You will need PDF Reader to view these documents, if you do not have it please download from here
The Data Protection Act 1998 has now been superseded by the GDPR Act 2018, which significantly extends the scope of data protection law. It applies to all personnel data held not just those in electronic form.
The trust needs to record:-
- Name and details of your organisation (and where applicable, of other controllers, your representative and data protection officer).
- Purpose and lawful reason for the processing the data
- Description of the categories of individuals and categories of personal data.
- Categories of recipients of personal data.
- Details of transfers to third countries including documentation of the transfer mechanism safeguards in place.
- Retention schedules.
- Description of technical and organisational security measures.
The GDPR act also lists individual’s rights on the data being held and that trust must do Data Impact assessments when using new technologies or that processing is likely to result in a high risk to the rights and freedoms of individuals e.g. large scale, systematic monitoring of public areas (CCTV).