Category: DPO

Definitions DPIA             Data Protection Impact Assessment UK GDPR   UK General Data Protection Regulations ICO             Information Commissioners Office DPO            Data Protection Officer Glossary Anonymisation Anonymisation is the process of rendering data into a form which does not identify individuals, and where identification is not likely to take place. By definition, anonymised data do not relate to a particular…

The risk score will determine the level of authorisation needed for any DPIA completed that requires a full DPIA. Any risk score that is verified by the IG team to be in the upper range of a medium risk score (9 to 12) or in the range of high risk will require referral to the…

We provide a copy of Information sharing agreement if applicable (draft acceptable if not yet agreed)

Will the processing result in a decision being made about the data subject solely because of automated processing[1](including profiling[2])? N/A

Will any personal data be processed for direct marketing purposes? If Yes, please describe how the proposed direct marketing will take place: If you would like further information about what direct marketing is, please refer to the ICO guidance:https://ico.org.uk/media/1555/direct-marketing-guidance.pdf Yes – email addresses and email messages for rota allocation How will this be used for…

How many members of staff will have access to the data? Please can you also explain the access controls in place. Information is accessed via a private account login Own data seen by individual users. Practice Manager and Senior Partners will have access to all data. What access controls will you have in place to…

Please identify the conditions under the Data Protection Act 2018 (see Appendix 1 for legal basis under data protection legislation). If you have a Section 251 approval under the NHS Act 2006– please include the approval reference number. If you are relying on consent as your lawful basis, please include a copy of your consent…

Does any data flow in identifiable form?  If so, from which organisation, and to which organisation/s?         Please include a data flow map and confirm the flow has been added to your organisation’s Information Asset and Data flow register. Data is added to the Tempo GP networks system by Practice Users and…

The processing of information must be lawful, and therefore requires a lawful basis.  You must choose one or more lawful bases from Article 6 below for processing personal information and one or more from Article 9 below if you are processing special category data (i.e. race, ethnicity, religion, health, sexual orientation, genetic and biometric data,…

Personal Data Please tick all that apply Special Category Data Please tick all that apply Name ☒ Racial or ethnic origin ☐ Gender ☒   Address (home or business) ☒ Political opinions ☐ Postcode ☒ Religious or philosophical beliefs ☐ NHS No ☐ Trade union membership ☐ Email address ☒ Physical or mental health ☐…