Transparency data
Annex C - Data Handling SLA
Updated 21 July 2021
| Annex C 바카라 사이트 Data Handling SLA | |||||
|---|---|---|---|---|---|
| Not set | Not set | Not set | Not set | Not set | Not set |
| No. | Service Area | Measure | New / Existing / Amended | Target | Comment |
| 1 | Security breaches | Reporting | New | 6 hours following identification of issue. | ยทย ย ย ย Notification to the OTC SIROwill be made within this time period following identification. |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Notification can come from any member of the DVSA IMS team or OTC staff. |
| 2 | Security Breaches | Reporting | New | Defined at point of initial report. | ยทย ย ย ย OTC SIRO will indicate further level of reporting at time of first review. |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Incident dependent. |
| 3 | Personal Data Breaches (GDPR / Data Protection Act) | Reporting | New | Immediately on discovery, but not later than 24 hours after discovery | ยทย ย ย ย DVSA to notify the TC Information Access Team |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย OTC Information Access Team and TC Data Protection Officer to advise and recommend to TCs if personal data breach notifications should be sent to the UK Information Commissioner바카라 사이트s Office (ICO) and / or to the individuals affected. |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย DVSA to cooperate with the OTC and TC Data Protection Officer to gather information, investigate, report to ICO within 72 hours of discovering the personal data breach (where required) and implement remedies. |
| 4 | Audit Reports | Sharing | New | 5 working days following receipt of findings | ยทย ย ย ย Only applicable where IMS audits identify issues related to Traffic Commissioner data processing. |
| 5 | Assurance Reporting | GDPR Compliance | New | In line with each OTC Audit and Risk Committee submission date | ยทย ย ย ย DVSA will compile a data protection report for the ARC to be agreed at ARC and then submitted to the TC Board for their information. |
| 6 | Data Protection / GDPR Training | Delivery | New | Annually for all OTC staff | ยทย ย ย ย Training plan to be agreed with the OTC SIRO after consultation with the TC Data Protection Officer at the start of the financial year |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Face to face training for staff once a year |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Location appropriate to the staff locations |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Subject matter covering data protection elements including security practices related to Traffic Commissioners바카라 사이트 activities. |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย 바카라 사이트All staff바카라 사이트 excludes staff who are on long-term sick absence or maternity/paternity leave or equivalent. |
| 7 | System Assurance | Testing | New | Annually | ยทย ย ย ย Independent security testing of systems processing Traffic Commissioner data. |
| Not set | Not set | Not set | Not set | Not set | ยทย ย ย ย Vulnerabilities identified shared with the OTC SIRO following report received by DVSA IMS. |