Presentation is loading. Please wait.

Presentation is loading. Please wait.

Information Governance Support Information Governance Services

Published byJocelyn Chapman Modified over 6 years ago

Similar presentations

Presentation on theme: "Information Governance Support Information Governance Services"— Presentation transcript:

1 Information Governance Support Information Governance Services
Text placeholder for Powerpoint Business Manager practical session

2 Simplify We have the knowledge and experience to simplify your challenges

3 RECORDS OF PROCESSING ACTIVITY

4 Why? Records of Processing Activity are the mechanism for providing evidence of your compliance with GDPR, and help you to identify areas of work required. Article 30 Records of processing activities Each controller… shall maintain a record of processing activities under its responsibility. That record shall contain all of the following information: (a) Data Controller & DPO name and contact details (b) The purposes of your processing (c) Categories of data subjects and personal data (d) Categories of recipients (e) Transfers of data outside the EEA (f) Retention Periods (g) Description of your technical and organisational security measures The records shall be in writing (including in electronic form) The controller shall make the record available to the ICO on request Shall not apply to an organisation employing fewer than 250 persons unless the processing is: a risk to the rights and freedoms, not occasional, or the processing includes special categories of data

5 Your mission…….sorry you have to accept it 
How? A good starting point is the Records Management Society schools toolkit – which identifies a number of record types that all schools are likely to have. The toolkit can be found here There is also a link on the Essex Schools Infolink Your mission…….sorry you have to accept it  Using the tools on your table please complete ROPA entries for the following: Child protection files held within your school School website

6 Issues/queries? What did you find problematic during the exercise?

7 Protection We can assist you to meet your Data Protection obligations

8 Security Incident Process
It is crucial that you have a robust policy, process and reporting in place for managing security incidents Why? To avoid potential monetary penalties To capture lessons learned To enable reporting of serious breaches as required by the regulation to the ICO within 72 hours To enable focussed training to problem areas

9 Requirements Article 33 Notification of a personal data breach to the supervisory authority (ICO) 1.In the case of a personal data breach, the controller shall … not later than 72 hours after having become aware of it, notify the ICO unless the breach is unlikely to result in a risk to the rights and freedoms . Where the notification is not made within 72 hours, it shall be accompanied by reasons for the delay. 2.The processor shall notify the controller after becoming aware of a breach. 3.The notification shall at least: describe the nature of the breach including: the categories and approximate number of data subjects concerned categories and approximate number of records concerned (b) communicate the name and contact details of the DPO (c) describe the likely consequences of the breach (d) describe measures taken or proposed to be taken to address/mitigate the breach 4.Where it is not possible to provide all the information, provide in phases 5.The controller shall document any breaches, comprising: the facts of the breach its effects and remedial action taken.  

10 Article 34 Communication of a personal data breach to the data subject
1.When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay 2.The communication shall describe in clear and plain language the nature of the breach 3.The communication shall not be required if any of the following conditions are met: (a) the controller has implemented appropriate protection measures, in particular those that render the personal data unintelligible to any person who is not authorised to access it, such as encryption (b) the controller has taken measures which ensure that the high risk to the rights and freedoms of data subjects is no longer likely to materialise (c) it would involve disproportionate effort. In such a case, there shall be a public communication whereby data subjects are informed in an equally effective manner. 4.If the controller has not already communicated the breach to the data subject, the ICO may require it to do so

11 Your mission……. Using the incident outcome forms on your table please document the following scenarios Scenario 1. The school receives a phone call from a pupil’s father. He is a safeguarding risk and is not allowed to know where his child is living and the school she is attending. He saw her photo on the school website and wants to confirm it is his daughter. Scenario 2. Your online payment provider contacts you by letter to inform you that they believe their system has been hacked and parents details including bank account details may have been stolen. Scenario 3. A member of staff sends a spreadsheet of all year 9 pupils (circa 200), including name, DoB, medical conditions and ethnicity to your community health provider to enable an inoculation programme. Unfortunately the was sent to the incorrect address of a member of the public.

12 Issues/queries? What did you find problematic during the exercise?

13 Solutions We present simple solutions to complex issues

14 Round up discussion What did you find difficult?
What issues do you foresee in implementing the processes we have explored today in your school?

15 Round up discussion What did you find difficult?
What issues do you foresee in implementing the processes we have explored today in your school?

16 IGS service offering – what we can offer to assist you
1. Training & Consultancy ½ day training or consultancy bespoke to meet your needs We recommend you cluster to share costs for these services Cost = £400 2. Information Audits Audits include pre-audit questionnaire, on-site visit (1/2 day), audit report & recommendations and the provision of our IG Framework. Cost = £1000

17 3. Support Packages (annual subscription)
Package type Services Limitations Cost STANDARD Advice & Guidance, including Statutory Request fulfilment GDPR Audio Video eLearning licences On-line health check 20 hours - Up to 50 licences £4000 PREMIUM 40 hours Up to 100 licences £7000 PREMIUM PLUS Advice & Guidance, including Statutory Request fulfilment & ICO Complaint fulfilment 80 hours Up to 400 licences £13000

18 4. Data Protection Officer offer
A pre-requisite for accessing this service is an IGS audit, and the use of our templates unless written agreement is in place for the use of other solutions Package Services Price Single School Compulsory Annual Audit Unlimited Advice & Guidance, including Statutory Request fulfilment & ICO Complaint fulfilment GDPR Audio Video eLearning licences On-line health check £7000 2 – 6 Schools As above £12000 7 – 18 Schools £27000 19+ Schools For a consortium of 24 schools the price would be £36000, which is a cost of £1565 per school. PoA For 23 schools, the calculation is midpoint (12) x 3000 = 36000, which divided by 23 = a cost of £1565 per school.

Download ppt "Information Governance Support Information Governance Services"

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
University Retention Schedule Training. Introduction to the University Retention Schedule.

University Retention Schedule Training. Introduction to the University Retention Schedule.
CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.

CMG Events 2016 Cybersecurity Briefing 24 February 2016 John Magee William Fry.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Nassau Association of School Technologists

Nassau Association of School Technologists
Clerks’ Briefing Spring 2016.

Clerks’ Briefing Spring 2016.
Introducing the General Data Protection Regulation 2016

Introducing the General Data Protection Regulation 2016
Data Subject Rights under the GDPR

Data Subject Rights under the GDPR
Tender Evaluation and Award Process

Tender Evaluation and Award Process
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Obligations of Educational Agencies: Parents’ Bill of Rights

Obligations of Educational Agencies: Parents’ Bill of Rights
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulation (GDPR

General Data Protection Regulation (GDPR
General Data Protection Regulation

General Data Protection Regulation

Similar presentations

Ads by Google