Presentation is loading. Please wait.

Presentation is loading. Please wait.

The General Data Protection Regulations 2016

Published byBenjámin Boros Modified over 5 years ago

Similar presentations

Presentation on theme: "The General Data Protection Regulations 2016"— Presentation transcript:

1 The General Data Protection Regulations 2016
Autumn 2017

2 General Data Protection Regulation Session 1
By Kristie Marshman Policy & Assurance Team Leicestershire County Council

3 06/05/2019 What is the GDPR? Replaces our current Data Protection Act 1998 on the 25th May 2018. Takes the current legislation and adds considerable obligations in respect of accountability, transparency and data subjects rights. Legally requires privacy to be imbedded into all organisations who process personal data - through the very core of their operations. This means it is at the heart of every decision or project. Requires the data controller to be able to demonstrate compliance with the GDPR at a visible level in some instances and at request in all others. Introduces monetary penalty notices of substantial amounts, but more importantly widens the scope of where those penalties can be applied.

4 What changes does the GDPR bring?
06/05/2019 What changes does the GDPR bring? Accountability Being able to demonstrate compliance, some of which will need to be published online or reported to the ICO. What does this mean? Outside of this requirement, the data controller would need to produce compliance evidence at any time. In what circumstances?

5 Examples of some of the types of evidence required:
Data protection policies, procedures and guidance Data protection training materials and records Information asset registers Information audits and reports Data subjects rights procedures Data protection impact assessments Contract compliance Consent recording Information security standards

6 What changes does the GDPR bring? Cont.
06/05/2019 What changes does the GDPR bring? Cont. Data Subjects Rights – Some of these exist under our current Act; others are introduced for the first time in the GDPR. All rights will have a legal deadline of 1 month for the organisation to respond to a request for information. Fair Processing Notices/Privacy Notices Information to be provided where personal data is collected from the data subject Information to be provided where personal data has not been obtained from the data subject.

7 Data Subject Rights cont.
Right of access by the data subject Right to rectification Right to erasure (right to be forgotten) Right to restriction of processing Right to data portability Right to object to processing Right to object to automated decision making, including profiling

8 What changes does the GDPR bring?
Tasks Organisations will need to undertake processes that need to be completed by an experienced data protection professional. Most of these are already a requirement under the current Data Protection Act 1998, however, they inherently change with the new requirements of the GDPR. Responding to complaints, from both the public and the ICO Information security incidents Responding to data subjects rights Completing data protection impact assessments

9 Tasks cont. Writing policies, procedures and guidance for the organisations Designing and delivering numerous training packages on data protection each year. Completing information audits Keeping an information asset register Keeping a retention schedule Ensuring any contracts are legally compliant with data protection Corresponding with the ICO

10 The Data Protection Officer (DPO)
06/05/2019 The Data Protection Officer (DPO) The original legislation made a DPO a legal requirement for schools. Where a DPO is a legal requirement – data controllers have to employ the services of one. Where a DPO is not a legal requirement – your organisation will need an individual with the same skill set in order to be compliant. Your organisation is unlikely to be legally compliant without the services of a DPO or someone with the relevant professional qualities.

11 The DPO DPO must not have a conflict of interest
DPO cannot be fired for carrying out their tasks DPO must report to the highest level of management DPO cannot be given instructions on their tasks DPO informs, advises and monitors compliance with GDPR DPO is the contact point for the ICO and their details must be given to the ICO on or before 25th May 2018 if the organisation is legally required to have one.

12 What are the strategic requirements?
Information Governance Framework Policies, procedures and guidance are in place and reviewed yearly Roles and responsibilities are clear and understood by all How data protection works with contractors, public sector organisations and 3rd parties Monitoring and reporting on performance Business continuity and disaster recovery Visible support and buy-in from senior management

13 What are the strategic requirements? Cont.
06/05/2019 What are the strategic requirements? Cont. Schools will need to understand, accept and embrace the importance of data protection and information security. Current laws have been in place since However, apart from universities who generally have DPO’s already in post, the education sector is widely uncompliant with data protection. Most organisations are now implementing GDPR on the back of nearly 20 years of data protection compliance, something schools are unlikely to be able to rely upon.

14 What to do next………. Determine how your school can be compliant with the Regulations. Determine whether you would like assistance from Leicestershire County Council. There are options which the Council can consider, these are; Provide you with a resource to work towards the schools compliance. Provide you with a resource to work towards the schools compliance and to provide continued support. Provide you with a recruitment service to recruit your own Data expert.

15 Finally……… Things you need to consider:
Consider carefully before giving the Data role to someone already working in the school, they are unlikely to have the requisite knowledge (even if you do send them on a course) and it is a time consuming role. If there is a conflict of interest under the GDPR it will be unlawful. Don’t believe that the data protection levels you have implemented over the last 19 years can continue, if you wish to be legally compliant. One of the reasons that the GDPR has been introduced is because the world is changing, technology is moving forwards and people’s awareness of their privacy rights are rising.

16 Finally……… Don’t leave your data protection compliance decision too late, there will be a shortage of experienced Data experts come May next year, you will either not get one or be charged an extortionate amount for the services of one. If you wish Leicestershire County Council to help with any of the proposed options, you need to make this clear at the earliest opportunity.

17 Thank you for attending our briefing
Thank you for attending our briefing. We will the presentation to you in the next week. As always we welcome your feedback…… please take a moment to complete your evaluation form Governor Development Service Tel:

Download ppt "The General Data Protection Regulations 2016"

Similar presentations

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.

The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Overview of Structure General Data Protection Regulation (GDPR)

Overview of Structure General Data Protection Regulation (GDPR)
Introducing the General Data Protection Regulation 2016

Introducing the General Data Protection Regulation 2016
Equality and Human Rights Exchange Network

Equality and Human Rights Exchange Network
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
Implementing and reviewing additional admissions assessments

Implementing and reviewing additional admissions assessments
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017

Similar presentations

Ads by Google