The PMA is a UK provider of leadership, management and practice management training and ILM qualifications with programmes recognised by ILM. PMA offers an education and workshop training programme focussed on Excellence in Practice Management.
This Health & Safety Policy applies to prospective and existing PMA Centres and PMA Trainers and Training Providers who offer PMA qualifications, endorsed and development programmes. The Health & Safety Policy applies in connection with centres, providers and learners. The process and PMA standards required for Health & Safety are described – it is expected that the centre or provider will have apply similar standards to be compliant with the Data Protection Act 1998.
At the PMA health, safety, welfare and safeguarding of our staff and clients is taken very seriously. Our learner governance covers health and safety, acceptable ICT use, and safeguarding policies which detail our commitment to:
- promote high standards of health and safety and safeguarding including online safety, cyberbullying and digital citizenship
- undertake comprehensive safeguarding measures and supervision of learners’ training at our training events and vetting of the work environment to ensure highest standards are met and exceeded
- ensure our learners develop a full understanding of health, safety and welfare both on a personal level and as an important issue in the work place
- ensuring staff are not exposed to any dangers whilst undertaking their jobs.
Learning, teaching, assessment, monitoring and progression are effectively supported by a range of learning and assistive technologies, delivered via our virtual learning environment. Staff use mobile computing devices such as laptops, iPads and collaboration tools to provide flexible and responsive learning and study resources, mentoring facilities, collaborative working environments and discussion for a PMA learning environments are enhanced by technology. Where required training rooms are excellently equipped and maintained with industry standards; Microsoft Windows 7 and the latest software option, Office 10. PMA promotes the ‘safe use’ of ICT and secure, safe Internet access is monitored and regulated effectively by all staff.
EU General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR) has now come into force on 25th May 2018. GDPR does not replace the Data Protection Act but it adds to its powers and intensifies data protection regulation alongside the new Data Protection Act 2018.
Employers will carry out audits of employee personal data that they collect and process to ensure that it meets GDPR conditions for employee consent.
New governance and record-keeping requirements mean that employers will also have to create or amend policies and processes on privacy notices, data breach responses and subject access requests.
General Data Protection Regulation (GDPR) guidance
Guidance from the national GDPR working group and IGA has helped the NHS, social care and partner organisations prepare for EU General Data Protection Regulation (GDPR). The link below has provided a wealth of information and we continually monitor these resource to ensure compliance with any specific requirements within the NHS.
These rules describe how and where data will be safely stored. Questions about storing data safely can be directed to the IT manager or Data Controller.
When data is stored on paper, it will be kept in a secure place where unauthorised people cannot see it. These guidelines also apply to data that is usually stored electronically but has been printed out for some reason:
- When not required, the paper or files will be kept in a locked drawer or filing cabinet.
- Employees will make sure paper and printouts are not left where unauthorised people could see them, like on a printer.
- Data printouts will be shredded and disposed of securely when no longer required.
When data is stored electronically, it will be protected from unauthorised access, accidental deletion and malicious hacking attempts:
- Data will be protected by strong passwords that are changed regularly and never shared between employees.
- If data is stored on removable media (like a CD or DVD), these will be kept locked away securely when not being used.
- Data will only be stored on designated drives and servers, and will only be uploaded to an approved cloud computing services.
- Servers containing personal data will be sited in a secure location, away from general office space.
- Data will be backed up frequently. Those backups will be tested regularly, in line with the company’s standard backup procedures.
- Data will never be saved directly to laptops or other mobile devices like tablets or smart phones.
- All servers and computers containing data will be protected by approved security software and a firewall.
Personal data is of no value to the PMA unless the business can make use of it. However, it is when personal data is accessed and used that it can be at the greatest risk of loss, corruption or theft:
- When working with personal data, employees will ensure the screens of their computers are always locked when left unattended.
- Personal data will not be shared informally.
- Data will be encrypted before being transferred electronically. The IT manager can explain how to send data to authorised external contacts.
- Personal data will never be transferred outside of the European Economic Area.
- Employees will not save copies of personal data to their own computers. Always access and update the central copy of any data.
The PMA takes all reasonable steps to ensure data is kept accurate and up to date. The more important it is that the personal data is accurate, the greater the effort PMA will put into ensuring its accuracy.
It is the responsibility of all employees who work with data to take reasonable steps to ensure it is kept as accurate and up to date as possible.
- Data will be held in as few places as necessary. Staff will not create any unnecessary additional data sets.
- Staff will take every opportunity to ensure data is updated. For instance, by confirming a customer’s details when they call.
- The PMA will make it easy for data subjects to update the information PMA holds about them.
- Data will be updated as inaccuracies are discovered. For instance, if a customer can no longer be reached on their stored telephone number, it will be removed from the database.
- It is the Marketing manager’s responsibility to ensure marketing databases are checked against industry suppression files every six months.
For further information contact: Cathryn Lyon, PMA Education Director
Emergency notification contacts
|Name||Email address||Phone number||Mobile number|
|01606 44945||07880 788985|
|Date||Summary of changes made||Changes made by (Name)|
|May 11th 2016||Health & Safety Policy created for PMA||Ian Jones|
|July 16th 2016||Incorporated details of H&S Policy||Ian Jones|
|24th March 2017||Qualifications update||Ian Jones|
|5th April 2017||ILM intro paragraph changed and other minor edits||Ian Jones|
|20th May 2018||Review of H&S policy and addition of GDPR Policy||Ian Jones|