Remember that signing this protocol is not in itself a legal basis for data sharing. Access to the detailed content of these individual MAISPs is only provided through the relevant agencies. It is always a good idea to publish the title, signatories and objective on SCC`s website to support transparency and accountability obligations. Please contact the Surrey MAISP User Group at surreymaisp@surreycc.gov.uk for more information. The information shared is the responsibility of the receiving organization, and the receiving organization manages the information received in accordance with the obligations of a controller. MASIP Tier 3 Protocols for exchanging individual and personalized information between specific authorities, usually subcontractors and controllers. This may include confidential business information or other sensitive data. They can be included as part of specific contract-based requirements. Titles are usually published on the MAISP website. Each organization will clearly describe and agree on the purpose of the processing and any benefits arising from its sharing with all those who share the data.
You don`t need to complete and publish a full MAISP Tier 2 ISP, and you can rely on local practices or information-sharing agreements. However, the MAISP Tier 2 ISP is designed to ensure that you comply with the Data Protection Act 2018 (DPA), the General Data Protection Regulation (UK-GDPR) and the statutory code of conduct for the specific data sharing that your organisations carry out. It will help you meet the requirements placed on you to demonstrate accountability, transparency and due diligence, while ensuring that the people whose data you share have access to all their rights. Each organization ensures that appropriate employee training is provided on a regular basis to share information and manage shared data. Registering for TIER 1 MAISP means that your organization is committed to promoting responsible, legitimate, and ethical data sharing, and that you provide all the resources necessary to fulfill these obligations. Each organization will determine the legal basis for data sharing. The legal basis is established before the sharing takes place. You can`t “exchange” the legal basis once the release starts, but you can identify several at the beginning. If it is necessary to change the legal basis of an ongoing data exchange agreement, you should contact the MAISP Surrey user group for advice. If you process special category data, you must provide an additional legal basis and a special category condition. If you process data relating to criminal convictions, criminal offences or related security measures, you will need both a legal basis for processing and an additional condition.
You should also list any relevant laws or statutes that allow this sharing activity. Send the full Level 2 MAISP to the SURREY MAISP user group to surreymaisp@surreycc.gov.uk who will publish it. Signing means that you agree to publish the full Tier 2 MAISP or summary and keep all information up to date. In order to opt out of a maisp 2 and 3 third party data sharing agreement or data processing agreement, the partner must follow the opt-out or termination clauses of each individual agreement. The Partner must also notify the MAISP Surrey user group (at least 4 weeks in advance) so that the Partner`s information can be deleted. Tier 3 MAISPs are individual, tailor-made agreements on the exchange of information between authorities, usually controllers and processors, which may contain confidential business elements or other sensitive data. In general, they will be part of a larger contract between agencies and will be drafted to include specific requirements. Any information shared or collected under the Protocol will be destroyed or securely stored in accordance with the Memorandum of Understanding under which it was collected. It is the responsibility of each organization that personal data is retained in accordance with the law and the data exchange agreements concluded by each organization. When a complaint is received about the exchange of information under this Protocol, the respective Signatories shall keep each other informed of all developments, progress and lessons learned. Make sure you know at what level MAISP you are sharing data. Keep in mind that nothing in the MAISP means that you need to share the data automatically.
You must ensure that there is a legitimate reason for adequate safeguards and that appropriate safeguards are in place prior to implementation. If you have any doubts or even hesitate, please contact your organization`s Data Protection Officer, information governance team, or designated contact person on the appropriate Tier 2 MAISP. Nothing in the MAISP, DPA 2018 or UK-GDPR prevents you from sharing data in an emergency or critical situation. Data exchange agreements are not mandatory, but good practices, so there is no doubt about the responsibilities and obligations of each party, the security measures that will be in place when the data is shared and the relevant contacts in each organization. MAISP Tier 2 provides a centrally trusted model for sharing data that organizations can use. This level describes the principles and practices that signatories have already put in place or will work to implement before data sharing takes place. It describes all the precautions necessary to ensure the secure and appropriate exchange of information and data, while being responsible for protecting the rights and privacy of the people who have entrusted us with their personal data. Each organisation must be able to demonstrate compliance with the principles of accountability and transparency set out in the UK DPA and GDPR. For example, transparency for users of the service on how their personal data is used by ensuring that their privacy or fair treatment notices correctly reflect their data exchange agreements. Any organisation can opt out of THE TIER 1 MAISP by sending an email to the MAISP Surrey user group at least 4 weeks in advance.
Level 1 of the MAISP sets out the general requirements that both organizations expect at a minimum in order to be able to exchange personal data. Verify that you can meet the checklist requirements, and then log in. You can then check if other organizations are connected. If this is the case, you can be sure that they have also met the requirements of the checklist. How to register: Ask the person in your organization who is authorized to commit to the Principles to sign the MAISP Tier 1 form or simply send an email to the Surrey MAISP User Group surreymaisp@surreycc.gov.uk. The name of your organisation will be published on the Surrey County Council (SCC) MAISP website. Every organization must ensure the appropriate level of security for the volume and scope of data to be shared. The data must be taken into account both during transmission and at rest. The arrangement must: Each organization is clear about roles and responsibilities from the beginning: When you sign up for a Tier 2 MAISP, you will automatically be enrolled in the Tier 1 MAISP. . Review: Individual organizations are responsible for reviewing LEVEL 2 of the FMP. All Tier 2 MAISPs that are 3 months after the published exam date will be removed from SCC`s website and organizations will receive an email.
Once completed, each MAISP Level 2 ISP will be published in its entirety on SCC`s website or provide brief details on its title, purpose and signatories. This means that anyone can search for organizations that have already registered. How to register: Complete a Tier 2 MAISP ISP and have it signed by the appropriate person in your organization (data protection officer, SIRO, Caldicott Guardian). Keep in mind that contact information can be used to get in touch with you, so it`s important that you provide the most relevant contact information and make sure it`s kept up to date. Verification: Is included in local procedures or directly in level 3 of the MAISP. MasIP Level 1 signatories will be open and act in good faith in their dealings with each other. . This is better for organizations that regularly share data. If personal data is to be disclosed, the signatories commit to the following: MAISP Tier 2 Surrey largely approved centrally information sharing protocols (ISP), which can be supplemented by all organisations that regularly exchange data. They are then published on the MAISP website, either in their entirety or with title and overview.
There is a general vacuum template and industry-specific templates that you can sign up for. In the event of a data protection or security breach affecting the disclosed data, it must be brought to the attention of the designated representative of the controller in each organisation. All partners involved must be notified immediately, but at least within 48 hours of the discovery of the breach. . The signatories undertake to support the work of the Surrey MAISP User Group in relation to this protocol and to provide adequate resources. .
