1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

Slides:

Advertisements

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.

Advertisements

JEFF WILLIAMS INFORMATION SECURITY OFFICER CALIFORNIA STATE UNIVERSITY, SACRAMENTO Payment Card Industry Data Security Standard (PCI DSS) Compliance.

Confidentiality & Records Management. What is Information Governance? What is Records Management?

IS BIG DATA GIVING YOU A BIG HEADACHE? Risk Reduction - Transactional, International and Liability Issues Oregon State Bar Corporate Counsel Section Fall.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

August 9, 2005 UCCSC IT Security at the University of California A New Initiative Jacqueline Craig. Director of Policy Information Resources and.

Lecture to Carleton University, Center for European Studies, December 1, 2010.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Audiences NI Data Protection Workshop

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Keeping on top of the Cloud - Compliance from a Regulator’s Perspective Henry Chang, IT Advisor Office of the Privacy Commissioner for Personal Data, Hong.

Data Protection for Church of Scotland Congregations

Network Security Policy Anna Nash MBA 737. Agenda Overview Goals Components Success Factors Common Barriers Importance Questions.

Designing Smart Cities Conference University of Strathclyde, Glasgow 31 st March 2015 “Regulating Smart Cities: Policing & Privacy” Paul Mackie Chief Executive.

EU Data Protection IT Governance view Ger O’Mahony 12 th October 2011.

Data Protection for Church of Scotland Congregations.

Information sharing: the view from the ICO Vicky Cetinkaya, Senior Policy Officer, ICO One Staffordshire Information Sharing Protocol launch event Stafford,

Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.

Information Management in Retail: A Legal Perspective Chris Hill Barlow Lyde & Gilbert LLP 17 September 2009.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Data Protection and research Rachael Maguire Records Manager.

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Can you share? Yes you can!! Angus Council Adult Protection Maureen H Falconer, Senior Policy Officer Information Commissioner’s Office.

Information Security TechLink Seminar, 17 April 2013 James Knapton, Information Compliance Officer, Registrary’s Office.

The EU General Data Protection Regulation Frank Rankin.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Data protection—training materials [Name and details of speaker]

Nassau Association of School Technologists

Data Protection Regulation

Tony Sheppard Mobile Guardian

Data Protection Officer’s Overview of the GDPR

Presentation to GTMC on GDPR

Operationele blik op GDPR

Obligations of Educational Agencies: Parents’ Bill of Rights

General Data Protection Regulation

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

GDPR Overview Gydeline – October 2017

GDPR support January GDPR support January 2018.

GDPR Overview Gydeline – October 2017

Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.

Bob Siegel President Privacy Ref, Inc.

GENERAL DATA PROTECTION REGULATION (GDPR)

General Data Protection Regulations

Data Protection Reform in Local Government

General Data Protection Regulation

The General Data Protection Regulation (GDPR)

GDPR in schools and academies

Sue Cawthray, CEO/ Gill Thrush, Catering Manager

Red Flags Rule An Introduction County College of Morris

Security measures Introducing Risk Assessment in GDPR

GDPR and Health and Safety

Data protection reform – update from the ICO

G.D.P.R General Data Protection Regulations

The GDPR & Schools - An Introduction -

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .

General Data Protection Regulation (GDPR)

Mathew Norman, Policy & Public Affairs Officer, RLA Wales

GDPR (General Data Protection Regulation)

GDPR Workshop MEU Symposium Prague 2018

General Data Protection Regulations (GDPR) Training

#eaThinkData Get Ready for GDPR #eaThinkData.

What Governors need to know about GDPR

The General Data Protection Regulations 2016

Data Protection What can I do? GDPR Principles General Data Protection

GDPR: Understanding your obligations and the ongoing challenges

General Data Protection Regulation “11 months in”

Getting Ready For GDPR Simon Marks Director

Presentation transcript:

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010

2 3 January 2016 What is the DPO?  Individual with responsibility for ensuring that the organisation is aware of and acts in compliance with the Data Protection Act 1998  Also Codes of Practice  Other ICO guidance  and best practice

3 Functions  Notification  Awareness and training  Subject Access Requests  Fair Processing  Data Processing Agreements  Impact assessments  CCTV  IT systems  Security  Data Breaches  Complaints  Data Sharing

4 Subject Access Requests  Individual’s right to see what information a Data Controller holds about them  Verification of identity  Mandates  Collation of information  Third party information  Information that would cause damage or distress  Social Work functions  School pupil records

5 Fair Processing  Is all the information necessary?  Is the purpose clear?  What is the person consenting to?  Will the data be shared and, if so, who with?  Does retention need to be made clear?  Any issues with children or capacity to consent?  Is the identity of the Data Controller clear?

6 Data Processing Agreements  Processing only to instruction  Compliance with the Act  Explicit approval for sub-contractors  Contractors employees aware of responsibilities  Inspection of processing facilities  Assist with subject access requests  Termination of the agreement  Liability

7 Impact Assessments - CCTV  Who is responsible  What’s being recorded and why  Camera locations and coverage  Technical issues  Storage and retention  Operation and management  Fair processing  Human Rights

8 IT Systems  Formal and informal assessments  Who is responsible  What’s being stored and why  Access rights and restrictions  Passwords and encryption  Supplier access  Retention and deletion  Publication and public access  Technical vulnerabilities and testing  Data sharing

9 Information Security  7 th principle  IT security  Physical security  Procedures  Personnel  Culture

10 Data Breaches & Complaints  Has something bad happened  How bad is it  How did it happen  Vulnerabilities  Mitigating actions  Notification  Apologies and rectification

11 Data Sharing  Formal agreement  What information is to be shared  Purpose  Use  Access  Security  Retention  Fair processing and consent  Review

12 Questions Donald Henderson Tel: