Data Protection Essentials
A
N
I
N
T
R
O
D
U
C
T
I
O
N
T
O
D
A
T
A
P
R
O
T
E
C
T
I
O
N
What counts as ‘personal data’ and what do we mean by ‘processing’?
What the key principles are of good data protection
How we differentiate between standard and highly sensitive or
‘special category’ data
When can we process personal data lawfully?
When can we process special category data lawfully?
When can we share data?
How do we identify, report and prevent a data breach?
Receiving and responding to an information rights request
DURING THIS COURSE YOU’LL LEARN
‘information that relates to an
identified or identifiable living
individual’
‘PERSONAL DATA’ IS…
Taking any action with someone’s
personal data. This includes recording
it, keeping it, changing it, using it and
deleting it.
‘PROCESSING’ IS…
Personal Data should:
Be processed lawfully, fairly and transparently
Be used for a specific purpose
Be relevant to that purpose
Be accurate
Be kept no longer than necessary
Be kept securely
And lastly that you should be accountable with what you do with
Personal Data and how you comply with the other principles.
THE 7 PRINCIPLES OF GDPR
Special Category data includes:
racial or ethnic origin
political opinions
religious or philosophical beliefs
trade-union membership
genetic information
biometric information (for example, a fingerprint)
health matters (for example, medical information)
sexual matters or sexual orientation
SPECIAL CATEGORY DATA
a safeguarding matter
pupils in receipt of pupil premium funding
pupils with special educational needs and disability (SEND)
children in need (CIN), and
children looked after by a local authority (CLA)
CONSIDER SIMILARLY
1.
Consent
2.
Contract
3.
Legal Obligation
4.
Vital Interests
5.
Public Interest
6.
Legitimate Interests
THE 6 LAWFUL BASES
Special Category data includes:
racial or ethnic origin
political opinions
religious or philosophical beliefs
trade-union membership
genetic information
biometric information (for example, a fingerprint)
health matters (for example, medical information)
sexual matters or sexual orientation
SPECIAL CATEGORY DATA
1.
Explicit consent
2.
Employment, social security or social protection
3.
Vital interests
4.
Manifestly made public
5.
Substantial public interest
RELEVANT ADDITIONAL CONDITIONS
•
what personal information you’re sharing
•
why you’re sharing it
•
who you’re sharing it with and what they’ll use it
for
•
how
you’ll share their information, and
•
the process for withdrawing consent
WHEN GETTING CONSENT, EXPLAIN…
Personal Data being
•
lost or stolen
•
destroyed without consent
•
changed without consent, or
•
accessed by someone without permission
A DATA BREACH IS…
1.
Store physical data securely
2.
File documents clearly and consistently
3.
Be careful working offsite
4.
Send electronic documents securely
5.
Don’t share passwords with colleagues
6.
Check before sharing your screen
7.
Lock your screen when away from your desk
8.
Be discrete when discussing Personal Data
KEEPING PERSONAL DATA SAFE
•
To access the personal information you hold about them,
which is also known as a Subject Access Request
•
To request to change inaccurate personal information you
have about them
•
To request to remove their personal information or record
•
To request to restrict the processing of their personal
information, and
•
To request to stop processing their personal information
INFORMATION RIGHTS
T
H
A
N
K
Y
O
U
Within schools and colleges we store lots of different types of information about our learners, about their parents and carers and about our staff. Names, addresses, contact details, race, sex, gender, health conditions, test results, safeguarding information, and for staff, bank accounts, performance reviews, and a whole host of other information.
In the vast majority of cases, collecting and using this data is essential to help our school or college to function and to deliver great outcomes for our learners. But, we have a responsibility to ensure that we’re collecting and using the right information, for the right reasons, and we’re keeping it safe. Good data protection is everybody’s business.
And by everybody we really do mean everybody. Within the DfE guidance they include any staff who ‘creates and stores data’, ‘enters data into applications and software’, ‘decides if and when they’ll process certain data’ or ‘handles paper documents’. And in practice this makes good sense. Keeping private information secure and using it appropriately is a whole organisation’s responsibility, so everyone who works for that organisation has to step up.
Within your organisation you’ll have a Data Protection Officer whose overall role is to ensure that Personal Data is well protected. In order to do this, they’ll have set out a Data Protection Policy. This will cover both the key principles and processes to make sure that your school or college complies with the law.
Before you get started you’d be well served making sure you know who your Data Protection Officer is and getting hold of a copy of your Data Protection Policy. Give it a good read through. Don’t worry if there’s any terminology you don’t know, just note it down and we’ll be covering all the key terms in the modules that follow.
Explore the fundamentals of data protection, including key principles, lawful processing, identifying personal data, managing breaches, and handling information rights requests. Learn about GDPR principles, special category data, and the lawful bases for processing personal information.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
AN INTRODUCTION TO DATA PROTECTION Looking for more ideas? Visit us at www.creativeeducation.co.uk
DURING THIS COURSE YOULL LEARN What counts as personal data and what do we mean by processing ? What the key principles are of good data protection How we differentiate between standard and highly sensitive or special category data When can we process personal data lawfully? When can we process special category data lawfully? When can we share data? How do we identify, report and prevent a data breach? Receiving and responding to an information rights request
PERSONAL DATA IS information that relates to an identified or identifiable living individual
PROCESSING IS Taking any action with someone s personal data. This includes recording it, keeping it, changing it, using it and deleting it.
THE 7 PRINCIPLES OF GDPR Personal Data should: Be processed lawfully, fairly and transparently Be used for a specific purpose Be relevant to that purpose Be accurate Be kept no longer than necessary Be kept securely And lastly that you should be accountable with what you do with Personal Data and how you comply with the other principles.
SPECIAL CATEGORY DATA Special Category data includes: racial or ethnic origin political opinions religious or philosophical beliefs trade-union membership genetic information biometric information (for example, a fingerprint) health matters (for example, medical information) sexual matters or sexual orientation
CONSIDER SIMILARLY a safeguarding matter pupils in receipt of pupil premium funding pupils with special educational needs and disability (SEND) children in need (CIN), and children looked after by a local authority (CLA)
THE 6 LAWFUL BASES 1. Consent 2. Contract 3. Legal Obligation 4. Vital Interests 5. Public Interest 6. Legitimate Interests
SPECIAL CATEGORY DATA Special Category data includes: racial or ethnic origin political opinions religious or philosophical beliefs trade-union membership genetic information biometric information (for example, a fingerprint) health matters (for example, medical information) sexual matters or sexual orientation
RELEVANT ADDITIONAL CONDITIONS 1. Explicit consent 2. Employment, social security or social protection 3. Vital interests 4. Manifestly made public 5. Substantial public interest
WHEN GETTING CONSENT, EXPLAIN what personal information you re sharing why you re sharing it who you re sharing it with and what they ll use it for how you ll share their information, and the process for withdrawing consent
A DATA BREACH IS Personal Data being lost or stolen destroyed without consent changed without consent, or accessed by someone without permission
KEEPING PERSONAL DATA SAFE 1. Store physical data securely 2. File documents clearly and consistently 3. Be careful working offsite 4. Send electronic documents securely 5. Don t share passwords with colleagues 6. Check before sharing your screen 7. Lock your screen when away from your desk 8. Be discrete when discussing Personal Data
INFORMATION RIGHTS To access the personal information you hold about them, which is also known as a Subject Access Request To request to change inaccurate personal information you have about them To request to remove their personal information or record To request to restrict the processing of their personal information, and To request to stop processing their personal information
THANK YOU Looking for more ideas? Visit us at www.creativeeducation.co.uk
