Training - Have you received training in relation to Data Protection?
Was the training relevant to you and do you think anything was missing?
Do you feel confident about how data protection relates to you?
Do you have an understanding of good practices in relation to information security?
Do you know what is meant by the concept of “personal data” under the Data Protection laws?
Do you know what sensitive/special categories of data are and are you aware of handling this?
Do you check to ensure the accuracy of the personal data being processed?
Are you aware of the data retention period and procedures in place at the site?
How do you destroy personal data?
What would you do do if someone asks you for copies of all their personal data?
Who deals with Subject access and freedom of information requests?
Who deals with data management (data map, data protection policy and deletion of data)?
If a customer calls and asks for a telephone number for their nephew, they have the name, classes attended etc. What would you do?
If a customer calls and asks if their friend is in the 5pm Body Attack class what would you tell them?
If a customer calls and aks to change their address and telephone number what would you do?
do you know of any rules relating to taking card payments over the phone? do not write the card information , do not repeat the card information, it should only only be the cardholder who gives you this.
How do you process a member application?
How would you process an extended let application?
Check PC's for personal data on desktop/C drive/downloads/deleted items.
Check all folders in reception area for personal data
Check all folders in office for personal data.
check folder access from info account.