Data Protection | Walsall College
menu

Data Protection

At Walsall College we take data protection seriously, and so to help staff understand their responsibilities we issue regular updates on the law and best practice.

The College is responsible for complying with the Data Protection Act 1998 (DPA) whenever personal data is processed.

Under our  Data Protection Policy, all staff have a responsibility to comply with the DPA in their day-to-day work. The first step staff take to understand these responsibilities is to complete the College’s Mandatory Data Protection Training Module. To make sure knowledge is fresh and up to date; all staff must complete the training at least annually.

Keeping Data Protection knowledge up to date is particularly important as from May 2018 the DPA will be replaced by new Data Protection legislation that will implement the General Data Protection Regulation (GDPR). Please see the GDPR section below for further information about what this change in the law will mean for the College.

Overview of Data Protection

The Data Protection Act 1998 governs how personal data should be processed by organisations and applies to anything we do with personal data, such as accessing, sharing, analysing, storing and archiving it etc. The College is a Data Controller which means the College is responsible for compliance with the Act.

There are eight key principles to the Data Protection Act:

  • Personal data shall be processed fairly and lawfully
  • It shall be obtained for specified purposes
  • It shall be adequate, relevant and not excessive
  • It shall be accurate and up-to-date
  • It shall not be kept longer than necessary
  • It shall be processed in accordance with the rights of the data subject
  • Measures shall be taken to protect processing, and to prevent loss and damage
  • It shall not be transferred outside the EEA unless there is an adequate level of protection in that country

For Students and the Public

Data Protection Protocol for Walsall College

The Information Commissioner

How to make a complaint

General Data Protection Regulation

For Students and the Public

Walsall College’s Data Protection Policy is available here.

The College’s Data Protection Privacy Notice to Students can be accessed here. This privacy notice gives you information about how and why the College uses your personal data..

Your Rights:

Individuals have a number of rights in relation to their personal data including;

  • a right to find out details about data processing, if the College holds your information and what it is being used for;
  • a right of access, to a copy of the information comprising your personal data referred to as a Subject Access Request (SAR);
  • a right to object to processing that is likely to cause or is causing you damage or distress;
  • a right to prevent processing for direct marketing;
  • a right to object to decisions being taken by automated means;
  • a right in certain circumstances to have inaccurate personal data rectified, blocked, erased or destroyed; and
  • a right to claim compensation for damages caused by a breach of the Act.

The ICO’s website provides further information on scope of these rights and how to exercise them.

What can you expect from Walsall College

We will:

  • manage your request promptly.
  • provide good quality services.
  • be helpful, honest, professional, courteous and consistent.
  • provide the relevant information that you need.
  • take ownership of your query.
  • be realistic in what we say we can or can’t do.
  • treat your personal data as confidential; and keep it secure.
  • Listen to your comments and feedback on how we can make a better service.

Students: If you wish to exercise one of your rights in relation to your personal data, please contact: dataprotection@walsallcollege.ac.uk Please note if you are seeking access to our personal data (a Subject Access Request), then you can use our request for personal data access form to help structure your request. We may require you to confirm your identity. Your request can be delivered to the Data Protection team (Wisemore Campus, Littleton Street West, Walsall, WS2 8ES) or emailed to dataprotection@walsallcollege.ac.uk

Members of the public: If you wish to exercise one of your rights in relation to your personal data, please contact the postal or email address above. You may find it useful to use our access to information form for members of the public available here.

Data Protection Protocol for Walsall College

The College is fully committed to compliance with the Data Protection Act 1998 and recognises the rights and obligations that are enforced by the Act in the processing of personal data. This protocol sets out what the College will do to meet the requirements of data protection legislation.

Introduction

In order to operate efficiently and effectively, the College will collect and use personal data about people to whom it provides services to, these include past, current and prospective employees, students, members of the public and suppliers.

The College regards the lawful and appropriate handling of personal data very important to successful operations. We therefore, want to maintain confidence between the College and those to whom it provides its services.

Scope

This protocol covers personal data held electronically by the College on central IT systems and PC’s, in addition to personal data stored in structured paper files. This approach is in line with the scope of Personal data as defined under the Data Protection Act.

The protocol applies to all employees and any other third parties that are authorised to process information on behalf of the College.

Walsall College will ensure that:

  • our notification entry on the Public Register of Data Controllers is current and kept up to date;
  • any third parties who have access to or share our data follow the College’s policies and procedures. Either a Data Sharing Agreement or a Data Processing Agreement, which will allow third parties to act lawfully on the behalf of the College, will document this.
  • all College employees involved in the collection and processing of personal data are aware of their responsibilities to provide adequate protection and safeguards against unlawful disclosure

The Information Commissioner

The College is registered as a Data Controller with the Information Commissioner, The ICO is the UK's independent body set up to uphold information rights.. The College’s registration number is Z5015525. Our registration notice, which provides further information about how we process personal data, can be viewed on the ICO's Website.

How to make a complaint

You have the right to be confident that the College is handling your personal information responsibly and in line with good practice.

If you have a concern about the way, the College is handling your information you can raise this with the Data Protection Team.

What can you complain about?

  • You can complain to Walsall College, if you have been denied any of your rights under the Data or if you believe Walsall College: is not keeping your information secure;
  • holds inaccurate information about you;
  • has disclosed information about you;
  • is keeping information about you for longer than is necessary; or
  • has collected information for one reason and is using it for something else;

How to make a Complaint

You can make your complaint by letter, e-mail, or in person. Make it clear that you are making a complaint about a matter concerning data protection and provide full details of your complaint. Provide the College with your name and contact address (this can be a postal or email address). If possible, provide a telephone number (this is in case the College needs to contact you to help us to investigate your complaint).

Send you complaint:

  • by email to dataprotection@walsallcollege.ac.uk
  • by letter to; Contracts and Compliance, Walsall College, Wisemore Campus, Littleton Street West, WS2 8ES
  • or ask a member of staff to help you.

What will Happen Next?

Your complaint will be treated in strictest confidence and will be fully investigated. You will receive an acknowledgement within 5 working days of receipt of the complaint. A full investigation will be made and response conveyed to you within 10 working days

If you are not satisfied with the College’s response to your complaint, you can contact the Information Commissioner’s Office who will investigate your complaint. You can contact the Information Commissioner at:

The Information Commissioner
Wycliffe House
Water Lane
Wilmslow
Cheshire
SK9 5AF

Telephone: 0303 123 1113

Website: www.ico.org.uk

General Data Protection Regulation

The General Data Protection Regulation will apply to the UK from 25 May 2018. The GDPR will come into force before the U.K’s exit from the European Union and the U.K Government has confirmed their intention to implement legislation revised Data Protection Act, which mirrors the GDPR. The GDPR will comprise of substantial changes to the way organisations such as the College processes personal data. Although, much of the basic framework in the DPA will remain. The obligations imposed under the GDPR are stricter, more process driven and require organisations to think about privacy issues at the outset of a project or initiative.

The key changes introduced through the GDPR are as follows;
  • Public authorities, and those organisations which process large volumes of personal data, will be required to appoint a Data Protection Officer.
  • For the first time, Data Processors will have certain legal responsibilities under data protection legislation.
  • It will be a legal requirement for Data Controllers to undertake Privacy Impact Assessments in relation to high-risk processing activities.
  • Data Controllers will be required to give individuals more information (in privacy notices) about the purposes for which and manner in which their personal data is processed. More generally, the rights of individuals in relation to their personal data will be strengthened.
  • Opt-out consent will not be valid under the GDPR (i.e. the use of pre-ticked boxes to signify consent).
  • The level of fines, which can be imposed in respect of a data protection breach, will be increased from £500,000 to a maximum 4% of annual turnover or €20 million.

Further information about these changes can be found at the ICO website here.

Share This Post



Accessibility bsl BSL RSS Feed