Presentation is loading. Please wait.

Presentation is loading. Please wait.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

Published byKerry Jenkins Modified over 9 years ago

Similar presentations

Presentation on theme: "What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of."— Presentation transcript:

1

2 What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of personal data Enter Organisation Logo Here

3 Processing The definition of processing is very wide: Obtaining Recording Holding Using Erasure Destruction “Any operation” on the data Enter Organisation Logo Here

4 Terminology Data Controller: a person who (alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed Data Subject: an individual who is the subject of personal data Enter Organisation Logo Here

5 Personal data e.g. name, address, telephone number Sensitive personal data Racial or ethnic origin Political opinions/membership of trade union Religious beliefs Physical or Mental Health record Sexual life Alleged offences/legal proceedings Enter Organisation Logo Here

6 Relevant Filing System The information must be structured to enable easy access to the information e.g. health records are normally filed alphabetically or numerically, which means that the file is easily accessible. Examples: Card Index File arranged alphabetically File with dividers Enter Organisation Logo Here

7 The Data Protection Principles 1Processed fairly and lawfully 2Processed for specified purposes 3Adequate, relevant and not excessive 4Accurate and kept up to date 5Not kept for longer than necessary 6Processed in accordance with the rights of data subjects 7Protected by appropriate security (practical and organisational) 8Not transferred outside the EEA without adequate protection Enter Organisation Logo Here

8 Processed fairly and lawfully Data subject not misled or deceived into giving the information Data subject given basic information describing who will process the data for what purpose(s) Schedules of conditions are satisfied Explicit Consent / Informed Consent Lawful purpose and common law of confidentiality complied with Principle 1

9 Reasons for the leaflet Caldicott Management Audit We need to tell patient /clients about the ways in which information is collected about them and how it will be used Data Protection Act 1998 We are required by law to inform individuals about how their information is used and shared Displaying the leaflet means you are meeting these requirements

10 Principle 1 - Schedule 2 Conditions: The data subject has consented Processing is necessary for the performance of a contract or pre contract steps Legal obligation of the data controller Vital interests of the data subject Administration of justice, by or under enactment, government department etc. Legitimate interests of the data controller so long as the rights and freedoms or legitimate interests of the data subject are not prejudiced. Enter Organisation Logo Here

11 Conditions: The data subject has given explicit consent The processing is necessary for any right or obligation in connection with employment Necessary to protect the vital interests of the data subject or another person Non-profit making bodies Where the personal data has been made public by the data subject Legal proceedings Medical purposes Enter Organisation Logo Here Principle 1 - Schedule 3

12 Principle 2 Processed for specified purposes Review the purposes of your organisation Check your Notification Information mapping Ensure disclosures are properly handled Access to Health Records policy Compliance with information sharing guidelines/legislation Enter Organisation Logo Here

13 Principle 3 Adequate, relevant and not excessive Apply good data management practices – Only collect and keep the information you require Do not collect information “just in case it might be useful one day!” Factual, clear and legible! Abbreviations! Enter Organisation Logo Here

14 Principle 4 Accurate and kept up to date Take care inputting information Formal processes to ensure personal data is kept accurate and up to date Enter Organisation Logo Here

15 Principle 5 Not kept for longer than necessary Ensure compliance with legal requirements and established guidelines for retention periods For the Record HSC 1999/053 Review procedures for retention and disposal Safeguard the confidentiality of personal data being destroyed Enter Organisation Logo Here

16 Principle 6 Compensation Rectification/blocking/erasure Request an assessment Processing for direct marketing Automated decision making Subject access Prevention of processing Enter Organisation Logo Here Processed in accordance with the rights of data subjects

17 Principle 7 Protected by appropriate security (practical and organisational) Security: IT and non-technical Controlling access to information Staff selection and training Ensuring business continuity Detecting and dealing with breaches of security Confidentiality contracts with third parties Enter Organisation Logo Here

18 Principle 8 Not transferred outside the EEA without adequate protection Beware of others without equivalent protection Contracts with third party suppliers Internet web sites Transfer of records Enter Organisation Logo Here

19 Caldicott Manual Security Policy HSJ Presentations 2001 Diary Procedure Manual Human Rights Act FIO Act HSC 1999/053 HSC 1998/064 HSC 199/217 Caldicott toolkit HSG (96) 18 HSC 999/012 2000Diary ESHA Directory Dictionary Thesaurus Data Protection Training Courses DPA: An ActionPlan For The Record

Download ppt "What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of."

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.

Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
Data Protection.

Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
The Data Protection Act

The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.

Similar presentations

Ads by Google