Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key changes with the GDPR

Similar presentations


Presentation on theme: "Key changes with the GDPR"— Presentation transcript:

1 Key changes with the GDPR
Stacey Harper University of Glasgow Intro slide - If your presentation does not relate solely to student recruitment, please use this version

2 Personal data definitions
New additions: Online identifiers Device identifiers Cookie IDs IP addresses Pseudonymised data Sensitive includes genetic and biometric data

3 Increased scope Single set of rules for all EU nations
Applies to all organisations that process the personal data of EU citizens Data Processors subject to and responsible for actions under GDPR Controllers must only engage with GDPR compliant processors Data sharing agreements required to lay out controller and processor commitments

4 New and expanded rights
Right to be informed Right to erasure Right to data portability Right to restriction Right to rectification Right of access Including additional processing details Right to object Right to prevent automated processing, including profiling Informed Erasure: applies where PD is no longer necessary in relation to the purpose for its original collection/processing, individual withdraws consent, objects to processing and no overriding legitimate interest, processing is unlawful, etc. Data portability: applies when PD provided to DC, processing based on consent or performance of a contract, processing carried out by automated means. Right to provision of PD in structured, commonly used, machine readable format Restriction: Permitted to store PD but not further process it. if individual contests accuracy of data, if you don’t need PD but individual does for a legal claim, if they object and you’re trying to figure out if you need to follow that, etc Right of access: right to obtain purpose and confirmation of processing, info on categories of pd concerned, recipients to whom pd will have been disclosed, source of data, where possible retention, existence of profiling/automated processing, and right to access PD Object: applies if PD processed for legitimate interests or public interest (including profiling), direct marketing, scientific/historical research and statistics NO LONGER REQUIREMENT FOR SUBSTANTIAL DAMAGE OR DISTRESS Automated processing: Individuals have right not to be subject to a decision when it’s based on automated processing, produces a legal effect/similarly significant effect on individual. No automated decision making with sensitive PD unless you have explicit consent of individual or processing is necessary for reasons of substantial public interest on basis of EU or Member State law

5 Changes to privacy notices and consent
More robust, concise, transparent, understandable and accessible Must explain personal data processed, purpose of processing, intended retention, subject rights, source of data, conditions of processing Consent: Freely given, specific, informed, unambiguous, Demonstrable by a statement or clear affirmative action

6 Data Protection by Design
Requirement for increased accountability and documentation of processing activities Work DP concerns into design of all procedures, projects, systems Good DP compliance should be default Privacy Impact Assessments required for new activities and undertakings Particularly for profiling, surveillance, and processing of special categories of personal data

7 Breach reporting and sanctions
Mandatory breach notification Unless no risk to data subjects Notify ICO within 72 hours Sanctions of up to €20,000,000 or 4% of annual worldwide turnover

8 Questions? Phone: /glasgowuniversity @UofGlasgow @UofGlasgow UofGlasgow Search: University of Glasgow


Download ppt "Key changes with the GDPR"

Similar presentations


Ads by Google