Data Protection & Information Security Policies

Introduction

DSA-QAG ("the organisation") retains certain information about its employees, practitioners and other users to allow it to monitor performance, achievements, and health and safety, for example. It also needs to process information so that members of staff can be recruited and paid, support for practitioners organised (e.g. assessment centres, outreach centres, assistive technology service providers and non-medical helper organisations) and obligations to stakeholders and government complied with. To comply with the law, information must be collected and used fairly, stored safely and not disclosed to any other person unlawfully. To do this, the Organisation must comply with the Data Protection Principles, which are set out in the Data Protection Act 1998.

Data Protection Principles

DSA-QAG fully endorses and adheres to the eight principles of the Data Protection Act.

These principles specify that personal data must be:

  • processed fairly and lawfully
  • collated for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose;
  • adequate, relevant and not excessive;
  • accurate and kept up to date;
  • not kept for longer than is necessary;
  • processed in line with the data subject’s rights;
  • kept secure from unauthorised or unlawful access;
  • not transferred to a country or territory which does not have adequate data protection laws.

To Meet Requirements

Personal data shall;

  • Be obtained and processed fairly and lawfully and shall not be processed unless certain conditions are met.
  • Be obtained for a specified and lawful purpose and shall not be processed in any manner incompatible with that purpose.
  • Be adequate, relevant and not excessive for those purposes.
  • Be accurate and kept up-to-date.
  • Not be kept for longer than is necessary for that purpose.
  • Be processed in accordance with the Data Subject's rights.
  • Be kept safe from unauthorised access, accidental loss or destruction.
  • Not be transferred to a country outside the European Economic Area, unless that country has equivalent levels of protection for personal data.

Subject Access

As per the Data Protection Act 1998, members of staff, practitioners and other Data Subjects of the organisation have the right to request access to any personal data that is being kept about them either on computer or in certain files. Any person who wishes to exercise this right should complete a Subject Access Request in writing and submit it to the Designated Data Controller.

Employee Responsibilities

All members of staff are responsible for:

  • Checking that any information they provide to the organisation in connection with their employment is accurate and up-to-date.
  • Informing the organisation of any error or change to the information they have provided, for instance a change of address. The organisation cannot be held responsible for any such errors unless the member of staff has informed the organisation of them.

Data Security

When, as part of their responsibilities, members of staff collect information about other people, (for instance about practitioners), they must comply with the Guidelines for Members of Staff.

All members of staff are responsible for ensuring that:

  • Any personal data held by them is kept securely, for instance, computerised data, should be password protected; and
  • Personal information is not disclosed either orally or in writing, accidentally or otherwise to any unauthorised third party.

Rights to Access Information

Employees and other subjects of personal data held by DSA-QAG have the right to access any personal data that is being kept about them.

Any person who wishes to exercise this right should make the request in writing to Karen Docherty, Chief Executive, DSA-QAG, Central Chambers, Suite 350, 4th Floor, 93 Hope Street, G2 6LD.

If personal details are inaccurate, they can be amended upon request made in writing to Karen Docherty, Chief Executive.

Publication of DSA-QAG Information

Information that is already in the public domain is exempt from the 1998 Act. This would include, for example, information on individuals acting as point of contact contained in the databases published on the DSA-QAG website.

Subject Consent

When we collect any personal data from you, we will inform you why we are collecting your data and what we intend to use it for.

Data Protection Policy

Please find below the DSA-QAG Data Protection Policy:

pdf Data Protection Policy v1.0 (169 KB)

Information Security Policy

Please find below the DSA-QAG Information Security Policy:

pdf  DSA-QAG Information Security Policy v1.0 (140.61 kB)