Scribd
Upload
244 views

Data Controller

The document discusses the roles and responsibilities of data controllers under the UK Data Protection Act 1998. It provides examples from Nutraly, a company that provides customized meals to children. The data controllers at Nutraly are responsible for collecting customer data through an online platform, controlling what data is disclosed and to whom, and ensuring the data is only used for its intended purposes. They must also make sure the data is adequate, accurate, retained only as long as needed, securely stored, fairly obtained, and respects customers' rights.

Uploaded by

Kimken
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
244 views

Data Controller

The document discusses the roles and responsibilities of data controllers under the UK Data Protection Act 1998. It provides examples from Nutraly, a company that provides customized meals to children. The data controllers at Nutraly are responsible for collecting customer data through an online platform, controlling what data is disclosed and to whom, and ensuring the data is only used for its intended purposes. They must also make sure the data is adequate, accurate, retained only as long as needed, securely stored, fairly obtained, and respects customers' rights.

Uploaded by

Kimken
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

C1.

1 Roles of a Data controller

Following the Data Protection Act 1998 (DPA), the data controller holds personal data for

subjects. They control data types, processing of the data, and to whom the data may be disclosed.

In Nurtraly, the data controllers are the people in the IT department example Max Powers and

the SystemWorks analysts who collect the data through the online platform about their customers

to be put to use in the preparation of the meals and their shipping. They control how much of the

data is to be disclosed per the principles of DPA.

C1.2 Nutrarly may be faced with the following LSEPI issues after adopting the new system

Data Use for the specific purpose

Since Nutrarly will have the personal data of their customers and children, the data controllers of

this company will have to make sure that they only offer particular information for lawful

purposes to the relevant people in the organization. For example, from the case study, the only

information required will be about the menus, which will be relayed to the cooks and the

addresses for the shipping department.

Holding adequate data

While collecting personal data of their customers, Nutrarly will have to make sure they only have

enough and relevant data of their subjects, and any excess irrelevant data will have to be deleted.

For example, they will only need the data on the specific diet for their customers and their

addresses for shipping purposes.

Accurate data

The collected personal data, for example, names, age of children and their addresses, should be

accurate and up to date to avoid any problems during shipping and deliveries. Data controllers in
Nutrarly have to avoid sharing any inaccurate data to avoid any issues such as the wrong product

getting delivered or to the wrong location.

Data Retention period

No data shall be kept for more than the time it is required to serve a specific purpose. In

Nurtrarly, for any customers who have stopped purchasing their products after their child has

become of age, their data shall be deleted as it will be no longer serving any purpose.

Safety of Data

A data controller has to ensure the safety of personal data by putting in place many measures to

ensure only the relevant and authorized parties can access the data. In Nutrarly, the data

controllers, Max Powers (IT), analysts from SystemWorks, and Dave Davidson (shipping and

logistics), will have the responsibility of ensuring that the flow of data is controlled and to whom

the data can be accessible.

Fair and lawful obtaining of data

All data should be obtained and processed fairly and lawfully from the subjects. In Nutrarly, all

the data collected from the customers should be what they are willing to give and shouldn’t be

forced in any way to divulge more information by any company policies or such, this ensures

that the data is obtained reasonably.

Rights of customers

Data controllers at Nutrarly will have to respect the rights of their customers in terms of sharing

some of their personal information that they may not be comfortable sharing examples; race,

religion, etc. They will also face a challenge when sharing the personal data with their

departments so as not to share data that may be too personal, thus infringing on the rights of their

customers.
C2.1 Management summary outlining the purpose of the BCS Code of Conduct

BCS Code of Conduct sets the professional standards required by the members, such as to

conduct, competence, and ethical practice for computing. This code controls its members from

misusing IT knowledge and taking personal advantage while it also protects those with little or

no IT knowledge.

C2.2 Professional issues the system developer needs to consider.

Duty to the relevant authority

Since the IT department refuse any involvement in developing the new system, and another team

had to be brought in, they may take advantage of this situation and maybe come up with a mal-

formed online platform and present it as a perfect system.

In this case, SystemWorks will be in breach of the BCS code of conduct in terms of duty to the

relevant authority. They must not mislead Nutrarly regarding the performance of the system in

any way. The Nutrarly management has a right to provide their performance requirements to the

SystemWorks representatives as they did according to the workshop held.

Public interest

The officials of SystemWorks responsible for developing the new system at Nutrarly will receive

personal data of the customers and may be approached by third parties looking to obtain that

same data, and they may share it for their own advantage or bribes.

In this scenario, they will have violated the BCS code of conduct rule on public interest. As

professionals, they must not disclose the customers to any third parties unless, as per the request

of Nutrarly’s management, to avoid facing legal consequences. They must also prevent accepting

any bribes for the data to maintain their memberships at the BCS and DSDM.
Professional competence and integrity

SystemWorks analysts may be asked to develop a system that will be similar to the previous only

with some new additional services. The analysts may promise to do as asked and fail to deliver,

thus losing his job.

The analysts will have broken a rule in the BCS code of conduct on professional competence and

integrity. The analyst must only offer to give services that are within his professional expertise

and not guarantee something that he cannot do. They should clearly outline what they can and

cannot do for Nutrarly before accepting the responsibility of creating their new platform for

them.

Duty to the profession

The analysts from SystemWorks are supposed to share their knowledge with Nutrarly’s IT

department on the working of the new system. They may refuse to do so for personal gains or

contempt, where then they will lose their jobs in Nutrarly. They are also supposed to respect the

IT department in which they may fail to do so since they refused the work that was later assigned

to them.

They will then be in breach of the BCS code of conduct rule on duty to the profession where the

members are given the responsibility to share their knowledge and support other members in

their professional development. They are also required to respect all people in their professional

relationships, whether members or non-members of the BCS.

You might also like