GDPR Policy

The Discover Work service is the programme of support for job seekers and employers in the city. It encompasses a wide network of services delivered by a range of partners. They collectively form a collective approach to supporting people looking for work and employers alike.

Our Website & Your Data

Individuals Rights GDPR provides individuals with the following rights regarding their personal information: • The right to be informed about how their information will be used. • The right of access to their personal information. • The right to rectification, which is the right to require the Council to correct any inaccuracies. • The right to request the erasure of any personal information held by the Council where the Council no longer has a basis to hold the information. • The right to request that the processing of their information is restricted. • The right to data portability. • The right to object to the Council processing their personal information. • Rights in relation to automated decision making and profiling. The Council will publish information within Privacy Notices that will set out what these rights are and how these can be exercised. Subject Access Requests: The Information Governance Manager is responsible for subject access requests on behalf of the Council. This role will oversee the completion of all requests to the Council, with the exception of those received by the Children & Families and Health & Social Care Partnership sections which are responsible for processing those requests received. Each individual employee is responsible for passing any subject access requests received to the Information Governance Team as soon as possible. The Council will endeavour to process all subject access requests within the statutory deadline of a month, unless an exemption to the time limit applies. Under the new legislation there is no longer a fee applicable for a subject access request, other than where an exemption applies. The exception is where further copies of the original response is requested or the request is considered manifestly unfounded or excessive. Breaches: Organisations which process personal data must take appropriate measures against unauthorised or unlawful processing and against accidental loss, destruction of, or damage to, personal data. Despite the security measures taken to protect personal data held by the Council, a breach or incident may occur. The Council has a legal requirement to notify the ICO within 72 hours of any personal data breach where it is likely to result in a risk to the rights and freedoms of data subjects. An incident may occur in relation to the following: Security Individual’s rights Used for purposes outwith reason for collection Kept longer than necessary Collecting more information than is needed Not fair/legitimate/transparent/lawful Kept accurate and up-to-date Transferred outside EU without protection Failure to notify the ICO of a breach may result in a significant fine being imposed. It is the DPO’s responsibility to assess each personal data breach for consideration to report to the ICO and also has a duty to report any personal data breach to any affected data subjects. Therefore it is imperative all personal data breaches, both suspected, and confirmed, are reported immediately as required by the Data Breach procedures. The DPO will ensure that Council management are regularly notified of any breaches or near misses that have been reported. Compliance: In order for the Council to comply with the legislation, it must carry out various tasks such as regular training, being transparent in personal data use, etc. Services will undergo an annual information governance audit to ensure compliance with this and other policies and procedures. Training: The Council will provide advice and training for employees to comply with this policy. Additional guidance will be provided to staff who routinely handle personal, sensitive and confidential information. Heads of Service are responsible for ensuring that employees within their Service are trained appropriately. Mandatory training is required to be undertaken by all employees and Councillors every 2 years. The DPO will assist Services in evaluating training need. Training materials will be developed in accordance with requirements. Retention & Disposal of Data: All personal information must be processed in compliance with the Council’s Records Management Policy and associated procedures to ensure that data is not retained for longer than it is required. Personal data must be disposed of in a way that protects the rights and privacy of those the information is about, such as shredding, disposal as confidential waste and secure electronic deletion. All systems should be reviewed on a regular basis to identify records which are no longer required and these will be destroyed in line with the Council’s records management policy. A retention schedule will be developed in line with the Records Management Plan. Data Sharing: All sharing of data with other organisations must be appropriately documented for example with a Data Protection Impact Assessment completed, where relevant, and Data Sharing Agreement in place before any data is shared. Information sharing within the Council across Service areas must also be documented with an agreement completed, and assessment where necessary. Information Security: All staff and elected members are responsible for ensuring that personal information which they hold is kept safe and secure. For more information please view the Information and Communication Technology Security and Safe Use Policy. Related Policies/Procedures: Information and Communication Technology Security and Safe Use Policy Records Management Policy Data Sharing Policy Data Security Classification Policy DPIA Procedure Data Breach Procedure Subject Access Procedure Issue & Review: Heads of Service shall ensure that this policy is cascaded to all employees within their Service for it to be read and understood. This policy will be reviewed every year and amended as appropriate.

Discover Work Dundee

Get everything you need here whether you are looking for a job or an employer looking to hire.

Contact

Translate »
Skip to content