Presentation is loading. Please wait.

Presentation is loading. Please wait.

Presentation to GTMC on GDPR

Published bySherman Hensley Modified over 6 years ago

Similar presentations

Presentation on theme: "Presentation to GTMC on GDPR"— Presentation transcript:

1 Presentation to GTMC on GDPR

2 What is the GDPR? Harmonised Data Protection regulation across the EU
ICO has indicated that Brexit will have no impact on adoption (one way or another…) Applies to organisations that hold data on EU citizens and residents Applies to Controllers (say how and why data is processed) and Processors (process data on behalf of controllers) Enhanced obligations over and above DPA, particularly on Processors

3 What data does GDPR apply to?
Personal Data Broader definition of personal data Can include online identifiers (e.g. and IP address) Sensitive Personal Data Generally, sensitive information about an individual Again, broader definition applies (e.g. genetic and biometric data) Special rules for processing children’s data

4 Principles of the GDPR Similar to DPA. Data shall be…
Lawful processing Data collected for a specific, legitimate purpose Adequate, relevant and limited to that purpose Accurate and kept up to date Kept for no longer than needed Kept secure Much enhanced principle of ACCOUNTABILITY

5 Accountability Critical new principle
Organisations must DEMONSTRATE compliance This means… Documenting processing activities Appoint a DPO? Data Protection Impact Assessments DP “by design and by default” Maintain records of processing activities Must actively demonstrate compliance

6 Basis for Processing Have to demonstrate a legal basis for processing
This can include: Consent Legitimate basis for processing (including performance of a contract) Public interest Importantly, consent is not the only acceptable basis for processing

7 Rights of Individuals Enhanced existing rights: Right to be informed
Right of access Right of rectification Right to object Rights regarding automated processing New rights Right to restriction Right to erasure Right to data portability

8 Consent Important – consent is not the only acceptable legal basis for processing personal data But – consent MUST be sought for processing sensitive personal data Consent requires “clear, affirmative action” (i.e. not a pre-ticked box) It must be freely given, informed, specific, and verifiable. It can be withdrawn at any time

9 Breach notification & enforcement
Breaches generally expected to be report within 72 hours (but also ‘without undue delay’) Extends mandatory breach reporting beyond ISPs and telcos to all controllers/processors Report to data controllers, regulators and – in some cases – affected data subjects FINES – up to €20m or 4% of global turnover for major breaches Up to €10m or 2% of global turnover for minor breaches

10 What are other companies doing?
Mapping stored data for GDPR applicability Reviewing data processing processes and documenting what they have in place Appointing a DPO if not in place Considering record keeping and responses to GDPR requests (particularly erasure, data portability) Projects are very much in progress or planning, not complete

11 Thank you

Download ppt "Presentation to GTMC on GDPR"

Similar presentations

The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
General Data Protection Regulations: The Key Changes

General Data Protection Regulations: The Key Changes
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Any impact on procurement? 16/11/2017.

GDPR Any impact on procurement? 16/11/2017.
KEY CHANGES TO THE DATA PROTECTION LANDSCAPE

KEY CHANGES TO THE DATA PROTECTION LANDSCAPE
International Regulatory Trends

International Regulatory Trends
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR)

Similar presentations

Ads by Google