GDPR: How to ensure a culture of compliance

Slides:



Advertisements
Similar presentations
Webinar: How to handle PRP appeals Presented by Heather Mitchell, employment lawyer at Browne Jacobson.
Advertisements

Making the most out of Wildern Supporting your children as they start their Wildern journey to ensure they get the best results when they leave us in 2019!
SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Public Bodies Governance Conference 8 March 2013 Performance and risk: keeping your finger on the pulse!
Privacy and Information Management ICT Guidelines.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
Fraud Risk – some context first Year ending September 2015 there were 604,601 fraud offences reported (ONS) The National Fraud Indicator report in 2013.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Management and the Departing Employee.
How to minimise the risks for your children online
General Data Protection Regulation (EU 2016/679)
Data Protection Regulation
Tony Sheppard Mobile Guardian
KCSIE 2016: Ensuring implementation in your school or setting
Information Governance Support Information Governance Services
Nick MacKenzie, Partner, Browne Jacobson LLP
GDPR – What’s it all about???
Volunteers Governors New members of Staff
General Data Protection Regulations: what you really need to know
Governor Visits to School
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR IS A DATA PROTECTION GAME CHANGER
GDPR support January GDPR support January 2018.
Chapter 3: IRS and FTC Data Security Rules
General Data Protection Regulations
How to Be a Successful Student
STOP. THINK. CONNECT. Online Safety Quiz.
GDPR – The Role of the Data Protection Officer (DPO)
Reporting personal data breaches to the ICO
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
Investing in good health at work
The session will commence at Please mute your microphone
GDPR in schools and academies
GDPR and Health and Safety
Go For The Goal! Consumer Education
Information Governance
Data protection in the Education Sector - understanding the impact of GDPR Tuesday 23rd January 2018.
Data Protection and GDPR – An introduction for Baptist Churches
Data Protection and Information Security
Data Protection principles
Data Protection Managing risk is not just about health and safety and insurance. It’s about data protection too. New stricter data protection legislation.
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
GDPR (General Data Protection Regulation)
IT & Security Training Skills.
Preparing for GDPR Sharing experiences of the process and using the British Canoeing Toolkit bit.ly/BCGDPRToolkit
How we’ll prepare for the General Data Protection Regulation (GDPR)
Information management and communication
Safeguarding For prayer spaces
GDPR Please don’t panic!
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
GDPR Quiz Today’s trainer: Click here to use Kahoot! 1
A sneak peek at OurSCHOOL in
Where are you now with GDPR?
Data Management Ethical considerations for educational research
 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:
“Seven-minute Safeguarding Staff Meeting”
Understanding Data Protection
Clerks’ Networking Session
What Governors need to know about GDPR
Keeping children safe in education Child protection supervision skills 28th April
The General Data Protection Regulations 2016
Employee Cybersecurity Program
GDPR success: Evidencing outcomes
GDPR (General Data Protection Regulations) -What do we know about it?
D&I Strategic Planning Update
GDPR Workshop – Partnerships for Jewish Schools
Kickboard Introduction for Families
TRAINING EVENING.
Privacy and Security Basics Training
Presentation transcript:

GDPR: How to ensure a culture of compliance Dai Durbridge

Understanding why behaviours and practices need to change Types of behaviour that may well breach GDPR How best to change behaviours to ensure compliance

The basics Up to €20,000,000 fine Get your policies and other docs in order Appoint your DPO All achievable by 25 May 2018 and gets you 80% of the way there

The basics The final 20% is the culture change Not going to be achieved in next nine weeks Need longer to win hearts and minds

Why behaviours and practices need to change

Behaviours and practices change Up to €20,000,000 fine Accountability and compliance focus under GDPR “Keep it just in case” mantra Privacy and data security not at the forefront of minds

Behaviours and practices change Rely too heavily on broad consent for our reason for processing Moving to a regime where privacy and data security need to be thought about with the same seriousness as safeguarding in schools

Types of behaviour that breach GDPR

Types of behaviours USB pen drives Member of staff downloads personal data onto USB drive and loses it. Would the member of staff tell you…?

Types of behaviours Subject access request You receive an email from Jeffhughes@hotmail.com asking for copies of his records (former pupil) Do you provide them? Is he who he says he is? Paranoia, adversarial, distrusting

Types of behaviours Governor using personal email address Governor emails your lawyers from her slinkysue@gmail.com account with the subject line ‘dismissal of headteacher’ and content including allegations, salary and proposed settlement terms Problem?

Types of behaviours Downloading onto home computer Staff member remotely accesses the school system and downloads safeguarding information to his home computer What are the risks?

Types of behaviours Leaving laptop in the car overnight Teacher has a school laptop and leaves in the car overnight. The car is broken into. The laptop is password protected, but the password is ‘password’. It is not encrypted. Does this sound realistic? What’s on the laptop? What are the risks?

Types of behaviours Emails accessed on personal phone Staff member confirms that absolutely no one else can access the phone…accept her husband and the kids to play games. Assures you they’d never look at her emails… Is this a risk?

How best to change behaviours to ensure compliance Dai Durbridge

Changing behaviours A balance to be struck between changing behaviours and adding safeguards to existing behaviours May not need to stop anything, but may need to build processes and procedures around approaches to ensure and evidence compliance Some behaviours will need to change

Changing behaviours Case studies: USB pen drives governor personal email addresses downloading onto home computer laptop in car emails on personal phone.

Changing behaviours Can’t change behaviours overnight Has to be done at the right time at the right pace in the right way Unlikely to be achieved in the next nine weeks

Changing behaviours Don’t mention GDPR Position it as changing working practices to make staff lives better Remote working Not lugging documents around Heightened security to protect their own hardware

Changing behaviours Help them with new skills How to guides Top tips Do it for them! Outcome is more important than timeframe

Outcomes All about the evidence Review how staff are trained and how regular updates are provided Think about ways to engage staff and evidence outcomes: staff quiz survey monkey questions in team meeting plenty of others.

Our tookit https://www.brownejacobson.com/education/products/gdpr-toolkit-for-schools Browne Jacobson GDPR toolkit for schools £700 plus VAT £575 plus VAT for Optimus members Available next week

www.brownejacobson.com/education

Dai Durbridge| 0330 045 2105| dai.durbridge@brownejacobson.com Please note The information contained in these notes is based on the position at March 2018. It does, of course, only represent a summary of the subject matter covered and is not intended to be a substitute for detailed advice. If you would like to discuss any of the matters covered in further detail, our team would be happy to do so. © Browne Jacobson LLP 2018. Browne Jacobson LLP is a limited liability partnership. Dai Durbridge| 0330 045 2105| dai.durbridge@brownejacobson.com

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.