Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR Quiz Today’s trainer: Click here to use Kahoot! 1

Published bySamuel Hart Modified over 5 years ago

Similar presentations

Presentation on theme: "GDPR Quiz Today’s trainer: Click here to use Kahoot! 1"— Presentation transcript:

1 GDPR Quiz Today’s trainer: Click here to use Kahoot! 1
Insert your name here! Today’s trainer: You are welcome to adapt the training session to suit your venue, requirements, learner needs and the context of your training, ensuring you’re retaining the key learning points. The accompanying training plan contains the key learning points and activities for each slide. In these PowerPoint trainer notes you will find background context and/or suggested delivery ideas to help you as a trainer as appropriate. Click here to use Kahoot! 1

2 How much can organisations be fined for a data breach?
€2,000. €20,000. €2 million. €20 million. 2

3 How much can organisations be fined for a data breach?
d) €20 million. d) €20 million is the maximum fine, or 4% of an organisation’s annual turnover (for the previous year), whichever is greater. Beyond the financial ramifications, data breaches can damage an organisation’s reputation and can be extremely detrimental to those whose data is shared.  3

4 2. Which of the following Girlguiding documents is unlikely to contain any personal data when completed? Starting form. Risk Assessment form. Residential Event Notification and Approval form. Health Information form. 4

5 2. Which of the following Girlguiding documents is unlikely to contain any personal data when completed? b) Risk Assessment form. b) Risk Assessment form, as long as it contains no personal data.   5

6 3. If you have a general question about data protection, where should you go for more information?
Always go to your commissioner first. Check out the GDPR webpages on the website. Liaise with your country/region office. Contact the Data Protection team at Girlguiding HQ by or phone. 6

7 3. If you have a general question about data protection, where should you go for more information?
b) Check out the GDPR webpages on the website. b) Check out the GDPR webpages. You can, of course, speak to your commissioner or anyone else, but our GDPR webpages are a good place to look. If you can’t find an answer there, contact the Data Protection team at Girlguiding HQ. If you need to report a breach, contact the Data Protection team as soon as you can.   You’ll find more information on our GDPR webpages - 7

8 4. Data protection is guided by certain principles on how we should handle data. Which one of the following is not one of these principles? Only collect what is necessary. Ensure data is accurate and up to date. Ensure data is not duplicated to minimise spread of data. Don’t keep data longer than required and dispose of it properly. 8

9 4. Data protection is guided by certain principles on how we should handle data. Which one of the following is not one of these principles? c) Ensure data is not duplicated to minimise spread of data. c) Ensure data is not duplicated to minimise its spread. Although data should be as streamlined as possible, this is not one of the principles. You’ll find more information on ‘The seven data protection principles’ on our GDPR webpages - 9

10 5. Where’s the best place to store personal data that you collect?
On GO. On your home computer. In your unit information folder. On your online storage drive. 10

11 5. Where’s the best place to store personal data that you collect?
On GO. a) On GO. You’ll find more information on ‘Collecting personal data’ on our GDPR webpages - 11

12 When a breach occurs, what is the maximum time you have to report it?
12 hours. 24 hours. 48 hours. There isn’t a limit. 12

13 When a breach occurs, what is the maximum time you have to report it?
c) 48 hours. Data breach notification form on website. c) 48 hours. You should report a data breach as soon as you can, but have a maximum of 48 hours to do so. Complete a data breach report form and it to at Girlguiding HQ. If you can’t find the form, or call the Data Protection team ( , extension 3060). If you’re not sure what’s happened or whether what you’ve found is a data breach, the rule is: If in doubt, report – it’s better to over-report than under-report. You will still report, even if you were able to get the data back, as Girlguiding HQ must, by law, keep a record of all actual and potential breaches. You’ll find more information on ‘Reporting a data breach’ on our GDPR webpages - 13

14 What is not true about data consent?
It must be made clear to the individual how their data will be used. Only share a volunteer’s personal data you have consent for. Otherwise, you’ll need to seek consent again. If you’re unsure about consent, contact the data protection officer at Girlguiding HQ. Consent must be obtained before you contact members and volunteers. 14

15 What is not true about data consent?
d) Consent must be obtained before you contact members and volunteers. d) The legal basis of ‘legitimate interest’ allows Girlguiding to use personal data without consent because it is necessary for us to do this for a person to participate in Girlguiding.   This is made clear to members and volunteers when they register their interest with Girlguiding. However, if we want to contact members or volunteers about non-essential things, for example, marketing a product or a fundraising event, or wish to use photos of them for promotion, additional consent will need to be obtained.    You’ll find more information on Girlguiding’s Managing Information policy on our GDPR webpages - 15

16 What type of data use does not require additional consent to be sought?
ing volunteers about a training event. Sharing photos with parents/carers of their daughters’ unit camping trip. Letting parents know about an upcoming event to raise funds for an international trip. Sharing girls’ access and dietary needs with a venue for an upcoming trip. 16

17 What type of data use does not require additional consent to be sought?
ing volunteers about a training event. a) ing volunteers about a training event. We can volunteers, members and parents/carers about things essential to their involvement in Girlguiding. If we want to contact volunteers, members or parents/carers about non-essential things, for example, a fundraising event, taking and sharing of photos, or sharing their data with a third party (for example, a venue), we need to collect additional consent for this. You’ll find more information on ‘Collecting personal data’ on our GDPR webpages - 17

18 You need to email a spreadsheet containing personal data
You need to a spreadsheet containing personal data. How should you send it? Send it as a password protected attachment with the password in the body of the . Paste the information into the body of the . Send it as a password protected attachment and send the password as a separate text message. Send the document as a standard attachment. 18

19 You need to email a spreadsheet containing personal data
You need to a spreadsheet containing personal data. How should you send it? c) Send it as a password protected attachment and send the password as a separate text message. c)  is not secure, so always send a spreadsheet as a password protected attachment and send the password as a separate text message. This is the safest option.   You’ll find more information on ‘Sharing and downloading data’ on our GDPR webpages -   19

20 10. Your unit went on a trip to the local climbing centre and one of the girls sprained her ankle. What should you do with the Consent and Health Information forms after the event? Destroy them all, once the event is over. Keep them all for six months in your unit filing system. Send all of the forms to the Insurance team at Girlguiding HQ. Send the forms of the injured girl to the Insurance team at Girlguiding HQ and destroy the rest securely once Girlguiding HQ has confirmed receiving the girl’s forms. 20

21 10. Your unit went on a trip to the local climbing centre and one of the girls sprained her ankle. What should you do with the Consent and Health Information forms after the event? d) Send the forms of the injured girl to the Insurance team at Girlguiding HQ and destroy the rest securely once Girlguiding HQ has confirmed receiving the girl’s forms. d) Send the forms for the girl who was injured to the Insurance team at Girlguiding HQ and destroy the rest of the forms securely once Girlguiding HQ has confirmed receiving them. (Also send the team the Risk Assessment form, if there is one.)  Remember the golden rule: if you don’t actively need it for a specific purpose, destroy it securely. At Girlguiding, we only need to keep personal data when the law requires us to do so. There’s only a minimum amount of personal data that needs to be kept by units. This includes unit financial records and risk assessments.   See the Girlguiding GDPR webpages for more information on how long you should keep different types of data.  You’ll find more information on ‘Retention and destroying data’ on our GDPR webpages -   21

22 11. As an individual you have certain rights over your data, one of which is being able to see what data Girlguiding holds on you. How long after a request must Girlguiding share what data it holds on you, if asked? 30 days. 20 days. It depends on the data. As soon as possible. 22

23 11. As an individual you have certain rights over your data, one of which is being able to see what data Girlguiding holds on you. How long after a request must Girlguiding share what data it holds on you, if asked? 30 days. 30 days. Girlguiding has 30 days to report on the data it holds on you. Requesting data about yourself is called a subject access request (SAR). If a volunteer asks you for this, ask them to complete a personal data request form.   You’ll find more information on ‘What are the rights on personal data?’ in our GDPR webpages - 23

Download ppt "GDPR Quiz Today’s trainer: Click here to use Kahoot! 1"

Similar presentations

Data Protection.

Data Protection.
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Practical Information Management

Practical Information Management
EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.
“One Workforce: A Better Future for Children and Young People in Bromley.” Contact us: Bromley Children & Young People Partnership c/o Civic Centre (Room.

“One Workforce: A Better Future for Children and Young People in Bromley.” Contact us: Bromley Children & Young People Partnership c/o Civic Centre (Room.
DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.

DATA PROTECTION & FREEDOM OF INFORMATION. What is the difference between Data Protection & Freedom of Information? The Data Protection Act allows you.
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.
Information Management and the Departing Employee.

Information Management and the Departing Employee.
Information Governance A refresher for all staff who have previously gone through the full course.

Information Governance A refresher for all staff who have previously gone through the full course.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
UNHCR‘s Policy on the Protection of Personal Data of Persons of Concern - An introduction (October 2016)

UNHCR‘s Policy on the Protection of Personal Data of Persons of Concern - An introduction (October 2016)
PowerPoint presentation

PowerPoint presentation
What Does GDPR mean for you

What Does GDPR mean for you
Incident Management: Recording New Incidents User Guide

Incident Management: Recording New Incidents User Guide
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017

Similar presentations

Ads by Google