EUROPEAN SOCIAL FUND

LTU project KS3 - Policy Statement

LTU project KS3 - Policy Statement

Key Step 1 - Purpose of PolicyKey Step 2 - Shared Case History ScopeKey Step 3 - Policy StatementKey Step 4 - ProceduresKey Step 5 - Stakeholder Buy-InKey Step 6 - Preventing Exclusion RiskKey Step 7 - Assessing ImpactKey Step 8 - EvolutionKey Step 9 - EvaluationKey Step 1 - Purpose of PolicyKey Step 2 - Shared Case History ScopeKey Step 3 - Policy StatementKey Step 4 - ProceduresKey Step 5 - Stakeholder Buy-InKey Step 6 - Preventing Exclusion RiskKey Step 7 - Assessing ImpactKey Step 8 - EvolutionKey Step 9 - Evaluation

Developing an information and client records management system ...

... Establishing data protection protocols

/esf/transnationality/file/ltu-ks3-xlpngltu-ks3-xl.png

LTU Project - Key Steps 3 - Policy Statement
Key objective KS3:
Setting a policy framework consistent with legal and ethical obligations. 
In order to develop a single case history, all delivery partners must agree a common approach to managing and accessing client records.
Further info:
KS3 Elements:
The partner organisations supporting the LTU clients’ integration pathways should develop an Information and Client Records Management Policy. This should commence with a Privacy Policy Statement.
The Statement should ensure that the rights to privacy of staff and clients are protected as required by the European General Data Protection Regulation (GDPR) as applied within the legal framework of the Member State (MS) within which the Partnership is operating. This is to ensure that rights to privacy are protected in the way information is collected, stored, and used, to deliver services meeting client’s needs. It will form an essential part of the specification for the IT requirements necessary to deliver common case history records for the actors involved in provision of the Single Point of Customer Contact (SPOC).
The policy should set a framework which ensures:
  • Compliance with legal and ethical obligations in relation to protecting the privacy of clients and organisational personnel.
  • Clients are provided with information about their rights regarding privacy.
  • All staff understand what is required of them to meet the obligations of the policy.
  • Only information necessary for the effective management and support of LTU clients’ integration is collected and stored.
  • Necessary client consent arrangements are fully complied with.
  • Personal information collected or disclosed is accurate, complete and up-to-date/timestamped, and provide access to any individual to review information or to correct wrong information about him/herself.
  • Reasonable steps are taken to protect all personal information from misuse and loss from unauthorised access, modification, or disclosure.
  • Relevant cultural or religious sensitivities of service users are taken into account in the way information is collected, stored, and used.
  • Provides information to clients about how their personal information is managed.
  • Information is stored for the required length of time and correctly transferred or disposed of.
  • Personal information no longer needed and/or after legal requirements for retaining information have expired is either destroyed or de-identified.
  • Websites and other publicly accessible media contain details of the Privacy Policy Statement.
Milestones or key points with potential influence on the outcomes:
(the “Rationale” describes why the corresponding Milestone has been identified; the “Actions to consider” indicates some directions to meet the “Rationale”; and Examples or highlights of some Cases or Videos sections are provided when specifically connected.)
KS3-M01 Developing an Information and Client records Management Policy
Rationale
Actions to consider
It is essential to protect the rights to privacy of staff and clients as required by the European General Data Protection Regulation (GDPR).
Methods for collecting storing and using information to deliver services to meet client needs must be compliant with GDPR.
Related info/Example:
KS3-M02 Setting a policy framework compliant with legal and ethical obligations
Rationale
Actions to consider
Clients must be provided with information about their rights regarding privacy.
All staff understand what is required of them to meet the obligations of the policy. Only information necessary for the effective management and support of LTU clients’ integration is collected and stored. All websites and other publicly accessible media contain details of the policy.
Related info/Example:
KS3-M03 Ensuring full consent with client consent arrangements
Rationale
Actions to consider
Personal information collected or disclosed must be accurate, complete and up-to-date.
Clients are advised as to how their personal information is managed. Any individual must be provided access to review information and correct wrong information about themselves.
Related info/Example:
KS3-M04 Instituting procedures to protect all personal data
Rationale
Actions to consider
Information must be protected from misuse. and loss.
Systems are needed to prevent unauthorised access, modification or disclosure.
Related info/Example:
KS3-M05 Agreeing policies which respect client’s personal characteristics
Rationale
Actions to consider
Clients cultural and religious sensitivities should be taken into account in the way information is collected, stored and used.
Cultural and religious sensitivities are incorporated in the design of data storage policies and customer record systems are reviewed to ensure they respect differing customer value systems.
Related info/Example:
KS3-M06 Data storage policy adopted
Rationale
Actions to consider
Information should only be stored for the required length of time necessary to meet identified needs and /or until legal requirements for retaining information have expired.
Personal information no longer needed or time expired must be destroyed or de-identifieds.
Related info/Example:

/esf/transnationality/file/ltu-ks3-xlpngltu-ks3-xl.png

LTU Project - Key Steps 3 - Policy Statement