Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection.

Published byChaz Whiteside Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Protection."— Presentation transcript:

1 Data Protection

2 The Data Protection Rules
Fair obtaining & processing Consent Specified purpose No disclosure unless “compatible” Safe and secure Accurate, up-to-date Relevant, not excessive Retention period Right of access

3 The Acts create: Background Data Protection Acts, 1998 RIGHTS for
individuals RESPONSIBILITIES users of personal data

4 Rights and Obligations
Rights of “data subject” (= identifiable, living individual) to control the use of their “personal data” Obligations on “data controllers” (“a person who controls the contents and use of personal data”) and “data processors” (“A person who processes personal data on behalf of a data controller”)

5 Definitions(1) Personal Data Data Manual Data
Any Data relating to a living identifiable individual Data Automated data or structured manual data Manual Data Structured by reference to individuals in a way that makes data readily accessible

6 Definitions(2) Data Controller Data Processor
a person who controls the contents and use of personal data Data Processor A person who processes personal data on behalf of a data controller

7 Definitions(3) Data Subject Processing
an individual who is the subject of personal data Processing Anything done with personal data, from collection to disposal

8 Sensitive Data (special protection)
Physical or mental health Racial origin Political opinions Religious or other beliefs Criminal convictions Alleged commission of offence Trade Union membership

9 Rights of Individuals to fairness when giving information
to get a copy of their personal information – includes both computer and certain manual files to have wrong information corrected to opt out of marketing - includes mail & phone to complain to the Data Commissioner

10 Obtain & Process Fairly I
Rule 1 Obtain & Process Fairly I Data controller must give full information about identity purposes disclosees any other data necessary for “fairness” Third party data controllers must contact data subject to provide these details must give name of original data controller

11 Obtain & Process Fairly II
Rule 1 Obtain & Process Fairly II One of these conditions required: Consent Legal obligation Contract with individual Necessary to protect vital interests Necessary for a public function (Justice) necessary for ‘legitimate interests’

12 Processing Sensitive Data
Rule 1 Processing Sensitive Data One of these additional conditions is required Explicit consent Necessary under employment law To prevent injury or protect vital interests Process the data of members/clients of non-profit orgs. Legal advice For Medical Purposes Statutory function

13 Disclosure Policy The Data Controller should have a policy in place to determine how requests for data from third parties are handled. This policy should be consulted by appropriate staff members

14 Keep Safe and Secure Rule 4 Appropriate security measures
Appropriate to the harm that might result.. Appropriate to the nature of the data May have regard to cost of implementation May have regard to the current state of technology Staff must know and comply with measures Internal review of security measures-part of Internal Audit function ?

15 Security - practical Care must also be taken regarding paper records, especially sensitive or financial data. Ideally data not left in a way that non-relevant staff can access files. Attention paid to how visitors move around an office.

16 Data Protection Training.
Obligation on employer to ensure staff are aware of data protection obligations. Training Policy. A Code of Practice. Person in charge

17 Accurate, Complete and Up-to-Date
Rule 5 Accurate, Complete and Up-to-Date Longer personal data is held, more likely it will be inaccurate and out-of-date Right to have errors rectified (see later)

18 Relevant and not Excessive
Rule 6 Relevant and not Excessive No right to ask for, or hold, information not relevant to service etc being provided Challenge: who do you need all this personal data ?

19 Retain no longer than necessary
Rule 7 Retain no longer than necessary Legal obligations to hold data? Customer files Do you need to hold all that data? Payment records might have one retention period Exam results might have longer retention period Credit card details retained with consent Must have policy thought through Defend retention as necessary for purpose.

20 Right of Access: Empowerment
Rule 8 Right of Access: Empowerment The Right of Access empowers individuals by enabling them to supervise the processing of their personal data.

21 Right of erasure Doesn’t apply if you have a lawful purpose in retaining data Such as auditing or accreditation purposes

Download ppt "Data Protection."

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Data Protection: Your Duties as a Data Controller

Data Protection: Your Duties as a Data Controller
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection and Records Management

Data Protection and Records Management
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
Data Protection & Government Departments Seán Sweeney Assistant Commissioner Office of the Data Protection Commissioner Ireland Gibraltar January 2006.

Data Protection & Government Departments Seán Sweeney Assistant Commissioner Office of the Data Protection Commissioner Ireland Gibraltar January 2006.
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.

Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
Data Protection & Law Enforcement Seán Sweeney Assistant Commissioner Office of the Data Protection Commissioner Ireland Gibraltar January 27 th 2006.

Data Protection & Law Enforcement Seán Sweeney Assistant Commissioner Office of the Data Protection Commissioner Ireland Gibraltar January 27 th 2006.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
The Freedom of Information and Data Protection Legislation An Overview Ann McKeon November 2014.

The Freedom of Information and Data Protection Legislation An Overview Ann McKeon November 2014.

Similar presentations

Ads by Google