Transparency data
Annex C - Data Handling SLA
Updated 21 July 2021
Download CSV 2.4 KB
| Annex C – Data Handling SLA | |||||
|---|---|---|---|---|---|
| Not set | Not set | Not set | Not set | Not set | Not set |
| No. | Service Area | Measure | New / Existing / Amended | Target | Comment |
| 1 | Security breaches | Reporting | New | 6 hours following identification of issue. | · Notification to the OTC SIROwill be made within this time period following identification. |
| Not set | Not set | Not set | Not set | Not set | · Notification can come from any member of the DVSA IMS team or OTC staff. |
| 2 | Security Breaches | Reporting | New | Defined at point of initial report. | · OTC SIRO will indicate further level of reporting at time of first review. |
| Not set | Not set | Not set | Not set | Not set | · Incident dependent. |
| 3 | Personal Data Breaches (GDPR / Data Protection Act) | Reporting | New | Immediately on discovery, but not later than 24 hours after discovery | · DVSA to notify the TC Information Access Team |
| Not set | Not set | Not set | Not set | Not set | · OTC Information Access Team and TC Data Protection Officer to advise and recommend to TCs if personal data breach notifications should be sent to the UK Information Commissioner’s Office (ICO) and / or to the individuals affected. |
| Not set | Not set | Not set | Not set | Not set | · DVSA to cooperate with the OTC and TC Data Protection Officer to gather information, investigate, report to ICO within 72 hours of discovering the personal data breach (where required) and implement remedies. |
| 4 | Audit Reports | Sharing | New | 5 working days following receipt of findings | · Only applicable where IMS audits identify issues related to Traffic Commissioner data processing. |
| 5 | Assurance Reporting | GDPR Compliance | New | In line with each OTC Audit and Risk Committee submission date | · DVSA will compile a data protection report for the ARC to be agreed at ARC and then submitted to the TC Board for their information. |
| 6 | Data Protection / GDPR Training | Delivery | New | Annually for all OTC staff | · Training plan to be agreed with the OTC SIRO after consultation with the TC Data Protection Officer at the start of the financial year |
| Not set | Not set | Not set | Not set | Not set | · Face to face training for staff once a year |
| Not set | Not set | Not set | Not set | Not set | · Location appropriate to the staff locations |
| Not set | Not set | Not set | Not set | Not set | · Subject matter covering data protection elements including security practices related to Traffic Commissioners’ activities. |
| Not set | Not set | Not set | Not set | Not set | · “All staff” excludes staff who are on long-term sick absence or maternity/paternity leave or equivalent. |
| 7 | System Assurance | Testing | New | Annually | · Independent security testing of systems processing Traffic Commissioner data. |
| Not set | Not set | Not set | Not set | Not set | · Vulnerabilities identified shared with the OTC SIRO following report received by DVSA IMS. |