You will need PDF Reader to view these documents, if you do not have it please download from here
The Data Protection Act 1998 has now been superseded by the GDPR
Act 2018, which significantly extends the scope of data protection law. It applies to all personnel data held not
just those in electronic form.
The trust needs to record:-
- Name and details of your organisation (and where applicable, of
other controllers, your representative and data protection officer).
- Purpose and lawful reason for the processing the data
- Description of the categories of individuals and categories of
- Categories of recipients of personal data.
- Details of transfers to third countries including documentation of
the transfer mechanism safeguards in place.
- Retention schedules.
- Description of technical and organisational security measures.
The GDPR act also lists individual’s rights on the data being held
and that trust must do Data Impact assessments when using new technologies or
that processing is likely to result in a high risk to the rights and freedoms
of individuals e.g. large scale, systematic monitoring of public areas (CCTV).