acat conference good governance within churches n.
Download
Skip this Video
Loading SlideShow in 5 Seconds..
ACAT Conference: Good Governance within Churches PowerPoint Presentation
Download Presentation
ACAT Conference: Good Governance within Churches

Loading in 2 Seconds...

play fullscreen
1 / 16

ACAT Conference: Good Governance within Churches - PowerPoint PPT Presentation


  • 110 Views
  • Uploaded on

ACAT Conference: Good Governance within Churches. Protecting Personal Data: Your Obligations Vicki Bowles. Data Protection: Your Obligations. The Basics Personal data Data controllers Obligations Registration/notification Data Protection Principles Subject Access Requests. The Basics.

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about 'ACAT Conference: Good Governance within Churches' - aysha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
acat conference good governance within churches

ACAT Conference:Good Governance within Churches

Protecting Personal Data: Your Obligations

Vicki Bowles

data protection your obligations
Data Protection: Your Obligations
  • The Basics
    • Personal data
    • Data controllers
  • Obligations
    • Registration/notification
    • Data Protection Principles
    • Subject Access Requests
the basics
The Basics
  • Personal data:

“data which relate to a living individual who can be identified—

(a) from those data, or

(b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller,

and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual”

the basics1
The Basics
  • Processing:

“…means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including—

(a) organisation, adaptation or alteration of the information or data,

(b)retrieval, consultation or use of the information or data,

(c) disclosure of the information or data by transmission, dissemination or otherwise making available, or

(d) alignment, combination, blocking, erasure or destruction of the information or data;”

the basics2
The Basics
  • Sensitive Personal Data:

“…means personal data consisting of information as to—

(a)the racial or ethnic origin of the data subject,

(b)his political opinions,

(c)his religious beliefs or other beliefs of a similar nature,

(d)whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992),

(e)his physical or mental health or condition,

(f)his sexual life,

(g)the commission or alleged commission by him of any offence, or

(h)any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.”

the basics3
The Basics
  • Data Controller:

“…subject to subsection (4), a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed; “

  • Data Processor:

“…any person (other than an employee of the data controller) who processes the data on behalf of the data controller;”

the basics4
The Basics
  • Controller v Processor
    • Can have more than one controller for the same information;
    • Key is control;
    • Parish context can be complicated.
obligations registration
Obligations: Registration
  • All controllers required to “notify” (register) with Information Commissioners Office (ICO), unless exempt:
    • Accounts and records;
    • Staff administration;
    • Advertising, marketing and PR of business;
    • Non-profit membership admin.
  • Only applies to registration rather than the whole Act.
obligations principles
Obligations: Principles
  • Personal data shall be processed fairly and lawfully, and in particular, shall not be processed unless-
    • At least one of the conditions in Schedule 2 is met, and
    • In the case of sensitive personal data, at least one of the conditions in Schedule 3 is also met.
obligations principles1
Obligations: Principles
  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
obligations principles2
Obligations: Principles
  • Personal data shall be accurate, and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data shall be processed in accordance with the rights of data subjects under this Act.
obligations principles3
Obligations: Principles
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
  • Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
obligations sar
Obligations: SAR
  • Section 7 entitles a data subject to request:
    • Whether or not you process their personal data;
    • A description of the data held, the purposes for which it is processed, and the recipients or classes or recipient to which disclosed;
    • Have communicated to them the data held, and any details of source if known.
obligations sar1
Obligations: SAR
  • If paper files – only if relevant filing system (the “temp test”).
  • Exception where third party personal data is included and no consent.
  • Various other exceptions, e.g. negotiations and references.
and finally
And finally…

QUESTIONS??

vicki bowles stone king

Vicki BowlesStone King

E: vb@stoneking.co.uk

T: 01225 326789