Data Protection Policy Overview
It is necessary to process information so that staff can be recruited and paid, courses organised and legal obligations to funding bodies and government complied with. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, the College must comply with the Data Protection Principles.
The College and all staff or others who process or use any personal information must ensure that they follow these principles at all times. To achieve this, we will:
- Ensure that personal data is processed lawfully, fairly and in a transparent manner in relation to individuals. We will inform people what data we collect and why, through a Privacy Notice
- Ensure that personal information is collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. We will only process personal information for specific reasons, these include fulfilment of a contract (with a parent to provide childcare services or with an employee under their contract of employment)
- We will only share personal information where we have specific explicit consent or a legal basis to do so
- Ensure that where we ask for consent to use personal data we will ensure that we ask people to positively opt in, we use clear, plain language that is easy to understand, we specify why we want the data and what we’re going to do with it, we tell individuals they can withdraw their consent, we ensure that individuals can refuse to consent without detriment and we avoid making consent a precondition of a service
- Ensure that all information is adequate, relevant and limited to what is necessary in relation to the purposes for which it is collected
- Ensure that all information is kept accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that is inaccurate is erased or rectified without delay
- Implement appropriate record keeping standards and keep information in an identifiable form for no longer than is necessary for the purposes for which the personal data is obtained
- Ensure information is protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and operational measures
- Demonstrate compliance with these requirements through appropriate documentation, training, spot checks and audits
- Comply with the rights for data subjects
- Ensure that every instance where we use a data processor (a third party with access to process personal data) we will have a written contract in place. Contracts will be provided by the Legal Advisor / Data Protection Officer
- Conduct a Data Privacy Impact Assessment (DPIA) where we are required to do so by law or best practice
- Report any data breaches promptly (using the form provided) and inform the ICO and data subjects where required
For the full Data Protection Policy, and additional Data Protection Policy documents please download the pdf documents embedded below.
Was this article helpful?
Need more help?
If there is an instance when our site does not meet the need of a specific disabled user group we will make changes to our current content, wherever appropriate, so that w e can become more inclusive to a wider audience. Please contact us if this is the case at firstname.lastname@example.org.