1 / 10

The Data Protection Act Overview

The Data Protection Act Overview. The Data Protection Principles. Personal data must be: 1 Processed fairly and lawfully 2 Processed for specified purposes 3 Adequate, relevant and not excessive 4 Accurate and kept up-to-date 5 Not kept for longer than necessary

jayden
Télécharger la présentation

The Data Protection Act Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. The Data Protection ActOverview

  2. The Data Protection Principles Personal data must be: 1 Processed fairly and lawfully 2 Processed for specified purposes 3 Adequate, relevant and not excessive 4 Accurate and kept up-to-date 5 Not kept for longer than necessary 6 Processed in accordance with the rights of data subjects 7 Protected by appropriate security (practical and organisational) 8 Not transferred outside the EEA without adequate protection

  3. Principle 1 - Processed fairly and lawfully There should be no surprises, data subjects should be informed why we are collecting their information, and what we are going to do with it and who we may share it with... We do this by providing privacy statements when people access our services, these are provided on registration forms, on the website and through recorded telephone messages Be open, honest and clear

  4. Principle 2 - Processed only for specified purposes Only use personal information for the purpose(s) for which it was obtained. e.g. personal information on a Patient Administration System must only be used for healthcare purposes - not for looking up friends’ addresses or birthdays. Only share information outside your organisation, team, department or service if you are certain it is appropriate and necessary to do so. If in doubt, check first!

  5. Principle 3 - Adequate, relevant and not excessive • Only collect and keep the information you require. • It is not acceptable to hold information unless you have a view as to how it will be used. • Stick to the facts - avoid personal opinions and comments • Only gather the information that is relevant for the purpose for which it is being provided

  6. Principle 4 - Accurate and kept up-to-date Take care inputting information to ensure accuracy How do you know the information is up-to-date? What mechanisms do you have for checking the information is accurate and up-to-date? e.g. each time a patient attends a clinic, they should be asked to confirm that their details are correct - address, telephone number etc. Check existing records thoroughly before creating new records .Avoid creating duplicate records Where a member attends a gym it is good practice to periodically check that the address details you hold are correct

  7. Principle 5 - Not kept for longer than necessary • Follow retention guidelines • When information needs to be disposed of – ensure confidential information is always shredded and never placed in normal waste bins

  8. Principle 6 Processed in accordance with the rights of data subjects • Individuals have a right to request a copy of the information held on them • They have a right to request that you stop processing their information • They have a right to prevent processing for direct marketing - an end to junk mail and faxes! • They can also request compenstaion when information has not been handled correctly

  9. Principle 7 Protected by appropriate security (practical and organisational) • Ensure security of confidential faxes by using Safe Haven/Secure faxes • ALWAYSkeep confidential papers locked away • Do you have a clear desk policy? • Ensure confidential conversations cannot be overheard • Keep your password secret and do not share log ins • Ensure information is transported securely

  10. Principle 8 Not transferred outside the EEA without adequate protection • If sending personal information outside the EEA ensure consent is obtained and it is adequately protected • Be careful about putting personal information on websites - gain consent first • Check where your information is going • e.g. where are your suppliers based?

More Related