Policy 8.7 General Data Protection Regulation Policy

8.7 General Data Protection Regulation Policy

LUU collects, holds and uses a variety of data on staff, students and others it comes into contact with. When applying for your position at LUU we will have informed you of the type of data we will hold on you and what we will use this data for. 63

The information below details how LUU deals with personal data, including staff files and data subject access requests. It also highlights employee obligations in relation to personal data.

From May 2018 LUU will process data in line with the General Data Protection Regulation 2018.

This means:

We will make sure that any data gathered and used by us is done so fairly and lawfully and data used will be done so transparently.

We will tell you what we are going to use the data for and not use it for any other purposes.

We will aim to minimise the amount of data we hold on you to allow the employment relationship to exit.

We will update our data when you tell us about any changes to it and we will aim to keep accurate data. For example, your bank details or a change of name. You will also be required to update your personal iTrent self-service account if you change your address, contact phone number or email address.

We will not keep data for longer than is necessary. We will publish a chart showing how long we keep different types of data for.

We will keep all information in a safe and secure manner whether it is on paper or in the form of electronic data to ensure confidentiality.

We will not transfer any of your data outside the European Economic Area unless you give us your permission to do so.

CCTV recording data may be used by the organisation.

Data Subject Access Requests

Employees have the right to access information kept about them by LUU including personnel files, sickness records, disciplinary or training records, appraisal or performance review notes, emails in which the employee is the focus of the email and documents that are about the employee.

The Leadership and Governance Manager is responsible for dealing with data subject access requests. Your request must be submitted to this person in writing and any data subject access request will be responded to within one month. If you are unsure who the Leadership and Governance Manager is please contact the People Team.

Data Breaches

If you are aware any data has been breached i.e. data that may have been disclosed to parties who should not be privy to the information or has been used for a purpose other than those outlined by LUU, you must inform the Data Controller as soon as possible. LUU’s current data controller is: Jasper Hegarty-Ditton. The Data Controller will then report any serious breaches to the ICO within 72 hours.

· List of uses of staff personal data

· All members of staff agree to the Union processing their data for the following purposes.

· For payment of salary, pension, sickness benefit or other payments due under the contract of employment.

· Monitoring absence or sickness under the absence management policy.

· For emailing you LUU information that is relevant to you working here e.g. through The Weekly Email.

· For contacting you about work shifts.

· For contacting your emergency next of kin in an emergency situation or if we are unable to contact you directly.

· Performance management reviews.

· For assessing redundancy selection criteria.

· For training and development purposes.

· Providing and obtaining references and consultation with external agencies, including police checks where necessary for the purposes of employment.

· Promotion and salary progression exercises.

· Negotiations with trade unions or other staff representatives.

· Administration of LUU's policies and procedures.

· Compliance with the Disability Discrimination Act and for use in our Disability Confident work to ensure we support those with disabilities secure employment and remain employed with us.

· For monitoring of diversity statistics.

· Compliance with any statutory requirement to provide information about staff including statistical returns to external bodies.

· Administration of LUU's disciplinary and grievance procedures.

· Production of published staff lists, telephone and email directories for both internal and external use.

· Production of staff badges and identity cards.

· Production of photographs of staff for display within any digital platform used by LUU.

· Monitoring the use of union resources.

· Use of CCTV to protect Union premises, stock, assets, staff and students and their belongings.

· For producing Gender Pay Gap reports to meet government requirements.

· For contacting you regarding any right to work documents that we may require form you.

· For arranging an Occupational Health meeting relating to your health. We will always ensure we gain your consent for this use of data.