Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection Officer’s Overview of the GDPR

Published byElla Walters Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Protection Officer’s Overview of the GDPR"— Presentation transcript:

1 Data Protection Officer’s Overview of the GDPR
Hugh Jones Sytorus

2 Sytorus – who we are Data Protection Consultancy Training
Introductory DPO Primer Modular training Tailored to sector Data Management Assessments Privacy Impact Assessments Interim Data Protection Officer Liaison with Office of the DP Commissioner Online Knowledge Base at

3 Wording agreed in early January, 2016
Proposed legislation Wording agreed in early January, 2016 Due to come into effect in mid-2018 Objective is to harmonise EU legislation ‘Catch up’ with new technologies Accommodate current business models Recognise the global business market Scope – Where DC or DP are within the EU, regardless of where the processing takes place Where Data Subject is an EU citizen, regardless of where DC or DP is based Includes provision of goods and services, monitoring of behaviour within EU

4 Key Principles Data Processing must involve:
Lawful, Fair and Transparent processing Purpose Limitation (specified purposes) Data Minimisation (adequate, relevant and limited) Accurate and Up-to-date processing Limitation of storage in a form that permits identification Confidential and Secure – protects integrity and privacy Accountability and Liability – demonstration of compliance Specific Categories of Processing

5 Lawful, Fair and Transparent
Fair Processing Notice Reference to Lawful Processing Conditions Additional considerations for Sensitive Personal Data Burden of Justification rests with Data Controller Not about the data the Subject is willing to disclose Assumption that consent is necessary Distinction between Mandatory and Optional fields Reminder of Data Subject Rights To opt out from marketing To object to processing To have data rectified or removed Right to request restriction of processing “Right to be Forgotten”

6 Implications for DC and DP
No future obligation to register as DC or DP Proactive assessment of processing Logging and recording of incidents Notification of processing in some circumstances Controller obligation to maintain log of processing Processor obligation to maintain log of processing Identification of categories of data being processed Identification of categories of processors to be engaged Envisaged time limit for retention Breach Notification Within 72 hours of becoming known Describe implications, measures taken to prevent recurrence Outline steps taken to minimise impact on Data Subject

7 Selection of Jurisdiction
Referred-to as ‘The One-Stop Shop’ Data Controller reports to the Supervisory Authority where the Controller is established / mainly operational Where Controller is active in several EU jurisdictions, they can indicate a preferred jurisdiction That authority will then be responsible for the Controller’s compliance

8 Overseas Transfer EEA countries (EU + EFTA) - 31 ‘Safe’ Countries – 10
‘Privacy Shield’ Scheme (being drafted) Adequacy of Destination Rule of Law Respect for Human Rights and Fundamental Freedoms Appropriate legislation and security measures Specific DP legislation Enforcement by a Supervisory Authority Model Contracts Code of Conduct with Enforceable Commitments Binding Corporate Rules

9 Why comply? ‘It’s the law of the land!’ Protection of brand
Avoid risk to reputation Protection of trust Employees Suppliers Customers Enables better decision-making Makes good business sense Delivers business value

Download ppt "Data Protection Officer’s Overview of the GDPR"

Similar presentations

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.

Data Protection Data Protection Acts 1988 & 2003 Directive 95/46/EC Privacy.
A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.

A European View of Privacy Protection John Woulds Director of Operations UK Data Protection Commissioner National Conference on Privacy, Technology & Criminal.
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
‘EU Data Protection Regulations Future Challenges’

‘EU Data Protection Regulations Future Challenges’
The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.

The Framework for Privacy Policies in the UK: Is telling people what information is gathered about them part of the framework? Does it need to be? Emma.
INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.

INTRODUCTION TO DATA PROTECTION An overview of the Irish Data Protection legislation.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.
7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.

7/7/20161 The Public Sector Equality Duty for Schools in England Jonathan Timbers – Policy Manager, PSED Team, Equality and Human Rights Commission.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance

Similar presentations

Ads by Google