There are different rules for the organisations that play different roles in collecting and handling identifiable information.:
- Data controller - this is any organisation responsible for providing access to, or using, identifiable information. The data controller must keep it safe at all stages, explain to people what it's being used for and are legally accountable.
- Data processor - this is any organisation involved in collecting or processing information. The data processor must follow the data controller's instructions and meet high IG standards.
- Data controllers are sometimes also data processors.
The NES legal basis for processing information is as follows
NES processes personal data under the following conditions of the General Data Protection Regulation:
“6(1)(c) processing is necessary for compliance with a legal obligation”;
“6(1)(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.”
"9(2)(b) – Processing is necessary for carrying out obligations under employment, social security or social protection law, or a collective agreement" (for special categories of data).
NHS Education for Scotland (2018) Privacy and Protection (Website)
Data Protection Officer
NHS Education for Scotland,
Westport 102, West Port,
Edinburgh, EH3 9DN
foidp@nes.scot.nhs.uk
NES is registered as a data controller with the Information Commissioner
(registration number Z7921413).
Additional information on the NES data Collection and processing:
The NES privacy and data protection statement advises the public of the following;
'Personal data will be held for no longer than necessary in line with our records retention policy.
'Personal data will be held for no longer than necessary in line with our records retention policy.
We will share personal data where appropriate and necessary with third parties such as employing NHS Boards and other employers, educational institutions and regulatory and professional bodies. We will also share personal data, where required to do so by law.
NES or our partners may use your contact details to tell you about relevant training opportunities, educational events or related activities. We may also contact you to invite you to participate in the evaluation of education or related research.
Special categories of personal data and why they may be processed.
NES will only process sensitive personal data (for example on health, disability, ethnicity or sexual orientation) where it is necessary to carry out our role in health workforce development; for example in mandatory monitoring of equality and diversity, to ensure that NES is a safe place to work, or to ensure compliance with other legal obligations, such as the sick pay policy or equal opportunities policy.
NHS Education for Scotland (2018) Privacy and Protection'
(Webpage) http://www.nes.scot.nhs.uk/privacy-and-data-protection.aspx
(Webpage) http://www.nes.scot.nhs.uk/privacy-and-data-protection.aspx
No comments:
Post a Comment