Data Protection Policy
All CIDP policies are currently being reviewed and updated
DATA Protection Policy CIDP
Data Protection is the safeguarding of the privacy rights of individuals in relation to the processing of personal data, in both paper and electronic format. The Data Protection Acts 1988 and 2003 (the “Data Protection Acts”) lay down strict rules about the way in which personal data and sensitive personal data are collected, accessed, used and disclosed. The Data Protection Acts also permit individuals to access their personal data on request, and confer on individuals the right to have their personal data amended if found to be incorrect.
This document outlines CIDP’s policy to help ensure that we comply with the Data Protection Acts. All CIDP operations fall under this policy namely the Administration and Finance office, the Chaplaincy Service, the three residences and the Deaf Education Centre.
Inquiries about this Data Protection Policy should be made to: Catholic Institute for Deaf People, Deaf Village Ireland, Ratoath Road, Cabra, Dublin 7.
Data Protection Policy
Purpose of this policy
This policy is a statement of CIDP’s commitment to protect the rights and privacy of individuals in accordance with the Data Protection Acts.
We collect and use information to provide the following services:
• To undertake advertising, marketing, direct marketing and public relation exercises. • To perform accounting and other record-keeping functions.
• To provide personnel, payroll and pension administration services
• To provide child protection and vulnerable adult protection services
• To record personal details and care plans for residents in three residences
Data Protection Principles
CIDP will perform our responsibilities under the Data Protection Acts in accordance with the following eight Data Protection principles:
• Obtain and process information fairly
We shall obtain and process personal data fairly and in accordance with statutory and other legal obligations.
• Keep it only for one or more specified, explicit and lawful purposes
We shall keep personal data for purposes that are specific, lawful and clearly stated. Personal data will only be processed in a manner compatible with these purposes.
• Use and disclose only in ways compatible with these purposes
We shall use and disclose personal data only in circumstances that are necessary for the purposes for which we collected the data.
• Keep it safe and secure
We shall take appropriate security measures against unauthorised access to, or alteration, disclosure or destruction of personal data and against its accidental loss or destruction.
• Keep it accurate, complete and up-to-date
We adopt procedures that ensure high levels of data accuracy, completeness and that data is up-to-date.
• Ensure it is adequate, relevant and not excessive
We shall only hold personal data to the extent that it is adequate, relevant and not excessive.
• Retain for no longer than is necessary
We have a retention policy for personal data with a maximum retention period of ten years.
• Give a copy of his/ her personal data to that individual, on request
We adopt procedures to ensure that data subjects can exercise their rights under the Data Protection legislation to access their data.
Overall responsibility for ensuring compliance with Data Protection Acts rests with CIDP. However, our responsibility varies depending upon whether we are acting as either a data controller or a data processor. All employees and contractors of CIDP who separately collect, control or process the content and use of personal data are individually responsible for compliance with the Data Protection Acts. The Data Protection Co-ordinator in CIDP is the CEO who co-ordinates the provision of support, assistance, advice, and training within CIDP to ensure that the company is in a position to comply with the legislation.
Procedures and Guidelines
CIDP is firmly committed to ensuring personal privacy and compliance with the Data Protection Acts, including the provision of best practice guidelines and procedures in relation to all aspects of Data Protection.