Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

Slides:



Advertisements
Similar presentations
Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Advertisements

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
TEAM 4 Case Study Mauritius: Mrs Nandini Kissoon-Luckputtya
Archive, Records Management and Museum Services Confidentiality, Personal Data and the Data Protection Act 1998 Alan R Bell Records Manager and Information.
Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Training at Ministry of Industry, Commerce and Consumer Protection Presented By: Mrs Dodah Pravina Mr Dookee Padaruth Date : 11 September 2014 Explaining.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
The Data Protection Act
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Computing, Ethics & The Law. The Law Copyright, Designs and Patents Act (1988) Computer Misuse Act (1990) Data Protection Act (1998) (8 Main Principles)
DATA PROTECTION ACT 2002 The Basics Balance the rights of an individual with an organisation’s legitimate need to process personal data Promote openness.
DATA PROTECTION ACT (DPA). WHAT IS THE DATA PROTECTION ACT?  The Data Protection Act The Data Protection Act (DPA) gives individuals the right.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Data protection—training materials [Name and details of speaker]
Sharing Information Legally Lindsay Ould London Borough of Lewisham.
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Protection of Personal Information Act An Analysis on the impact.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
The Data Protection Act 1998
The Data Protection Act 1998
Data Protection and Confidentiality
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Level 2 Diploma in Customer Service
Issues of personal data protection in scientific research
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
PERSONAL DATA PROTECTION ACT 2010
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
The General Data Protection Regulation (GDPR)
G.D.P.R General Data Protection Regulations
General Data Protection Regulation
Data Protection principles
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
GDPR Workshop MEU Symposium Prague 2018
PERSONAL INFORMATION BILL
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Presentation transcript:

The Data Protection (Jersey) Law 2005

The Data Protection (Jersey) Law 2005 A Law to make provision for the regulation of the processing of information relating to individuals including the obtaining, holding and use or disclosure of such information.

The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: DATA Means information which is: Automatically processed or Recorded with the intention of being automatically processed or Recorded as part of a relevant filing system

The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: Means any set of information relating to individuals to the extent that the set is structured either by reference to individuals, or in such a way that specific information relating to a particular individual is readily accessible. RELEVANT FILING SYSTEM

The Data Protection (Jersey) Law 2005 KEY DEFINITIONS: PERSONAL DATA Data which relates to a living individual who can be identified: From those data or From those data and any information which is in the possession of, or is likely to come into the possession of the data controller

The Data Protection (Jersey) Law 2005 Racial or ethnic origin Political opinions Religious or other beliefs Trade union membership Physical or mental health Sexual life Offences KEY DEFINITIONS: SENSITIVE PERSONAL DATA

The Data Protection (Jersey) Law 2005 includes obtaining, holding and carrying out any operation on the information or data KEY DEFINITIONS: PROCESSING

The Data Protection(Jersey)Law 2005 An individual who is the subject of personal data An individual who is the subject of personal data. KEY DEFINITIONS: DATA SUBJECT

The Data Protection (Jersey) Law 2005 A A person who (either alone or in common with other persons) determines the purposes for which and the manner in which personal data are, or are to be, processed. KEY DEFINITIONS: DATA CONTROLLER

The Data Protection (Jersey) Law 2005 a person (other than an employee) who processes the data on behalf of the data controller KEY DEFINITIONS: DATA PROCESSOR

Notification Data controller’s name and address Name and address of representative (if relevant) Description of personal data being processed Description of the purpose of processing Description of intended recipients List of non-EEA countries data may be transferred to Security Statement…

Security Statement Questions Are the measures based on an assessment of the risks involved in the processing? Do such measures include: - adopting an information security policy? - taking steps to control physical security? - putting in place controls on access to information? - establishing a business continuity plan? - training staff on security systems & procedures? - detecting & investigating security breaches?

The Data Protection (Jersey) Law 2005 There are 8 Data Protection Principles which set enforceable standards for the collection and use of personal data. The Principles

The First Principle: Data Protection (Jersey) Law 2005 Personal data shall be processed fairly and lawfully and in particular shall not be processed unless: Schedule 2 is satisfied for all personal data Schedule 3 is satisfied for all sensitive personal data

The First Principle (Cont’d): Fairness: The identity of the data controller The purpose(s) for which the data are intended to be processed Any other information which is necessary having regard to the specific circumstances in which the data are, or are to be processed The individual must be informed of:

Privacy Policy Statements What information does the site receive and how is it used? Can I choose what information I disclose? Can I choose what information I receive? How can I review, access or change my information? How is my information kept secure? Who has access to my information? What about other companies? Who can I contact if I have a query?

The Second Principle: Personal data shall be obtained for only one or more specified and lawful purpose and shall not be further processed in any manner incompatible with that purpose or purposes.

The Third Principle: Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.

The Fourth Principle: Personal data shall be accurate and, where necessary, kept up to date.

The Fifth Principle: Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

The Sixth Principle: Personal data shall be processed in accordance with the rights of data subjects under this Law.

Individuals Rights Access Correction, erasure, destruction Stop processing Direct marketing Automated decision-making Compensation

The Seventh Principle: Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

Seventh Principle - Interpretation Appropriateness of measures Reliability of employees Reliability of data processor Contract to cover processing

Practical Implementation of the Seventh Principle Clarify responsibilities Assess risks Formulate policy Impose contractual obligations Proactive policy implementation and oversight

The Eighth Principle: Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.

Lessons to learn Get involved early Take the initiative Integrated approach Assess outsourcing options Take a proactive approach Reap the rewards of compliance!

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com Inc. All rights reserved.