Download presentation
Presentation is loading. Please wait.
Published byKaren Marsh Modified over 6 years ago
1
Overview General Data Protection Regulation (GDPR)
26th September 2017 Indi Viknaraja
2
GDPR So what is it?
3
The Data Protection Bill was introduced into the House of Lords on 13 September It will replace the Data Protection Act 1998 and implement the EU General Data Protection Regulation (GDPR).
4
So who regulates the GDPR in this country?
5
The Information Commissioner’s Office
The UK’s independent body set up to uphold information rights Enforce and regulate freedom of information and data protection laws Provide information and advice Promote good practice
6
Regulation Applies across the EU Directive Implemented locally
7
Do Governors work with personal data?
Examples: Pupil learning and progress -pupil applications, admissions, attendance, and exclusions Staff deployment, absence, recruitment, retention, morale, and performance The quality of teaching
8
DEFINITIONS
9
personal & special categories data
Any information relating to an identified or identifiable natural person ‘data subject’ = identifiable person who can be identified by an identifier such as a name, address, an identification number, location data, online identifier or To one or more factors specific to a person’s physical, health, psychological, genetic, mental, economic, cultural or social identity personal & special categories data
10
Principles The 8 DPA principles are replaced by 6 GDPR principles which are broadly similar but more detailed and include the addition of the ‘Accountability’.
11
RIGHTS
12
Data Subjects rights have been broadened
13
GDPR Data Controller Data Processor Decides how and why data processed
Does as required under contract with controller
14
Other Key Changes Data Protection Privacy Impact Assessments
Privacy by Design Data Protection Officer
15
Breaches A new requirement to report ‘High risk’ breaches:
to the ICO and the relevant data subjects within 72 hours failure to notify a breach can result in a significant fine of up to 10 million euros Medium breaches of data protection are subject to administrative fines: whichever is higher of the following: up to 10,000,000 EUR up to 2 % of the total worldwide annual turnover of the preceding financial year (in the case of an undertaking) Major breaches of data protection are subject to administrative fines: up to 20,000,000 EUR up to 4 % of the total worldwide annual turnover of the preceding financial year (in the case of an undertaking) The Data Subject is at the centre of claims for compensation. The Data Controller must pay up front and then recoup from Data Processor where appropriate
16
Breaches £20,000,000 or 4% of turnover
% applies only to private sector £10,000,000 or 2% of turnover AMONG OTHER THINGS Consent & other conditions Rights inc. subject access and fair processing International transfers Failure to have DPO Failure to report breaches Failure to do impact assessment
17
So what we need to do now! Increase awareness Training
As a starting point we suggest governors: Visit the GDPR section on the ICO website Look at the ICO’s overview of the GDPR - a good place to start Look at the 12 steps to take towards compliance which the ICO has published Raise awareness of GDPR at all levels within their school At this moment in time the GDPR is still undergoing ‘change’. So we suggest Governors and Head teachers read the information to familiarise themselves with the requirements.
Similar presentations
© 2025 SlidePlayer.com. Inc.
All rights reserved.