How many members of staff will have access to the data? Please can you also explain the access controls in place.
Information is accessed via a private account login
Own data seen by individual users. Practice Manager and Senior Partners will have access to all data.
What access controls will you have in place to ensure there is only authorised access to the data?
Please include your procedure for enabling access, removing access, monitoring access and identifying any inappropriate access.
Answer needed here?
Are there any new or additional reporting requirements from the system/software being used for this project/service?
If “No” move to section 5 below: Business Continuity planning
No
Will the reports be in sensitive or redacted format (removing anything which is sensitive) format?
Answer needed here?
Will the reports be in person-identifiable, pseudonymised or anonymised format?
Answer needed here?
What roles will be able to run reports? E.g. service activity reports, reports on individual people.
Answer needed here?
What roles will receive the report or where will it be published? Please can you also clarify the names of the organisations.
Answer needed here?
If this new/revised reporting function should stop, are there plans in place for how the information will be retained / archived/ transferred or disposed of?
Answer needed here?
What plans are in place in relation to the internal reporting of a personal data breach?
(NB A personal data breach may need to be reported to the ICO within 72 hours. Therefore, it is recommended that plans are in place to report a data breach to the relevant organisations within 24-48 hours.)
Personal data breach will be reported to the ICO within 72 hours[DG1] [AJ(HL2]
What plans are in place in relation to the notification of data subjects should there be a personal data breach?
Duty of Candour templates in place to notify staff of any data breaches.
How will the personal data be restored in a timely manner in the event of a physical or technical incident?
Answer needed here?
How business critical is the system you are using?
X Tier 2 – Significant (restoration within 24-48 hrs)
