GDPR Policies
MRC always strives to maintain the highest standards of teaching and learning.
Data BREACH POLICY
DATA MANAGEMENT PROTECTION POLICY
Data Protection Officer (DPO): Ms. Rezime Orife
1. Objective of the Policy
The purpose of this policy is to confirm that proper procedures are in place for the processing and management of personal data. The DPO has specific responsibility for data protection compliance. All teaching or non-teaching staff understand that their responsibility when processing personal data and that methods of handling that information are clearly understood. A supportive environment and culture of best practice processing of personal data is provided for staff and individuals should be fully aware of who to who to contact, where to submit the request and fully aware of rights of other individuals as well. Staff know that Subject Access Requests and other relevant requests need to be dealt with punctually and courteously and individuals need to be sure that their personal data is processed in accordance with the data protection principles, that their data is secure at all times and safe from unauthorised access, alteration, use or loss and also that other organisations with whom personal data needs to be shared or transferred, meets compliance requirements. Any new systems being implemented are assessed (if necessary a Data Protection Impact Assessment) to determine whether they will hold personal data, whether the system presents any privacy risks, damage or impact to individuals’ data and that it meets this policy’s requirements
2. The data protection principles and individual rights
The General Data Protection Regulation (GDPR) covers six “Data Protection Principles” set out in Article 5. These specify that personal data must be:
Accurate and, where necessary, kept up to date;
Article 5(2) also sets out an overarching accountability principle ‘the controller shall be responsible for, and be able to demonstrate, compliance with the principles.’Individual rights are set out in a separate part of the GDPR. In brief, the GDPR provides the following rights for individuals:
3. Scope of Policy
4. Policy Principles
To fulfil the requirements of data protection principles and individual rights set out in the GDPR, the College follows to the following values when processing personal data:
Fair Collection and Processing.
Security
Sharing and disclosure of personal information
Access
Documents
Please see the template on our website.;Data Protection responsibilities
Who What College as a corporate body Data Controller Board of Directors Ultimately responsible for compliance with the GDPR. Data Protection Officer (Ms. Rezime Orife)
dpo@mrcollege.ac.uk with assistance from the Risk Assessment (Ms. Rezime Orife) r.orife@mrcollege.ac.uk
Maintain the College notification with the ICO.
Advise staff on data protection compliance.
Coordinate responses for subject access requests.
Report any personal data breaches to the ICO/police as appropriate.
Issue data sharing guidance and oversee data sharing agreements between the College and third parties
Develop, administer, disseminate, review and support application of this policy.
CDS Nominated processor for all post sent to and within the College.
Compliance with data protection legislation and with the principles set out in this policy.
All staff Be familiar with and comply with the policy.
Ensure that information provided in connection with employment is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Bring queries and issues around data protection to the attention of the Information Governance Officer.
Do not attempt to gain access to information that is not necessary to hold, know or process.
Report subject access and other requests to Information Governance staff.
Note that unauthorised disclosure will usually be a disciplinary matter, and may be considered gross misconduct in some cases. It may also result in a personal liability for the staff member as there is provision within the legislation to prosecute individuals for certain offences.
All students Be familiar with and the policy and comply where necessary.
Ensure that personal information provided is up-to-date and accurate.
Observe and comply with the data protection principles and individuals data protection rights.
Note that unauthorised disclosure of personal data will usually be a disciplinary matter.
INFORMATION ACCESS REQUEST PROCEDURE
LETTER TO SUBJECT INFORMATION OF LOSS
LETTER OF BREACH TO ICO
PRIVACY POLICY
EMAIL POLICY FOR STAFF AND STUDENTS
HOW AND WHY DOES THE COLLEGE USE PERSONAL DATA
WEBSITE AND IT EQUIPMENT ACCEPTABLE USE POLICY
RECORD MANAGEMENT POLICY
COOKIES POLICY