Privacy: a work in progress

Slides:



Advertisements
Similar presentations
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Advertisements

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Getting data sharing right for every child
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
How the Information Commissioner’s office operates as a regulator David Smith Deputy Information Commissioner.
The Information Commissioner’s Office David Evans.
EHRs and the European Union – current legislation and future directions. Dr Richard Fitton.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
The EU General Data Protection Regulation Frank Rankin.
Getting data sharing right for every child Maureen H Falconer Senior Policy Officer Information Commissioner’s Office.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
The future of data protection: General Data Protection Regulation
Overview General Data Protection Regulation (GDPR)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection : A Practical Guide
Data Protection: EU & International
Presentation to GTMC on GDPR
Data Protection The Current Regime
General Data Protection Regulation
International Regulatory Trends
Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017
The Data Protection Act 1998
Data Protection Update – GDPR or bust
Data Protection Legislation
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
INTRODUCTION TO GDPR 19/09/2018.
Data protection reform:
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
Bob Siegel President Privacy Ref, Inc.
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
Data Protection Reform in Local Government
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
New Data Protection Legislation
Introducing the General Data Protection Regulation 2016
Data protection reform – update from the ICO
General Data Protection Regulation
Information Governance
G.D.P.R General Data Protection Regulations
The GDPR & Schools - An Introduction -
General Data Protection Regulation
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulation (GDPR)
A whistle stop tour of GDPR
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
GDPR Please don’t panic!
General Data Protection Regulations 2018
The General Data Protection Regulation Six months on – What’s changed
GDPR & Accountability ISACA Ireland Annual Conference 2018
Is Data Protection a Fundamental Right Protecting the Individual?
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Fines, Sanctions and Compensation The teeth in the GDPR & Data Protection Act 2018 by Simon McGarr, CIPP/E Data Compliance Europe.
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Data Protection for SDS Employers Alison Johnston Lead Policy Officer (Scotland) Information Commissioner’s Office.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
GDPR Session
General Data Protection Regulation Community Councils
Presentation transcript:

Privacy, GDPR and the ICO David Freeland Senior Policy Officer 14 May 2018

Privacy: a work in progress Universal Declaration of Human Rights ECHR HRA 1998 Covention 108 DPA 1984 1995 EU Directive DPA 1998 2016 EU Regulation DPA (2018) The United Nations adopted the Universal Declaration on Human Rights which contains a right for everyone to respect for their private and family life, home and correspondence free from interference from the state unless it can be justified in certain circumstances. The Council of Europe adopted its own Convention on Human Rights based on the UN declaration. The ECHR was codified into UK law by the Human Rights Act 1998. Respect for privacy of personal data is a limb of this right that has developed with the increase in the use of computers. In 1981, the Council of Europe adopted Convention 108 which was the first international agreement on data protection and led to the UK’s 1984 Data Protection Act. Convention 108 is in the process of being updated to align with the EU GDPR. In 1995, the EU legislated by means of the Directive to update protections for personal data. The UK passed the current DPA in 1998 and it came into force in 2000. Some changes were made to it by the FOI Act and other amendments have been made from time to time. A generation on, the EU decided to update the Directive and to turn it into a Regulation so that there is greater harmony in the legislation across the EU. The Regulation itself will have direct effect in all member states but there is scope for some national legislation, which the UK will exercise under a new Data Protection Act.

General Data Protection Regulation (GDPR) One unified law that applies directly to all EEA member states. Text of the Regulation - http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN However, member states are left with derogations in certain areas which they must implement in national law. General Data Protection Regulation (GDPR)

Regulation (EU) 2016/679 On the protection of natural persons with regard to the processing of personal data and the free movement of such data

UK Data Protection Bill The UK Government introduced a new Data Protection Bill on 13 September 2017. The Bill will exercise some areas of discretion left to member states in the GDPR. It also confirms the Information Commissioner will be responsible for monitoring and enforcing compliance in the UK and gives her powers to do so. You can find the latest details of the Bill on the UK Parliament website at https://services.parliament.uk/bills/2017-19/dataprotection.html. UK Data Protection Bill

Data protection principles Personal data shall be: Processed lawfully, fairly and in a transparent manner Collected for specified, explicit and legitimate purposes Adequate, relevant and limited to what is necessary Accurate and, where necessary, kept up to date Kept in an identifiable form no longer than necessary Processed in a manner that ensures appropriate security https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/principles/

The Accountability Principle The controller shall be responsible for, and be able to demonstrate compliance https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/

Data protection by design and default https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/data-protection-by-design-and-default/ Data protection by design and default

Accountability measures Data protection impact assessments Record of processing activities Notifying a personal data security breach Contracts with data processors Data Protection Officer https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/accountability-and-governance/

Show us your working!

International transfers https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/international-transfers/ International transfers

Direct marketing Direct marketing checklist - https://ico.org.uk/media/for-organisations/documents/1551/direct-marketing-checklist.pdf B2B marketing - https://ico.org.uk/for-organisations/marketing/the-rules-around-business-to-business-marketing-the-gdpr-and-pecr/

Individuals’ Rights

Data subject rights Almost all the rights are qualified Right to be informed Right of data subject access Right to data portability Right to object to processing Right to rectification Right to erasure Right to restriction Right to prevent automated decision-making More information on each of the rights can be found in our Guide to the GDPR at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/

UK Information Commissioner’s Office The ICO is the UK’s independent regulator of the Data Protection Act 1998, Privacy and Electronic Communications Regulations 2003. Its life began with the appointment of the first Data Protection Registrar in 1985 following the introduction of the 1984 DPA The ICO also regulates the Freedom of Information Act 2000 and the Environmental Information Regulations 2004 in respect of public bodies in England, Wales, Northern Ireland and UK public bodies operating in Scotland. UK Information Commissioner’s Office

Our role Make the public aware of their rights Make controllers and processors aware of their obligations Monitor and enforce the GDPR Advise on legislative and regulatory measures Handle public complaints Cooperate with other regulators

Enforcement toolkit Warnings Reprimands Require information Data protection audits Order compliance Ban or limit processing Powers of entry/inspection Administrative fines Criminal investigations

Civil and criminal courts Individuals can enforce their rights through the civil courts, including suing for compensation. This will include group claims following changes to Scottish civil litigation rules. Criminal offences in the new Data Protection Act can be prosecuted. These offences include, impeding the execution of a warrant, and wilful breaches by individuals in a way by which the data controller would not have consented. In England, Wales and Northern Ireland, the ICO is a prosecuting authority and has brought cases to court. In Scotland, we are a specialist reporting agency to the Crown Office & Procurator Fiscal Service.

For regular updates on GDPR/LED implementation, as well as other ICO news, you can subscribe to our monthly e-newsletter. https://ico.org.uk/about-the-ico/news-and-events/e-newsletter/ www.ico.org.uk/enewsletter

Keep in touch ICO Scotland 45 Melville Street Edinburgh EH3 7HL E: Scotland@ico.org.uk @iconews

Any questions?

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.