General Data Protection Regulations 2018

Slides:



Advertisements
Similar presentations
Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Advertisements

Administrative Systems and the Law What you need to know to produce an oral presentation for Unit 7 When the presentations will take place Resources you.
The Data Protection (Jersey) Law 2005.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
1 Pertemuan 7 Points of Exposure Matakuliah:A0334/Pengendalian Lingkungan Online Tahun: 2005 Versi: 1/1.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Professional Values and Basic Business Legislation.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
What is personal data? Personal data is data about an individual which they consider to be private.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
LEGISLATION. DATA PROTECTION ACT (1998) The aim of this act give people the right to know what information is held about them. It also sets out rules.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
GCSE ICT Data and you: The Data Protection Act. Loyalty cards Many companies use loyalty cards to encourage consumers to use their shops and services.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Data protection—training materials [Name and details of speaker]
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998
The Data Protection Act 1998
GDPR 12 POINTS 679/2016 DATA LEX 2016.
Making the Connection ISO Master Class An Overview.
PowerPoint presentation
CISI – Financial Products, Markets & Services
Data Protection and Confidentiality
Trevor Ellis Trainee Programmer (1981 – 28 years ago)
General Data Protection Regulations: what you really need to know
General Data Protection Regulation
Data Protection Act.
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
The Data Protection Act 1998
Data Protection Update – GDPR or bust
Data Protection Legislation
CIPD Foundation Certificate and Diploma in Human Resource Practice
Data Protection & Freedom of Information- An Introduction
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
New Data Protection Legislation
Pam Millington Area 4 co-ordinator
Information Governance
G.D.P.R General Data Protection Regulations
Introduction to Records Management, FOI & Data Protection
The new data protection rules
General Data Protection Regulation
Data Protection principles
Data Protection and You
Data Protection in Schools
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
A whistle stop tour of GDPR
Information management and communication
General Data Protection Regulations (GDPR) Training
What is the Data Protection Act (DPA)? 1998
Data Protection in Schools
#eaThinkData Get Ready for GDPR #eaThinkData.
Privacy and Cyber Security for Payroll Pros: A Global Perspective
What Governors need to know about GDPR
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
Identify the laws and guidelines that affect day-to-day use of IT.
Data Protection What can I do? GDPR Principles General Data Protection
GDPR Session
General Data Protection Regulation Community Councils
Presentation transcript:

General Data Protection Regulations 2018 EVOLUTION HR LIMITED Make the most of your people General Data Protection Regulations 2018 (GDPR)

GDPR - The General Data Protection Regulation The GDPR will come into force on 25 May 2018. The regulation replaces the current Data Protection Act. Both employers and their employees have new responsibilities to consider to help ensure compliance. After Britain leaves the European Union, a new UK Data Protection Act will ensure that the GDPR principles remain in UK law. Organisations must have a valid reason for having personal data and the data should not be held for any longer than necessary. What is GDPR? The GDPR is concerned with respecting the rights of individuals when processing their personal information. The regulation is mandatory and all organisations that hold or process personal data must comply

Regulation Principles. Personal data should be processed fairly, lawfully and in a transparent manner. Data should be obtained for specified and lawful purposes and not further processed in a manner that is incompatible with those purposes. The data should be adequate, relevant and not excessive. The data should be accurate and where necessary kept up to date. Data should not be kept for longer than necessary. Data should be kept secure.

Who does GDPR apply to? The GDPR applies to any organisation that handles personal data. All staff have a responsibility to ensure that their activities comply with the data protection principles. Line managers have responsibility for the type of personal data they collect and how they use it. Staff should not disclose personal data outside the organisation's procedures, or use personal data held on others for their own purposes.

What is personal data? Personal data is data that relates to an identified or identifiable individual and is: • processed electronically • kept in a filing system • part of an accessible record, for example an education record • held by a public authority. This includes data that does not name an individual but could potentially identify them. Employers should ensure staff are aware that any personal data they have in their possession will also be subject to the regulation. An organisation must have a lawful basis for handling any personal data.

How long can information be kept? Monitoring employees If employers are monitoring their staff, for example to detect crime, they are required to make their workers aware of the nature and reason for the monitoring. This is applicable whether the monitoring is taking place using CCTV, accessing a worker's email or telephone calls or in any other way. How long can information be kept? Information must not be kept for longer than is necessary for the purpose it was collected for While there is no set period of time set out within the GDPR, some records must be kept for a certain period of time in accordance with other legislation. For example, HMRC require payroll records to be kept for three years from the end of the tax year that they relate to.

How can employers comply with the regulation? To ensure its compliance to the GDPR, an organisation must: have a clear privacy policy for handling personal data and ensure it is not held for longer than is necessary have a legal basis for acquiring and/or using any personal data ensure that all staff are aware of the privacy policy and follow it respond to subject access requests (sometimes called personal data requests) within one month if there is a personal data breach that is likely to result in a risk to the rights and freedom of an individual, inform the ICO within 72 hours and, if the risk is deemed to be high, also inform the individual concerned.

A worker's right to request their personal data Workers have a right to access information that an employer may hold on them. This could include information regarding any grievances or disciplinary action, or information obtained through monitoring processes. If the employer is unable or unwilling to agree to the request, a worker could make a Subject Access Request. Arrangements should already be in place to deal with Subject Access Requests as a 40 day time limit is currently stipulated under the Data Protection Act. This time limit shortens to one month under the GDPR. If an employer refuses a request they must inform the individual within one month: • why they have refused the request • that the individual has the right to complain to the supervisory authority and to a judicial remedy.

Information Commissioner’s Office Further Support Information Commissioner’s Office ACAS