The College is responsible for complying with the Data Protection Act 1998 (DPA) whenever personal data is processed.
Under our Data Protection Policy, all staff have a responsibility to comply with the DPA in their day-to-day work. The first step staff take to understand these responsibilities is to complete the College’s Mandatory Data Protection Training Module. To make sure knowledge is fresh and up to date; all staff must complete the training at least annually.
Keeping Data Protection knowledge up to date is particularly important as from May 2018 the DPA will be replaced by new Data Protection legislation that will implement the General Data Protection Regulation (GDPR). Please see the GDPR section below for further information about what this change in the law will mean for the College.
The Data Protection Act 1998 governs how personal data should be processed by organisations and applies to anything we do with personal data, such as accessing, sharing, analysing, storing and archiving it etc. The College is a Data Controller which means the College is responsible for compliance with the Act.
There are eight key principles to the Data Protection Act:
Walsall College’s Data Protection Policy is available here.
The College’s Data Protection Privacy Notice to Students can be accessed here. This privacy notice gives you information about how and why the College uses your personal data..
Individuals have a number of rights in relation to their personal data including;
The ICO’s website provides further information on scope of these rights and how to exercise them.
What can you expect from Walsall College
Students: If you wish to exercise one of your rights in relation to your personal data, please contact: firstname.lastname@example.org Please note if you are seeking access to our personal data (a Subject Access Request), then you can use our request for personal data access form to help structure your request. We may require you to confirm your identity. Your request can be delivered to the Data Protection team (Wisemore Campus, Littleton Street West, Walsall, WS2 8ES) or emailed to email@example.com
Members of the public: If you wish to exercise one of your rights in relation to your personal data, please contact the postal or email address above. You may find it useful to use our access to information form for members of the public available here.
The College is fully committed to compliance with the Data Protection Act 1998 and recognises the rights and obligations that are enforced by the Act in the processing of personal data. This protocol sets out what the College will do to meet the requirements of data protection legislation.
In order to operate efficiently and effectively, the College will collect and use personal data about people to whom it provides services to, these include past, current and prospective employees, students, members of the public and suppliers.
The College regards the lawful and appropriate handling of personal data very important to successful operations. We therefore, want to maintain confidence between the College and those to whom it provides its services.
This protocol covers personal data held electronically by the College on central IT systems and PC’s, in addition to personal data stored in structured paper files. This approach is in line with the scope of Personal data as defined under the Data Protection Act.
The protocol applies to all employees and any other third parties that are authorised to process information on behalf of the College.
Walsall College will ensure that:
The College is registered as a Data Controller with the Information Commissioner, The ICO is the UK's independent body set up to uphold information rights.. The College’s registration number is Z5015525. Our registration notice, which provides further information about how we process personal data, can be viewed on the ICO's Website.
You have the right to be confident that the College is handling your personal information responsibly and in line with good practice.
If you have a concern about the way, the College is handling your information you can raise this with the Data Protection Team.
What can you complain about?
How to make a Complaint
You can make your complaint by letter, e-mail, or in person. Make it clear that you are making a complaint about a matter concerning data protection and provide full details of your complaint. Provide the College with your name and contact address (this can be a postal or email address). If possible, provide a telephone number (this is in case the College needs to contact you to help us to investigate your complaint).
Send you complaint:
What will Happen Next?
Your complaint will be treated in strictest confidence and will be fully investigated. You will receive an acknowledgement within 5 working days of receipt of the complaint. A full investigation will be made and response conveyed to you within 10 working days
If you are not satisfied with the College’s response to your complaint, you can contact the Information Commissioner’s Office who will investigate your complaint. You can contact the Information Commissioner at:
The Information Commissioner
Telephone: 0303 123 1113
The General Data Protection Regulation will apply to the UK from 25 May 2018. The GDPR will come into force before the U.K’s exit from the European Union and the U.K Government has confirmed their intention to implement legislation revised Data Protection Act, which mirrors the GDPR. The GDPR will comprise of substantial changes to the way organisations such as the College processes personal data. Although, much of the basic framework in the DPA will remain. The obligations imposed under the GDPR are stricter, more process driven and require organisations to think about privacy issues at the outset of a project or initiative.
The key changes introduced through the GDPR are as follows;
Further information about these changes can be found at the ICO website here.