Data protection—training materials [Name and details of speaker]

Slides:



Advertisements
Similar presentations
The Data Protection (Jersey) Law 2005.
Advertisements

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
National Smartcard Project Work Package 8 – Information Law Report.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop
Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
LexisNexis Confidential EU Privacy Framework Michael Lamb LexisNexis Risk Solutions Vice President and Lead Counsel: Regulatory, Privacy & Policy May 19,
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
Data Protection and Records Management. Key Responsibilities - Record Management Keep Information Accurate Disclose only if compatible with purpose for.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
THE DATA PROTECTION ACT Data Protection Act 1998 DPA 1. Reasons2. People3. Principles 4. Exemptions 4 key points you need to learn/understand/revise.
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
The EU General Data Protection Regulation Frank Rankin.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
Uses of brain imaging data: privacy and governance implications Dr. Hester Ward Medical Director, Information Services Division, (ISD) Consultant in Public.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Privacy principles Individual written policies
Managing Data Protection
General Data Protection Regulations: what you really need to know
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
Bob Siegel President Privacy Ref, Inc.
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulation
Privacy & Access to Information
New Data Protection Legislation
G.D.P.R General Data Protection Regulations
GDPR Overview and Use Cases.
Data Protection principles
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulations 2018
GDPR Workshop – Partnerships for Jewish Schools
Presentation transcript:

Data protection—training materials [Name and details of speaker]

Insert company name/logo 1 Contents Terminology Registration Notice and consent/fair processing requirements Fair processing of sensitive personal data Purpose restrictions Adequacy, accuracy, relevance, excessiveness Retention Security Data security breaches Data processor arrangements Subject access and other rights Consents to direct marketing Automated decision-making Monitoring Website privacy notices and policies Consents to use of cookies International data transfers Data protection training

Insert company name/logo 2 Terminology Data Protection Act 1998 (DPA 1998)—regulates use of information about individuals (‘personal data’) Individuals are referred to as ‘data subjects’ Entity controlling the purposes and manner of processing is the ‘data controller’ ‘Information Commissioner’ is the regulator

Insert company name/logo 3 Registration Obligation to register (‘notify’) data processing with the Information Commissioner’s Office Exemptions from notification for ‘core’ data processing activities such as employee administration, accounts and record-keeping In practice, easier to notify than rely on exemptions

Insert company name/logo 4 Notice and consent/fair processing Notify data subject of the: o data controller(s) o purposes of processing o any other information to enable processing to be fair Fairness: conditions include consent, contractual necessity and legitimate interests

Insert company name/logo 5 Sensitive personal data Restrictions on use of ‘sensitive personal data’ (eg race, religion, trade union membership, health, criminal offences) Conditions for fair processing of sensitive data include: o explicit consent o necessary to perform an employment law obligation (worker safety, etc)

Insert company name/logo 6 Purpose restrictions Personal data obtained for a specified purpose must not be used in a manner incompatible with that purpose Take particular care with subsequent use of data for profiling or marketing purposes

Insert company name/logo 7 Accuracy, adequacy, relevance, excessiveness Risk of individual being prejudiced as a result of excessive or inaccurate data (eg turned down for promotion) Act requires ‘reasonable steps’ to ensure accuracy, not total accuracy/perfection Disagreements to be noted

Insert company name/logo 8 Retention Personal data should not be held for longer than ‘necessary’ ‘Necessary’ can mean legal necessity (eg tax and employment laws in UK and/or internationally) and commercial necessity Retention needs to be consistent with notices provided to data subjects

Insert company name/logo 9 Security Obligation to implement appropriate technical and organisational security measures Physical measures (eg security guards) Technical measures (eg encryption) Address in the context of wider confidentiality and information security policies

Insert company name/logo 10 Data security breaches Comply with processes for breach management— central management, IT, legal, HR and customer relations No general legal obligation in the UK to report breaches by the private sector, but there is in the public sector Different rules in other countries

Insert company name/logo 11 Data processor arrangements Need to implement security when outsourcing processing (payroll etc) to a service supplier Need agreement in writing whereby service provider agrees to: o process in accordance with instructions o implement appropriate security o [comply with international transfer restrictions]

Insert company name/logo 12 Subject access and other rights Data subject’s right to request access to personal data There are administrative conditions to be met (eg £10 fee) Statutory exemptions—in particular where disclosure would damage criminal investigations

Insert company name/logo 13 Consents to direct marketing Individuals have the right to refuse direct marketing Electronic marketing (eg ) requires prior consent, except to existing customers When seeking consent, clarify whether seeking to market own or third party products

Insert company name/logo 14 Automated decision-making Notify data subjects of automated decision-making which significantly affects them Individual has right to explanation of logic involved in decision-making

Insert company name/logo 15 Monitoring ‘Monitoring’ may include: o communications ( , internet) o video and audio monitoring (CCTV) o covert monitoring o in-vehicle monitoring (‘tracker systems’) Involves the gathering of personal data

Insert company name/logo 16 Website privacy notices and policies Notices and consents to be provided when gathering data offline ‘Layer’ notices if space is tight Privacy policies should state how data will be handled in more detail. Avoid unnecessary representations about security

Insert company name/logo 17 Consents to use of cookies Prior consent required for use of cookies Clarify which cookies are used and why Limited exceptions for services requested by users

Insert company name/logo 18 International data transfers Restrictions on exports outside the EEA to countries without ‘adequate safeguards’ Transfers permitted with consent or where there is legal necessity Adequate safeguards include ‘model contracts’ and ‘binding corporate rules’

Insert company name/logo 19 Summary Make sure data subjects are aware of processing unless it is necessary to rely on exemptions Use approved forms and template working

Insert company name/logo 20 Final comments Any questions? Refer to [identify privacy officer or other relevant contact person]

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.