Send the link below via email or IMCopy
Present to your audienceStart remote presentation
- Invited audience members will follow you as you navigate and present
- People invited to a presentation do not need a Prezi account
- This link expires 10 minutes after you close the presentation
- A maximum of 30 users can follow your presentation
- Learn more about this feature in our knowledge base article
Data Protection Training for NAS Branches and Groups
Transcript of Data Protection Training for NAS Branches and Groups
Legal Principles 7 & 8
Legal Principles 1-3
Legal Principles 4-6
The Data Protection Act 1998 is based on 8 principles set out to govern how personal data should be processed
The legislation ensures adequate safeguards around processing personal data.
It gives certain legal rights to living individuals in respect of their personal data.
Both individuals and companies are liable for criminal offences under the data protection legislation
A full copy of the NAS Data Protection Policy is available from your Branch Development Officer.
Personal data held must be accurate and up to date
People have the right to see the data you hold on them so be mindful of what extra notes you might add to someones record.
It also means reminding your members to and acting on their requests to update their details on your database.
Data Protection Training for NAS Branches and Groups
Data Protection Act 1998
applies to all your data -
Personal data must be fairly and lawfully processed
What does this mean for you?
People should be told:
what type of data is being collected about them
what it is being collected for
who is processing their information
about any third parties that may be accessing the information
who to contact if they have any questions about their information
What data does your branch/group hold?
What is it for?
How is it stored?
Who has access to it?
Personal data must be processed only for specified and lawful purposes
This means there needs to be consent or a legal reason to process someone's information.
Consent can be implicit in the way the information is gathered, e.g. a volunteer registration form requests contact details in order to get in touch with the volunteer about their role when necessary.
You can only use people's information for the purpose it was given, e.g. receiving email about branch activities, nothing else.
Personal data that is processed must be adequate, relevant and not excessive
You should only collect data you need to fulfil
Do not collect lots of unnecessary information just in case it is useful some time in the future.
Personal data must not be kept longer that necessary for the purpose specified
Legislation does not provide specific time-frames or guidelines but
data should not be kept longer than needed.
Personal data must be processed in accordance with the rights of the data subject (person)
A person has the right to be supplied with the personal data held about him/her.
Contact your Branch Support Officer if they request this, as it needs to go through the NAS central data protection controller.
A person is entitled to use the law to get compensation for damage caused, if personal data about them is inaccurate, lost or disclosed.
Well done! You have finished the training. Now take the self-assessment and email it to
NAS Branches and Groups collect lots of data. Think about:
This is stored information on a living person that can be identified by the given information.
It's important to consider
the above questions so
you ensure you are
following your legal obligations
Personal data must be secure from the point of collection through to disposal
Data must be only be accessible by people who have
a legitimate reason for access.
Data must be kept secure regardless of how it is stored,
use an encrypted USB, password
protected document or lock files away etc.
Dispose of data correctly:
Paper should be shredded
computer files properly deleted, especially if old equipment is being passed on.
Doesn't apply to NAS branches or groups as it refers to data being passed on outside the EU
Legal wording you should use:
Requests for data should include consent to keep in touch. This can be opt-out:
The National Autistic Society would like to keep you informed about our services, upcoming news, events and fundraising activities. We will look after your data as set out in our privacy and data protection policy. To view please go to
If you would like us not to contact you for this purpose, please tick this box
Consent to keeping in touch by e-mail must be opt-in:
If we are keeping in touch with you, doing so by email will help keep our costs down. Please tick this box if you are happy to receive such information from us by email
Individuals must be given the chance to change their minds:
You can change your mind at any time by contacting xxx
(you need to provide means
for contacting, e.g. e-mail address or phone number)
All forms requesting personal data must
include the following statement:
The National Autistic Society is a data controller under the Data Protection
The personal data you provide will be used for administration, statistical and other purposes connected with The National Autistic Society and autism. The NAS does not share your details with third parties without your express permission.
Welcome to Data Protection training.
Click on the left and right arrows to go back and forth through the training.
Once you are finished, please complete the self-assessment and email it to the
NAS Branches Manager:
We will now take you through the 8 Principles of the Data Protection Act 1998
When sending emails to branch or group members, always send via Bcc (Blind Carbon Copy), so that your members' email addresses aren't shared amongst each other.
A template membership form with all the legal wording is available from your Branch Development Officer.
Sensitive personal data
religious or similar beliefs
trade union membership
physical or mental health (incl. diagnosis of ASD)
criminal offences/court proceedings.
Consent to hold and process this data
must be explicit
. The person must have full knowledge of what will happen to their data and then consent to this. For example:
"Please give details of your child's diagnosis. This will help us report back to our funders. Your answer will remain anonymous."
As a branch or group, consider carefully whether you really need to hold data that is sensitive.