1

Role of the Data Protection Officer

Donald Henderson

Information Compliance Manager

30 September 2010

2

April 21, 2023April 21, 2023

What is the DPO?

Individual with responsibility for

ensuring that the organisation is

aware of and acts in compliance with

the Data Protection Act 1998

Also Codes of Practice

Other ICO guidance

and best practice

3

Functions

Notification Awareness and training Subject Access Requests Fair Processing Data Processing Agreements Impact assessments

CCTV IT systems

Security Data Breaches Complaints Data Sharing

4

Subject Access Requests

Individual’s right to see what information a Data Controller holds about them

Verification of identity Mandates

Collation of information Third party information Information that would cause damage or distress

Social Work functions School pupil records

5

Fair Processing

Is all the information necessary? Is the purpose clear? What is the person consenting to? Will the data be shared and, if so, who with? Does retention need to be made clear? Any issues with children or capacity to consent? Is the identity of the Data Controller clear?

6

Data Processing Agreements

Processing only to instruction Compliance with the Act Explicit approval for sub-contractors Contractors employees aware of responsibilities Inspection of processing facilities Assist with subject access requests Termination of the agreement Liability

7

Impact Assessments - CCTV

Who is responsible What’s being recorded and why Camera locations and coverage Technical issues Storage and retention Operation and management Fair processing Human Rights

8

IT Systems

Formal and informal assessments

Who is responsible What’s being stored and why Access rights and restrictions Passwords and encryption Supplier access Retention and deletion Publication and public access Technical vulnerabilities and testing Data sharing

9

Information Security

7th principle IT security Physical security Procedures Personnel Culture

10

Data Breaches & Complaints

Has something bad happened How bad is it How did it happen Vulnerabilities Mitigating actions Notification Apologies and rectification

11

Data Sharing

Formal agreement What information is to be shared Purpose Use Access Security Retention Fair processing and consent Review

12

Questions

Donald Henderson

Tel: 01738 477930

Email: dhenderson@pkc.gov.uk