Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd.

Slides:



Advertisements
Similar presentations
Data Protection Information Management / Jody McKenzie.
Advertisements

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
The Data Protection (Jersey) Law 2005.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
University of Sunderland Professionalism and Personal Skills Unit 11 Professionalism and Personal Skills Computer Legislation.
Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview
An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act
The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.
Regulation of Personal Information Daniel Pettitt, Leon Sewell and Matthew Pallot.
Health & Social Care Apprenticeships & Diploma
Data Protection and You Your Rights & The Law Registration Basics Other Activities Disclaimer: This presentation only provides an introductory info. Please.
The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act AS Module Heathcote Ch. 12.
The Data Protection Act (1998). The Data Protection Act allows you to Check if any organisation keeps information about you on computer or in paper form.
Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Processing personal health data: the regulator’s perspective Ken Macdonald Assistant Commissioner Information Commissioner’s Office.
The Data Protection Act - Confidentiality and Associated Problems.
DATA PROTECTION ACT 1998 Became law on 1 March 2000 Only applies to the use of personal data, that is data which relates to an identifiable living individual,
The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
IT and the LAW. The Computer Misuse Act of 1990 In the early 1980s in the UK, hacking was not illegal. Some universities stipulated that hacking, especially.
BTEC ICT Legal Issues Data Protection Act (1998) Computer Misuse Act (1990) Freedom of Information Act (2000)
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
Legal issues The Data Protection Act Legal issues What the Act covers The misuse of personal data By organizations and businesses.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
The Data Protection Act What the Act covers The misuse of personal data by organisations and businesses.
PROTECTION OF PERSONAL DATA. OECD GUIDELINES: BASIC PRINCIPLES OF NATIONAL APPLICATION Collection Limitation Principle There should be limits to the collection.
12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Introduction Data protection is relevant to every individual, business or organisation today, not just Local Government. As well as protecting privacy,
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data protection and compliance in context 19 November 2007 Stewart Room Partner.
1 Data Protection & Confidentiality Young Carers Workers Conference, Harrogate, 25 March 2009 Paul Ticher
Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.
DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
DATA PROTECTION AND RUNNING A COMPLIANT PUB WATCH SCHEME Nigel Connor Head of Legal –JD Wetherspoon PLC.
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.
Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.
Workshop Understanding your responsibilities under the Data Protection Act 1998 and the Freedom of Information Act 2000 Adele Rhodes Girling.
Practical implications of the Data Protection Bill By John Robinson Data Protection Co-Ordinator South Bucks NHS Trust.
Presented by Ms. Teki Akuetteh LLM (IT and Telecom Law) 16/07/2013Data Protection Act, 2012: A call for Action1.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Introduction to Data Protection Plan »Brief Introduction to Data Protection  Example  Principles  P3, 4, 7  Sensitive Data  Conditions for Processing.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
The Data Protection Act 1998
The Data Protection Act 1998
Data Protection The Current Regime
General Data Protection Regulation
Data Protection Act.
The Data Protection Act 1998
Data Protection Legislation
GDPR Road map to Compliance.
Data Protection & Freedom of Information- An Introduction
GENERAL DATA PROTECTION REGULATION (GDPR)
G.D.P.R General Data Protection Regulations
Data Protection and Running a Compliant Pub Watch SCHeme
General Data Protection Regulation
Data Protection principles
Data Protection What can I do? GDPR Principles General Data Protection
Presentation transcript:

Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd

1. Learning the lingo

Definitions Personal Data Data Controller Data Processor Data Subject Notification Subject Access Request

Notification One notification per organisation £35 Tier 1 or £500 Tier FTE Criminal Offences Viewable online

2. Five types of data

Category (a) On Computer CCTV & video DIP Audio Swipe cards & Oysters

Category (b) Intended to be automated

Category (c) Paper or Card Relevant Filing System Structured by reference to individuals Readily Accessible Durant Guidance

Category (d) Medical Records Social work records Housing Records Education Records

Unstructured Data Category (e) data From 2005 Only Public Bodies Some exemptions 2 access regimes to data

3. Fair, honest & open

Principle 1 Personal data shall be processed fairly and lawfully

Principle 1 The data controller should ensure that the data subject is provided with at least the identity of the data controller the purpose for which data is processed any further information necessary

CCTV signs Clearly visible and Legible Size matters Information Identity of controller Purpose of scheme Details of contact

4. Can I share data with…?

Partnership Working Central Govt desire for joint working ICO data sharing code of practice Fair Obtaining & Processing – Principle 1 Lawful Gateways Data Sharing Protocols

Lawful Gateways Crime & Disorder Act 1998 Section 115 Anti-terrorism, Crime & Security Act 2001 National Health Services Act 1977 Education Act 1966 s 520 (school nurses) Children Act 2004 s10, 11, 12 (databases) Local Government Act 1972 & 2003 Localism Act 2011

Data Sharing Protocols Purpose Powers to share Partners Processes Public Document

5. Good Records

Principle 3 Personal data shall be adequate, relevant and not excessive

Principle 4 Personal data shall be accurate and, where necessary, kept up to date.

Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.

6. Read me my rights

Principle 6 1.Subject Access 2.Prevent Processing 3.Direct Marketing 4.Automated Decisions 5.Compensation/Rectification 6.To request an assessment

Subject Access A valid request is Application in writing Proof of identity Fee Some direction

Subject Access Controller must respond promptly In any event within 40 days Starting on the relevant day

Direct Marketing Communication (by whatever means) of any advertising or marketing material which is directed to a particular individual

Computer says no… People can object to an automated decision Some exemptions Once you know… …you can object in writing Controller has 21 days.

7. Keep your data safe

Principle 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data

Principle 7 Training Policies & Procedures Data security breach policy Civil Monetary Penalties Passwords

Principle 7 Contracts With Data Processors Made or evidenced in writing Processor to act only on Controller’s instructions Controller should check Processor’s Security and Employees

8. Who’s the daddy?

Enforcement Request for assessment Information Notice Enforcement Notice Prosecution Tribunal Supreme court

Offences Failure to notify or to notify changes Failure to comply with written request Failure to comply with a Notice Unauthorised obtaining/disclosing Procuring a disclosure to another person Unlawful selling Enforced Subject Access

Penalties Undertakings Notices from ICO Prosecution £500K Fines & Jail time Inspect public sector without notice PR disasters

9. Exemptions

Exemptions S National security S Crime and taxation S Health, education & social work S Regulatory activity S Journalism, literature & art

Exemptions S Research, history & statistics S Publicly available by any enactment S Required by law/proceedings S Domestic purposes

10. Social Media

Policy or Prosecution? Social Media Policy Disciplinary offence Bringing the organisation into disrepute Preece v Wetherspoons Defamation

Thank you

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.