Everyone has rights in relation to how their personal information is handled. During The ABC Team’s business activities, we will collect, store and process personal information.
The types of information that we may be required to handle include details of current, past and prospective employees, suppliers, customers, learners and others that we communicate with. The ABC Team’s use of the information, which may be held on paper, on a computer or on other media, is subject to certain legal safeguards specified in the Data Protection Act 1998 and other regulations.
The Act is complex. However, it is underpinned by a set of eight straightforward principles. This The ABC Team’s Data Protection Guidance sets out these principles and is supported by a Data Protection Process Flow and a set of Data Protection Guidance Notes.
The act contains eight “Data Protection Principles”. These specify that personal data must be:
1. Processed fairly and lawfully.
2. Obtained for specified and lawful purposes.
3. Adequate, relevant and not excessive.
4. Accurate and up to date.
5. Not kept any longer than necessary.
6. Processed in accordance with the “data subject’s” (the individual’s) rights.
7. Securely kept.
8. Not transferred to any other country without adequate protection in situ.
It is important for all to be familiar with this Policy, the Procedures and the Guidance Notes and to take appropriate advice from the Data Protection Officer when they are unsure about how best to comply.
Every individual of The ABC Team should, so far as is reasonably practicable, pay attention to ensure that:
• All personal information is processed fairly and lawfully and in line with data subjects' rights;
• Any processing of personal information is limited to that personal information that is adequate, relevant and not excessive for The ABC Team’s lawful business purposes and no other purposes;
• Any personal information is accurate and kept up to date and stored only for so long as is needed by The ABC Team for its lawful business purposes;
• All personal information is safeguarded against accidental loss, destruction or damage by appropriate technical and organisational measures; and
• No personal information shall be transferred to a country or territory outside the European Economic Area without the appropriate measures to ensure the rights and freedoms of the relevant individuals are adequately protected
In order to ensure that The ABC Team processes personal information in accordance with The ABC Team’s data protection policy, all processing of personal information carried out by The ABC Team shall be in accordance with the data protection process flow at the end of this document and in the guidance notes. The Process Flow (Appendix 1) and set of Guidance Notes form part of the Data Protection Policy and provide supplementary information to enable The ABC Team employees to better understand and comply with the Data Protection Policy.
Failure to comply may result in any or all of the following:
The Information Commissioner (the regulator of the Data Protection Act 1998) could:
i. Serve an information or enforcement notice;
ii. Require The ABC Team to sign up to an Undertaking;
iii. Carry out an assessment or investigation into The ABC Team’s data processing activities;
iv. Instigate a criminal prosecution;
v. Impose a fine of up to £500,000;
• An individual making a claim against The ABC Team for a compensation payment or for breach of their rights under the Data Protection Act 1998;
• Loss of public trust and confidence in The ABC Team following negative publicity and reputational damage;
• Loss of staff trust and confidence in The ABC Team;
• Disciplinary proceedings for members of staff involved, which could result in dismissal.
In this document “personal information” means any information directly relating to a living individual, and not only “personal data” as defined by the Data Protection Act 1998.
Further Information, Guidance and Support
For further support and guidance relating to the Eight Data Protection Principles, please visit the ICO website: http://ico.org.uk/for_organisations/data_protection/the_guide/the_principles
ICO have received queries of the same topics, and have created pages to provide information which may be useful – please visit their website for information on the following:
- Big Data
- Data Sharing
- Online & Computing
- Personal Information Promise
- Privacy by Design
- Privacy Impact Assessment
- Privacy Notes
- Protecting Personal Data in Online Services
Telecommunications Directory Information http://ico.org.uk/for_organisations/data_protection/topic_guides