Common use of Processing of Personal Information Clause in Contracts

Processing of Personal Information. 5.1 Personal information will be shared and processed by the partners in accordance with UK data protection legislation. 5.2 It is the responsibility of each partner agency to ensure staff understand the importance of protecting personal data, that they are familiar with the organisations security policy and that they put its security procedures into practice. Partner agencies should ensure staff have undertaken Data Protection training which covers their duties under the Data Protection Act. 5.3 All information shared under this agreement, personal or otherwise, must only be used for the purpose(s) specified at the time of disclosure as defined in the relevant data sets/lists unless obliged under statute or regulation, or under the instructions of a court. 5.4 The data shared under this agreement must NOT be used for any other purpose other than the specific scrutiny and assurance activity for which it has been shared. Where a partner receiving information under this agreement, wants to use that information for any other purpose, they must seek and receive permission from the original data controller before using the information for that further purpose. Further use of the information undertaken without the permission of the data controller will not be lawful or covered by this agreement. 5.5 In the event that the scrutiny and assurance activity identifies the need to share the information wider than that for conducting an audit, the personal data may need to be shared with other agencies. However, this would be in accordance with Information Sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers, and should directly involve the agency from which the information originated. 5.6 Any data breaches involving shared data will be reported and investigated internally by the organisation that has caused the data breach. The outcome of the investigation will be reported to the Children’s MARS Board. Organisations have a responsibility to report data breaches that are likely to result in a high risk to the rights and freedoms of the data subject to the Information Commissioner’s Office within 72 hours of becoming aware of the breach. 5.7 The Data Protection Notification and Privacy Notice of each partner must reflect the processing of personal information under this agreement, to ensure that data subjects are fully informed about the information held about them and to their rights to gain access to information held about them and to correct any factual errors that may have been made. If there are statutory grounds for restricting a data subject’s access to the information held about them, they will be told that such information is held and the grounds on which it is restricted. Where opinion about a data subject is recorded and they feel the opinion is based on incorrect factual information, they will be given the opportunity to correct the factual error and/or record their disagreement with the recorded opinion. 5.8 Complaints will be handled in accordance with the standard procedures of the partner who receives the complaint. 5.9 The personal information shared under this agreement must be relevant and proportionate to achieve the purposes identified in section 2.

Processing of Personal Information. 5.1 Personal information will be shared and processed by the partners in accordance with UK data protection legislationthe Data Protection Act. 5.2 It is the responsibility of each partner agency to ensure staff understand the importance of protecting personal data, that they are familiar with the organisations security policy and that they put its security procedures into practice. Partner agencies should ensure staff have undertaken Data Protection training which covers their duties under the Data Protection Act. 5.3 All information shared under this agreement, personal or otherwise, must only be used for the purpose(s) specified at the time of disclosure as defined in the relevant data sets/lists unless obliged under statute or regulation, or under the instructions of a court. 5.4 The data shared under this agreement must NOT be used for any other purpose other than that is not undertaken by the specific scrutiny Audit and assurance activity for which it has been sharedAssurance subgroup. Where a partner receiving information under this agreement, wants to use that information for any other purpose, they must seek and receive permission from the original data controller before using the information for that further purpose. Further use of the information undertaken without the permission of the data controller will not be lawful or covered by this agreement. 5.5 In the unlikely event that the scrutiny Audit and assurance activity Assurance Group identifies the need to share the information wider than that for conducting an audit, the personal data may need to be shared with other agencies. However, this would be agencies that are not part of the group in accordance with Information Sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers, and should directly involve the agency from which the information originatedexceptional circumstances only. 5.6 Any data breaches involving shared data which is used for any other purpose than that described under this agreement will be reported and investigated internally by to the organisation that has caused the data breach. The outcome of the investigation will be reported to the Children’s MARS Safeguarding Adults Board. Organisations have a responsibility to report data breaches that are likely to result in a high risk to the rights and freedoms of the data subject to the Information Commissioner’s Office within 72 hours of becoming aware of the breach. 5.7 The Data Protection Notification and Privacy Notice of each partner must reflect the processing of personal information under this agreement, to ensure that data subjects are fully informed about the information held about them and to their rights to gain access to information held about them and to correct any factual errors that may have been made. If there are statutory grounds for restricting a data subject’s subjects access to the information held about them, they will be told that such information is held and the grounds on which it is restricted. Where opinion about a data subject is recorded and they feel the opinion is based on incorrect factual information, they will be given the opportunity to correct the factual error and/or record their disagreement with the recorded opinion. 5.8 In the unlikely event that the Audit and Assurance subgroup receives a Subject access request, the request will be discussed with the most relevant agency which the request relates to and a response will be made within the 40 day timeframe. The SAB will need to respond if the relevant agency has destroyed the information as per 7.3. 5.9 Complaints will be handled in accordance with the standard procedures of the partner who receives the complaint. 5.9 5.10 The personal information shared under this agreement must be relevant and proportionate to achieve the purposes identified in section 2.

Processing of Personal Information. 5.1 Personal information will be shared and processed by the partners in accordance with UK data protection legislationthe GDPR. 5.2 It is the responsibility of each partner agency to ensure staff understand the importance of protecting personal data, that they are familiar with the organisations security policy and that they put its security procedures into practice. Partner agencies should ensure staff have undertaken Data Protection training which covers their duties under the Data Protection Actlegislation. 5.3 All information shared under this agreement, personal or otherwise, must only be used for the purpose(s) specified at the time of disclosure as defined in the relevant data sets/lists unless obliged under statute or regulation, or under the instructions of a court. 5.4 The data shared under this agreement must NOT be used for any other purpose other than that is not undertaken by the specific scrutiny and assurance activity for which it has been sharedSafeguarding Adults Review Group. Where a partner receiving information under this agreement, wants to use that information for any other purpose, they must seek and receive permission from the original data controller before using the information for that further purpose. Further use of the information undertaken without the permission of the data controller will not be lawful or covered by this agreement. 5.5 In the unlikely event that the scrutiny and assurance activity Safeguarding Adults Review Group identifies the need to share the information wider than that for conducting an audita SAR, the personal data may need to be shared with other agencies. However, this would be agencies that are not part of the SARG in accordance with Information Sharing: advice for practitioners providing safeguarding services to children, young people, parents and carers, and should directly involve the agency from which the information originatedexceptional circumstances only. 5.6 Any data breaches involving shared data which is used for any other purpose than that described under this agreement will be reported and investigated internally by to the organisation that has caused the data breach. The outcome of the investigation will be reported to the Children’s MARS Safeguarding Adults Board. Organisations have a responsibility to report data breaches that are likely to result in a high risk to the rights and freedoms of the data subject to the Information Commissioner’s Office within 72 hours of becoming aware of the breach. 5.7 The Data Protection Notification and Privacy Notice of each partner must reflect the processing of personal information under this agreement, to ensure that data subjects are fully informed about the information held about them and to their rights to gain access to information held about them and to correct any factual errors that may have been made. If there are statutory grounds for restricting a data subject’s subjects access to the information held about them, they will be told that such information is held and the grounds on which it is restricted. Where opinion about a data subject is recorded and they feel the opinion is based on incorrect factual information, they will be given the opportunity to correct the factual error and/or record their disagreement with the recorded opinion. 5.8 In the unlikely event that the SARG receives a Subject access request, the request will be discussed with the most relevant agency which the request relates to and a response will be made within the 40 day timeframe. The SAB will need to respond if the relevant agency has destroyed the information as per 7.3. 5.9 Complaints will be handled in accordance with the standard procedures of the partner who receives the complaint. 5.9 5.10 The personal information shared under this agreement must be relevant and proportionate to achieve the purposes identified in section 2.