On Wednesday 25th September, the launch of Science Stars, one of St George’s flagship widening participation programmes, took place at the university.
Professor Derek Macallan, Professor of Infectious Diseases, discusses HIV.
See how our research transforms people’s lives in our community, throughout the UK and around the world
Below you will find definitions of some of the key terms and phrases associated with data protection.
An individual’s consent to process their personal data must be ‘freely given, specific and informed’. Consent must be based on the individual’s clear understanding of what the data is being used for, who it will be shared with, how long it will be kept for (see ‘fair processing notice’). It is important to note that while an organisation must have a valid reason for processing personal data, this may not necessarily always involve the direct consent of the individual it relates to.
The person who decides how, and for what purposes, the data is going to be processed. This could be either an individual or an organisation. St George’s, University of London is considered the data controller for information processed for the purposes of the university’s business.
Someone (other than an employee of the data controller) who processes data on behalf of a data controller, eg an external company employed to distribute an organisation’s newsletter or marketing materials, or a company responsible for the disposal of ‘confidential’ waste.
The Data Protection Act sets out eight data protection principles. These specify that personal data shall:
The living individual who is the subject of the personal data.
The fair processing notice is a formal statement that provides the individual whose data is to be processed with the following information: the identity of the data controller, the purpose(s) for which the data may be processed and any other information necessary to ensure the processing can be considered ‘fair’ under the Act, eg other persons the data may be shared with. The fair processing notice is now known as the 'privacy notice', although you will probably still find reference to both.
The Data Protection Act requires anyone who processes personal information to provide details of that processing for inclusion in a register maintained by the Information Commissioner’s Office. Failure to ‘notify’, or to keep your entry in the register up-to-date, is a criminal offence.
Data relating to a living individual who can be identified from that information, or from other information the data controller has in their possession or is likely to have access to.
Any action or operation carried out on personal data, whether obtaining, recording, storing or disposing of that data.
The process by which a data subject can request information about themselves held by an organisation. The request must be made in writing, which can include email. The organisation must respond to the request within 40 days, providing copies of the relevant information in ‘permanent form’. All subject access requests should be passed to St George’s Data Protection Officer.
Browser does not support script.