Presentation is loading. Please wait.

Presentation is loading. Please wait.

The General Data Protection Regulation Six months on – What’s changed

Published byZoe Lee Modified over 5 years ago

Similar presentations

Presentation on theme: "The General Data Protection Regulation Six months on – What’s changed"— Presentation transcript:

1 The General Data Protection Regulation Six months on – What’s changed
John Harle Data Protection Officer for: Bay Education Trust Coast Academies Trust Maids Care CIC

2

3 Objectives of the presentation
What is GDPR and what changed from the data protection act 1998; The post 25th May 2018 data world; How much information is too much information; The school DPO view, what do I expect to see from companies wanting to work with schools; General questions and concerns from you.

4 Who am I? Been in education now for two years and I am currently the Data Protection Officer for Bay Education Trust, Coast Academies Trust and a Social Care Provider in South Devon. I was formerly the Information Governance Manager for NHS Northern, Eastern and Western Devon Clinical Commissioning Group. Essentially, if someone wanted your health information, they had to go through me.

5

6 GDPR and the Data Protection Act 2018 – The principles
Reduction from 8 principles to six, they are found in article 5 of GDPR Personal data must be processed fairly, lawfully and transparently (lawfulness, fairness and transparency) Personal data must only be collected for specified, explicit and legitimate purposes (purpose limitations) Only collect data which is necessary for the business function (Data minimisation) Data must be kept accurate and current (Accuracy) Data must not be retained for longer than is necessary (Storage limitation) The confidentiality and integrity of personal data must always be maintained (Integrity and confidentiality)

7 GDPR and the Data Protection Act 2018 – The principles
Whilst not a fundamental principle, it is vitally important: The need to demonstrate Accountability and Compliance This can have major implications (and headaches) for DPO’s if it is not achieved – not only do you have to adhere, you have to be able to demonstrate it.

8 GDPR and the Data Protection Act 2018 – The fundamental rights
Right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right do data portability The right to object The rights in relation to automatic decision making and profiling.

9 GDPR and the Data Protection Act 2018 – Exemptions
Not a huge amount has changed from the DPA 1998 and many of the exceptions are included in this. Specific categories which are exempt in education include: Education data processed by the courts; Education data serious harm Education data restriction of the right of access. More information can be found on the below webpage

10 The Post 25th May 2018 world - The view of the Information Commissioner
Fines have increased significantly and current cases demonstrate that they are not afraid to issue enforcement penalties (up to 17 million pounds or 4% of global turnover) The ICO view is that they will continue to review and monitor as they were pre GDPR days; however They will be looking at specific cases and amending the guidance as they go along. Essentially, as more clarity is obtained, the more stringent the ICO will become on enforcement action. How I understand this is that you have to be able to justify why you have taken a specific course of action at that given time.

11 The post 25th May 2018 – How much information is too much
What is your view on this? Consent is king in any data protection process but this doesn’t mean you can collect anything you want, it is still subject to the DPA principles and remember, you have to justify why you have collected it if challenged. The ICO may need to be contacted for advice if you cannot mitigate the risks involved in a project.

12 What am I expecting to see from any provider
Are your policies and procedures up to date including privacy notices? Is the information you a requesting or wish to share in line with the principles set out in the DPA 2018? How will you keep our information secure? What is your disaster recovery processes? Data flow mapping A valid information sharing agreement, this can be as part of a contract of service and clearly sets out the above information including breach notification and key contacts Once the above has been satisfied, I would be happy to allow the information to flow between organisations.

13 Any questions? Be gentle

14 Key pages and documents
Data Protection Act 2018 Schedule 3 – Part 4 (Education Data) Bay Education Trust policies and procedures including Data Protection policies and privacy notices ICO GDPR Pages

15 Contact details John Harle – DPO for Bay Education Trust
I am here for the day so if there are any additional questions you can think of, please don’t hesitate to come and have a chat with me.

Download ppt "The General Data Protection Regulation Six months on – What’s changed"

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Preparing for a data protection audit 28 September 2017

Preparing for a data protection audit 28 September 2017
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
International Regulatory Trends

International Regulatory Trends
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
The EU General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR)
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
INTRODUCTION TO GDPR 19/09/2018.

INTRODUCTION TO GDPR 19/09/2018.
Data protection reform:

Data protection reform:

Similar presentations

Ads by Google