We don't know whether the most recent response to this request contains information or not – if you are Jay Bhanji please sign in and let everyone know.

Data Protection Act 2018 compliance

We're waiting for Jay Bhanji to read a recent response and update the status.

Dear Sir/Madam,

I am writing to make a formal request for information under the provisions of the Freedom of Information Act 2000. I kindly request that you provide me with the following information:

1. A copy of your organisation's Records of Processing Activity (ROPA) as defined in Article 30 of the UK General Data Protection Regulation (UK GDPR).

2. A copy of all legitimate interest assessments conducted by your organisation where you rely on Article 6(1)(f) legitimate interests as your lawful basis for processing.

3. A copy of all privacy impact assessments conducted by your organisation.

4. A copy of all data protection impact assessments conducted by your organisation.

5. A copy of all international transfer risk assessments conducted by your organisation.

6. A recent copy of your organisation's data protection compliance assessment using the Information Commissioner's Office (ICO)'s accountability framework template. If you are using your own standards to monitor compliance with the Data Protection 2018, please provide me with copy of it.

7. A copy of your organization's data protection policy.

8. A copy of your organization's subject access request policy, procedures, and processes, including any guidance material such as folder structure, naming conventions, and redaction guides.

9. A copy of your organisation's privacy notices, including but not limited to employees, customers, ministers, special advisors (SPADs), complaints, NEDS, visitors, and CCTV.

10. A copy of your organisation's due diligence questions for vendor management such as independent data controllers or processors.

I understand that under the Freedom of Information Act, you are required to respond within 20 working days. To stay within section 12 - cost limits, I suggest asking your Data Protection Officer for the information. If this is not possible, I suggest a search of your compliance platform and your Microsoft estate for the following search terms (not case sensetive):

1. "records of processing activity" OR "ropa"
2. "legitimate interest assessment" OR "LIA"
3. "privacy impact assessment" OR "privacy impact assessments" OR "PIA"
4. "data protection impact assessment" OR "DPIA"
5. "transfer risk assessment" AND "personal data"
6. "accountability framework"

I would prefer to receive the requested information in electronic format via email.

Should you require any clarification or further details in order to process this request, please do not hesitate to contact me. I would be grateful if you could confirm receipt of this request and provide a reference number for future correspondence.

Thank you for your attention to this matter. I look forward to receiving the requested information within the statutory timeframe.

Yours faithfully,
Jay Bhanji

Freedom of Information (DENI), Department of Education (Northern Ireland)

1 Attachment

 

 

Freedom of Information Act 2000

 

Thank you for your email requesting information under the Freedom of
Information Act 2000 regarding Data Protection Act 2018 compliance.:-

 

1. A copy of your organisation's Records of Processing Activity (ROPA) as
defined in Article 30 of the UK General Data Protection Regulation (UK
GDPR).

 

2. A copy of all legitimate interest assessments conducted by your
organisation where you rely on Article 6(1)(f) legitimate interests as
your lawful basis for processing.

 

3. A copy of all privacy impact assessments conducted by your
organisation.

 

4. A copy of all data protection impact assessments conducted by your
organisation.

 

5. A copy of all international transfer risk assessments conducted by your
organisation.

 

6. A recent copy of your organisation's data protection compliance
assessment using the Information Commissioner's Office (ICO)'s
accountability framework template. If you are using your own standards to
monitor compliance with the Data Protection 2018, please provide me with
copy  of it.

 

7. A copy of your organization's data protection policy.

 

8. A copy of your organization's subject access request policy,
procedures, and processes, including any guidance material such as folder
structure, naming conventions, and redaction guides.

 

9. A copy of your organisation's privacy notices, including but not
limited to employees, customers, ministers, special advisors (SPADs),
complaints, NEDS, visitors, and CCTV.

 

10. A copy of your organisation's due diligence questions for vendor
management such as independent data controllers or processors.

 

 

The leaflet attached tells you about the legislation and the procedures
the Department will follow in handling your request. 

 

If you have any queries about this email, please contact me quoting the
reference number above in any future communications.

 

Kind Regards

 

 

 

Neil McCormick

Information Management Team

Room G18

Rathgael House

Balloo Road

BANGOR

BT19 7PR

 

Telephone – 028 9127 7698 (DD. 69098)

Email – [1][email address]

 

 

 

 

 

References

Visible links
1. mailto:[email address]

Freedom of Information (DENI), Department of Education (Northern Ireland)

1 Attachment

Dear Jay Bhanji,

 

Please see the attached response to your recent request for information
relating to Data Protection Act 2018 compliance.

 

If you have any queries, please do not hesitate to contact me.

 

Kind regards,

 

Justin O’Hagan

Records and Information Access Manager

Information Management Team

Corporate Services and Governance Directorate

Department of Education

[1]justin.o’[email address]

Tel: 02891858044

 

 

 

 

References

Visible links
1. mailto:[email address]

We don't know whether the most recent response to this request contains information or not – if you are Jay Bhanji please sign in and let everyone know.