Scribd
Upload
576 views1 page

Data Protection Checklist

This document provides a checklist for data protection measures that should be implemented when working with survivors. It outlines essential practices around secure storage of records, staff training on confidentiality and consent, protocols for safe document destruction, electronic data security, data backups, and informing survivors of their rights regarding data collection and storage. The checklist is intended to help programs gauge whether these minimum data protection standards are being followed to safeguard sensitive survivor information and avoid potential negative impacts.

Uploaded by

mzhmbd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
576 views1 page

Data Protection Checklist

This document provides a checklist for data protection measures that should be implemented when working with survivors. It outlines essential practices around secure storage of records, staff training on confidentiality and consent, protocols for safe document destruction, electronic data security, data backups, and informing survivors of their rights regarding data collection and storage. The checklist is intended to help programs gauge whether these minimum data protection standards are being followed to safeguard sensitive survivor information and avoid potential negative impacts.

Uploaded by

mzhmbd
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
  • Data Protection Checklist: Presents a series of questions for organizations to evaluate their data protection practices, focusing on key security and compliance areas.

DATA PROTECTION CHECKLIST

The checklist below is a starting point to gauge if essential practices are in place in program(s).
DATA PROTECTION MEASURES IMPLEMENTED

Are survivor records/files stored in a safe location?


• Is access limited to authorized staff?
• Are offices with survivor/beneficiary information* stored in lockable file cabinets or on computers
locked when unoccupied?
• Are electronic devices with survivor/beneficiary information locked in a safe location? (This includes
laptops, external hard drives, USB/flash drives)
• Are computers, laptops or programs storing information routinely password protected?
Is there a Staff Data Protection Agreement implemented?
• Is it signed by staff interacting with information and stored in HR files?
(REF: Template in Annex 3)
Have staff been trained on confidentiality, informed consent and the process for informed consent?
• Is consent for information sharing documented?

Are staff informed about and comfortable discussing applicable local mandatory reporting mechanisms?
• Do staff know applicable mandatory reporting and how it’s applied in the WPE program (the process
and outcomes)?
• Have the risks to survivors of mandatory reporting been discussed in the program?

Is there a protocol for safe destruction of paper forms (shredding, burning and wetting)?
• Are staff aware of appropriate times and places to do this?
• Is there an emergency protocol in place for safe destruction/transfer of files in case of staff
evacuation or imminent security threat?

Are electronic case management systems protected?


• Do electronic case management systems have required user log-in or other graduated access
(depending on role)?

Do you routinely back-up data?


• How often? Is it backed up to a safe location?
Are survivors informed of their rights in terms of data collection, storage and sharing?
- The right to request that her story, or any part of her story, not be documented on case forms.
- The right to refuse to answer any question they prefer not to.
- The right to tell the caseworker when she needs to take a break or slow down.
- The right to ask questions or ask for explanations at any time.
- The right to request that a different caseworker be assigned to her case.
- The right to refuse referrals, without affecting our willingness to continue working with her.
- The right to access their personal information and request deletion.

Are you aware of applicable data protection laws in the country of operation?
• What are they? Has this been discussed in the program?

If after going through this checklist you determine that your data is not safe or that the data collection
or sharing process doesn’t follow minimum standards or may have negatively impact on survivors,
contact your supervisor.

DATA PROTECTION CHECKLIST The checklist below is a starting point to gauge if essential practices are in place in program(

You might also like