GDPR & Accountability ISACA Ireland Annual Conference 2018

Slides:



Advertisements
Similar presentations
Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Advertisements

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Big Data and data protection
Data Protection and Records Management
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Data protection and European citizens’ initiatives
The EU General Data Protection Regulation Frank Rankin.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.
General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.
The General Data Protection Regulation
Data Protection Officer’s Overview of the GDPR
GDPR (General Data Protection Regulation)
Preparing for a data protection audit 28 September 2017
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
A trust-based framework for the data-driven economy
Issues of personal data protection in scientific research
Data Protection: EU & International
Microsoft 365 Get help with regulatory compliance
Privacy Impact Assessments (PIAs)
Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation
International Regulatory Trends
Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017
GDPR Overview GDPR - General Data Protection Regulations
GDPR Overview Gydeline – October 2017
Data Protection & Freedom of Information- An Introduction
Data Protection & Human Rights
Bob Siegel President Privacy Ref, Inc.
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
The General Data Protection Regulation (GDPR)
GDPR and Health and Safety
State of the privacy union
Privacy: a work in progress
G.D.P.R General Data Protection Regulations
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
ESF Monitoring & Evaluation and Data Protection in Spain
General Data Protection Regulation
The National Working Group
Data Protection and You
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
General Data Protection Regulation (GDPR)
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
Data Protection and Audit
GDPR Workshop MEU Symposium Prague 2018
General Data Protection Regulations 2018
Data transfers to non-EU countries under the new GDPR
The General Data Protection Regulation Six months on – What’s changed
By The Data Protection Commissioner
Governing the risk of GDPR compliance
Is Data Protection a Fundamental Right Protecting the Individual?
Fines, Sanctions and Compensation The teeth in the GDPR & Data Protection Act 2018 by Simon McGarr, CIPP/E Data Compliance Europe.
GDPR PERSONDATAFORORDNINGEN I PRAKSIS
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Dr Elizabeth Lomas The General Data Protection Regulation (GDPR): Changing the data protection landscape Dr Elizabeth Lomas
General Data Protection Regulation “11 months in”
THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.
Presentation transcript:

GDPR & Accountability ISACA Ireland Annual Conference 2018 Ultan O’Carroll, Assistant Commissioner (Technology) November 2018 @DPCIreland

Regulations Universal Declaration on Human Rights (1948) European Convention on Human Rights (1950) Constitution of Ireland (1937; case-law) Convention 108 (Council of Europe, 1981) Data Protection Act, 1988 EU Directive 95/46/EC Data Protection (Amendment) Act, 2003 GDPR - 2018 ePrivacy Regulation? EU Charter of Fundamental Rights – Art.7: “Everyone has the right to respect for his or her private and family life, home and communications.” Art.8: “Everyone has the right to the protection of personal data concerning him or her.” + to be processed fairly for specified purposes and on a legitimate basis + subject to control by an independent authority

Data Protection Principles Obligations Fair obtaining & processing Transparent Data minimisation Specified purpose - Relevant, not excessive Non disclosure Accurate Safe & Secure Specified Retention period Accountability : demonstrate compliance with principles. DP by Design & Default Risk Management User rights

Accountability by… Transparency Record Keeping Codes of Conduct Certification Impact Assessment Governance and Data Protection By Design & Default Contract, transfers, agreements, BCRs User rights Data Protection Officer

Data Protection by Design Start to finish – business case to end-of-life Design and Non Functional Requirement Whole organisation to engage Delete means delete Security – encryption and pseudonymisation are not anonymization Know your data, processes, configuration, deployment and risks – Data Protection Impact Assessment [35,36] Default settings observing principles must be used

Impact Assessment (Art 35) Prior Assessment (audit) for high risk processing Screening & record keeping (Art 30) Structured & Methodical approach Documents processing, inherent and residual risk Determines whether processing can take place Prior Consultation - Art 36?

Accreditation & Certification 765/2008 still applies but Art 43(1) also applies ISO 17065 basis – products and services INAB will accredit, DPA to approve criteria – GDPR based DPA to specify “additional requirements” – expertise etc. Legal, Technical, Security, Evaluation, Assessment skills Cross border – “EDPB Seal” Other certification still possible

GDPR Opportunities Skills needed across organisations to demonstrate and be accountable for processing – compliance Documentation & record keeping; DP by Design; Governance; Internal audit; Process, change & risk management; DPO support; Certification; Contracts Technical, legal, communications expertise Enjoy the day!

www.dataprotection.ie www.GDPRandyou.ie @DPCIreland

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.