1 Do you hold personal data about others?
|
|
2 If so, who authorises the collection of the data?
|
|
3 For what purpose is the information collected?
|
|
4 What categories of information are collected, eg name, address, telephone number?
|
|
5 How is the information collected? Is it collected face to face with the individual or at a distance?
|
|
6 From where is the personal data collected:
|
|
7 What form of data protection notice is given to individuals when the information is collected?
|
|
8 How often is this notice reviewed or changed?
|
|
9 Who reviews or changes the notice?
|
|
STORAGE, PROCESSING AND DISCLOSURE
|
|
10 Where does your department store the personal information? I.e. on computer in manual files
|
|
11 What processing activities are carried out by your department?
|
|
12 Do any third parties process data on your behalf? If yes please provide a name?
|
If yes:
|
13 Who authorises these processing activities?
|
|
14 Who has authority to change, add or delete data held by you?
|
|
15 Who has access to such personal data within your department? Please list:
|
|
16 Who authorises the access to personal data ?
|
|
17 Do you consider that your department holds any sensitive personal data? If so, please describe these sensitive personal data and the purposes for which they are held . Sensitive personal data means any data that relate to a person's:
political opinions
trade union membership
religious beliefs
physical or mental condition
sexual life
commission or alleged commission of an offence
the sentence of any court
|
If yes:
|
18 Do you disclose sensitive personal data to:
other departments
other companies in the ........... group
joint venture partners
third parties
others
_ Please specify
|
If yes please list who:
|
19 Do you disclose information to other countries?
|
|
SUBJECT ACCESS PROCEDURES
|
|
20 How do you handle procedure when receiving a request from an individual to reveal what data you hold in relation to the subject?
|
|
21 What procedures exist in your department for suppression, blocking or correction of personal data?
|
|
22 Who authorises these activities?
|
|
| DATA QUALITY
|
|
23 Who in your department has responsibility for reviewing personal data for relevance, accuracy and keeping personal data up to date? How often are these activities carried out?
|
|
SECURITY |
|
24 What security measures do you have in place to ensure the personal data is secured?
|
|
DESTRUCTION OR ARCHIVING |
|
25 How long is personal information kept in your department before being destroyed or archived?
|
|
26 In what format or on what medium is the archived information stored?
|
|
27 Who authorises destruction?
|
|
28 Who authorises archiving?
|
|
29 Please describe the archiving procedures in operation in your department.
|
|
30 Please describe the back-up procedures in operation in your department.
|
|
TRAINING |
|
31 Do the employees in your department receive training on data protection law and other relevant law? If so, who is responsible for carrying out the training?
|
|
32 Are refresher courses held? If so, how often and who is directed to attend?
|
|
