UK General Data Protection Regulations Training Refresher Jan 2025 PDF

# UK General Data Protection Regulations Training Refresher ## January 2025 ## GDPR Officers - **Compliance Officer:** Malcolm Prescott - **General Data Protection Officer:** Karlie Baker - **Information Commissioners Office Registration Number:** Z5129639 - **The Webbers GDPR Policy is stored in the company L drive.** ## General Data Protection Regulations (GDPR) ### What is GDPR? GDPR refers to regulations designed to protect personal data and privacy for individuals within the EU and the UK. ### Who does GDPR apply to? Any organisation based in the EU and UK that makes use of personal data. This includes processing by law enforcement, national security, and personal/household activities. ### What is personal data? Any piece of information that can be used directly or indirectly to identify a person. ### Examples of personal data - Names - Home or work address - Telephone number - Email address - Date of birth - Photo ID - Proof of funds - Purchase price - Sale price of property - Debt history ## Data Protection Roles 1. **Data Protection Officer - Karlie Baker** Handles subject data access requests, keeps records of breaches and reports to the ICO when necessary. Oversees guidance related to data protection needs and ensures compliance. 2. **Controller** An entity that gatherers and stores data, e.g. Webbers. 3. **Processor** Responsible for processing personal data on behalf of a controller. 4. **Data Subject** The individual whom the personal data is about. ## GDPR Principles 1. **Collected for specific, explicit and legitimate reasons** 2. **Processed lawfully, fairly and transparently** 3. **Accurate and kept up to date** 4. **Kept in an identifiable form for no longer than necessary** 5. **Processed with appropriate security** 6. **Adequate, relevant and limited to what is necessary.** ## Legal Basis for Processing Data - **Consent:** Unambiguous, informed, explicit consent for processing personal data. - **Contract:** Processing personal data to fulfill a contract. - **Legal Obligation:** Processing required to comply with laws. - **Public Task:** Processing in the public interest. - **Legitimate Interests:** Processing as part of a legitimate business interest - **Vital Interests:** Processing to protect someone's vital interests ## Webbers and Personal Data ### How do we collect personal data? - Emails and telephone calls - Property portals - Tenancy applications - Proof of funds - Face-to-face interviews ### Collecting data for legitimate interests We collect personal data to: - Do market appraisals - Keep buyers: sellers and tenants informed - Comply with statutory and legal obligations ### Collecting data for contractual reasons Personal data is used to: - Market - Sell, or let a property - Find suitable purchasers or tenants - Manage properties - Complete transactions ### Storing personal data Personal data can be kept in: - Locked filing cabinets - On our computer system behind security policies - It is only kept for the minimum period required. ## Individual Rights Under GDPR - **Right to be informed** About collection and use of personal data - **Right to access** Known as a Subject Access Request - **Right to rectification** To have inaccurate information corrected - **Right to erasure** Also known as the right to be forgotten - **Right to restrict processing** Request the restriction of processing - **Right to data portability** Only applies to the information a data subject has given a controller - **Right to object** Absolute right to stop data being used for direct marketing - **Rights in relation to automated decision making and profiling** ## Subject Access Request (SAR) Everyone in the UK has the legal right to request access to the personal information a company holds on them, via a subject access request. An individual must write/email the organisation with their full name, address, contact telephone number, details of the specific information they require and any relevant dates. The company has 1 month to provide this personal information. They are not allowed to charge for this. In Webbers, all subject access requests should be passed to Karlie Baker, the GDPO. ## Accountability and Governance To meet accountability requirement: ### Measures for compliance: - Data protection policies - Documentation of processing activities - Written contracts with data processors - Security measures - Recording/reporting breaches - Adherence to codes of conduct - Annual policy reviews ## Personal Data Breaches ### Examples of breaches - Unauthorised third-party access - Sending data to an incorrect recipient - Alteration without permission - Data encrypted by ransomware - Lost/stolen devices - Accidental loss/destruction of data ### Reporting procedure: Report immediately to Karlie Baker, GDPO, who records breaches and advises the ICO within 72 hours for serious breaches. ## Handling Client Data Outside the Office - Secure data in vehicle - Prevent visibility through windows - Avoid overnight storage of data in a vehicle - Shred diary printouts/notes and dispose of in confidential waste - Store data in plain folders or briefcases. ## Staff Responsibilities What should you do to avoid a data breach? - Lock computers when leaving workstations - Ensure personal data is stored securely in locked filling cabinets and dispose via confidential waste - Confirm and document if a client is happy for you to pass their information to a 3rd party - Report any data breaches to Karlie Baker - Ensure contractors or developed have confirmed they have a GDPR policy in place - Ensure you are asking for marketing consent with every client, including the 2nd applicant. - **Lock** - **Switch user** - **Sign out** - **Change a password** - **Task Manager** - **Cancel**

UK General Data Protection Regulations Training Refresher Jan 2025 PDF

Document Details

Tags

Related

Summary

Full Transcript