What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to Information Governance (IG)
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Data Protection Information Management / Jody McKenzie.
Confidentiality & Records Management. What is Information Governance? What is Records Management?
Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.
The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Implementation of Security and Confidentiality in GP Practices.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
Data Protection for Church of Scotland Congregations.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT 2002 The Basics Balance the rights of an individual with an organisation’s legitimate need to process personal data Promote openness.
INFORMATION GOVERNANCE AND CONFIDENTIALITY Information Governance Facilitator.
Data Protection and research Rachael Maguire Records Manager.
What is the Data Protection Act (DPA)? 1998 The Data Protection Act 1998 seeks to strike a balance between the rights of individuals and the sometimes.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Data protection—training materials [Name and details of speaker]
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Understanding Privacy An Overview of our Responsibilities.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Data Protection and Confidentiality
Privacy principles Individual written policies
Data Protection The Current Regime
General Data Protection Regulation
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
G.D.P.R General Data Protection Regulations
Data Protection principles
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
Presentation transcript:

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of personal data Enter Organisation Logo Here

Processing The definition of processing is very wide: Obtaining Recording Holding Using Erasure Destruction “Any operation” on the data Enter Organisation Logo Here

Terminology Data Controller: a person who (alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed Data Subject: an individual who is the subject of personal data Enter Organisation Logo Here

Personal data e.g. name, address, telephone number Sensitive personal data Racial or ethnic origin Political opinions/membership of trade union Religious beliefs Physical or Mental Health record Sexual life Alleged offences/legal proceedings Enter Organisation Logo Here

Relevant Filing System The information must be structured to enable easy access to the information e.g. health records are normally filed alphabetically or numerically, which means that the file is easily accessible. Examples: Card Index File arranged alphabetically File with dividers Enter Organisation Logo Here

The Data Protection Principles 1Processed fairly and lawfully 2Processed for specified purposes 3Adequate, relevant and not excessive 4Accurate and kept up to date 5Not kept for longer than necessary 6Processed in accordance with the rights of data subjects 7Protected by appropriate security (practical and organisational) 8Not transferred outside the EEA without adequate protection Enter Organisation Logo Here

Processed fairly and lawfully Data subject not misled or deceived into giving the information Data subject given basic information describing who will process the data for what purpose(s) Schedules of conditions are satisfied Explicit Consent / Informed Consent Lawful purpose and common law of confidentiality complied with Principle 1

Reasons for the leaflet Caldicott Management Audit We need to tell patient /clients about the ways in which information is collected about them and how it will be used Data Protection Act 1998 We are required by law to inform individuals about how their information is used and shared Displaying the leaflet means you are meeting these requirements

Principle 1 - Schedule 2 Conditions: The data subject has consented Processing is necessary for the performance of a contract or pre contract steps Legal obligation of the data controller Vital interests of the data subject Administration of justice, by or under enactment, government department etc. Legitimate interests of the data controller so long as the rights and freedoms or legitimate interests of the data subject are not prejudiced. Enter Organisation Logo Here

Conditions: The data subject has given explicit consent The processing is necessary for any right or obligation in connection with employment Necessary to protect the vital interests of the data subject or another person Non-profit making bodies Where the personal data has been made public by the data subject Legal proceedings Medical purposes Enter Organisation Logo Here Principle 1 - Schedule 3

Principle 2 Processed for specified purposes Review the purposes of your organisation Check your Notification Information mapping Ensure disclosures are properly handled Access to Health Records policy Compliance with information sharing guidelines/legislation Enter Organisation Logo Here

Principle 3 Adequate, relevant and not excessive Apply good data management practices – Only collect and keep the information you require Do not collect information “just in case it might be useful one day!” Factual, clear and legible! Abbreviations! Enter Organisation Logo Here

Principle 4 Accurate and kept up to date Take care inputting information Formal processes to ensure personal data is kept accurate and up to date Enter Organisation Logo Here

Principle 5 Not kept for longer than necessary Ensure compliance with legal requirements and established guidelines for retention periods For the Record HSC 1999/053 Review procedures for retention and disposal Safeguard the confidentiality of personal data being destroyed Enter Organisation Logo Here

Principle 6 Compensation Rectification/blocking/erasure Request an assessment Processing for direct marketing Automated decision making Subject access Prevention of processing Enter Organisation Logo Here Processed in accordance with the rights of data subjects

Principle 7 Protected by appropriate security (practical and organisational) Security: IT and non-technical Controlling access to information Staff selection and training Ensuring business continuity Detecting and dealing with breaches of security Confidentiality contracts with third parties Enter Organisation Logo Here

Principle 8 Not transferred outside the EEA without adequate protection Beware of others without equivalent protection Contracts with third party suppliers Internet web sites Transfer of records Enter Organisation Logo Here

Caldicott Manual Security Policy HSJ Presentations 2001 Diary Procedure Manual Human Rights Act FIO Act HSC 1999/053 HSC 1998/064 HSC 199/217 Caldicott toolkit HSG (96) 18 HSC 999/ Diary ESHA Directory Dictionary Thesaurus Data Protection Training Courses DPA: An ActionPlan For The Record

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.