Basic GDPR Training Slides without questions

GDPR Basic Training February 2023

Name

Date

What is Data Protection?

'Data protection' is about protecting an individual, whether they are:

• Prospective, current or former colleagues • Customers

• Contractors • Consultants

All companies must protect the right to privacy, balancing it with the legitimate needs of the company to hold and process certain data.

What is Personal Data?

Personal data is defined as:

Information from which a living individual can be identified and includes telephone numbers, names, address, email address, CCTV, Photographs and voice recordings.

Sensitive data

This includes information such as racial or ethnic origin, political opinion, religious or other beliefs, trade union membership, physical or mental health, sexual life, alleged criminal convictions and proceedings.

Data Protection A company's Data Protection policy and procedures should reflect their obligations under the United Kingdom General Data Protection Regulation (UK GDPR) and ensure that it protects customers' and colleagues' personal data.

The Regulation requires a company to:

• Use Personal Information in a fair way • Keep personal information secure • Respect the data protection rights of others • Only keep and use information needed

Please familiariseyourself with Rayware’s Data Protection Policy. It is your responsibility to ensure the Data Protection policies and procedures are followed at all times.

Complying with the UK GDPR

Third Parties

Third parties such as service providers engaged by the company are not entitled to customer data unless express permission is granted in writing as part of a data processing agreement.

Data Access requests

Only when the data subject has consented in writing is it possible to disclose information to the data subject. A strict code of practice and procedure is in place to ensure this is compliant and all such requests are recorded.

HMRC Tax and Payroll

The Law requires us to supply the name and colleague number and earnings details of all colleagues to HMRC for tax purposes.

Police Requests

Police enquiries are no different than any other third party request. If the police cite an exemption from the Data Protection Regulation, this must be justified and documented then sent to your Data Protection Officer for approval.

Email

• Personal data sent to third parties must have adequate protection to ensure sensitive information is not disclosed to data thieves or gets sent to the wrong person. • Personal data should never be sent by email to yourself at home. If you need to work on personal information at home then you should speak to your line manager about being given remote access. • Emails should be sent to recipients securely. You can also password protect documents such as Excel files for extra security when sending them via email.

• Your line manager will be able to provide you with further information.

Data Subject Access Requests

Data Subjects such as customers and colleagues can ask to see all the personal data that a company holds about them.

Such a request is known as a Subject Access Request (SAR), and the company has one month to respond. Specific guidelines on how to respond to such requests should be available through your line manager and in your organisation'sData protection policy. The data subject is able to make the request in writing, in an electronic format, or verbally – subject to confirming that they are the actual data subject; and following this, the information will be made available.

Data Retention

Personal data must only be retained for as long as necessary to complete and or deliver services. It must only be retained for the purpose it was originally obtained for and/or compliance with a legal obligation .