Data Content and Communication

Get Started. It's Free
or sign up with your email address
Rocket clouds
Data Content and Communication by Mind Map: Data Content and Communication

1. Employer Providers and Employer Organisations

1.1. As with Training Organisations, the Employer Provider would be the data controller and the EPAO organisation the data processor

2. For the certification claim the ESFA will validate the following data as submitted by the EPAO and Training Provider: • UKPRN • ERN • ULN • Learner Name • Learner Date of Birth • Learner Sex • Learning Start Date • Standard Code (available on the relevant assessment standard plan stating ST number • Achievement Outcome in the ILR is set to Achieved • Employer Reference Number (ERN) • Employer name and address; town; postcode (this must be the name and address of the person nominated by the employer organisation to receive the apprentice certificate).

2.1. This information regarding the data subject constitutes personal data, as it relates to an identifiable person, and as such PAL must protect such information and ONLY USE it for the purpose of claiming an apprentice certificate or notifying the ESFA of a final outcome of EPA

3. Who do we send data to?

3.1. Employers

3.2. Apprentices

3.3. EQA bodies

3.4. ESFA

3.5. Training Organisations

3.6. Other EPAOs and their third party agncies

4. What data do we require?

4.1. We only require data necessary for fulfilling our service level agreements and contracts. The nature of offer to clients, means we will need access to a range of information but for data collation and data processing the information requirements for EPA will be as stated.

4.1.1. EPA and Assessor Academy- the details required will be as stated for the apprentice and employees. For the assessor academy for paying clients (individuals) we will also need a method of payment

4.1.2. Website insights- our website policies indicate how we will use the data and we ask permission to send insights

4.1.3. Observation and Consultancy- typically data subject information will be exclusively used for the purpose of observation reporting and providing supporting coaching. For any certificated work, personal data will only be collected for the purpose of AO registration and certification.

4.1.4. Audit and compliance, in their role as a service will access a range of personal data and The Head of Compliance with the other PAL SMT members will agree protocols regarding the treatment if data subjects information and data processing.

5. Who are PAL's third parties ?

5.1. ESFA

5.2. Other EPAOs, were we commission Multiple choice tests or provide an assessment service

5.2.1. Note EPAOs may have partners who support them with this aspect of their business, so they are also 'third parties' and PAL needs to map and know every organisation who is using the data we collect

5.3. Training Organisations/ Providers we work with.

5.3.1. Note for EPA business the Training Organisation is the data controller and PAL is the data processor (or any other EPAO is the data processor)

5.4. EQA bodies, note PAL will work with a range of EQAs, who will have access to data subject information.

6. What information do we send to the ESFA?

6.1. The ESFA as per the General conditions (point 16) note once the EPAO is assigned to an employer, we must advise the ESFA by email and on a standard template the following information: Standard name; Standard number; Name of EPAO; Name of Employer; Name of Training Organisation; Number of apprentices and predicted EPA date. Note no personal information is divulged at this point. This information is sent to: [email protected] within four working weeks of notification. PAL requires a signed agreement with the relevant training organisation and confirmation from the employer that they have selected us as the EPAO

7. The parent group- who handles data? As PAL on an individual basis we can be data subjects, as a business our clients are data subjects and depending on our relationship, we can be data controllers or data processors or both at the same time. If we make a mistake we cannot hide behind HIT

7.1. IT, Quality and HR

7.1.1. IT processes a range of apprentice data information and HIT as a client controls and provides data to PAL, relating to apprentices; HIT employees and HIT performance. PAL has a responsibility to safeguard this data and only use this information for expressed purposes

7.1.2. Quality- provides data for observations and provides data to TQUK (or any other EPAO). Such data includes apprentice details, which constitutes personal data and where we work as a subcontractor we are as PAL a third party data processor, BUT we are still responsible for the appropriate use of data and the safeguarding of that data.

7.1.3. HR acts as a data controller and our information is shared for the purpose of payroll, expenses, pensions and health insurance (note our data is held on Bonnie). HIT has a responsibility to protect and safeguard such information that they control and ensure data processes, such as DBS; BUPA, Knill James look after the data they provide. You have a responsibility to ensure your data is accurate.

8. Who are our data subjects?

8.1. Apprentices

8.2. Apprentices Line Managers

8.3. HIT colleagues, where access data for the purpose of observations

8.4. PAL colleagues