Presentation is loading. Please wait.

Presentation is loading. Please wait.

The future of data protection: General Data Protection Regulation

Published byMegan Cain Modified over 6 years ago

Similar presentations

Presentation on theme: "The future of data protection: General Data Protection Regulation"— Presentation transcript:

1 The future of data protection: General Data Protection Regulation
Presenter: Richard Syers, Senior Policy Officer

2 The future of data protection: General Data Protection Regulation
Presenter: Richard Syers, Senior Policy Officer

3 Data Protection Act 1998 Privacy and Electronic Communications (EC Directive) Regulations 2003
Freedom of Information Act 2000 Environmental Information Regulations 2004 Upholding information rights in the public interest, promoting openness by public authorities and data privacy for individuals

4 General Data Protection Regulation
Regulation (EU) 2016/679, replaces Directive 95/46/EC Applies directly in UK – no need to transpose Time and technology has moved on The way we process data has changed – stronger penalties reflect the increased potential for harm to individuals when things go wrong Builds on existing data protection law Provisions apply from 25 May 2018

5 General changes Explicitly shifts emphasis onto data controllers demonstrating compliance (Art. 5(2)) Consent strengthened in practice Greatly expanded requirements in relation to fair processing Specific requirements on data processors

6 Data subjects' rights Chapter III (Articles 12 – 23)

7 Strengthens existing rights
Adds new rights Strengthens existing rights Data Portability (Art. 20) Right to restrict processing (Art. 18) Right to erasure ("right to be forgotten") (Art. 17 Right not to be subject to automated decision making (Art. 22) Right to be informed (Art. 12, 13 and 14) Right of subject access (Art. 15)

8 Enforcement Mandatory security breach reporting
“Artists-impressions-of-Lady-Justice, (statue on the Old Bailey, London)” by Lonpicman is licensed under CC BY-SA Enforcement Mandatory security breach reporting Significantly larger fines for non-compliance Two tier fine system

9 Penalties Fines of up to 10m euros or 2% of worldwide annual turnover
Failing to take steps to keep personal data secure. Failing to notify the supervisory authority of a data breach Failing to comply with individuals rights Infringements related to transfers Penalties Two tier fine system depending on nature of the breach Tier 1 - up to 10 million Euros or 2% of annual global turnover Tier 2 - up to 20 million Euros or 4% of annual global turnover

10 Special categories of personal data (Article 9)
Racial or ethnic origin Political opinions Trade union membership Religious or philosophical beliefs Genetic data Biometric data (in some cases) Health data Sex life or sexual orientation

11 Criminal convictions and offences (Article 10)
Processing of information about criminal convictions and offences is prohibited unless: Processing is under the control of official authority, or "authorised by Union or Member State law providing for appropriate safeguards for the rights and freedoms of data subjects."

12 International transfers (Chapter V, Articles 44 – 50)
Restrictions on transfers outside EU Can only take place in compliance with Chapter V ICO can authorise some transfers

13 Sharing intelligence data
Clarity of purpose and legal basis Transparency Data minimisation – only share what you need to Consistent process with safeguards Security Record keeping

14 Money Laundering Regulations 2017
Data protection law shouldn't prevent effective sharing of data for anti-money laundering purposes Ultimately for DCMS and HMT to ensure that laws dovetail effectively ICO has submitted several consultation responses, outlining our concerns on certain areas DCMS currently consulting on GDPR implementation, submit responses by 10 May 2017

15

16 ICO guidance Overview of GDPR Consent (currently draft)
Profiling (discussion paper) Currently planning guidance on contracts and liability

17 Released guidance from the Article 29 working party
Data portability Lead supervisory authorities Data protection officers

18 Upcoming guidance from the Article 29 working party
Consent Transparency Profiling High risk processing Certification Administrative fines Breach notification Data transfers

19 Subscribe to our e-newsletter at www.ico.org.uk
Keep in touch Subscribe to our e-newsletter at or find us on… /iconews @iconews

Download ppt "The future of data protection: General Data Protection Regulation"

Similar presentations

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Preparing for the GDPR Helping us to help you.

Preparing for the GDPR Helping us to help you.
Processing for archiving purposes in the GDPR

Processing for archiving purposes in the GDPR
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
General Data Protection Regulation: Turning the black into white

General Data Protection Regulation: Turning the black into white
GDPR Overview GDPR - General Data Protection Regulations

GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
INTRODUCTION TO GDPR 19/09/2018.

INTRODUCTION TO GDPR 19/09/2018.
Data protection reform:

Data protection reform:

Similar presentations

Ads by Google