Data Protection Reminder
19/03/2020
Data Protection Legislation (Data Protection Act 2018 and General Data Protection Regulation [GDPR]) is designed to ensure we are all handling, storing and sharing personal data correctly. In the current situation the methods by which we are all working may be different; more staff may be working from home or covering different roles. Nonetheless, it is important to remember that we still need to adhere to the Data Protection Principles.
Data Protection is not a barrier to sharing personal information; where appropriate personal information will still be shared and utilised to assist our service users and partner agencies.
The Council’s Data Protection Guide has examples of practical considerations to remember; such as ensuring we store information on devices cleared by ICT such as encrypted memory sticks, paperwork is not left on display or vulnerable, and, that we send work emails to staff (and therefore secure) email addresses (not personal staff addresses).
Any Data Breach will still need to be reported swiftly to the Council’s DPO as the 72hr time-scale for informing the Information Commissioners Office still stands. Similarly Subject Access Requests, Freedom of Information and Environmental Information Requests are still required to be answered within the statutory timescales.
All staff should be aware of Data Protection and all staff should have completed the mandatory “Moray: Data Protection” module on LearnPro (CLIVE).
For further information please contact Alison Morris, Records and Heritage Manager and DPO, or, look at the Council’s Data Protection Policy and Guide.