Presentation is loading. Please wait.

Presentation is loading. Please wait.

Key changes with the GDPR

Published byOwen Dorsey Modified over 6 years ago

Similar presentations

Presentation on theme: "Key changes with the GDPR"— Presentation transcript:

1 Key changes with the GDPR
Stacey Harper University of Glasgow Intro slide - If your presentation does not relate solely to student recruitment, please use this version

2 Personal data definitions
New additions: Online identifiers Device identifiers Cookie IDs IP addresses Pseudonymised data Sensitive includes genetic and biometric data

3 Increased scope Single set of rules for all EU nations
Applies to all organisations that process the personal data of EU citizens Data Processors subject to and responsible for actions under GDPR Controllers must only engage with GDPR compliant processors Data sharing agreements required to lay out controller and processor commitments

4 New and expanded rights
Right to be informed Right to erasure Right to data portability Right to restriction Right to rectification Right of access Including additional processing details Right to object Right to prevent automated processing, including profiling Informed Erasure: applies where PD is no longer necessary in relation to the purpose for its original collection/processing, individual withdraws consent, objects to processing and no overriding legitimate interest, processing is unlawful, etc. Data portability: applies when PD provided to DC, processing based on consent or performance of a contract, processing carried out by automated means. Right to provision of PD in structured, commonly used, machine readable format Restriction: Permitted to store PD but not further process it. if individual contests accuracy of data, if you don’t need PD but individual does for a legal claim, if they object and you’re trying to figure out if you need to follow that, etc Right of access: right to obtain purpose and confirmation of processing, info on categories of pd concerned, recipients to whom pd will have been disclosed, source of data, where possible retention, existence of profiling/automated processing, and right to access PD Object: applies if PD processed for legitimate interests or public interest (including profiling), direct marketing, scientific/historical research and statistics NO LONGER REQUIREMENT FOR SUBSTANTIAL DAMAGE OR DISTRESS Automated processing: Individuals have right not to be subject to a decision when it’s based on automated processing, produces a legal effect/similarly significant effect on individual. No automated decision making with sensitive PD unless you have explicit consent of individual or processing is necessary for reasons of substantial public interest on basis of EU or Member State law

5 Changes to privacy notices and consent
More robust, concise, transparent, understandable and accessible Must explain personal data processed, purpose of processing, intended retention, subject rights, source of data, conditions of processing Consent: Freely given, specific, informed, unambiguous, Demonstrable by a statement or clear affirmative action

6 Data Protection by Design
Requirement for increased accountability and documentation of processing activities Work DP concerns into design of all procedures, projects, systems Good DP compliance should be default Privacy Impact Assessments required for new activities and undertakings Particularly for profiling, surveillance, and processing of special categories of personal data

7 Breach reporting and sanctions
Mandatory breach notification Unless no risk to data subjects Notify ICO within 72 hours Sanctions of up to €20,000,000 or 4% of annual worldwide turnover

8 Questions? Phone: /glasgowuniversity @UofGlasgow @UofGlasgow UofGlasgow Search: University of Glasgow

Download ppt "Key changes with the GDPR"

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Update on Data Protection issues Ray Collins Consultant - LGfL.

Update on Data Protection issues Ray Collins Consultant - LGfL.
Presentation Title Data Protection The new EU Regulation Insert your logo here.

Presentation Title Data Protection The new EU Regulation Insert your logo here.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Data Subject Rights under the GDPR

Data Subject Rights under the GDPR
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
KEY CHANGES TO THE DATA PROTECTION LANDSCAPE

KEY CHANGES TO THE DATA PROTECTION LANDSCAPE
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
Data Protection Update – GDPR or bust

Data Protection Update – GDPR or bust

Similar presentations

Ads by Google