The Data Protection Act 1998 (DPA) implements the European Union Data Protection Directive which requires member states to protect an individual¿s right to privacy with respect to the processing of personal data.
The DPA applies to paper records as well as those held on computer and covers `personal data¿ - that is data about identifiable living individuals. It places restrictions on recording and using personal data and gives rights to individuals (`data subjects') about whom data is held.
Any written request from an individual seeking access to information held about them may be 'Subject Access Request' under the DPA.
DFID is required to notify the Information Commissioner's Office (ICO) of the purposes for which it processes personal data on an annual basis. The ICO regulates compliance with the DPA. The Openness Unit is responsible for ensuring DFID compliance with the DPA, but all staff have responsibilities to process personal data in accordance with the DPA.
1. Personal data must be processed in accordance with DPA. In particular, personal data must be fairly and lawfully processed; processed for limited purposes; adequate, relevant and not excessive in relation to the purpose for which the data is being processed; accurate and, where necessary, up to date; not kept for longer than is necessary; processed in line with the rights of data subjects; secured and protected against unauthorised or unlawful processing or accidental loss; and not transferred outside the European Economic Area without adequate protection.Task assigned to: All Staff
2. Personal data must not be shared with third parties without a clear business need and in line with procedures agreed with Openness Unit.Task assigned to: All Staff
3. All relevant personal data must be made available to the Data Protection Officer when requested and according to deadlines set by the Data Protection Officer. All personal data requested, regardless of age or format, will normally be released unless a DPA exemption applies.Task assigned to: All Staff
4. Any request for personal data made outside the course of normal business should be treated as a Subject Access Request and must be referred to the Openness Unit immediately before any response is made to the requester.Task assigned to: All Staff
5. No response may be made to a Subject Access Request by DFID staff other than the Openness Unit.Task assigned to: All Staff
6. Any complaints about the processing of personal data under the DPA must be referred to Openness Unit.Task assigned to: All Staff
7. All data breaches (loss, theft of personal data or inappropriate disclosure) must be reported to the Data Protection Officer immediately on discovery (foi@dfid.gov.uk or telephone +44 (0) 1355 843549). For more detailed guidance please refer to Openness Unit data protection page on Insight.Task assigned to: All Staff
8. The Openness Unit must be contacted to determine whether a Privacy Impact Assessment is required for any DFID project involving processing of personal data.Task assigned to: All Staff
9. All staff routinely handling personal data as part of their role must complete appropriate training.Task assigned to: All Staff
Basic DP awareness as part of Openness Unit training for all registry and records staff.
Openness Unit DP training for DP Liaison Officers and Quest Information Managers.
Bookmark with:
What are Bookmarks?