Common use of Data Transfer Method Clause in Contracts

Data Transfer Method. The parties to this Agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Each party will make sure that personal data shall be processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical solutions or organisational measures in accordance with principle 7 of the DPA/Article 5(1)(f) of the GDPR. BMBC and schools must make sure they have procedures in place to prevent:  Accidental compromise or damage during storage, handling, use, processing, transmission or transport;  Deliberate compromise or opportunist attack;  Unauthorised disposal or destruction of the data;  Unauthorised access;  Accidental loss of personal data should be avoided through the implementation of appropriate security procedures. Regular flow (specify frequency) See Appendix A Ad hoc More than 21 items per flow Yes Less than 21 items per flow Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face Named point of contact at BMBC and school Telephone Electronically (state method) Perspective Lite Secure File Transfer (Angel Solutions) Secure E Mail Yes – Egress, 7zip, password protected Secure Mail Secure Courier Encrypted Removable Media Other Synergy – Servelec (Orchestra) Has a risk assessment been carried out on the chosen methods of transfer? Yes – BMBC Information Security Team What are the identified risks? Email is sent to the wrong email address – training provided to all staff – access to email can be revoked.

Data Transfer Method. The parties to this Agreement are responsible for ensuring that appropriate security and confidentiality procedures are in place to protect the transfer, storage and use of the shared, person identifiable data. Each party will make sure that personal data shall be processed in a manner that ensures appropriate security of the personal data including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical solutions or organisational measures in accordance with principle 7 of the DPA/Article 5(1)(f) of the GDPR. BMBC and schools must make sure they have procedures in place to prevent:  • Accidental compromise or damage during storage, handling, use, processing, transmission or transport;  • Deliberate compromise or opportunist attack;  • Unauthorised disposal or destruction of the data;  • Unauthorised access;  • Accidental loss of personal data should be avoided through the implementation of appropriate security procedures. Regular flow (specify frequency) See Appendix A Ad hoc More than 21 items per flow Yes Less than 21 items per flow Give full details of how the transfer will be made and what security measures will be in place e.g. encryption, business secure mail or recorded signed for etc. Face to face Named point of contact at BMBC and school Telephone Electronically (state method) Perspective Lite Secure File Transfer (Angel Solutions) Secure E Mail Yes – Egress, 7zip, password protected Secure Mail Secure Courier Encrypted Removable Media Other Synergy – Servelec (Orchestra) Has a risk assessment been carried out on the chosen methods of transfer? Yes – BMBC Information Security Team What are the identified risks? Email is sent to the wrong email address – training provided to all staff – access to email can be revoked.