1. Data Protection Regulation
General
Data Protection Regulation
Alan Martin
Information Compliance Officer
My job
GDPR scope and Great Repeal Bill
Talk Talk enforcement
G D P R
25 May 2018

2. Where is all the personal data? Information Audit
“Yeah, I keep a clean desk. Now all the mess in in the computer!”
Information audit – Allows us to prioritise
Set-up records custodians/contacts

3. Collecting and managing personal data 1 Purpose, fairness and consent
Fairness - Privacy notice - How we use your data. For individuals and staff sets expectations and legal basis..
Purpose –Core of validating collection, sharing and retention. 

4. Collecting and managing personal data 2 Security
I changed all my passwords
to “incorrect”, so whenever I
forget, it will tell me,
“Your password is incorrect.”
How is it collecting, holding, sharing, destroying.
What is good practice? Should we develop guidance?

5. Collecting and managing personal data 3 Retention and destruction
Photo by Vitor Sá
Does anyone destroy anything?
Case management system for s?

6. General Data Protection Regulation requirements
Accountability
Privacy Impact Assessments
Information audit
Free Subject Access Requests
Report breaches within 72 hours
New Data Protection Officer
Accountability e.g. consent
PIA – Getting it right for all new projects
Records custodians for audit

7. What next?
Appoint Data Protection Officer
Information audit
On-line training
ICO information risk review - June 2017

8. Alan Martin
Information Compliance Officer