Data Protection in Kildare Local Authorities

Kildare Local Authorities has approached the whole question of data protection using the following methodology:

Appoint Data Controllers in each section.

By appointing a Data Controller in each section, responsibility for best practice in relation to data protection lies with a senior person in that section who has familiarity with the data processing activities of that section. The Data Controllers form a group meets to discuss data protection, update information on their section etc. The group is chaired by a nominated Director of Service. From time to time the Data Controller will delegate authority to certain persons in the organisation to act on his/her behalf. 

Duties of the Data Controller

Data Controllers are responsible for the following activities: 

Conduct Data Analysis
Each Data Controller is responsible for analysing the data that is processed in their section.  The Data Controller analyses the personal data collected in the various sections and compiles an inventory that is maintained and regularly reviewed. 

Process Requests
Each Data Controller is responsible for processing access requests passed to them by the Data Protection Access Officer. 

Staff Awareness
Each Data Controller is responsible for ensuring that new and existing staff in their sections have attended Data Protection Awareness training. 

Continuous Improvement
Each Data Controller is responsible for working to improve Kildare Local Authorities compliance with the requirements of Data Protection Legislation. This includes regular reviews of policy, analysis and resolution of issues and participation in continuous improvement initiatives in this area. 

Access Control
Each Data Controller is responsible for ensuring that only authorised staff have appropriate access to locations on the network, folders on the fileserver(s) and have appropriate levels of access to IT systems in their sections. 

 

Implement a Data Protection Awareness Programme

There are a number of aspects to data protection awareness in the organisation. 

a)   Awareness training for all existing staff
In response to the need to train staff, an awareness programme has been designed and is being given to all office staff. 

b)   Awareness training for new staff as part of induction training
A section on data protection is being added into the induction training material. 

c)   Higher level data protection awareness for managers and senior officials

Data protection will maintain a high profile with regular meetings of the Data Controllers to discuss data protection issues as a group.