The General Data Protection Regulation (GDPR)
Privacy Notice (How Infrared Training Limited uses Student information)
The categories of student information that we collect, hold and share include:
Why we collect and use this information
We use the Student data:
Storing student data
We hold student data for a minimum of 10 years using secure systems either electronically or in hard copy form
We routinely share student information with:
On occasions Infrared Training Limited may share student information with approved associate companies purely for efficient contact and information provision for company products.
The European Union’s GDPR (General Data Protection Regulation) comes into force in the UK on 25th May 2018. The GDPR will bring in stricter obligations that all employers must follow. The ICO (Information Commissioner’s Office) has published an overview of the regulation and has a checklist of 12 steps you can take to get ready.
For more information, go to the ICO website.
Until May 25 2018, The Data Protection Act 1998 still applies. The Data Protection Act is concerned with respecting the rights of individuals when processing their personal information. This can be achieved by being open and honest with employees about the use of information about them and by following good data handling procedures. The act is mandatory and all organisations that hold or process personal data must comply.
The Data Protection Act contains 8 principles:
All staff have a responsibility under the Act to ensure that their activities comply with the Data Protection Principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation’s procedures, or use personal data held on others for their own purposes.
Workers have a legal right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. Arrangements should be in place to deal with requests as a 40-day time limit is stipulated. Information can be withheld if releasing it would make it more difficult to detect crime or the information is about national security. If an employee feels the organisation has misused information or hasn’t kept it secure they can contact the Information Commissioner’s Office.
Monitoring employees – CCTV, telephone calls, emails
The Data Protection Act will apply if employers are monitoring employees; for example to detect crime or excessive private use of e-mails, internet use etc. However, the act requires that workers should be aware of the nature and reason for any monitoring.