Checklist

Questions to consider with respect to personal data held or used by a third party on the school's/ETB’s behalf:

  • Is there a written contract in place with the third party where personal data is held or used by a third party on the school's/ETB’s behalf?
  • Have you made data subjects aware of whom their data will be disclosed to by way of a third party and why? Have you considered how objections by data subjects will be accommodated and what alternative arrangements will be put in place for that individual, or any other individual who subsequently withdraws previously given consent?
  • Are you confident that you know where the IT support company is holding your school’s data on its servers, holds the information, e.g. cloud, web farm etc.? Eg. is the data stored on servers located within Ireland, or within the EU?  
  • Are protocols in place in the event that data is disclosed by the third party where it should not have been disclosed, i.e. a Data Security Breach Code of Practice. See Personal Data Security Breach Code of Practice template.
  • Is there a specific clause in the written service level contract requiring the data processor to give full and prompt assistance to the school/ETB in the event of either party receiving a data access request?

Questions to consider with respect to Breach in Management Procedures:

  • Do you have breach codes in place for manual and computer data? Are all staff aware of the code and fully trained? See Personal Data Security Breach Code of Practice template
  • What role does the data processor play in assisting the school/ETB in the event of a breach of data protection?