Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR and paper records Why it’s not all cyber and fines Gary Shipsey

Published byRandall Neal Modified over 6 years ago

Similar presentations

Presentation on theme: "GDPR and paper records Why it’s not all cyber and fines Gary Shipsey"— Presentation transcript:

1 GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
Managing Director, Protecture Ruth Williams, Marketing Director, Restore Scan

2 Gary Shipsey Managing Director Protecture Ruth Williams
Meet the Presenters Gary Shipsey Managing Director Protecture Ruth Williams Marketing Director Restore Scan

3 Revolution or Evolution
Transparency and Accountability Significant Actual Resources (SARs)? Forget me (not)? Security GDPR and paper records - Why it’s not all cyber and fines

4 Revolution or Evolution?
GDPR and paper Revolution or Evolution?

5 Revolution or Evolution?
What happens next day…? 26th 27th 28th May June July 2018 / 19 /20 “I’ve heard about this new law…” “I know my rights…” “The Daily Mail / The Guardian says…” “You have now told me I have these rights...”

6 Transparency and Accountability
GDPR and paper Transparency and Accountability

7 Transparency and Accountability
Open up… 1. Tell them their rights 2. Tell them about your needs 3. Tell anyone about your handling of personal data

8 Transparency and Accountability
Mandatory breach reporting Without undue delay… not later than 72 hours if likely to “…result in a risk to” person’s rights/freedoms if likely to “…result in a high risk” to person’s rights/freedoms Staff awareness + Internal reporting and incident management procedures + Assessment of risk / external reporting + Disciplinary process / proof

9 Transparency and Accountability
Clarity of purpose and lawful basis How much to collect purposes of the processing the legal basis for each the legitimate interest* a record of consent* Who needs to see it Who to share it with How long to keep it * If you’re relying on it Extent to which people can use / enforce their rights Purpose Lawful basis

10 Transparency and Accountability
Data Controller and Data Processor contracts Contract Contract + Data Controller Data Processor the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…

11 Significant Actual Resources? (SARs)
GDPR and paper Significant Actual Resources? (SARs)

12 Significant Actual Resources (SARs)
"Right of access by the data subject" ICO stats

13 Significant Actual Resources (SARs)
"Right of access by the data subject" Disproportionate effort “The DPA places a high expectation on you to provide information in response to a SAR... you should ensure that your information management systems are well-designed and maintained so that you can efficiently locate and extract information requested by the data subjects...” Sept 2017 Reason for the request “Whether or not the applicant has a ‘collateral purpose’ (i.e. other than seeking to check or correct their personal data) for making the SAR is not relevant. However the court does have a wide discretion as to whether or not to order compliance with a SAR...”

14 Significant Actual Resources (SARs)
"Right of access by the data subject" GDPR and subject access = very similar, but… Abolition of a £10 administration fee Shortening of the timescale: 30 calendar. Failure to uphold right of subject access = in the higher tier of penalties (max. 4% global turnover / £17m) Potential: people pursue their rights in court Sept 2017 Disruption | Costs (resource / litigation) | Reputational damage = as significant (or more) than regulatory penalties? 

15 GDPR and paper Forget me (not)?

16 Forget me (not)? "Right to erasure ('right to be forgotten')" without undue delay where one of the following grounds applies... no longer necessary (for the purpose(s) they were processed) withdraws consent (+ no other legal ground for processing) objects* to the processing (+ no overriding legitimate grounds) * Task carried out in public interest * Legitimate interests Purpose Lawful basis

17 GDPR and paper Security

18 Security Certainly not all cyber… ICO stats

19 PROVISION OF DOCUMENT SCANNING, ARCHIVING AND DESTRUCTION SERVICES
Restore Document Management – Digital transformation, scanning and physical storage of documents through to confidential destruction 74% of FTSE 100 Companies 90% of top 100 UK Legal Practices 78% of top 50 UK Accountancy Companies 73% of UK National Health Service Trusts 54% of local authorities in England, Scotland and Wales

20 PROVISION OF GDPR AND PRIVACY SUPPORT SERVICES
Protecture – Data Protection Newsletters Insights Events Services Do you agree? Getting consent projects right Updating consent Implications of the Flybe and Honda fines Better the devil you know Personal data breach reporting and GDPR

21 PROVISION OF GDPR AND PRIVACY SUPPORT SERVICES
Protecture – Data Protection We are your DPO’s expert  For those with responsibility for data protection compliance across their organisation. Preparing for the GDPR | Audit | Training | Policies | Entry to our seminars | Ad-hoc advice | DP Impact Assessments | IRMS Retention Toolkit

22 Q&A Thank You Ruth Williams T: 07879 484 544
@RestoreDigital Q&A Gary Shipsey T:

Download ppt "GDPR and paper records Why it’s not all cyber and fines Gary Shipsey"

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
General Data Protection Regulation (GDPR)- an overview

General Data Protection Regulation (GDPR)- an overview
Data Protection Regulation

Data Protection Regulation
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Data protection headaches: GDPR, brexit AND perimeter risk

Data protection headaches: GDPR, brexit AND perimeter risk
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017

Similar presentations

Ads by Google