Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal Data & GDPR Chris Glazier. Personal Data & GDPR Chris Glazier.

Published byShona Harrell Modified over 7 years ago

Similar presentations

Presentation on theme: "Personal Data & GDPR Chris Glazier. Personal Data & GDPR Chris Glazier."— Presentation transcript:

1

2 Personal Data & GDPR Chris Glazier

3 What is it & why is it important?
Any data relating to identifiable individuals – employees, suppliers, clients Names Addresses addresses Telephone numbers Sensitive information Covered by the Data Protection Act 1998 which sets out legal conditions which must be satisfied in relation to Obtaining Handling Processing Storing Transportation Destruction of personal information

4 Personal Data Protection Risks
Breaches of confidentiality e.g. information being given out inappropriately, lost or overseen Failing to offer choice e.g. individuals should be free to choose how the company uses data relating to them Reputational damage e.g. TFA should suffer if hackers successfully gain access to personal data. Clients should expect us to look after their data securely and in a professional manner, regardless of any regulations! The DPA 1998 sets out 8 enforceable principles of good practice Processed fairly and lawfully Processed for limited purposes & in an appropriate way Adequate, relevant & not excessive for the purpose Accurate Not kept for longer than necessary for the purpose Processed in line with data subjects rights Secure Not transferred to people or organisations in countries outside the EU or without adequate protection

5 So what if ? ULTIMATELY RISKS OUR FINANCIAL STABILITY
Breaches have to be reported, significant to the ICO Potential fines for TFA, and! … the relevant adviser as Data Controller Reputational damage, Due Diligence risk Potential for TFA to be struck off panels e.g. Mortgage Panels Potential for investigations by FCA into TFA’s compliance ULTIMATELY RISKS OUR FINANCIAL STABILITY

6 Future of Personal Data
Protection Act 1998 GDPR The Data Protection Act 1998 is being repplaced by the much more stingent General Data Protection Regulation in May 2018

7 GDPR- What’s New? General Data Protection Regulation – Effective from 25th May 2018 A complete overhaul of data protection regulation with extensive updates of what can be considered identifiable information Applies across all member states of the EU Applies to all organisations processing the data of EU subjects – wherever the organisation is geographically based Specific and significant rights for data subjects to seek compensation, rights to erasure and accurate representation Compensation can be sought against organisations and individuals employed by them Fines of up to 20,000,000 Euros or 4% of global annual turnover

8 What are we doing about it?
Future proofing our business, top down review of our practices, guidance and advice from Legal and Tanist New policies to comply with DPA 1998 & fit for GDPR Data Protection Policy, Data Storage & Cloud Computing Policy, Clean Desk Policy, Use Policy, Software Installation Policy Future audit by ICO Changes to working practices required in order to comply Common sense! nothing more than you would expect of YOUR data being held or used

9 Key Changes to our working practices
New Data Storage Rules Electronic Paper New Data Use Rules New Data Accuracy Rules Additional New IT Security Requirements Bluetooth & mobiles Software installation use Internet use WiFi To ensure compliance a number of changes to the way we work are required and these can be sumarised by the new rules we have introduced.

10 Data Storage Rules Paper Based
Store securely where un-authorised people cannot see it, think BDM’s, family, friends, cleaners and contractors. Under lock and key when not in use Remove all documents with personal data immediately from communal areas such as printers Dispose of securely Upload all client files to IO and dispose of paper files securely upon completion of transaction. There is no reason to keep paper, it is a RISK

11 Data Storage Rules Electronic
Any personal data must be protected from un-authorised access, accidental deletion and malicious hacking attempts All personal data to be stored within the EU All personal data is to comply with the 8th principle when being transferred, i.e. not outside the EU

12 Data Storage – Where? TFA Approved Electronic Storage
TFA Microsoft OneDrive Storage facility for electronic client files/documents prior to uploading to IO Phone scan, web based, backed up, secure, share facility IO Store ALL client files in IO and delete all other paper and electronic copies upon completion of the transaction. Do not store any client personal data on your PC/Laptops hard drive, handheld & mobile devices, external storage devices. Remove all client data from your PC/Laptop, any other external storage devices and non compliant cloud storage locations TFA OneDrive – This not only meets the requirements for data protection but offers you a modern way to conduct business. Other cloud systems such as iCloud and DropBox do not conform and should not be used. OneDrive enables you to synch your documents on your desktop in the cloud so that you can access it from a number of devices (You need to ensure they are secure devices). It also enables us to back up these files and therefore comply with Data Protection regulations. The documents you store within OneDrive can be shared when appropriate to do so with your colleagues within TFA. You can share the actual document or you can share a link to the actual document and allow your colleagues to edit this document. With the app for your phone which accompanies OneDrive you can always access your documents. Within the app you can also scan a document via your phone and upload this directly to OneDrive. This means that your clients personal data is automatically stored securely and is not being held on your phone as a photograph. Once back in your office you can upload this from OneDrive to IO. Once your clients data is stored successfully in IO we recommend removal of the files from OneDrive as the requirement under GDPR is to hold personal data in as few places as possible.

13 Data Use Rules Lock screens when unattended, do not share personal data informally Electronic Client Communications Use PFP Secure Messaging Encrypt s Do not transfer data outside of the EU Only access data via secure WiFi networks Take reasonable security measures when using personal data. It is not acceptable to informally share personal data with friends and colleagues. Personal Data must only be shared with those that need to have the information. This is not about you our us not trusting someone. It is the law that personal data is only shared with those that need to have it. When communicating with your clients ensure that you do so securely. is an open form of communication. Use PFP when communicating with clients. If this is not possible and you choose to use then this must be encrypted.

14 Data Accuracy Rules The law requires TFA & Advisers to ensure data is kept up to date and accurate by Minimising storage locations. Client data to be held in IO & Microsoft OneDrive only as per the Data Storage Rules Update data at every opportunity & correct inaccuracies Provide clients access to update their details via PFP All marketing data to be compliant. Advisers to complete marketing consent section within the fact find and ensure it is recorded that clients have ‘opted in’ to receive marketing communications from TFA It is essential that we minimise the locations where personal data is stored to ensure compliance. It is also important that you take ownership of your clients personal data and update it at every opportunity. In order for us to be able to communicate with your clients regarding any financial promotions, newsletters etc your clients will need to have opted in to receive such information. Please ensure that you are discussing this with your clients and completing the fact find appropriately and updaing IO appropriately. Without this consent we are unable to market to your clients on your behalf.

15 New IT Security Requirements
In addition to the changes in practices for Data Storage, use and accurate recording please ensure the following: All PC & Laptop hardrives are encrypted, (New Windows 10 and Macs have built in - turn on!) Delete old s with un-encrypted personal data Set strong passwords - see TFA Password Policy for examples Do not use Personal Storage Devices (USB sticks, external hard drives) Cloud Based Applications – Where personal data is entered only use those identified within the TFA Cloud Computing Policy & Internet Use – Common sense approach Wifi - new networks in TFA offices for guests Hard disks must be encrypted General Housekeeping – go through your old s and delete old s with un-encrypted personal data. Work through your electronic records and ensure that in the first instance they are transferred to OneDrive and no longer stored elsewhere. As the Data Protection rules stipulate client data should be held in as few different places as possible therefore please remove as much as possible and store on IO. No external storage devices to be used – USB sticks, external disc drives etc Only use those Cloud Based Storage solutions approved by TFA – this is One Drive. Cloud based Applications – Only use TFA approved applications where personal data has to be entered. All the cloud based applications within the TFA Adviser section of the website are approved as they comply with the relevant data protection rules. WiFi – new networks for guests have been introduced. Never give guests access to our secure Wifi networks. These are for TFA advisers and employees only.

16 IT Support Adviser Compliance
TFA to provide Microsoft OneDrive facility TFA to provide Encryption with WinZip PC/LapTop hard drive encryption – BeCrypt cost £45 per device IT Support – Dan Massey at Tanist Drop in sessions Plymouth – 19th April 10am – 2pm St Austell – 21st April 10am – 2pm Telephone Support from Tanist at a time to suit you We are here to help you become compliant. We will help install the relevant software onto your hardware and help transfer your files to the new OneDrive system. Support is available from Dan at Tanist and also Charlotte. Specific sessions have been set up when you can come into the office with your technology. Alternatively you can install these yourself with instructions provided by us or with assistance from Dan at Tanist over the phone/internet.

17 In Summary Future Proofing our business in short!
Secure where client data is stored paper free – IO & OneDrive Secure how you send clients personal data – PFP & WinZip Secure how you access & update clients personal data – BeCrypt, Secure WiFi, Secure Bluetooth Only hold client personal data that is relevant for the purpose Only market to clients lawfully & in line with their rights – Marketing ‘Opt-In’

Download ppt "Personal Data & GDPR Chris Glazier. Personal Data & GDPR Chris Glazier."

Similar presentations

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?

Legal & Regulatory Compliance. Overview What types of information should be included? What issues or problems might there be? What benefits could be obtained?
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.

UNIT 3C Security of Information. SECURITY OF INFORMATION Firms use passwords to prevent unauthorised access to computer files. They should be made up.
Information Governance Jym Bates Head of Information Assurance.

Information Governance Jym Bates Head of Information Assurance.
Handling information 14 Standard.

Handling information 14 Standard.
STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.

STARTFINISH DisposePrint & ScanShareStore Protect information and equipment ClassifyProtect.
Data Protection Act ‘ What you need to know’ Corporate Information Governance Team Strategic Intelligence.

Data Protection Act ‘ What you need to know’ Corporate Information Governance Team Strategic Intelligence.
Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.

Information Commissioner’s Office Sheila Logan Operations and Policy Manager Information Commissioner’s Office Business Matters 20 May 2008.
Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.

Local Government Reform and Compliance with the DPA Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s Office.
SECURITY OF INFORMATION Unit 3c. Click to return to Sum up page HOW TO PROTECT DATA AND COMPUTERS Computers can be locked in a room CCTV and alarms to.

SECURITY OF INFORMATION Unit 3c. Click to return to Sum up page HOW TO PROTECT DATA AND COMPUTERS Computers can be locked in a room CCTV and alarms to.
Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.

Data Protection Property Management Conference. What’s it got to do with me ? As a member of a management committee responsible for Guiding property you.
Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,

Data protection This means ensuring that stored data does not get changed, removed or accessed accidentally or by unauthorised people. Data can be corrupted,
Personal data protection in research projects 20130916.

Personal data protection in research projects
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, 456108 Mon – Thurs 9:15-2:15.

Handling Personal Data & Security of Information Paula Trim, Information Officer, Children’s Strategic Services, Mon – Thurs 9:15-2:15.
Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.

Properly Safeguarding Personally Identifiable Information (PII) Ticket Program Manager (TPM) Social Security’s Ticket to Work Program.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998

The Data Protection Act 1998

Similar presentations

Ads by Google