Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data protection—training materials [Name and details of speaker]

Published byMildred Hill Modified over 8 years ago

Similar presentations

Presentation on theme: "Data protection—training materials [Name and details of speaker]"— Presentation transcript:

1 Data protection—training materials [Name and details of speaker]

2 Insert company name/logo 1 Contents Terminology Registration Notice and consent/fair processing requirements Fair processing of sensitive personal data Purpose restrictions Adequacy, accuracy, relevance, excessiveness Retention Security Data security breaches Data processor arrangements Subject access and other rights Consents to direct marketing Automated decision-making Monitoring Website privacy notices and policies Consents to use of cookies International data transfers Data protection training

3 Insert company name/logo 2 Terminology Data Protection Act 1998 (DPA 1998)—regulates use of information about individuals (‘personal data’) Individuals are referred to as ‘data subjects’ Entity controlling the purposes and manner of processing is the ‘data controller’ ‘Information Commissioner’ is the regulator

4 Insert company name/logo 3 Registration Obligation to register (‘notify’) data processing with the Information Commissioner’s Office Exemptions from notification for ‘core’ data processing activities such as employee administration, accounts and record-keeping In practice, easier to notify than rely on exemptions

5 Insert company name/logo 4 Notice and consent/fair processing Notify data subject of the: o data controller(s) o purposes of processing o any other information to enable processing to be fair Fairness: conditions include consent, contractual necessity and legitimate interests

6 Insert company name/logo 5 Sensitive personal data Restrictions on use of ‘sensitive personal data’ (eg race, religion, trade union membership, health, criminal offences) Conditions for fair processing of sensitive data include: o explicit consent o necessary to perform an employment law obligation (worker safety, etc)

7 Insert company name/logo 6 Purpose restrictions Personal data obtained for a specified purpose must not be used in a manner incompatible with that purpose Take particular care with subsequent use of data for profiling or marketing purposes

8 Insert company name/logo 7 Accuracy, adequacy, relevance, excessiveness Risk of individual being prejudiced as a result of excessive or inaccurate data (eg turned down for promotion) Act requires ‘reasonable steps’ to ensure accuracy, not total accuracy/perfection Disagreements to be noted

9 Insert company name/logo 8 Retention Personal data should not be held for longer than ‘necessary’ ‘Necessary’ can mean legal necessity (eg tax and employment laws in UK and/or internationally) and commercial necessity Retention needs to be consistent with notices provided to data subjects

10 Insert company name/logo 9 Security Obligation to implement appropriate technical and organisational security measures Physical measures (eg security guards) Technical measures (eg encryption) Address in the context of wider confidentiality and information security policies

11 Insert company name/logo 10 Data security breaches Comply with processes for breach management— central management, IT, legal, HR and customer relations No general legal obligation in the UK to report breaches by the private sector, but there is in the public sector Different rules in other countries

12 Insert company name/logo 11 Data processor arrangements Need to implement security when outsourcing processing (payroll etc) to a service supplier Need agreement in writing whereby service provider agrees to: o process in accordance with instructions o implement appropriate security o [comply with international transfer restrictions]

13 Insert company name/logo 12 Subject access and other rights Data subject’s right to request access to personal data There are administrative conditions to be met (eg £10 fee) Statutory exemptions—in particular where disclosure would damage criminal investigations

14 Insert company name/logo 13 Consents to direct marketing Individuals have the right to refuse direct marketing Electronic marketing (eg email) requires prior consent, except to existing customers When seeking consent, clarify whether seeking to market own or third party products

15 Insert company name/logo 14 Automated decision-making Notify data subjects of automated decision-making which significantly affects them Individual has right to explanation of logic involved in decision-making

16 Insert company name/logo 15 Monitoring ‘Monitoring’ may include: o communications (email, internet) o video and audio monitoring (CCTV) o covert monitoring o in-vehicle monitoring (‘tracker systems’) Involves the gathering of personal data

17 Insert company name/logo 16 Website privacy notices and policies Notices and consents to be provided when gathering data offline ‘Layer’ notices if space is tight Privacy policies should state how data will be handled in more detail. Avoid unnecessary representations about security

18 Insert company name/logo 17 Consents to use of cookies Prior consent required for use of cookies Clarify which cookies are used and why Limited exceptions for services requested by users

19 Insert company name/logo 18 International data transfers Restrictions on exports outside the EEA to countries without ‘adequate safeguards’ Transfers permitted with consent or where there is legal necessity Adequate safeguards include ‘model contracts’ and ‘binding corporate rules’

20 Insert company name/logo 19 Summary Make sure data subjects are aware of processing unless it is necessary to rely on exemptions Use approved forms and template working

21 Insert company name/logo 20 Final comments Any questions? Refer to [identify privacy officer or other relevant contact person]

Download ppt "Data protection—training materials [Name and details of speaker]"

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management

Data Protection and Records Management
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.

1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Www.nationalsmartcardproject.org.uk www.scnf.org.uk National Smartcard Project Work Package 8 – Information Law Report.

National Smartcard Project Work Package 8 – Information Law Report.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Class 13 Internet Privacy Law European Privacy.

Class 13 Internet Privacy Law European Privacy.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005

Attorney at the Bars of Paris and Brussels Database exploitation & Data protection Thibault Verbiest Amsterdam 1 April 2005
Data Protection Overview

Data Protection Overview
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.

Privacy Law for Network Administrators Steven Penney Faculty of Law University of New Brunswick.
Finance and Governance Workshop Data Protection and Information Management 10 June 2014.

Finance and Governance Workshop Data Protection and Information Management 10 June 2014.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Similar presentations

Ads by Google