Presentation is loading. Please wait.

Presentation is loading. Please wait.

Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit gdpr@britishcanoeing.org.uk.

Published byKarsten Ritter Modified over 5 years ago

Similar presentations

Presentation on theme: "Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit gdpr@britishcanoeing.org.uk."— Presentation transcript:

1 Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit

2 What this workshop will cover
Open to questions at any time What is GDPR? The Six Principles of Privacy BC’s Three Personal Data Rules Start With an Audit Legal Reasons to Process Processing Notices and Policies IT Security and Best Practice

3 What is GDPR GDPR updates the current Data Protection Act, which was written before the Internet became widespread. It was implemented in The grace period to make changes finishes on 25 May 2018. It’s about giving people more control over how their personal data is used in the new digital environment to stop organisations from exploiting it.

4 The Six Principles of Privacy
“Processing” includes simply storing data Processing must be lawful, fair and transparent Lawful - processing must meet one of the six legal tests Fair - what is processed must match up with how it has been described Transparent - tell the subject what data processing will be done. Processing must only be for the specific purpose the subject has been made aware of Processing must focus on data minimisation. Only process what is needed. Processing must focus on accuracy with data kept up to date Processing must come with storage limitations. Don’t keep longer than necessary Processing must involve integrity and confidentiality. This means with appropriate security to protect it from unlawful processing, accidental loss, destruction or damage.

5 BC’s Three Personal Data Rules
Checking Compliance BC’s Three Personal Data Rules Rule one: “If you don’t use it remove it” Rule two: “If you use it anonymise it” Rule three: “If no to 1 and 2, prove what you can do”

6 Checking Compliance 1. Start With An Audit - see the British Canoeing Toolkit bit.ly/BCGDPRToolkit What data is captured and how (name, , Word doc, paper) Why is this data processed? (e.g. membership admin, race admin) Whose data is being processed? (e.g. member, athlete, volunteer) Where is it manipulated? (e.g. Spreadsheet on laptop, Google Docs, paper)  Processing Security Measures (password, encryption, https) Where is it stored? (e.g. Laptop, Google Drive) Storage Security Measures (Google Drive security, passwords) Data Source (3rd Party, individual)

7 Checking Compliance 2. Six legal reasons to process personal data
After the audit, consider BC’s rule 3, “prove what you can do”: You have proof of consent from the person whose data you are processing. You need to process the data for contractual reasons. You need to process the data to meet a legal obligation. You need to process the data for the vital interests of the data subject or of another natural person. You need to process the data because it is in the public interest to do so. You have a legitimate interest in processing the data. If you are relying on consent you need to prove you have it, and you need to keep getting it. You also need to make it easy for people to remove consent.

8 Processing Notices and Policies
By this point you would have either deleted data, anonymised it or have a documented legal justification for processing and retaining data. You should also be aware of data security levels for storage and processing. You now need to update your data capture notices and privacy statement to reflect your conclusions. Remember, the GDPR is about transparency. You need to tell people EXACTLY what you are going to do with the data. Sample notices are available in the Toolkit If you are collecting children’s personal data, then you need to make sure that your privacy policy is written in plain English.   Also obtain consent from the child’s parent/guardian to process the personal data, as well as any marketing communications you seek to send to the child (under 16 years).

9 Processing Notices and Policies
Here are some of the areas you may need to update your data notices and policies. Sample data privacy policy in Toolkit: bit.ly/BCGDPRToolkit Explain that data may be shared with other competition or event providers. Explain that data will be shared with team managers to aid event entry. Newsletter communications need to be opt in only. The default position should be that a person will not be signed up when they send you data. Requests to keep people up to date by SMS, , phone etc need to have separate check boxes and be opt-in only. Explain that data will be shared with committee members for administrative purposes. Explain that membership data collected will be shared with British Canoeing or relevant home nations.

10 Security Best Practises
Install Anti Virus software on your computers Sophos (free home edition) Use VPN software to protect traffic PIA, Cyberghost Use a secure password on all devices (computers, tablets, phones) Use a password manager like Lastpass (lastpass.com) Use 2 step verification where you can, especially & banking

11 Security Best Practises
Encrypt computers and phones Windows 10 Pro - Bitlocker Apple Mac - File Vault Android and iphones have built in encryption Don’t leave your laptop or phone unattended in public places Never go on public WIFI with your business device without VPN

12 Security Best Practises
Be careful who you CC when sending s Can you BC (Blind Copy) instead? Do not open attachments unless expecting it If your not sure call the sender to confirm If a device containing personal data is lost or stolen, report it to BC IT immediately Send attachments with sensitive information password protected Winrar

Download ppt "Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit gdpr@britishcanoeing.org.uk."

Similar presentations

Data Protection.

Data Protection.
Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.

Guide to Massachusetts Data Privacy Laws & Steps you can take towards Compliance.
Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.

Copyright © 2014 Merck Sharp & Dohme Corp., a subsidiary of Merck & Co., Inc. All rights reserved. In practice, how do we recognize a potential Privacy.
Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.

Research Development for Android Coopman Tom. What is Android?  Smartphone operating system  Google  Popular  ‘Easy to develop’  Open-Source  Linux.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,

DATA SECURITY Social Security Numbers, Credit Card Numbers, Bank Account Numbers, Personal Health Information, Student and/or Staff Personal Information,
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.

Course: Introduction to Computers Lecture: 6.  Commercial software is covered by Copyrights.  You have to pay for it and register to have the license.
Practical Information Management

Practical Information Management
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma
ESCCO Data Security Training David Dixon September 2014.

ESCCO Data Security Training David Dixon September 2014.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
SECURITY OF INFORMATION Unit 3c. Click to return to Sum up page HOW TO PROTECT DATA AND COMPUTERS Computers can be locked in a room CCTV and alarms to.

SECURITY OF INFORMATION Unit 3c. Click to return to Sum up page HOW TO PROTECT DATA AND COMPUTERS Computers can be locked in a room CCTV and alarms to.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,

Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
Joel Rosenblatt Director, Computer and Network Security September 10, 2013.

Joel Rosenblatt Director, Computer and Network Security September 10, 2013.
IT tools to communicate By Suleman Kalam. Podcast What is Podcasts? A podcasts is a downloadable media file which can be downloaded into many electronic.

IT tools to communicate By Suleman Kalam. Podcast What is Podcasts? A podcasts is a downloadable media file which can be downloaded into many electronic.

Similar presentations

Ads by Google