This document provides an overview of the key elements of the UK Data Protection Act of 1998 as amended in 2000. It explains that the Act aims to protect personal data by regulating its processing. It outlines the main roles in the Act, including Data Controller, Data Processor, and Data Subject. It defines what types of data are covered, the principles Data Controllers must comply with, and individuals' rights. Exceptions to the Act are noted. Requirements for businesses and staff responsibilities are also reviewed.
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Data Privacy: What you need to know about privacy, from compliance to ethicsAT Internet
Today, balancing business opportunity and customer's data protection has become a difficult challenge. As technology, data sources and targeting abilities grow, so does the crucial need to respect user privacy and ensure a good data protection. But with laws, practices and definitions that are constantly evolving around the world, it can all seem a bit confusing.
Not sure where to start? Wondering how you can better align with privacy law? Then this webinar is for you.
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
ControlCase discusses the following: - What is GDPR? - How will it impact me? - How can I become compliant? - What is the timeline? - What are consequences if not met?
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
GDPR: Data Breach Notification and CommunicationsCharlie Pownall
An introduction to data breach notification and communications requirements under the EU's GDPR, and what it means for communicators and reputation managers
Data has emerged as one of the most important resources of today's world. However, there does not exist clear rules on how to make use of this resource. There are spillover effects and negative externalities in the form of privacy breaches while exploiting this resource. In such a situation, what should be the legal remedy?
The law should find a balance between the interests of the customers and the corporations. The customers want safety and privacy, whereas corporations want commercial use of data which risks the customer's interests.
The objective of this module is to gain an overview of the ethics surrounding big data and the legislation that governs it.
Upon completion of this module you will:
- Gain knowledge on how to recognize the necessity of regulating big data
- Obtain an understanding of the difference between privacy and data protection
- Understand the need to implement data protection actions into your own business
What does GDPR actually mean to you as a business, what are the rights of individuals and how do you have to apply them, around Subject Access Request, Right to Erasure / be Forgotten, Consent and Opt In and Out and Personally Identifiable Information and Personal Data
What All Organisations Need to Know About Data Protection and Cloud Computing...Brian Miller, Solicitor
Solicitor Brian Miller and barrister Vicki Bowles explore the legal and security aspects of data protection and putting your data in the cloud. This is part one (basic) of a two part course on data protection and cloud computing.
Responsible Individual Training fostercare- F5 Foster Care UKThe Pathway Group
Responsible Individual Training for Foster Care provided complimentary by Safaraz Ali
www.safaraz.co.uk
Responsible Individual Training fostercare- F5 Foster Care UK
Responsible Individual Training UK"
"Foster Care Professional Development"
"Accredited Foster Care Training"
"Diversity in Foster Care"
"Inclusive Foster Care Training"
"F5 Foster Care UK Training"
"Foster Care Skills Enhancement"
"Leadership in Foster Care"
"Foster Care Excellence Programs"
"Equity in Foster Care Education"
RI Training
Responsible Individual Training for Foster Care
the original content of the 1973 TPS manual1 was written by
the staff2 of Toyota Motor Corp. (OMCD - Operations Management Consulting Division.
By 1970, Toyota had a fairly stable production system internally and they made a decision to
assist suppliers by sharing their knowledge and skills. To do this, Toyota created a special
internal improvement group called Production Research Division (later renamed Operations
Management Consulting Division – OMCD)
his 1973 manual was also used as course materials by Ohno and his team – the Japanese
Management Association compiled their workshop materials and released it as a book in the
1978. Productivity Press translated it and released it as Kanban: Just-in-time at Toyota in
1986. While much of the Productivity Press book consists of the same materials as the 1973
TPS Manual, it is not presented in the same order.
Multicultural-Apprenticeship-Awards-2023-Compressed-Brochure.pdfThe Pathway Group
Celebrating Talent & Diversity
The Multicultural Apprenticeship Awards recognises multicultural British apprentices, their employers, and learning providers.
2023 Multicultural Apprenticeship Award winners revealed in Birmingham Ceremony
Empowering The Nation - White Paper
This is the white paper what was written to go along with the Peer Meet up event that was conducted on the 13th October. This covers about unleashing potential in the employability and skills sector, the power of partnership working, the current landscape of the sector and where it might be going in the next 12-18 months.
Peer Meetup by Safaraz Ali 13.Oct.2023
Powerpoint from the peer meet up online networking webinar that was conducted on the 13th October 2023. This covered topics such as recruitment, AI and the funding landscape.
Peer Meetup by Safaraz Ali 13.Oct.2023
Powerpoint from the peer meet up online networking webinar that was conducted on the 13th October 2023. This covered topics such as recruitment, AI and the funding landscape.
A Guide to Apprenticeships for the Higher Education Sector.pdfThe Pathway Group
A Guide to Apprenticeships for the Higher Education Sector.pdf
A guide to apprenticeships which is detailed to be about the higher education sector. Covers many topics such as: what is an apprenticeship and how they work, regulatory bodies, end-point assessments, delivery styles and how to keep up-to-date with industry changes.
All Matters Regulatory - Apprenticeship Training Material - Pathway Group.pdfThe Pathway Group
All Matters Regulatory - Apprenticeship Training Material - Pathway Group.ppt
A powerpoint talking about the regulatory bodies when it comes to apprenticeships, along with what they do and how they work.
All Matters Regulatory - Apprenticeship Training Material - Pathway Group.pptThe Pathway Group
All Matters Regulatory - Apprenticeship Training Material - Pathway Group.ppt
A powerpoint talking about the regulatory bodies when it comes to apprenticeships, along with what they do and how they work.
End-Point Assessment Organisations EPAOs - Apprenticeship Training Material -...The Pathway Group
End-Point Assessment Organisations EPAOs - Apprenticeship Training Material - Pathway Group.ppt
A presentation detailing the role that End-point assessment organisations play in apprenticeships, along with how to choose the right one for your company/training provider.
End-Point Assessment Organisations EPAOs - Apprenticeship Training Material -...The Pathway Group
End-Point Assessment Organisations EPAOs - Apprenticeship Training Material - Pathway Group.ppt
A presentation detailing the role that End-point assessment organisations play in apprenticeships, along with how to choose the right one for your company/training provider.
How Apprenticeships Work & Why They Work - Apprenticeship Training Material -...The Pathway Group
How Apprenticeships Work & Why They Work - Apprenticeship Training Material - Pathway Group
A powerpoint detailing about what exactly an apprenticeship is and why they have been working over the time that they have been introduced
How Apprenticeships Work & Why They Work - Apprenticeship Training Material -...The Pathway Group
How Apprenticeships Work & Why They Work - Apprenticeship Training Material - Pathway Group
A powerpoint detailing about what exactly an apprenticeship is and why they have been working over the time that they have been introduced
The World of Learning - Apprenticeship Training Material - Pathway Group.pptThe Pathway Group
The World of Learning - Apprenticeship Training Material - Pathway Group
A powerpoint which covers topics such as different learning and teaching styles, along with delving into what they are and the advantages of them.
The World of Learning - Apprenticeship Training Material - Pathway Group.pdfThe Pathway Group
The World of Learning - Apprenticeship Training Material - Pathway Group
A powerpoint which covers topics such as different learning and teaching styles, along with delving into what they are and the advantages of them.
How Independent Training Providers (ITPs) can survive and thrive in an inflat...The Pathway Group
The attached
white paper has been produced to help Independent
Training Providers (ITPs) negotiate the
uncertain economic and policy terrain.
We have a simple goal – to offer helpful
information to training providers to help
them survive and deliver what the UK needs –
a skilled, successful and happy workforce.
Pakistani Report: Understanding the Needs and Wants of the Pakistani Population in Birmingham
A grassroots community initiative to inspire initiatives for Pakistanis living in Birmingham.
Anny Serafina Love - Letter of Recommendation by Kellen Harkins, MS.AnnySerafinaLove
This letter, written by Kellen Harkins, Course Director at Full Sail University, commends Anny Love's exemplary performance in the Video Sharing Platforms class. It highlights her dedication, willingness to challenge herself, and exceptional skills in production, editing, and marketing across various video platforms like YouTube, TikTok, and Instagram.
Building Your Employer Brand with Social MediaLuanWise
Presented at The Global HR Summit, 6th June 2024
In this keynote, Luan Wise will provide invaluable insights to elevate your employer brand on social media platforms including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok. You'll learn how compelling content can authentically showcase your company culture, values, and employee experiences to support your talent acquisition and retention objectives. Additionally, you'll understand the power of employee advocacy to amplify reach and engagement – helping to position your organization as an employer of choice in today's competitive talent landscape.
Premium MEAN Stack Development Solutions for Modern BusinessesSynapseIndia
Stay ahead of the curve with our premium MEAN Stack Development Solutions. Our expert developers utilize MongoDB, Express.js, AngularJS, and Node.js to create modern and responsive web applications. Trust us for cutting-edge solutions that drive your business growth and success.
Know more: https://www.synapseindia.com/technology/mean-stack-development-company.html
Recruiting in the Digital Age: A Social Media MasterclassLuanWise
In this masterclass, presented at the Global HR Summit on 5th June 2024, Luan Wise explored the essential features of social media platforms that support talent acquisition, including LinkedIn, Facebook, Instagram, X (formerly Twitter) and TikTok.
Digital Transformation and IT Strategy Toolkit and TemplatesAurelien Domont, MBA
This Digital Transformation and IT Strategy Toolkit was created by ex-McKinsey, Deloitte and BCG Management Consultants, after more than 5,000 hours of work. It is considered the world's best & most comprehensive Digital Transformation and IT Strategy Toolkit. It includes all the Frameworks, Best Practices & Templates required to successfully undertake the Digital Transformation of your organization and define a robust IT Strategy.
Editable Toolkit to help you reuse our content: 700 Powerpoint slides | 35 Excel sheets | 84 minutes of Video training
This PowerPoint presentation is only a small preview of our Toolkits. For more details, visit www.domontconsulting.com
LA HUG - Video Testimonials with Chynna Morgan - June 2024Lital Barkan
Have you ever heard that user-generated content or video testimonials can take your brand to the next level? We will explore how you can effectively use video testimonials to leverage and boost your sales, content strategy, and increase your CRM data.🤯
We will dig deeper into:
1. How to capture video testimonials that convert from your audience 🎥
2. How to leverage your testimonials to boost your sales 💲
3. How you can capture more CRM data to understand your audience better through video testimonials. 📊
B2B payments are rapidly changing. Find out the 5 key questions you need to be asking yourself to be sure you are mastering B2B payments today. Learn more at www.BlueSnap.com.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
The Influence of Marketing Strategy and Market Competition on Business Perfor...
Data Protection Act 1998 (amended 2000)
1. Pathway Group
putting you first
Data Protection Act
1998 amended 2000
Pathway College
putting you first
2. Contents
Pathway Group Data Protection Act 1998 amended 2000 ................................................. 1
The Data Protection Act 1998 amended 2000......................................................................... 1
Aims........... ..............................................................................................................................................1
What does it do? .................................................................................................................................1
How? .......................................................................................................................................................1
What does the Act cover? ................................................................................................................2
When handling data questions to ask yourself ....................................................................... 2
How does DPA work? ........................................................................................................................2
There are three main roles ..............................................................................................................2
Data Commissioner ...........................................................................................................................3
A Data Controller ................................................................................................................................3
A Data Processor .................................................................................................................................3
Data .........................................................................................................................................................3
What is Personal Data? .....................................................................................................................3
What is Sensitive Personal Data ? .................................................................................................4
What you may do with this data (Data Processing)? .............................................................4
The Data Controllers must comply with eight principles .................................................... 4
Subjects .................................................................................................................................................5
Data Disclosure ...................................................................................................................................5
Complete exemptions from the Act ............................................................................................6
DPA and Business Use .......................................................................................................................6
Exceptions .............................................................................................................................................6
How to behave ....................................................................................................................................6
Consent ..................................................................................................................................................7
Explicit Consent ..................................................................................................................................7
Disclosing Information .....................................................................................................................7
Disclosure – An exception ...............................................................................................................7
What might these special purposes be and who might request the information .....7
Procedure for making a request ...................................................................................................7
Business and the Data Protection Act .........................................................................................8
Staff Responsibilities .........................................................................................................................8
Passing Information to external third parties: .........................................................................8
Off ences under the Act ....................................................................................................................8
Social Media .........................................................................................................................................9
Further Information ...........................................................................................................................9
Declaration ...........................................................................................................................................9
3. 1.
The Data Protection Act 1998 amended 2000
Aims:
This document is to explain the ‘Key Elements’ of the Data Protection Act and its
relevance to your employment.
What does it do?
The Data Protection Act (DPA) is designed to protect personal data stored on
computers or in an organised paper fi ling system.
How?
The DPA aims to protect the rights to privacy of an individual’s information by
regulating the processing of personal data.
Most people will say....
“I am not stupid you know, I do know............”
However, 1 in 3 people admit they throw away documents containing important
personal information without shredding the documents fi rst.
Examples of incidents include:
• Lancashire County Council left social work records in a fi ling cabinet that was
sold at an auction
• Sixty-two thousand Bank of Scotland mortgage customer details were put on a
CD and put in the post but it never turned up
People are aware of their rights;
• A senior academic at Lancaster University has received a written warning for
making “illicit disclosures” after he responded to a mother’s complaint about her
son’s tuition
• The professor replied immediately; listing the student’s modules, contact time
etc
However, when the student became aware of the exchange, he complained to the
University that it had released the information without his consent.
4. 2.
What does the Act cover?
• Paper Files
• Electronic Files, Databases, Spreadsheets & E-mail.
• Photographs
• CCTV
• Publications - for example, a Prospectus. Individuals would have to consent to
this
• Web Pages - To promote a culture of openness which includes publishing
staff names, job titles and extension numbers. Such publications in telephone
directories are also considered to be a normal business requirement
When handling data questions to ask your selves:
• Who could access this information?
• How accurate is it?
• Could it be copied?
• Is it possible to store information without the individual’s knowledge or
permission?
• Was a record kept of any changes?
• Who is liable
How does DPA at work?
1. The 1998 Data Protection Act was passed by Parliament to control the way
information is handled and to give legal rights to people who have information
stored about them.
2. Essentially it works by:
i. Setting up rules that people have to follow
ii. Having an ‘Information Commissioner’ to enforce the rules
However:
“It does not stop organisations storing and using information about people.
It just makes them follow rules.”
There are 3 main roles:
1. Information Commissioner
2. Data Controller
3. Data Subject
5. 3.
Data Commissioner
The Information Commissioner’s offi ce is the UK’s independent authority set up
to uphold information rights in the public interest, promoting openness by public
bodies and data privacy for individuals.
A Data Controller
Someone who determines how the personal data is used is called the DATA
CONTROLLER. Companies are Data Controllers, as well as each individual employee
of the company.
As the Data Controller, you can be held personally liable for non-compliance with
the DPA.
A Data Processor
Any person who processes data on behalf of the Data Controller (apart from their
employees),is known as a Data Processor, e.g. Outsourcers used for mail shots.
N.B. The Data Processor cannot use the information for their own purposes. They
can only use it for the purpose for which it was given to them by the Data Controller.
Data
There are 2 types of data:
‘Personal Data’ and ‘Sensitive Personal Data’
What is personal data?
Anything that could identify an individual, for example:
• Name
• Address
• National Insurance number
• Opinions which a company may hold about the individual (think about the
implications of this before you write comments about someone on a fi le or
telephone note)
6. 4.
What is Sensitive Personal Data?
The Act also covers Sensitive Personal Data about an individual, for example:
• Political Opinions
• Religion
• Race or Ethnic Origin
• Sexual Orientation
• Convictions
• Medical Data
In other words, anything which could cause an individual to be discriminated
against.
N.B. Financial data (bank account / salary) is classed as confi dential data and does
not come under sensitive data.
If someone who is not entitled to see these details can obtain access without
permission it is deemed unauthorised access.
What you may do with this data (data processing)?
Data processing is any action taken with personal data including the collection, use,
disclosure, destruction & holding of data.
Processing is a very wide term and means anything you do with it; including:
• Filing
• Posting
• Compiling a Report
• Using it
• Just handing it to someone else.
The Data Controllers Must Comply with Eight Principles
For the personal data that Data Controllers store and process:
1. It must be collected and used fairly and inside the law
2. It must only be held and used for the reasons given to the Information
Commissioner
7. 5.
3. It can only be used for those registered purposes and only be disclosed to those
people mentioned in the register entry
4. The information held must be adequate, relevant and not excessive when
compared with the purpose stated in the register
5. It must be accurate and be kept up to date
6. It must not be kept longer than is necessary for the registered purpose
7. The information must be kept safe and secure
8. The fi les may not be transferred outside of the European Economic Area unless
the country that the data is being sent to has a suitable data protection law
Subjects
A subject is about whom/who the data is kept.
Remember the ‘Data Subjects’ also have rights, including:
1. A right of subject access
2. A right of correction
3. A right to prevent distress
4. A right to prevent direct marketing
5. A right to prevent ‘Automatic Decisions’
6. A right of complaint to the Information Commissioner
7. A right to compensation
Data Disclosure
In situations where information is requested it is important that you ensure that the
third party are aware that they must also comply with the Act and apply appropriate
security measures to any information that we share with them.
Unauthorised disclosure may result in disciplinary action!
However in some circumstances disclosure may be necessary. In these
circumstances certain rules and processes must be followed.
8. 6.
Complete exemptions from the Act
1. Any personal data that is held for a national security reason is not covered
2. Personal data held for domestic purposes only at home, e.g. a list of your friends’
names, birthdays and addresses does not have to keep to the rules
3. Partial exemptions; e.g. HMRC, School pupils, company planning documents,
health notes, statistics & employer references
DPA and Business Use
• If a business holds personal data then they may need to notify the Information
Commissioners offi ce. This costs £35, and has to be done every year
• Notifi cation means that the data controller’s details are added to the
Commissioner’s register
• The register has details of the data controller, the types of processing carried out
and for what purpose the processing is carried out
Exceptions
• There are exceptions for organisations which make only limited use of personal
data. However, they must still comply with the eight principles
• This covers information stored for, e.g. payroll, pensions and accounts
• Also information which cannot be disclosed for reasons of national security
• Information held about club members does not have to be notifi ed if all
members agree
How to behave
When companies collect data from individuals they should:
• Advise who they are
• Be honest regarding the reasons they want the information and how it will be
used
• Have a legitimate reason for processing the data
• Advise who they intend to pass the data onto
9. 7.
Consent
• Consent is needed in most cases for the processing of personal data although it
is implied in certain circumstances
• Consent would be implied if for example an individual takes out a pension policy
- it can be reasonably implied that they have given their consent for the data to
be processed
• It would be impossible to administer the pension without processing data (ie
retrieving it, altering it etc)
Explicit Consent
• If information is to be used for ‘DIRECT MARKETING’ purposes, then the data
subject should be made aware of this and given the opportunity not to have
their data used for this purpose. This is called explicit consent
• To opt out – Mailing preference service www.mpsonline.org.uk (there is also the
telephone preference service, fax preference service etc)
Disclosing Information
• Personal information should not be disclosed to anyone outside the categories
notifi ed to the Commissioner
• Information should not be disclosed to a third party unless there is a legitimate
reason to do so – even where the individual has provided their explicit consent
to do this
Disclosure – An exception
Under Section 29 of the Data Protection Act, Data Controllers are permitted to
disclose personal data for special purposes.
What might these special purposes be and who might request the information
• Prevention or detection of crime - Police
• Apprehension/prosecution of off enders - Police
• Assessment/collection of tax duty -Inland Revenue / Customs & Excise
Procedure for making a request
Disclosure requests should preferably:
• Be made in writing
10. 8.
• Confi rm the identity of the person making the request
• State that the disclosure is required under S.29 of the Data Protection Act
• Specify the data needed and confi rm their reasons for asking for the data
• Therefore, should there be a subsequent complaint the Data Controller can
demonstrate that they have taken reasonable precautions before disclosing the
data
Business and the Data Protection Act
Staff Responsibilities
All staff must ensure that:
• Personal data provided in connection with their employment is accurate and up-to-
date. It is important to inform the College of any errors, corrections or changes
for example, change of address, marital status etc
• Personal data pertaining to individuals that staff holds or processes, is kept
securely and treated as confi dential and is not disclosed either orally or in
writing, accidently or otherwise, to any un-authorised third party
Passing Information to external third parties:
• In such instances it is important that you ensure that the third party are aware
that they must also comply with the Act and apply appropriate security measures
to any information that we share with them
• Unauthorised disclosure may be disciplinary matter
Off ences underThe Act
• Obtain or disclose personal data without consent of data subject
• Knowingly or recklessly obtain or disclose information contained in personal
data
• Unlawfully sell/off er to sell personal data
• Failure to notify changes
• Failure to comply with a written request for particulars
So what does it mean for me ?
Personal liability:
You can be prosecuted for unlawful action under the legislation if:
11. 9.
• You use or disclose information about other people without consent or
authorisation
• You give information to another employee or student who does not need the
details to carry out their legitimate duties, even if it was accidental
Think and remember:
• Who can hear your phone call?
• Who are you really talking to?
• Do they really need to know?
• Who can see your PC/Laptop screen?
• Where does waste paper end up?
• What information is on your desk or in-tray?
Social media
Social Media ‘posts’ are subject to Data Protection legislation. This includes but is
not limited to Facebook, Twitter, and Linked-In (and other derivatives).
Remember:
• The internet does not forget.
• So, think before updating that Facebook status!
Further Information
For further information on the Data Protection act please visit: www.ico.gov.uk
Declaration
I ...................................................................................., DO HEREBY UNDERTAKE to abide by the
Data protection Act 1998 amended 2000.
I agree that I have received, read and understood the contents of the data
protection act documentation issued by Pathway Group. I am fully aware of my
responsibilities as related to data protection.
Signature: ...................................................................................................................................................
Date: .............................................................................................................................................................
12. Pathway College
putting you first
Pathway Group
putting you first
Pathway Group
Fairgate house, 205 Kings Road, Tyseley, Birmingham B11 2AA
Tel: 0800 955 0870 / 0121 707 0550
Email: info@pathwaygroup.co.uk
Web: www.pathwaygroup.co.uk