Guidance

DAO data protection policy

Updated 17 November 2022

1. Scope

The Defence Awarding Organisation (DAO) develops and provides nationally and internationally recognised qualifications from levels 1 to 7 on the Regulated Qualifications Framework (RQF). The DAO approve centres to deliver its regulated qualifications through current training programmes and helps individuals to achieve formal recognition of their achievements. This regularly involves the transfer and storage of personal data.

This policy covers the secure processing and storage of personal data for registered learners, by DAO and its representatives, in accordance with the Data Protection Act (DPA) 2018 and General Data Protection Regulations (2018). This data will be used in accordance with JSP441 and JSP440.

2. Context

DAO Approved Centres are responsible for registering, ie capturing, learner’s personal details within the DAO Qualification Management System (QMS) - also known as the ‘DAO Database’. The DAO QMS is a secure system, password protected, with access restricted to only individuals provided with an account issued by DAO. Accounts are only issued to personnel who pass security clearance checks that are undertaken by the Defence Academy of the UK. DAO may also handle personal data when dealing with reasonable adjustment and special consideration requests, and when undertaking investigations.

DAO Approved Centres connect to the DAO QMS via a virtual private network (VPN) connected to the Defence Academy information system to access the database. This method of connection provides a secure means of transmitting information and complies with the Data Protection Act 2018, JSP441 and JSP440.

3. Purpose

The purpose of this policy is to protect learners’ fundamental rights and freedoms and in particular their right to privacy with respect to the capturing, processing and storing of personal data.

In accordance with the General Data Protection Regulation (GDPR), DAO only holds the minimum amount of personal data of a learner in order to conduct its lawful business as an awarding body approved and regulated by the Office of Qualifications and Examinations Regulation (Ofqual). The personal data used within the DAO QMS includes name, gender, date of birth and service number. DAO require this information in order to:

  • process registrations and certifications
  • confirm details against the QMS Database
  • upload success to the learner achievement record
  • respond to enquiries and send information
  • monitor equal opportunities information
  • undertake customer satisfaction surveys to help plan and improve services
  • produce statistical information for Ofqual, Department for Education/other government departments and funding bodies.

4. Security

The use of IT equipment relating to security and the data protection is clearly set out within the MOD IT Policy. Under the DAO Centre Approval Criteria, Approved Centres are required to have a secure means of transmitting information and comply with the DPA, GDPR, JSP441 and JSP440. Email transmissions are encrypted and the web interface between DAO and Approved Centres is supported by Secure Sockets Layer (SSL), which securely transmits data from browser to the Web server, or from the server to browser. The use of data storage for emails and web browser is protected by multiple firewalls.

5. Access to Data

Under the DPA and GDPR, individuals have right of access to a copy of the information comprised in their personal data. Requests should be made in writing, either by email to DEFAC-DAO@mod.gov.uk, or post to the address below:

Defence Awarding Organisation
Defence Academy Headquarters
Room TF08 Trenchard
Shrivenham
Swindon
SN6 8LA

6. Retention

All Centres must ensure all learners sign a consent form prior to any personal details being released to the DAO. This authorises DAO to retain their personal details for business purposes only.

Personal data is only retained for as long as it is required to support the business needs. Individuals have the right to ask for the removal of personal data from the DAO QMS; however, removal of personal data would preclude the learner being able to gain a duplicate certificate in the future, or authentication of the qualification, if this was ever required.

7. Review of the Policy

This policy will be reviewed annually and revised as necessary in response to customer feedback, changes in legislation and guidance from Ofqual.

Recognising Quality and Competence:
Supporting Defence with accreditation and specialist bespoke qualification opportunities.