Data Protection Principles. Anyone processing personal data must comply with the seven Data Protection Principles set out in Article 5 of the UK GDPR, which in summary are:
Data Protection Principles. Each User and/or ITM is a separate business project. Dreamport treats each User and/or ITM as an independent contractor – legal persons. Data provided by Users and/or ITMs means “personal data which concerns legal persons” (B2B relationships) and is necessary to access the Platform. As a result, Dreamport uses best practices originated from provisions of data protection laws and guides, at the same time, Dreamport as a party in B2B relationships may derogate from those laws and guides.
Data Protection Principles. Data Protection Act 1998 Rights of the Individual The Act gives seven rights to individuals in respect of their own personal data: Right of subject access Right to prevent processing likely to cause damage or distress Right to prevent processing for the purposes of direct marketing Rights in relation to automated decision taking Right to take action for compensation if the individual suffers damage (as a result of any breach of the act) Right to take action to rectify, block, erase or destroy inaccurate data Right to request the Information Commissioner for an assessment to be made as to whether any provision of the Act has been contravened. A person (data subject) is deemed capable of exercising any of these rights according to their age and capability as follows: A person of 12 years or more shall be presumed to be of sufficient age and maturity, and thus have a general understanding, to be able to exercise any right under the Data Protection Act 1998. For a person under 12 years of age someone with parental responsibility, or a guardian, may exercise those rights on behalf of the child. If a person aged 12 years or more is determined not to be capable of exercising their rights then again a legal guardian may exercise those rights on their behalf. In a health context capability is usually determined by the application of the ‘Fraser Guidelines’. Data Protection Act 1998 Schedule 2 CONDITIONS RELEVANT FOR PURPOSES OF THE FIRST PRINCIPLE: PROCESSING OF ANY PERSONAL DATA
Data Protection Principles. The employer will comply with data protection law. This says that the personal information the employer holds about the employee must be:
Data Protection Principles. Principle 1 – Personal data shall be processed Lawfully, Fairly and Transparently Privacy Issue Comments Have you identified the purpose of the project? Yes Is there a lawful reason you can carry out this project? Yes How will you tell individuals about the use of their personal data? They are directed to the policy on both organisations websites Do you need to amend your privacy notice? No Have you established which Article 6 conditions for processing apply? Yes If Special Category data is involved, have you established which Article 9 conditions for processing apply? Yes If you are relying on consent to process personal data, how will this be collected and what will you do if it is withheld or withdrawn? N/A Will your actions interfere with the right to privacy under Article 8 of the Human Rights Act? If yes, is it necessary and proportionate? Yes and yes it is necessary and proportionate as documented in the ISA Have you identified the social need and aims of the project? Yes Are your actions a proportionate response to the social need? Yes Principle 2 – Personal data shall be specified, explicit & legitimate Privacy Issue Comments Does your project plan cover all YEs the purpose for processing personal data? Which personal data could you None not use, without compromising the needs of the project? What process is in place to The organisations both have a dedicated unit that deal with answer ‘Right to Access’ (requests specific requests for ‘Right to access’ and these are clear on for personal data)? the websites Principle 3 – Personal data shall be adequate, relevant and limited to what is necessary Privacy Issue Comments Is the quality of the information Yes good enough for the purposes it is used? Which personal data could you None not use, without compromising the needs of the project? Principle 4 – Personal data shall be accurate & up to date Privacy Issue Comments If you are procuring new software N/A using existing software does it allow you to amend and/or delete data when necessary? How are you ensuring that personal data obtained from individuals or other organisations is accurate? It is as accurate as those recording it can make it. All officers record information on a daily basis and are fully aware of making sure they get correct details. Principle 5 – Personal data shall be kept for no longer than necessary Privacy Issue Comments What retention periods are In line with MOPI suitable for the personal data you will be processing> How long wi...
Data Protection Principles. The Data Protection Act stipulates that anyone processing personal data must comply with Eight Principles of good information handling. These Principles are legally enforceable and require that personal information: Shall be processed fairly and lawfully and in particular, shall not be processed unless specific conditions are met; Shall be obtained only for one or more specified and lawful purposes and shall not be further processed in any manner incompatible with that purpose or those purposes; Shall be adequate, relevant and not excessive in relation to the purpose or purposes for which it is processed; Shall be accurate and where necessary, kept up to date; Shall not be kept for longer than is necessary for that purpose or those purposes; Shall be processed in accordance with the rights of data subjects under the Act; Shall be kept secure i.e. protected by an appropriate degree of security; Shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of data protection. For further details on the principles of the Data Protection Act, please refer to link below to the Information Commissioner’s Office website: xxxxx://xxx.xxx.xx/for-organisations/guide-to-data-protection/ Local Authority Data Sharing Principles. Wherever possible data should be collected once and used many times for related purposes. Personal data on individuals will be properly protected and only shared in accordance with legislation. There is a commitment by all parties to ensure that data held is accurate and kept up to date. The purpose for which the data is sought should be justified. Data will not be released or sold for commercial or marketing purposes. Full compliance with the Data Protection Principles, as set out in the Data Protection Act 1998. Review and update procedures This protocol will be reviewed periodically and consequently it may be subject to change. Any changes to the protocol will be provided and schools will be notified. Annex A
Data Protection Principles. 1. Purpose limitation: Personal data may be processed and subsequently used or further communicated only for purposes described in Point 1 of the Administrative Cooperation Arrangement or subsequently authorised by the data subject.
Data Protection Principles. Each party acknowledge that it may process Personal Information disclosed by the other party for the purposes of providing the Services under this Agreement and any applicable SOW. Each party shall comply with all applicable laws relating to the protection of Personal Information. The Data Importer shall (i) Process such Personal Information consistent with the specific, legitimate and lawful purposes agreed between the parties, (ii) take reasonable steps to keep the Personal Information accurate and up-to-date for the intended limited and specified Processing purposes, (iii) Process only Personal Information that is relevant and required for the intended Processing purposes (as set out in the relevant SOW or as otherwise agreed between the parties), unless otherwise permitted by applicable law; (iv) retain Personal Information only as long as necessary and consistent with the purposes for which it was collected or Processed; (v) limit access to Personal Information to individuals who have a legitimate business need to access the Personal Information for the intended Processing purposes. The parties acknowledge and agree that Confidential Information may include Personal Information, in which case such Personal Information shall be afforded the protections set out in Section 3 of this Agreement. The provisions of Section 3(e) shall apply in respect of Personal Information, as though such Personal Information were Confidential Information.
Data Protection Principles. We will comply with data protection law. This says that the personal information we hold about you must be:
Data Protection Principles. 4.1 Anyone processing personal data must comply with the eight enforceable principles of good practice. These provide that personal data must be:
