General Data Protection Regulations 2018
*Apprenticeships Combining practical training with Employment it is part funded by the European Social Fund.
(Richmond Training) recognizes its responsibility to comply with the General Data Protection Regulations 2018. The act regulates the use of personal data. This does not have to be sensitive data, it can be as little as a name and address.
The Data Protection Act
The GDPR 2018 sets out high standards for the handling of personal information and protecting individuals’ rights for privacy. It also regulates how personal information can be collected, handled and used.
The GDPR 2018 applies to anyone holding personal information about people, electronically or on paper.
As a training center, Richmond has several procedures in place to ensure it complies with the General Data Protection Regulations 2018. when holding personal information. The Centre is also registered with the Information Commissioner’s Office (Registration Number ZA027062) that it holds personal data about individuals.
When dealing with personal data, Richmond Training staff must ensure
- Data is processed fairly and lawfully. This means personal information should only be collected from individuals if staff and have been open and honest about why they want the personal information permission must be sought
- Data is processed for specified purposes only. For example, candidate information is required for Health & Safety and Course Registration purposes
- Data is relevant to what it is needed for – only data that is needed should be held. The Centre has no need for data which has no relevance to the course
- Data is accurate and kept up to date – personal data should be accurate, if it is not it should be corrected.
- Data is not kept longer than it is needed – data no longer needed will be shredded or securely disposed of in accordance with the GDPR 2018
- Data is processed in accordance with the rights of individuals – individuals must be informed, upon request, of all the personal information held about them
- Data is kept securely – only Centre staff can access the data. It cannot be accessed by members of the public
Storing and accessing data
Richmond Training recognises its responsibility to be open with people when taking personal details from them. This means staff must be honest about why they want a particular piece of personal information. If for example, a member of the public gives their phone number to staff or a member of Richmond Training , this will only be used for the purpose it has been given and will not be disclosed to anyone else without the person’s permission.
Data obtained by Richmond training should not be transported to or from secure storage to any location off-site without prior approval of the Data Controller.
Richmond Training may hold personal information about individuals such as their addresses and telephone numbers. These will be securely kept at the Centre and are not available for public access. All data stored on the Centre’s computers are password protected. Once data is not needed any more, is out of date or has served its use and falls outside the minimum retention time under the document retention policy, it will be shredded or securely deleted from the computer.
Richmond Training is aware people have the right to access any personal information that is held about them. If a person requests to see any data that is being held about them:
- They must be sent all of the personal information that is being held about them
- There must be an explanation for why it has been stored
- There must be a list of who has seen it
- It must be sent within 40 days
A fee to cover photocopying and postage charges will be charged to the person requesting the personal information. This fee will be agreed by the Centre and amended in line with inflation from time to time.
Disclosure of personal information
If a member of staff needs to access information to help carry out their duties, this is acceptable.
They are only able to access as much information as necessary and it should only be used for that specific purpose in line with their normal duties, and in agreement with the Director.
Richmond Training staff must be aware that when complaints or queries are made, they must remain confidential unless the subject gives permission otherwise. When handling personal data, this must also remain confidential.