New Data Protection Legislation

Slides:



Advertisements
Similar presentations
Re-use of PSI Data Protection Issues Cécile de Terwangne Professor at the Law Faculty, Research Director at CRIDS University of Namur (Belgium) 2 nd LAPSI.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The Data Protection (Jersey) Law 2005.
Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Audiences NI Data Protection Workshop
Data Protection Overview
Data Protection for Church of Scotland Congregations
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Data Protection for Church of Scotland Congregations.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Understanding Privacy An Overview of our Responsibilities.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Understanding Privacy An Overview of our Responsibilities.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
Key changes with the GDPR
Data Protection and Confidentiality
Issues of personal data protection in scientific research
Presentation to GTMC on GDPR
Data Protection The Current Regime
General Data Protection Regulation
Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017
The Data Protection Act 1998
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
Public Sector Organisations - are you GDPR ready?
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
GDPR and Health and Safety
G.D.P.R General Data Protection Regulations

GDPR Overview and Use Cases.
General Data Protection Regulation
Data Protection principles
Data Protection Act 1998 & GDPR
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
IMPLICATIONS OF GDPR ROBERT BELL.
GDPR Workshop MEU Symposium Prague 2018
General Data Protection Regulations 2018
General Data Protection Regulations (GDPR) Training
The General Data Protection Regulation Six months on – What’s changed
Information Handling Research Student Induction Day
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
#eaThinkData Get Ready for GDPR #eaThinkData.
A Framework for Compliance
Understanding Data Protection
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Data Protection What can I do? GDPR Principles General Data Protection
GDPR Session
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

New Data Protection Legislation July 2018

Training objectives To provide a broad overview of the new data protection legislation To signpost to where further resources are available

What is personal data? How would you define personal data? What examples of personal data can you give?

Definition of personal data under GDPR “any information relating to an identified or identifiable natural person” Data Controllers and Data Processors

Special categories Biometric and genetic data The racial or ethnic origin of the data subject(s) Their political opinions Their religious beliefs or beliefs of a similar nature Whether they are members of a Trade Union Their physical or mental health or condition Their sexual life The commission or alleged commission by them of any offence Any proceedings for any offence committed or alleged, the disposal of such proceedings or the sentence of any court

Principles Processed fairly, lawfully and in a transparent manner Collected for specified, explicit and legitimate purposes and not further processed for other purposes incompatible with the original purpose Adequate, relevant and limited to what is necessary in relation to the purposes Accurate and kept up to date    Kept in a form that permits identification no longer than is necessary Processed in a way that ensures appropriate security of the personal data

Processing conditions Consent of the data subject Necessary for the performance of a contract with the data subject or to take steps preparatory to such a contract Necessary for compliance with a legal obligation – this is broadly the same as current DPA, however the law does not need to be statutory. Necessary to protect the vital interests of a data subject or another person where the data subject is incapable of giving consent

Processing conditions Necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller – this condition will apply when processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. These functions must arise under Member State or EU law.

Consent must be a positive indication. It cannot be inferred from silence, inactivity or pre-ticked boxes freely given, specific and informed – equal balance of power. “audit trail” / record of consent right to withdraw consent children

Privacy / transparency notices Who is the data controller? Who is the Data Protection Officer? What is the legal basis for processing? How long is data kept for? Who is the data shared with? Statement of rights of data subjects

Privacy / transparency notice XXXX is the Data Controller under data protection law and will use the information you provide <on this form> in order to <eg. provide you with xxx service>. The legal basis for processing this data is <eg. our legal obligations under xxx Act / performance of a task carried out in the public interest or in the exercise of official authority vested in the council / your consent to do so. You can withdraw your consent at any time by notifying us. Our contact details to do so, or for any other queries, are {contact details}>. We will keep your data for <retention period>. Your information will not be shared further / will be shared with <other team / organisation> in order to provide you with the service. <delete as applicable> Individuals have a number of rights under data protection law, including the right to request their information. You also have a right to make a complaint about our handling of your personal data to the Information Commissioner’s Office https://ico.org,ukttps://ico.org.uk/ You can contact the council’s Data Protection Officer, Carol Trachonitis, via informationgovernance@herefordshire.gov.ukinformationgovernance@herefordshire.gov.uk

Rights of individuals Right to be informed Right of access Data portability the right for a data subject to receive the personal data concerning them, which they have previously provided in a 'commonly use and machine readable format' and have the right to transmit that data to another controller.

Rights of individuals Right to rectification Right to erasure Right to restrict processing Right to object

Pseudonymisation The separation of data from direct identifiers so that linkage to an identity is not possible without additional information that is held separately.

Data breaches Bigger penalties Mandatory reporting to the ICO Within 72 hours of the breach being discovered Notification to the individuals affected by the breach

What does a data breach look like? Hampshire: Social care files left in building after office moves: £100,000 Devon: Social worker used a previous case as template for adoption panel report and sent out a copy of the old report instead of the new one: £90,000 Powys : Social worker sent a report relating to family A to family B due to a mix up of papers at the printer: £130,000 Worcestershire: Employee emailed highly sensitive & excessive info about a large number of vulnerable people to 23 unintended recipients: £80,000

Preventing data breaches Check the post goes to the correct addressee. Who can see or hear confidential information? Don’t leave information where those not authorised can see it, only discuss individuals for professional reasons. Secure / lock away confidential material. Wipe memory sticks after use, only use encrypted devices. Tailgating Be proportionate when sharing / using personal information. Only access confidential information for the right reasons.

Preventing data breaches Is what you do secure? What do you need to change?

Implications Destroy data once it is no longer needed Care with recording Report data breaches Co-operate over requests for information Security

Any Questions?