ETTA Data Protection Policy - The English Table Tennis Association

More documents

Recommendations

Info

• ensure that all activities that relate to the processing of personal data haveappropriate safeguards and controls in place to ensure information security andcompliance with the Act;• ensure that all contracts and service level agreements (SLAs) between the ETTA andexternal third parties (for example funders) - where personal data is processed -make reference to the Act as appropriate;• ensure that all staff acting on the ETTA's behalf understand their responsibilitiesregarding information security under the Act, and that they receive the appropriatetraining / instruction and supervision so that they carry these duties out effectivelyand consistently and are given access to personal information that is appropriate tothe duties they undertake;• ensure that all third parties acting on the ETTA's behalf are given access to personalinformation that is appropriate to the duties they undertake and no more;• ensure that any requests for access to personal data are handled courteously,promptly and appropriately, ensuring that either the data subject or his/her authorisedrepresentative has a legitimate right to access under the Act that the request is valid,and that information provided is clear and unambiguous. All actions regarding datasubject access requests will be logged. This audit trail will include details regardingthe nature of the request, the steps taken to validate it, the information provided aswell as any withheld, e.g. for legal reasons.• never, under any circumstances, exploit your data for commercial gain but it may,from time to time, release your personal data to other National Governing Bodies forUK sport and Government agencies involved in sport in the UK. In thesecircumstances, the data will be held for the duration of the project and destroyedimmediately after use.• allow you to request that your data is held solely for the purposes of the ETTA. Thiscan be achieved by you making the request (in writing) to the Data Protection Officer,at the following address:English Table Tennis Association LimitedQueensbury House (Fourth Floor)Havelock RoadHastingsEast Sussex TN34 1HF• work towards adopting, as best working practice, the key principles of BS7799- theBritish Standard on Information Security Management;• Implement a security policy for controlling staff use of data and governing staffhandling of personal data• review this policy and the safeguards and controls that relate to it annually - toensure that they are still relevant, efficient and effective.3 The ETTA responsibilities under the Act3.1 Data Protection means that the English Table Tennis Association (ETTA) must:• manage and process personal data properly• protect the individual's rights to privacy• provide an individual with access to all personal information held on them3.2 The English Table Tennis Association (ETTA) has a legal responsibility to comply withthe Act. The Senior Management Team member with overall responsibility for this policy is
the Operations Manager. The English Table Tennis Association (ETTA), as a corporatebody, is named as the Data Controller under the Act.3.3 The English Table Tennis Association (ETTA) is required to notify the InformationCommissioner of the processing of personal data and this is included in a public register.The public register of data controllers is available on the Information Commissioner'swebsite.3.4 The English Table Tennis Association (ETTA)'s Operations Manager is responsible fordrawing up guidance on good data protection practice and promoting compliance with thisguidance through advising staff on the creation, maintenance, storage and retention of theirrecords which contain personal information.3.5 Every member of staff that holds information about identifiable living individuals has tocomply with data protection in managing that information. Individuals can be liable forbreaches of the Act.3.6 The ETTA acknowledges the rights of individuals to whom personal data relates, andensure that these rights may be exercised in accordance with the Act;• ensure that both the collection and use of personal data is done fairly and lawfully;• ensure that personal data will only be obtained and processed for the purposesspecified;• collect and process personal data on a "need to know" basis, ensuring that such datais fit for the purpose, is not excessive, and is disposed of at a time appropriate to itspurpose;• ensure that adequate steps are taken to ensure the accuracy and currency of data;• ensure that for all personal data, appropriate security measures are taken bothtechnically and organisationally - to protect against damage, loss or abuse;• ensure that the movement of personal data is done in a lawful way - both inside andoutside the ETTA and that those suitable safeguards exist at all times.4. GuidanceGuidance on the procedures necessary to comply with this policy is available from theOperations Manager. This guidance covers:4.1 Introduction to Data Protection including Data Protection principles, types of datainvolved and key concepts4.2 Best practice guidelines including:• use of personal data by employees and volunteers• transfer of personal data to third parties (incl volunteers)• security of personal data –You should be able to "completely" restore from a catastrophic failure, from at leasttwo previous full backups, just in case the last is damaged, lost, corrupt, etc.A "Good" backup regime should contain at least one full backup within a chosencycle, normally weekly.A "Good" backup practice is to store backups away from the current data location,preferably off-site.
Page 1: 1 IntroductionETTA Data Protection

ETTA Data Protection Policy - The English Table Tennis Association

Create successful ePaper yourself

Delete template?

Save as template?