T-00002 - how is data collected?
Sales department required
1. Personal data collection – you are looking for a list of where personal data comes from per department, eg. Website for sales, paper based on application forms for applicants / employees, over the telephone for suppliers etc.
4. Process review – how and where is data stored and how often is the collection process reviewed? I would note referring to the Data Assets section, this area is designed to store each group of personal data, with a description of why you hold it, where it has come from, how long you hold it for. You can then also set up a reminder to review that data asset in a set period of time depending on your retention policy. (The data asset section will be updated in the coming weeks to include specific selections for the key areas of data).
Areas to consider are:
- Who does the data relate to (employee, client, supplier)?
- What type of data (name, address, tax, bank details), where has the data come from (individual, HR, HMRC, Third party)?
- Legal basis for holding data (consent, contract, legal obligation, vital interest, public task, legitimate interest)?
- When was the data collected, updated and disposed of?
- Where is the data held?
5. Automated decision making – This is making a decision solely by automated means without any human involvement); and profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process.