an accessible record e) Is recorded information held by a public authority and does not fall within points a-d above. Data which relates to a living individual who can be identified: a) From that data b) From that data and other information which is in the possession of, or is likely to come into the possession of, the data controller And includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal data consisting of information as to: a) The racial or ethnic origin of the data subject b) Their political opinions c) Their religious beliefs or other beliefs of a similar nature d) Whether they are a member of a trade union e) Their physical or mental health or condition f) Their sexual life g) The commission or alleged commission by them of any offence h) Any proceedings for any offence committed or alleged to have been committed by them, the disposal of such proceedings or sentencing Obtaining, recording or holding information or data or carrying out any operation of set of operations on the data including: a) Organisation, adaptation or alteration of the information or data b) Retrieval, consultation or use of the information or data c) Disclosure of the information od data by transmission, dissemination or otherwise making available, or d) Alignment, combination, blocking, erasure or destruction of the information or data Any person (other than an employee of the data controller) who processes the data on behalf of the data controller An individual who is the subject of personal data A person who (either alone or jointly or in common with other persons) determined the purposes for which, and the manner in which, any personal data is to be processed Version date: January

6 Equality Impact Assessment Is this a key strategic document, major policy or procedure or service change? Examples may include: Homeless Strategy/ Customer Involvement Strategy YES NO What impact will your document or service delivery change have on the public or staff, giving particular regard to potential impacts on minority groups? Issues to consider include race, disability, gender, sexual orientation, religion, age, carers and other socio-economic factors Please explain your answer: Provide a narrative explaining why you gave the impact rating above. HIGH MEDIUM LOW DON T KNOW Approval Date: 5th January 2017 Equality Impact Assessment Date: January 2017 Safeguarding impact: Review Date: Lead Team: Level of Authorisation Required: Not applicable By 30th April 2018 prior to introduction of GDPR Business Assurance Service Delivery Leadership Team Version date: January

Data Protection Act 1998 Policy

Data Protection Act 1998 Policy Data Protection Act 1998 Policy Responsibility for Policy: Relevant to: University Secretary All Staff, Students and Academic Partnerships Approved by: SMT in September 2016 Responsibility for Document

More information

Data Protection Act 1998

Data Protection Act 1998 Data Protection Act 1998 1998 CHAPTER 29 ARRANGEMENT OF SECTIONS Part I Preliminary 1. Basic interpretative provisions. 2. Sensitive personal data. 3. The special purposes. 4. The data protection principles.

More information

Schools Subject Access Request Procedures

Schools Subject Access Request Procedures Schools Subject Access Request Procedures Policy reviewed by Academy Transformation Trust on June 2018 This policy links to: Located: Data Protection Policy Freedom of Information Policy Review Date May

More information

European College of Business and Management Data Protection Policy

European College of Business and Management Data Protection Policy European College of Business and Management Data Protection Policy 1. INTRODUCTION 1.1 The European College of Business and Management (ECBM) is committed to full compliance with the Data Protection Act

More information

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.

More information

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016

PROCEDURE (Essex) / Linked SOP (Kent) Data Protection. Number: W 1011 Date Published: 24 November 2016 1.0 Summary of Changes 1.1 This procedure/sop has had an additional paragraph added at 3.8.6 relating to data processing of information by direct access to Athena. 2.0 What this Procedure/SOP is About

More information

DATA PROTECTION (JERSEY) LAW 2005

DATA PROTECTION (JERSEY) LAW 2005 DATA PROTECTION (JERSEY) LAW 2005 Revised Edition Showing the law as at 1 January 2017 This is a revised edition of the law Data Protection (Jersey) Law 2005 Arrangement DATA PROTECTION (JERSEY) LAW 2005

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE AND DEFINITIONS 3 Processing to which this

More information

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE

Consolidated text PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2001 * [CONSOLIDATED TEXT] NOTE This consolidated version of the enactment incorporates all amendments listed in the footnote below.

More information

Data Protection Bill [HL]

Data Protection Bill [HL] [AS AMENDED IN PUBLIC BILL COMMITTEE] CONTENTS PART 1 PRELIMINARY 1 Overview 2 Protection of personal data 3 Terms relating to the processing of personal data PART 2 GENERAL PROCESSING CHAPTER 1 SCOPE

More information

Charities & Not-for-Profits Overview of Data Protection Law

Charities & Not-for-Profits Overview of Data Protection Law Charities & Not-for-Profits Overview of Data Protection Law The Data Protection Law provides a framework for the processing of data relating to individuals that serves to balance the needs of organisations

More information

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE

GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE GENERAL PROTOCOL FOR SHARING INFORMATION BETWEEN AGENCIES IN KINGSTON UPON HULL AND THE EAST RIDING OF YORKSHIRE 2008 CONTENTS 1. INTRODUCTION Purpose of this document 1-6 2. KEY LEGISLATION AND GUIDANCE

More information

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy

Mannofield Parish Church. Registered Scottish Charity No: SC (the Congregation ) Data Protection Policy Mannofield Parish Church Registered Scottish Charity No: SC 001680 (the Congregation ) Data Protection Policy December 2018 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special

More information

Data protection. Guide to the Law Enforcement Provisions

Data protection. Guide to the Law Enforcement Provisions Data protection Guide to the Law Enforcement Provisions Introduction What is it? Who does Part 3 of the DP Bill apply to? How can we comply? 3 4 6 9 07 December 2017-1.0.6 2 Introduction The Guide to the

More information

Port Glasgow St Andrew s Data Protection Policy

Port Glasgow St Andrew s Data Protection Policy Port Glasgow St Andrew s Data Protection Policy CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data should be processed 7. Privacy

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Perth: Craigie and Moncreiffe CHARITY NO. SC001330 CONTENTS 1. Overview 2. Data Protection Principles 3. Personal Data 4. Special Category Data 5. Processing 6. How personal data

More information

DATA PROTECTION POLICY STATUTORY

DATA PROTECTION POLICY STATUTORY DATA PROTECTION POLICY MAIDEN ERLEGH TRUST STATUTORY INITIAL APPROVAL July 2017 REVIEW FREQUENCY At least every two years REVIEWED CONTENTS PART ONE: POLICY STATEMENT & OBJECTIVES PART TWO: STATUS OF THE

More information

Individual Rights (Data Privacy) Policy

Individual Rights (Data Privacy) Policy October 2017 Please see the cover sheet to the Information Policies on the Staff Intranet and Board Intelligence. Individual Rights (Data Privacy) Policy 1. Introduction 1.1 UK data protection law gives

More information

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)...

General Rules on the Processing of Personal Data SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 General Rules on the Processing of Personal Data... 1 Rights of Data Subjects... 6 Notifications to the Registrar... 7 The Registrar...

More information

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS

THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS THE PROCESSING OF PERSONAL DATA (PROTECTION OF INDIVIDUALS) LAW 138 (I) 2001 PART I GENERAL PROVISIONS Short title. 1. This Law may be cited as the Processing of Personal Data (Protection of Individuals)

More information

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY

PROJET DE LOI ENTITLED. The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY PROJET DE LOI ENTITLED The Data Protection (Bailiwick of Guernsey) Law, 2017 ARRANGEMENT OF SECTIONS PART I PRELIMINARY 1. Object of this Law. 2. Application. 3. Extent. 4. Exception for personal, family

More information

European Data Protection Supervisor Your personal information and the EU administration: What are your rights?

European Data Protection Supervisor Your personal information and the EU administration: What are your rights? European Data Protection Supervisor Your personal information and the EU administration: What are your rights? EDPS factsheet 1 Everyday, personal information - also known as personal data - is processed

More information

CCTV Code of Practice

CCTV Code of Practice CCTV Code of Practice Belfast Trust CCTV Code of Practice Introduction Closed Circuit Television (CCTV) systems are in place across the Belfast trust. These systems comprise of cameras installed at strategic

More information

Terms and Conditions GDPR Ready Data

Terms and Conditions GDPR Ready Data Terms and Conditions GDPR Ready Data 1. DEFINITIONS (1) Corpdata means Corpdata Limited, registered in England and Wales No. 02690712. (2) controller means the natural or legal person, public authority,

More information

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6

DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 DATA PROTECTION (JERSEY) LAW 2005 CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV GD6 2 DATA PROTECTION (JERSEY) LAW 2005: CODE OF PRACTICE & GUIDANCE ON THE USE OF CCTV PART 1: CODE OF PRACTICE Introduction

More information

SUBJECT ACCESS REQUEST

SUBJECT ACCESS REQUEST DATA PROTECTION ACT 1998 SUBJECT ACCESS REQUEST Procedure Manual Page 1 of 22 Invest NI 1. Introduction 1.1 What is a Subject Access Request? 1.2 Routine Requests 1.3 What is an individual entitled to?

More information

Introduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published.

Introduction. The highly anticipated text of the Irish Data Protection Bill 2018 has been published. Key points of the recently published Data Protection Bill February 2018 00 Introduction The highly anticipated text of the Irish Data Protection Bill 2018 has been published. The Bill supplements and gives

More information

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16

SCHEDULE 1 DATA TRANSFER AGREEMENT (Data Controller to Data Controller transfers)... 16 DATA PROTECTION REGULATIONS 2015 DATA PROTECTION REGULATIONS 2015 Part 1 General Rules on the Processing of Personal Data... 1 Part 2 Rights of Data Subjects... 7 Part 3 Notifications to the Registrar...

More information

Telekom Austria Group Standard Data Processing Agreement

Telekom Austria Group Standard Data Processing Agreement Telekom Austria Group Standard Data Processing Agreement This Agreement is entered into by and between: I. [TAG Company NAME], a company duly established and existing under the laws of [COUNTRY] with its

More information

- and - OPINION. Reasons

- and - OPINION. Reasons IN THE MATTER OF THE DATA PROTECTION ACT 1998 AND IN THE MATTER OF A PROPOSED CONTRACT B E T W E E N: Cambridge Analytica Inc - and - Claimant United Kingdom Independence Party Defendant OPINION 1. We

More information

Law Enforcement processing (Part 3 of the DPA 2018)

Law Enforcement processing (Part 3 of the DPA 2018) Law Enforcement processing (Part 3 of the DPA 2018) Introduction This part of the Act transposes the EU Data Protection Directive 2016/680 (Law Enforcement Directive) into domestic UK law. The Directive

More information

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight

The Rental Exchange. Contribution Agreement for Rental Exchange Database. A world of insight The Rental Exchange Contribution Agreement for Rental Exchange Database A world of insight Contribution Agreement for Rental Exchange Database. Contribution Agreement for Rental Exchange Database. This

More information

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS

SUBSIDIARY LEGISLATION DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) [S.L.440.05 1 SUBSIDIARY LEGISLATION 440.05 DATA PROTECTION (PROCESSING OF PERSONAL DATA IN THE POLICE SECTOR) REGULATIONS 30th September,

More information

OTrack Data Processing Terms

OTrack Data Processing Terms BACKGROUND These Personal Data Processing Terms (the Agreement ) are entered into between Optimum Records Limited ( Optimum ) and the school using the services provided by Optimum (the School ) whose details

More information

Privacy. Purpose. Scope. Policy. Appendix A

Privacy. Purpose. Scope. Policy. Appendix A Privacy NZQA Quality Management System Policy Appendix A Purpose To ensure NZQA and personnel meet the legal obligations under the Privacy Act 1993 and in relation to its functions under section 246A of

More information

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner

A Legal Overview of the Data Protection Act By: Mrs D. Madhub Data Protection Commissioner A Legal Overview of the Data Protection Act 2017 By: Mrs D. Madhub Data Protection Commissioner 06.02.2018 Overview The Data Protection Act 2017 Aim of the Act Major changes brought in the new Act Key

More information

BACKGROUND INFORMATION

BACKGROUND INFORMATION Data Protection 1. BACKGROUND INFORMATION The law governing Data Protection is covered by the Data Protection Act 1998. It implements the EC Data Protection Directive (95/46/EC) in the UK. The Act came

More information

Data Protection. Guidance for Schools

Data Protection. Guidance for Schools Data Protection Guidance for Schools Please Note: This booklet is intended to act as a general guide for school staff to follow when dealing with personal information during their daily work. It is not

More information

Information exempt from the subject access right (section 40(4) and

Information exempt from the subject access right (section 40(4) and ICO lo Information exempt from the subject access right (section 40(4) and Freedom of Information Act Environmental Information Regulations Contents Introduction... 2 Overview... 3 What FOIA says... 4

More information

Subject Access and Other Information Rights: Information Governance ( IG ) Policy

Subject Access and Other Information Rights: Information Governance ( IG ) Policy Subject Access and Other Information Rights: Information Governance ( IG ) Policy FINAL 1.0 July 2017 SUMMARY This Policy: Ensures that all managers and staff are aware of and comply with the Trust s statutory

More information

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995

DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL. of 24 October 1995 DIRECTIVE 95/46/EC OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Bar Council Guide for Barristers and Chambers Purpose: Scope of application: Issued by: To assist barristers and sets of chambers in their compliance with the GDPR All

More information

Staff Data Protection Policy

Staff Data Protection Policy Staff Data Protection Policy Version: 9.0 Approval Status: Approved Document Owner: Graham Feek Classification: External Review Date: 02/11/2016 Effective from: 1 July 2015 Table of Contents 1. The Data

More information

Freedom of Information Act 2000 (Section 50) Decision Notice

Freedom of Information Act 2000 (Section 50) Decision Notice Freedom of Information Act 2000 (Section 50) Decision Notice Date: 9 December 2010 Public Authority: Middlesbrough Council Address: PO Box 99 Town Hall Middlesbrough TS1 2QQ Summary The complainant requested

More information

DATA SHARING AND PROCESSING

DATA SHARING AND PROCESSING DATA SHARING AND PROCESSING Capita Business Services Limited March 2016 Version 1.3 TABLE OF CONTENTS: Item Heading Page 1 Data Processing Agreement 2 2 Data Protection Act 1998 2 3 Data Protection Act

More information

Annex - Summary of GDPR derogations in the Data Protection Bill

Annex - Summary of GDPR derogations in the Data Protection Bill Annex - Summary of GDPR derogations in the Data Protection Bill The majority of the provisions in the General Data Protection Regulation (GDPR) will automatically become UK law on 25 May 2018. However,

More information

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2

Purpose specific Information Sharing Agreement. Community Safety Accreditation Scheme Part 2 Document Information Summary Partners ISA Ref: As Part 1 An agreement to formalise the information sharing arrangements for the purpose of specific Information sharing pursuant to Crime and Disorder reduction

More information

to the Government Gazette of Mauritius No. 14 of 14 February 2009

to the Government Gazette of Mauritius No. 14 of 14 February 2009 LEGAL Government SUPPLEMENT Notices 2009 45 45 to the Government Gazette of Mauritius No. 14 of 14 February 2009 Government Notice No. 22 of 2009 THE DATA PROTECTION ACT Regulations made by the Prime Minister

More information

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales).

The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). DECLARATION FORM A Guidance for applicants The position you have applied for is exempt from the Rehabilitation of Offenders Act 1974 (as amended in England and Wales). When South Central Ambulance Service

More information

ARTICLE 29 Data Protection Working Party

ARTICLE 29 Data Protection Working Party ARTICLE 29 Data Protection Working Party 11580/03/EN WP 82 Opinion 6/2003 on the level of protection of personal data in the Isle of Man Adopted on 21 November 2003 This Working Party was set up under

More information

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States

the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States Agreement between the Commisslone Mazionale per le Sodeta e la Borsa in ItaJy and the Public Company Accounting Oversight Board In the United States on the Transfer of Certain Personal Data The Public

More information

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000

Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000 INFORMATION Published in terms of Section 51of the Promotion of Access to Information Act, 2 of 2000 Table of Contents 1 INTRODUCTION... 2 2 DEFINITIONS... 3 3 AVAILABILITY OF THIS... 6 4 RECORDS HELD

More information

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions

Federal Act on Data Protection (FADP) Section 1: Aim, Scope and Definitions English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Durrington High School as part of the Durrington Multi Academy Trust collects and uses personal information about staff, pupils, parents and other individuals who come into contact

More information

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998

North Yorkshire County Council. Subject Access Request Guidance and Procedure. Data Protection Act 1998 North Yorkshire County Council Subject Access Request Guidance and Procedure Data Protection Act 1998 The Data Protection Act 1998 (the Act), section 7 (1) gives individuals certain rights with regards

More information

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013

PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 PROTECTION OF PERSONAL INFORMATION ACT NO. 4 OF 2013 [ASSENTED TO 19 NOVEMBER, 2013] [DATE OF COMMENCEMENT TO BE PROCLAIMED] (Unless otherwise indicated) (The English text signed by the President) This

More information

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1.

Act CXII of on the Right of Informational Self-Determination and on Freedom of Information 1 CHAPTER I GENERAL PROVISIONS. 1. Act CXII of 2011 on the Right of Informational Self-Determination and on Freedom of Information 1 In order to ensure the right of informational self-determination and the freedom of information, and to

More information

D I R E C T I O N S AND N O T E S

D I R E C T I O N S AND N O T E S Surname, first name of applicant D I R E C T I O N S AND N O T E S Verwaltung des Klinikums Geschäftsbereich Personal Abteilung Personalbetreuung 1. DIRECTIONS CONCERNING THE OBLIGATION OF LOYALTY TO THE

More information

The Act on Processing of Personal Data

The Act on Processing of Personal Data The Act on Processing of Personal Data Act No. 429 of 31 May 2000 as amended by section 7 of Act No. 280 of 25 April 2001, section 6 of Act No. 552 of 24 June 2005 and section 2 of Act No. 519 of 6 June

More information

Subject Access Request Procedure

Subject Access Request Procedure Standard Operating Procedure 3 (SOP 3) Why we have a procedure? Subject Access Request Procedure Individuals have a legal right to see information that the Trust holds about them, subject to certain exemptions

More information

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING

Data Protection REFERENCE NUMBER. IMPLEMENTATION DATE June 2014 NEXT REVIEW DATE: September 2020 RISK RATING POLICY Security Classification Disclosable under Freedom of Information Act 2000 Yes POLICY TITLE Data Protection REFERENCE NUMBER A031 Version 1.1 POLICY OWNERSHIP DIRECTORATE BUSINESS AREA CHIEF OFFICERS

More information

How we use Personal Information

How we use Personal Information How we use Personal Information Introduction This document explains how Essex Police obtains, holds, uses and discloses information about people - their personal information 1 -, the steps we take to ensure

More information

Data Protection Policy

Data Protection Policy Data Protection Policy St Barnabas & St Philip s Church of England Primary School P:\Policies and Documents\Data Protection Policy.docx 1 Responsibility: Contents: It is the responsibility of the Governors

More information

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan

ELECTRONIC DATA PROTECTION ACT An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan ELECTRONIC DATA PROTECTION ACT 2005 An Act to provide for protection to electronic data with regard to the processing of electronic data in Pakistan Whereas it is expedient to provide for the processing

More information

Greater London Darts Organisation Handbook & Rules (County Section Only)

Greater London Darts Organisation Handbook & Rules (County Section Only) The index to the contents of the G.L.D.O. Handbook (County Section) is listed below, by Sections and page numbers, in the order in which they appear in the Handbook. INDEX OF CONTENTS PAGES Section 1 GENERAL

More information

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT

STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT STATOIL BINDING CORPORATE RULES - PUBLIC DOCUMENT The purpose of this Statoil Binding Corporate Rules Public Document is to explain the content of the Binding Corporate Rules (BCR) and help ensure that

More information

Committee Servicing: the Implications of Freedom of Information and Data Protection

Committee Servicing: the Implications of Freedom of Information and Data Protection Committee Servicing: the Implications of Freedom of Information and Data Protection What data protection and freedom of information implications do I need to consider for committee servicing? People have

More information

THE PERSONAL DATA (PROTECTION) BILL, 2013

THE PERSONAL DATA (PROTECTION) BILL, 2013 THE PERSONAL DATA (PROTECTION) BILL, 2013 [Long Title] [Preamble] CHAPTER I PRELIMINARY 1. Short title, extent and commencement. (1) This Act may be called the Personal Data (Protection) Act, 2013. (2)

More information

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY

DATA PROTECTION AND FREEDOM OF INFORMATION POLICY DATA PROTECTION AND FREEDOM OF INFORMATION POLICY Version 1.0 Date 11/11/2016 Approved by Board of Directors 09/02/2017 Version Date Description Revision author 1.0 11/11/2016 Trust Version Created FMW

More information

Child sex offenders disclosure scheme (CSODS)

Child sex offenders disclosure scheme (CSODS) Contents Child sex offenders disclosure scheme (CSODS) Part one Policy... 2 Chapter 1 Legislation... 2 Chapter 2 Cross border applications... 4 Receiving force... 5 Coordinating force... 5 Responding forces...

More information

SIMON READHEAD Q.C. PRIVACY NOTICE

SIMON READHEAD Q.C. PRIVACY NOTICE SIMON READHEAD Q.C. PRIVACY NOTICE Introduction 1. I am committed to handling your personal information fairly, lawfully and securely in accordance with current data protection laws. This privacy notice

More information

Data Protection. Standard Operating Procedure

Data Protection. Standard Operating Procedure Data Protection Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised as

More information

closer look at Rights & remedies

closer look at Rights & remedies A closer look at Rights & remedies November 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute legal advice or legal analysis.

More information

Child Protection Legislation Amendment (Children s Guardian) Act 2013 No 31

Child Protection Legislation Amendment (Children s Guardian) Act 2013 No 31 New South Wales Child Protection Legislation Amendment (Children s Guardian) Act 2013 Contents Page 1 Name of Act 2 2 Commencement 2 Schedule 1 Amendment of Child Protection (Working with Children) Act

More information

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink

Data Processing Agreement. <<Health Service Provider>> The National Message Broker Service known as Healthlink Between And The National Message Broker Service known as Healthlink THIS AGREEMENT is dated and made between: (1) , which has its principle administrative

More information

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL

MANITOBA FREEDOM OF INFORMATION AND PROTECTION OF PRIVACY RESOURCE MANUAL Chapter 6 TABLE OF CONTENTS TABLE OF CONTENTS... 1 PROTECTION OF PRIVACY... 7 Overview... 7 Preliminary Privacy Considerations Necessary, Effective and Proportional... 11 The Ombudsman's three part test...

More information

Anti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group

Anti-Fraud, Bribery and Corruption Response Policy. Telford and Wrekin Clinical Commissioning Group Anti-Fraud, Bribery and Corruption Response Policy 2018 Telford and Wrekin Clinical Commissioning Group The Anti-Fraud, Bribery and Corruption Policy for Telford and Wrekin Clinical Commissioning Group

More information

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT

WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT General Administration Policy #1300 - Manual WASHINGTON COUNTY GUIDELINES AND PROCEDURES FOR MINNESOTA GOVERNMENT DATA PRACTICES ACT Manual #1300 Adopted by the Washington County Board of Commissioners

More information

Freedom of Information

Freedom of Information Freedom of Information Standard Operating Procedure Notice: This document has been made available through the Police Service of Scotland Freedom of Information Publication Scheme. It should not be utilised

More information

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI)

Version No. Date Amendments made Authorised by N/A ACC Hamilton (PSNI) PURPOSE PARTNERS The purpose of this Information Sharing Agreement is to facilitate the lawful exchange of data in order to comply with the statutory duty on Chief Police Officers and relevant agencies

More information

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users

AnyComms Plus. End User Licence Agreement. Agreement for the provision of data exchange software licence for end users AnyComms Plus End User Licence Agreement Agreement for the provision of data exchange software licence for end users i March 2018 V4 Terms & Conditions Definitions and Interpretation Commencement Date

More information

DATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections...

DATA PROTECTION (AMENDMENT) REGULATIONS Amendments to the Data Protection Regulations Insertion of new sections... DATA PROTECTION (AMENDMENT) REGULATIONS 2018 DATA PROTECTION (AMENDMENT) REGULATIONS 2018 1. Amendments to the Data Protection Regulations 2015... 2 2. Insertion of new sections... 9 3. Short title, extent

More information

AIA Australia Limited

AIA Australia Limited AIA Australia Limited Privacy policies & procedures May 2010 The Power of We AIA.COM.AU AIA Australia Limited Privacy policies & procedures Contents Purpose 3 Policy 3 National Privacy Principles Policy

More information

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR)

Memorandum of Understanding. between. Solicitors Regulation Authority. and. The Claims Management Regulation Unit (CMR) Memorandum of Understanding between Solicitors Regulation Authority and The Claims Management Regulation Unit (CMR) Introduction 1. The Claims Management Regulation Unit (CMR) and the Solicitors Regulation

More information

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures

BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures BJB Motor Company Limited (BJB) - Data Protection Act 1998 Policy & Procedures Version History and Document Approval Version History: Version Date Author Reason 1.0 31 st December 2017 Barry Wilson Document

More information

Health Information Privacy Code 1994

Health Information Privacy Code 1994 Health Information Privacy Code 1994 Incorporating amendments Privacy Commissioner Te Mana Matapono Matatapu New Zealand The Code of Practice comprises clauses 1-7 and rules 1-12. To assist with the use

More information

PERSONAL DATA PROCESSING AGREEMENT

PERSONAL DATA PROCESSING AGREEMENT PERSONAL DATA PROCESSING AGREEMENT between the following parties: 1. Name:............... Registration number / VAT ID:... Address:... Signed by:... Signature:... (hereinafter as Controller ) and 2. Name:

More information

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum

THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum THE DATA PROTECTION BILL (No. XIX of 2017) Explanatory Memorandum The object of this Bill is to repeal the Data Protection Act and replace it by a new and more appropriate legislation which will strengthen

More information

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR)

BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR) BASECONE DATA PROCESSING AGREEMENT (BASECONE AS PROCESSOR) The undersigned: Basecone N.V., a corporation established under Dutch law, with its corporate domicile at Eemweg 8, 3742 LB Baarn, the Netherlands

More information

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS

CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS CODE OF PRACTICE FOR COMMUNITY- BASED CCTV SYSTEMS 1 INTRODUCTION This Code of Practice sets out the basic conditions of use for Community-Based CCTV systems by applicants for the Department of Justice,

More information

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018.

Great Leighs Primary School. Data Protection and Freedom of Information Policy. Adopted: April Review Date: April 2018. Great Leighs Primary School Data Protection and Freedom of Information Policy Adopted: April 2015 Review Date: April 2018 Contents 1. Introduction... 1 2. Purpose... 1 3. What is Personal Information?...

More information

Memorandum of Understanding. between. The Legal Aid Agency (LAA) and. Solicitors Regulation Authority (SRA)

Memorandum of Understanding. between. The Legal Aid Agency (LAA) and. Solicitors Regulation Authority (SRA) Memorandum of Understanding between The Legal Aid Agency (LAA) and Solicitors Regulation Authority (SRA) 1 Introduction 1. The Legal Aid Agency (LAA) and the Solicitors Regulation Authority (SRA) ( the

More information

Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff

Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff RM Guidelines on the Safe use of the Internet and Social Media by Police Officers and Police Staff The Association of Chief Police Officers has agreed to these guidelines being circulated to, and adopted

More information

Data Protection Bill, House of Lords second reading Information Commissioner s briefing

Data Protection Bill, House of Lords second reading Information Commissioner s briefing Data Protection Bill, House of Lords second reading Information Commissioner s briefing Introduction... 2 Overview... 2 Derogations... 4 Commissioner s part-by- part commentary on the Bill... 5 Part one:

More information

Freedom of Information Policy

Freedom of Information Policy Audience Named person responsible for monitoring Freedom of Information Policy All Staff & Governors Head Agreed by Personnel Committee June 2015 Agreed by Governing Body July 2015 Date to be Reviewed

More information

DISCLOSURE & BARRING CHECKS POLICY

DISCLOSURE & BARRING CHECKS POLICY Westcountry Schools Trust (WeST) DISCLOSURE & BARRING CHECKS POLICY Mission Statement WeST holds a deep seated belief in education and lifelong learning. Effective collaboration, mutual support and professional

More information

DBS and Recruitment of Ex-Offenders Policy

DBS and Recruitment of Ex-Offenders Policy DBS and Recruitment of Ex-Offenders Policy Introduction The code of practice published under section 122 of the Police Act 1997 advises that it is a requirement that all registered bodies must treat DBS

More information

The Privacy Policy links to the following Objective contained within the City Plan

The Privacy Policy links to the following Objective contained within the City Plan Privacy Policy Privacy Policy City Plan Reference The Privacy Policy links to the following Objective contained within the City Plan 2013-2017. Performance is about managing our resources wisely, providing

More information

DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017

DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017 DBS Policy Agreed: September 2016 Signed: (HT) Signed: (CofG) Review Date: September 2017 Goldthorpe Primary School: DBS Policy Aim At Goldthorpe Primary School the safety of our staff, pupils and visitors

More information

Data Protection Policy. Revisions and Editions Log

Data Protection Policy. Revisions and Editions Log Data Protection Policy Revisions and Editions Log Data Protection Policy adopted February 2015 Review Resources Comm February 2016 Reviewed Feb 2017 FGB Next review Feb 2018 School Data Protection Policy

More information