Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Slides:



Advertisements
Similar presentations
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Advertisements

Information Governance An Introduction. Information Governance Outline What is Information Governance What initiatives does IG cover.
Introduction to Information Governance (IG)
Confidentiality & Records Management. What is Information Governance? What is Records Management?
The Data Protection (Jersey) Law 2005.
Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
3 Is there something I should know? Exercising our rights.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
Data Protection for Church of Scotland Congregations
Practical Information Management
Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma
Patient Group Meeting 3 September WORDS OF WISDOM TELL ME – I WILL FORGET SHOW ME – I WILL REMEMBER INVOLVE ME – I WILL UNDERSTAND.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection Act AS Module Heathcote Ch. 12.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
What is personal data? Personal data is data about an individual which they consider to be private.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
Data Protection Philip Reed. Introduction What is data? What is data protection? Who needs your data? Who wants your data? Who does not need your data?
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
The Data Protection Act 1998
Data Protection and Confidentiality
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
Pam Millington Area 4 co-ordinator
Data Protection Act.
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Identify the laws and guidelines that affect day-to-day use of IT.
Recording Clinical Data
General Data Protection Regulations 2018
Recording Clinical Data
Recording Clinical Data
Data Protection What can I do? GDPR Principles General Data Protection
GDPR what do we need to do?
Presentation transcript:

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are collecting their information, what you are going to do with it and who you may share it with... e.g. when formulating a research project, remember to be open and transparent about what you will be doing with the information Research Project

Principle 2 Principle 2 Processed only for specified lawful purposes/no incompatible processing Only use the information for the authorised purpose(s) stated Look out for tick boxes often hidden at the bottom of forms !! Please tick if you do not wish your details to be used for internal promotions or passed to our parent companies Please tick if you do not wish to receive information about products and services from carefully selected companies

Principle 3 Principle 3 Adequate, relevant and not excessive Only collect and keep the information you require … Do not keep “just in case it might be useful one day” ! e.g. taking both daytime and evening telephone number if you know you will only call in the day

Principle 4 Principle 4 Accurate and kept up-to-date Are you sure your information is up to date? Take care inputting data Do you have mechanisms for checking your information is accurate? e.g. each time a patient attends a clinic, they are asked to confirm that their details are correct - address, telephone number etc I wonder if anything has changed???

Principle 5 Principle 5 Not kept for longer than is necessary Follow advised Retention periods – For the Record (HSC 1999/053) Ensure regular housekeeping/spring cleaning Do not keep “just in case it might be useful one day” ! Can I dispose of this now?

Principle 6 Principle 6 Processed in accordance with data subjects’ rights Subject access Prevention of processing Processing for direct marketing – an end to junk mail and faxes ! Automated decision taking Compensation Rectification/blocking/erasure Request an assessment Rights Individual

E.g. Keep your password secret Always keep confidential papers in a locked cabinet… clear desk policy? Ensure confidential telephone conversations cannot be overheard Ensure secure route for confidential faxes (Safe Haven) Principle 7 Principle 7 Protected by appropriate security (Practical)

Principle 7 Principle 7 Protected by appropriate security (Organisational) An organisation needs... Good data management practices Guidelines on IT security Staff training Confidentiality clause in employment contracts Procedure for access to personal data Confidentiality contracts with third parties e.g. archiving companies, cleaners, confidential waste ESHA Security Policy ITBuilding ProceduresStorage Disposal Contracts Human Resources Equipment

Principle 8 Principle 8 Not transferred outside the European Economic Area (EEA) without adequate protection Be careful about Websites e.g. if putting personal information data on a website, gain consent from the person first Where is your support service operator based ?? … if outside the EEA is your information adequately protected??

For further information... Caldicott Guardian: Dr Ian Clark Data Protection Co-ordinator: Helen Wells – Ext Information Integrity Support: Nicola Gould – Ext Information Commissioner’s website: Caldicott website:

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.