Upload
naomi-warren
View
228
Download
0
Tags:
Embed Size (px)
Citation preview
1
Role of the Data Protection Officer
Donald Henderson
Information Compliance Manager
30 September 2010
2
April 21, 2023April 21, 2023
What is the DPO?
Individual with responsibility for
ensuring that the organisation is
aware of and acts in compliance with
the Data Protection Act 1998
Also Codes of Practice
Other ICO guidance
and best practice
3
Functions
Notification Awareness and training Subject Access Requests Fair Processing Data Processing Agreements Impact assessments
CCTV IT systems
Security Data Breaches Complaints Data Sharing
4
Subject Access Requests
Individual’s right to see what information a Data Controller holds about them
Verification of identity Mandates
Collation of information Third party information Information that would cause damage or distress
Social Work functions School pupil records
5
Fair Processing
Is all the information necessary? Is the purpose clear? What is the person consenting to? Will the data be shared and, if so, who with? Does retention need to be made clear? Any issues with children or capacity to consent? Is the identity of the Data Controller clear?
6
Data Processing Agreements
Processing only to instruction Compliance with the Act Explicit approval for sub-contractors Contractors employees aware of responsibilities Inspection of processing facilities Assist with subject access requests Termination of the agreement Liability
7
Impact Assessments - CCTV
Who is responsible What’s being recorded and why Camera locations and coverage Technical issues Storage and retention Operation and management Fair processing Human Rights
8
IT Systems
Formal and informal assessments
Who is responsible What’s being stored and why Access rights and restrictions Passwords and encryption Supplier access Retention and deletion Publication and public access Technical vulnerabilities and testing Data sharing
9
Information Security
7th principle IT security Physical security Procedures Personnel Culture
10
Data Breaches & Complaints
Has something bad happened How bad is it How did it happen Vulnerabilities Mitigating actions Notification Apologies and rectification
11
Data Sharing
Formal agreement What information is to be shared Purpose Use Access Security Retention Fair processing and consent Review