Data Protection Policy
This document provides the policy framework through which effective management of Data Protection matters can be achieved.
1. Scope of the Policy
Any serious infringement will be treated seriously by Liclass and may be considered under disciplinary procedures. Liclass expects all of its staff and students to follow the ethical behaviours set out.
Those are: selflessness, integrity, objectivity, accountability, openness, honesty and leadership.
Liclass is required to adhere to the seven principles of data protection.
In accordance with those principles personal data shall be:
- Processed fairly and lawfully.
- Processed for specified purposes only.
- Adequate, relevant and not excessive.
- Accurate and up to date.
- Not kept longer than necessary.
- Processed in accordance with data subjects’ rights.
- Processed and held securely.
[a] Staff responsibilities
Staff members who process personal data about students, staff, or applicants must comply with the requirements of this policy.
Staff members must ensure that:
- all personal data is kept securely;
- no personal data is disclosed either verbally or in writing, accidentally or otherwise, to any unauthorised third party;
- personal data is kept in accordance with Liclass’s retention schedule.
When members of staff are responsible for supervising students doing work which involves the processing of personal information(for example in research projects), they must ensure that those students are aware of the Data Protection Principles, in particular, the requirement to obtain the data subject’s consent where appropriate.
Staff who are unsure about who are the authorised third parties to whom they can legitimately disclose personal data should seek advice .
[b] Third-Party Data Processors
Where external companies are used to process personal data on behalf of Liclass, responsibility for the security and appropriate use of that data remains with the Liclass.
Where a third-party data processor is used:
- a data processor must be chosen which provides sufficient guarantees about its security measures to protect the processing of personal data;
- reasonable steps must be taken that such security measures are in place;
- a written contract establishing what personal data will be processed and for what purpose must be set out;
- a data processing agreement must be signed by both parties.
[c] Student responsibilities
Students are responsible for:
- ensuring that their personal data provided to Liclass is accurate and up to date.
3. Data Protection breaches
Where a Data Protection breach occurs, or is suspected, it should reported immediately:
Confirmed or suspected data security breaches should be reported promptly to Liclass ,
email: [email protected] The report should include full and accurate details of the incident including who is reporting the incident and what classification of data is involved.