Presentation is loading. Please wait.

Presentation is loading. Please wait.

Nina Barakzai November 2017

Published byHartmut Eberhardt Modified over 6 years ago

Similar presentations

Presentation on theme: "Nina Barakzai November 2017"— Presentation transcript:

1 Nina Barakzai November 2017
New Considerations for Sensitive Data, Regulated Data, Personal Data and Child Data Nina Barakzai November 2017 Despicable Me 3

2 Overview Sensitive personal data Data breaches Privacy notice
Retention & deletion Children’s data

3 Sensitive Personal Data
When can I process? Evidence of authorisation to process Explicit consent Necessary for: employment, social protection law, collective agreement vital interests of a data subject legal claims, courts in judicial capacity substantial public interest preventative or occupational medicine public interest in the area of public health eg cross-border threats to health archiving purposes in the public interest, or scientific and historical research purposes or statistical purposes Processing by a not-for-profit body Data made public by the data subject What do I have to do? Check existing processes – do they cover new data items - genetic, biometric data? Do we rely on consent and if so, is it adequate for new types of data? Any change to how you process individuals' rights? Can you provide portability How will you action objections (including object to profiling), requests to restrict, erase, delete How will you enable subject access rights Any local territory changes for genetic, biometric or health data?

4 Detecting Data Breaches
Who deals with data breaches – central team or each business area? Depends on risk appetite – legal impact of making a determination of a data breach – 2% or 4% of global turnover Types of data at risk/impact on company and data subjects Speed of response – communications services = 24 hours; others = 72 hours Any existing breach procedures? Crisis management/disaster recovery Customer harm Dealing with service affecting issues/down time Who to notify and when? Privacy regulator(s) Customers Other regulators

5 Communicating the Privacy Notice
When to provide it Concise, transparent, intelligible and easily accessible form, using clear and plain language Must be clearly distinguishable from other matters Channels eg online, apps, social media What to include Who, what, why, how long, subjects’ rights Legal basis of processing Algorithms if using automated processes How to track the scope of what the data subject agreed to Specific scope of authorisation As easy to give as it is to withdraw authorisation What happens if use of data changes International data transfers

6 Data Retention & Deletion
‘Restriction of processing’ means the marking of stored personal data with the aim of limiting their processing in the future Tagging, provenance and lineage of data New measures for data retention and data disposal – how to prove state of data? Processed for specified, explicit and legitimate purposes not further processed in a manner that is incompatible with those purposes storage periods; processing operations; processing procedures Possible consequences of intended further processing for data subjects; Existence of appropriate safeguards, which may include encryption or pseudonymisation

7 Children’s Data Processing is lawful where the child is at least 16 years old Where child is below 16 years, processing lawful if the consent given by the child is authorised by the holder of parental responsibility over the child Data Protection Bill suggesting 13 as age for child in the UK Controller shall make reasonable efforts to verify that consent given by the child is authorised by the holder of parental responsibility over the child taking into consideration available technology What is nature of risk to child Children may be less aware of risks, consequences, safeguards and their rights Apply specific protection to the use of personal data for marketing or creating personality or user profiles Consent of the holder of parental responsibility should not be necessary in the context of preventive or counselling services offered directly to a child

8 Summary Get evidence of scope of use
Record data journeys and when the data changes Build a records management programme Privacy by Design and by Default Anonymise or de-personalise Make sure you have a legal basis for all processing

9 Questions? Nina.barakzai@sky.uk

Download ppt "Nina Barakzai November 2017"

Similar presentations

Data Protection Recruitment Process

Data Protection Recruitment Process
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
Data Protection: Workplace, Health and Safety. Employers’ responsibilities Employer obliged to provide safe place of work. Health and Safety Act 2004.

Data Protection: Workplace, Health and Safety. Employers’ responsibilities Employer obliged to provide safe place of work. Health and Safety Act 2004.
Data Protection and research Rachael Maguire Records Manager.

Data Protection and research Rachael Maguire Records Manager.
Presentation Title Data Protection The new EU Regulation Insert your logo here.

Presentation Title Data Protection The new EU Regulation Insert your logo here.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Protection of Personal Information Act An Analysis on the impact.

Protection of Personal Information Act An Analysis on the impact.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Key changes with the GDPR

Key changes with the GDPR
Processing for archiving purposes in the GDPR

Processing for archiving purposes in the GDPR
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
General Data Protection Regulation

General Data Protection Regulation
DEN FARLIGE FANTASTISKE APP

DEN FARLIGE FANTASTISKE APP

Similar presentations

Ads by Google