Add to collection(s) Add to saved
  1. Business
  2. Management
  3. Business Law

DP3 Data Protection Compliance An Aide Memoire

advertisement 
Canterbury Christ Church University
Data Protection
Data Protection Compliance: An Aide Memoire
1. Consent
o
Wherever possible obtain consent before acquiring, holding or using personal data.
o
Any University forms, whether paper or web-based, designed to gather personal data
should contain a statement explaining what the information is to be used for and to
whom it may be disclosed. The Data Protection Officer can advise on the wording
required in specific cases.
2. Sensitive data
o
Be particularly careful with sensitive personal data, which is information relating to
race, political opinion, physical or mental health, religious belief, trade union
membership, sexuality, criminal offences.
o
Hold and use such information only where strictly necessary.
o
Always obtain the consent of the individuals concerned and notify them of their likely
use(s) of such data.
3. Individual rights
o
Wherever possible, be open with individuals concerning the information held about
them.
o
When preparing reports or appending notes to official documents, bear in mind that
individuals have the right to request to see all personal data and could read what were
meant to be 'informal' comments about them. Be aware that this includes e-mails
containing personal data and so use the same caution when sending e-mails.
4. Review files
o
Only create and retain personal data where necessary.
o
Securely dispose of, or delete, any personal data that is out of date, irrelevant or no
longer required.
o
Hold regular reviews of files and discard unnecessary or obsolete data systematically.
Data Protection Compliance: An Aide Memoire
June 2009
Page 1
5. Disposal of records
o
When discarding paper records containing personal data, treat them confidentially. It
is important to shred such files rather than disposing of them as waste paper.
o
Delete any unnecessary or out-of-date electronic records.
o
Do not dispose of University computers until Computing Services has ensured all
stored information has been removed or deleted.
6. Accuracy
o
Keep all personal data up-to-date and accurate. Note any changes of address and other
amendments. If there is any doubt about the accuracy of personal data, do not use it.
7. Security
o
Keep all personal data as securely as possible, for instance in lockable filing cabinets
or rooms. Do not leave records containing personal data unattended in offices or areas
accessible to students and members of the public.
o
Ensure you do not display personal data on computers screens visible to passers-by.
o
These security considerations apply to records taken away from the University e.g.
for work at home or for a meeting outside the University.
o
Remember e-mail is not necessarily confidential or secure, and so should not be used
for potentially sensitive communications.
o
When using a memory stick, use one that has encryption software.
8. Disclosing data
o
Never reveal personal data to third parties without the consent of the individual
concerned or other reasonable justification. This includes parents, guardians, relatives
and friends of the data subject who have no right to access information without the
data subject's consent.
o
Personal data can only be legitimately disclosed to third parties for purposes
connected with a student's studies and to meet statutory requirements (e.g. to HEFCE,
LEAs, Council Tax Offices and Research Councils) but only where we are satisfied to
the enquirers' identity and the legitimacy of the request.
o
Requests for personal information are received from time to time from organisations
such as the police and the Inland Revenue. The University endeavours to co-operate
with these organisations, but steps need taking to ensure requests are genuine and
legitimate.
9. Worldwide transfer
o
Always obtain consent from the individuals concerned before placing information
about them on the Internet, apart from basic office contact details, and before sending
Data Protection Compliance: An Aide Memoire
June 2009
Page 2
personal data outside the EEA (the European Union, Iceland, Lichtenstein and
Norway).
10. Third party processors
o
Be aware if a third party data processor is used, for instance for bulk mailings or
database management giving them access to personal data, there must be a written
contract in place to ensure the data processor treats such information confidentially,
securely and in compliance with the Data Protection Act 1998.
Data Protection Compliance: An Aide Memoire
June 2009
Page 3
Related documents
To Whom It May Concern
To Whom It May Concern
DP6 Guidelines for University Schools
DP6 Guidelines for University Schools
experimental subject bill of rights
experimental subject bill of rights
Manlilisid NHS shifts from Toga to Sablay
Manlilisid NHS shifts from Toga to Sablay
Consent for Medical Treatment and Photography
Consent for Medical Treatment and Photography
Consent for Medical/Surgical Care and Treatment Cf 242 11/05
Consent for Medical/Surgical Care and Treatment Cf 242 11/05
Microsoft Word - Junior Squash PARENT CONSENT FORM
Microsoft Word - Junior Squash PARENT CONSENT FORM
You have been given information about your condition and the
You have been given information about your condition and the
Email Consent Form - Mayer and Cope Family Practice
Email Consent Form - Mayer and Cope Family Practice
THE DISCLOSURE OF MEDICAL INFORMATION
THE DISCLOSURE OF MEDICAL INFORMATION
Experimental Subject`s Bill of Rights - Office of Research
Experimental Subject`s Bill of Rights - Office of Research
DP8 Collecting Personal Data Wording for Data Protection
DP8 Collecting Personal Data Wording for Data Protection
Download
advertisement