Data Protection Policy

Policy Statement
This company believes that all records required for the protection of student’s and for the effective and efficient running of the college should be collected, maintained and kept according to the Data Protection Act 1998.
The company is required to be registered under the Data Protection Act 1998 and all storage and processing of personal data held in manual records and on computers in the care service must comply with the Act. The company understands that, according to the Data Protection Act 1998, personal data should:
1. be obtained fairly and lawfully
2. be held for specified and lawful purposes
3. be processed in accordance with the person’s rights under the Data Protection Act
4. be adequate, relevant and not excessive in relation to that purpose
5. be kept accurate and up to date
6. not be kept for longer than is necessary for its given purpose
7. be subject to appropriate safeguards against unauthorised use, loss or damage
8. be transferred outside the European Economic Area only if the recipient country has adequate data protection.
Under the Data Protection Act 1998, the college should have a nominated data user/data controller. The data user/data controller for this college is Miss Muree Spence.
Training
All new staff should be encouraged to read the policies on data protection and confidentiality as part of their induction process. Existing staff will be offered training covering basic information about confidentiality, data protection and access to records.
Training in the correct method for entering information in service users’ records should be given to all staff. The nominated data user/data controller for the care service is trained appropriately in the Data Protection Act 1998. All staff who need to use the computer system are thoroughly trained in its use.

Signed: _____________________________

Date: _____________________________

Policy review date: _20/12/13____________________________
Last updated on 20/12/12