GDPR Responsibilities
-
When you process do ensure that it is accurate, relevant and not excessive in relation to your needs.
-
Do not process personal data unless you are sure that you, Solar Teaching or the School have a lawful basis for doing so. In most cases Solar Teaching processes personal data in performance of a contract with that person or to meet a legal obligation. In all other cases, do not process personal data unless you are sure that you, Solar Teaching or the School has obtained the consent of the individual concerned.
-
Do not write any comment about any individual that is unfair or untrue and that you would not be able to defend if challenged. Remember anything that you write about a person will be seen by them should they make a subject access request (SAR).
-
If you download personal data to share internally or externally and save locally on a shared or personal drive it is considered best practice to mask that data. In particular, anonymise, pseudonymise or password protect it and when you no longer require it remember to permanently delete the file.
-
Do not disclose any information (including giving references) about an individual to an external organisation without first checking that the individual consents to such disclosure, or, in the case of the police.
-
Protect people’s privacy and personal data like it’s your own.
-
Do not project learner data, e.g. course register onto whiteboards, instead, use desktop computers provided in classrooms and other learning spaces for that purpose.
-
Use a shredder or the confidential waste disposal bins to dispose of any document containing personal data, whether or not you consider it to be confidential.
-
Always lock your computer when you are away from your desk.
-
Ensure that all personal data is kept secure, not only from unauthorised access, but from fire and other hazards. Apply password protection to computers, screensavers and documents. Where possible keep your office door locked and your desk clear of personal data when you are absent
-
Be vigilant if you are undertaking work off-campus using personal data such as individualised learner data, reference requests or examination scripts or results. Strict security measures must be applied to the transportation and storage of all such data E.g. password protection, encryption or secure managed file transfer.
-
Do not use non IT-authorised third party Cloud services, like Dropbox or Google Drive when processing high risk personal data or sensitive information. The data might be held outside the EU. 6. If there is no option but to use mobile devices, portable media or email for high-risk personal data or sensitive information, use encrypted devices or encrypt the data.
-
Always keep personal data and work-related information separate.
-
Avoid sending high risk personal data or sensitive information by email or using email to store such information. If you must use email to send this sort of information, encrypt it. If you are sending
unencrypted high risk personal data or sensitive information to another email account, indicate in the email subject line that the email contains sensitive information so that the recipient can exercise caution about where and when they open it. -
Do not process high risk personal data or sensitive information in public places. When accessing your email remotely, exercise caution to ensure that you do not download unencrypted high risk personal data or sensitive information to an insecure device.