Presentation is loading. Please wait.

Presentation is loading. Please wait. Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.

Similar presentations

Presentation on theme: " Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd."— Presentation transcript:

1 Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd

2 1. Learning the lingo

3 Definitions Personal Data Data Controller Data Processor Data Subject Notification Subject Access Request

4 Notification One notification per organisation £35 Tier 1 or £500 Tier 2 250 FTE Criminal Offences Viewable online

5 2. Five types of data

6 Category (a) On Computer CCTV & video DIP Audio Swipe cards & Oysters

7 Category (b) Intended to be automated

8 Category (c) Paper or Card Relevant Filing System Structured by reference to individuals Readily Accessible Durant Guidance

9 Category (d) Medical Records Social work records Housing Records Education Records

10 Unstructured Data Category (e) data From 2005 Only Public Bodies Some exemptions 2 access regimes to data

11 3. Fair, honest & open

12 Principle 1 Personal data shall be processed fairly and lawfully

13 Principle 1 The data controller should ensure that the data subject is provided with at least the identity of the data controller the purpose for which data is processed any further information necessary

14 CCTV signs Clearly visible and Legible Size matters Information Identity of controller Purpose of scheme Details of contact

15 4. Can I share data with…?

16 Partnership Working Central Govt desire for joint working ICO data sharing code of practice Fair Obtaining & Processing – Principle 1 Lawful Gateways Data Sharing Protocols

17 Lawful Gateways Crime & Disorder Act 1998 Section 115 Anti-terrorism, Crime & Security Act 2001 National Health Services Act 1977 Education Act 1966 s 520 (school nurses) Children Act 2004 s10, 11, 12 (databases) Local Government Act 1972 & 2003 Localism Act 2011

18 Data Sharing Protocols Purpose Powers to share Partners Processes Public Document

19 5. Good Records

20 Principle 3 Personal data shall be adequate, relevant and not excessive

21 Principle 4 Personal data shall be accurate and, where necessary, kept up to date.

22 Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

23 6. Read me my rights

24 Principle 6 1.Subject Access 2.Prevent Processing 3.Direct Marketing 4.Automated Decisions 5.Compensation/Rectification 6.To request an assessment

25 Subject Access A valid request is Application in writing Proof of identity Fee Some direction

26 Subject Access Controller must respond promptly In any event within 40 days Starting on the relevant day

27 Direct Marketing Communication (by whatever means) of any advertising or marketing material which is directed to a particular individual

28 Computer says no… People can object to an automated decision Some exemptions Once you know… …you can object in writing Controller has 21 days.

29 7. Keep your data safe

30 Principle 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

31 Principle 7 Training Policies & Procedures Data security breach policy Civil Monetary Penalties Passwords

32 Principle 7 Contracts With Data Processors Made or evidenced in writing Processor to act only on Controller’s instructions Controller should check Processor’s Security and Employees

33 8. Who’s the daddy?

34 Enforcement Request for assessment Information Notice Enforcement Notice Prosecution Tribunal Supreme court

35 Offences Failure to notify or to notify changes Failure to comply with written request Failure to comply with a Notice Unauthorised obtaining/disclosing Procuring a disclosure to another person Unlawful selling Enforced Subject Access

36 Penalties Undertakings Notices from ICO Prosecution £500K Fines & Jail time Inspect public sector without notice PR disasters

37 9. Exemptions

38 Exemptions S. 28 - National security S. 29 - Crime and taxation S. 30 - Health, education & social work S. 31 - Regulatory activity S. 32 - Journalism, literature & art

39 Exemptions S. 33 - Research, history & statistics S. 34 - Publicly available by any enactment S. 35 - Required by law/proceedings S. 36 - Domestic purposes

40 10. Social Media

41 Policy or Prosecution? Social Media Policy Disciplinary offence Bringing the organisation into disrepute Preece v Wetherspoons Defamation

42 Thank you

Download ppt " Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd."

Similar presentations

Ads by Google