JISCMail - DATA-PROTECTION Archives

All

I have a question about investigations.

I provide a CCG with IG support. As part of this I will conduct investigations in to data breaches. This will give me access to personal and potentially special category data during the investigation and will set up data flows, creating data assets as information related to the incident will be stored on my local systems. I work for another NHS organisation so the data flows are secure as is the storage.

I provide this service under contract. I have been trying to establish what the CCG’s legal basis for conducting any investigation is, it is relatively easy to satisfy article 6 and 9. 

Any ideas?

Regards
Chris

Sent by me
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
     All archives of messages are stored permanently and are
      available to the world wide web community at large at
      http://www.jiscmail.ac.uk/lists/data-protection.html
     If you wish to leave this list please send the command
       leave data-protection to [log in to unmask]
All user commands can be found at https://www.jiscmail.ac.uk/help/subscribers/subscribercommands.html
 Any queries about sending or receiving messages please send to the list owner
              [log in to unmask]
  Full help Desk - please email [log in to unmask] describing your needs
        To receive these emails in HTML format send the command:
         SET data-protection HTML to [log in to unmask]
   (all commands go to [log in to unmask] not the list please)
    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^