Data Protection Training presentation for work. A consistent 7/7 from audience on presentation and slides. The presentation covers the 8 principles of the Act and describes the roles and responsibility of staff.
2. Table of Contents
Section 1 Introduction: how the Act works
Section 2 Definitions
Section 3 The 8 Principles of the DPA
Section 4 Your responsibilities
Section 5 Additional information
2
3. Your take aways
• Know the 8 principles
• Know your role and responsibilities.
3
4. The Legal Framework
Our use of information is
governed by a range of
laws principally:
• The Data Protection Act
• The Freedom of
Information Act
• Common Law Duty of
Confidence
You need to know how • Human Rights Act
these laws affect you!
4
7. How the Act Works
As a “data controller” , you
have to follow the eight
principles so you protect the
rights of individuals also known
as “data subjects”.
The principles cover how you
work with personal data and
sensitive personal data.
7
9. What is personal Information?
Personal information is defined broadly and has
two criteria:
First. It must relate to a living person. The dead do
not have data protection rights. The living relatives
will have a right to privacy and confidentiality.
Second, the person must be identifiable – either
from the information itself or from the information
plus other information which the data controller
either possesses or is likely to possess in the future
The definition of personal data includes any
expression of opinion about the data subject.
9
10. What is Sensitive Personal Data?
Sensitive personal information is defined by the Act. It
covers the following areas:
Race ethnic origin
Criminal records (including CRB checks)
Membership of a trade union
Medical records (such as sickness absence)
Political opinions
Religious, or similar beliefs
Sexual life, for example, a person’s sexual
orientation
In most cases explicit consent is needed before
these can be used but other conditions may apply.
10
11. What is a Data Subject
A data subject is any living individual who
is the subject of personal data.
11
12. What is a data controller
An organisation, or an individual, is a data controller if it has
full authority to decide how and why personal data is to be
“processed” . When an organisation uses personal data or
shares it with another organisation, it is acting as a data
controller.
Please note that an employee working for an organisation
can never be a data controller.
12
15. • If you learn nothing else on Data
Protection, remember the following
slide and you’ll probably be OK
15
16. The 8 Data Protection Principles
1.
2.
3.
4.
5.
6.
Fairly and lawfully processed
Processed for limited purposes.
Adequate, relevant and not excessive
Accurate and up to date
Not kept for longer than is necessary.
Processed in line with the rights of the
data subject.
7. Stored and processed securely.
8. Not transferred to countries without
adequate protection.
16