Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Data Protection Regulations

Published byAubrey Glenn Modified over 6 years ago

Similar presentations

Presentation on theme: "General Data Protection Regulations"— Presentation transcript:

1 General Data Protection Regulations
Presented by John Culling Risborough & District U3A January 2018

2 Introduction The subject is the General Data Protection Regulations (GDPR) which will come into force in the UK in May 2018 The intention is to look at compliance for U3As. I don’t profess to be an expert in this but I have been looking at it for about six months. I have responsibility for ensuring compliance for Risborough U3A How presentation will benefit audience: Adult learners are more interested in a subject if they know how or why it is important to them. Presenter’s level of expertise in the subject: Briefly state your credentials in this area, or explain why participants should listen to you.

3 GDPR The General Data Protection Regulation is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union. It also addresses the export of personal data outside the EU. The GDPR aims primarily to give control back to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. When the GDPR takes effect, it will replace the data protection directive of The regulation was adopted on 27 April It becomes enforceable from 25 May 2018 after a two-year transition period and, unlike a directive, it does not require national governments to pass any enabling legislation, and is thus directly binding and applicable. Lesson descriptions should be brief.

4 GDPR The intent of the legislation is to put individuals in control of which organisations collect and store their ‘Personal Data’ and the use made of that data through seven ‘rights’. The right to be informed. The right of access. The right to rectification. The right to erasure. The right to restrict processing. The right to data portability. The right to object. Lesson descriptions should be brief.

5 GDPR As matters stand the legislation applies equally to a small charity with a few hundred members as to a large corporation with many thousands of employees. This has tacitly been confirmed by The Third Age Trust in that they have issued compliance documents for U3A’s to use. There are a number of ‘legal’ reasons for an organisation holding and using ‘personal data’. U3A’s rely on ‘Consent’ i.e. a member must explicitly give consent for the organisation to keep the data. Example objectives At the end of this lesson, you will be able to: Save files to the team Web server. Move files to different locations on the team Web server. Share files on the team Web server.

6 GDPR The Information Commissioners Office is the UK body dealing with this on behalf of the UK Government. They have issued a Guidance Document and several consultation papers. The document shown here is the most up to date version of that guidance. You can obtain a copy if you wish from the-general-data-protection-regulation-gdpr/ It is something of a heavy read !!

7 Third Age Trust (TAT) The Third Age Trust issued ‘Data Protection and the General Data Protection Regulation’ at the end of November This is available from the Trust’s website at: - protection/374-data-protection-and-the- general-data-protection-regulation The document was last updated on the 4th. January.

8 Third Age Trust Subsequently the Trust issued ‘Sample’ Compliance Documents all dated 4th January These are available from: - protection There are five documents – 2 Policies – an Membership Application and Subscription Renewal form. Additionally a Start up form for a new U3A.

9 Third Age Trust The documents are template arrangements which can be customized for an individual U3A. It is a ‘fill in boxes’ exercise. I understand that all the Trust Documents have been prepared by a firm of specialist lawyers. It would seem prudent to adopt the documents as published. In that sense, it is very easy for a U3A to have the necessary Policies and other documents in place in order to show compliance with GDPR. However, having the documents in place, is only part of the solution…………….

10 Extract from TAT Data Protection Policy
General guidelines for committee members and group convenors The only people able to access data covered by this policy should be those who need to communicate with or provide a service to the members of the U3A. Data should not be shared informally or outside of the U3A The U3A will provide induction training to committee members and group convenors to help them understand their responsibilities when handling personal data. Committee Members and group convenors should keep all data secure, by taking sensible precautions and following the guidelines below. Strong passwords must be used and they should never be shared. Personal data should not be shared outside of the U3A unless with prior consent and/or for specific and agreed reasons. Member information should be reviewed and consent refreshed periodically via the membership renewal process or when policy is changed. U3As’ should request help from National Office if they are unsure about any aspect of data protection

11 Extract from TAT Data Protection Policy
Where the U3A organises a trip that requires next of kin information to be provided, the U3A will require the member to gain consent from the identified next of kin. The consent will provide permission for the information to be held for the purpose of supporting and safeguarding the member in question. Were this information to be needed as a one off for a particular trip or event then the information will be deleted once that event or trip has taken place unless it was to be required – with agreement – for a longer purpose. The same would apply to carers who may attend either a one-off event or on an ongoing basis to support a U3A member with the agreement of the U3A.

12 Extract from TAT Data Protection Policy
Accountability and Governance The U3A Committee are responsible for ensuring that the U3A remains compliant with data protection requirements and can evidence that it has. For this purpose, those from whom data is required will be asked to provide written consent. The evidence of this consent will then be securely held as evidence of compliance. The U3A Committee shall ensure that new members joining the Committee receive an induction into how data protection is managed within the U3A and the reasons for this. Committee Members shall also stay up to date with guidance and practice within the U3A movement and shall seek additional input from the Third Age Trust National Office should any uncertainties arise. The Committee will review data protection and who has access to information on a regular basis as well as reviewing what data is held.

13 Extract from TAT Data Protection Policy
Secure Processing The committee members of the U3A have a responsibility to ensure that data is both securely held and processed. This will include: Committee members using strong passwords. Committee members not sharing passwords. Restricting access of sharing member information to those on the Committee who need to communicate with members on a regular basis. Using password protection on laptops and PCs that contain or access personal information. Using password protection or secure cloud systems when sharing data between committee members and/or group convenors. Paying for firewall security to be put onto Committee Members' laptops or other devices.

14 Extract from TAT Privacy Policy
What personal information do we collect? When you express an interest in becoming a member of the U3A you will be asked to provide certain information. This includes: Name. Home address. address. Telephone number. Subscription preferences.       Add any other data that you ask for

15 Extract from TAT Privacy Policy
How do we use your personal information? We use your personal information: To provide our U3A activities and services to you. For administration, planning and management of our U3A. To communicate with you about your group activities. To monitor, develop and improve the provision of our U3A activities.   We’ll send you messages by , other digital methods, telephone and post to advise you of U3A activities.

16 Extract from TAT Privacy Policy
How your information can be updated or corrected To ensure the information we hold is accurate and up to date, members need to inform the U3A as to any changes to their personal information. You can do this by contacting the membership secretary at any time: to be completed Telephone: to be completed On an annual basis you will have the opportunity to update your information, as required, via the membership renewal form. Should you wish to view the information that the U3A holds on you, you can make this request by contacting the membership secretary – as detailed above. There may be certain circumstances where we are not able to comply with this request. This would include where the information may contain references to another individuals or for legal, investigative or security reasons. Otherwise we will usually respond within 14 days of the request being made.

17 Extract from TAT Membership Application Form
PRIVACY STATEMENT Please tick the box below to give us permission to use the information you have supplied in the following ways: To store it securely for membership purposes. To communicate with you as a U3A member. To share with group leaders for those groups that you are a member of. To send you general information about the Third Age Trust (the national organisation to which U3As are affiliated. I consent to my data being used for membership purposes as detailed above. Are you happy to be added to the direct mailing list for the Third Age Trust magazines – Third Age Matters and Sources? If so, please tick the box below: I consent to my data being shared with the company who oversee the distribution of the Trust Magazines. Please be advised that you can request for your data not to be used for any of these purposes at any time by contacting us.

18 TAT Membership Subscription Renewal
Please tick the box below to give us permission to use the information you have supplied in the following ways: To store it securely for membership purposes. To communicate with you as a U3A member. To share with group leaders for those groups that you are a member of. To send you general information about the Third Age Trust (the national organisation to which U3As are affiliated. I consent to my data being used for membership purposes as detailed above. Are you happy to be added to the direct mailing list for the Third Age Trust magazines – Third Age Matters and Sources? If so, please tick the box below: I consent to my data being shared with the company who oversee the distribution of the Trust Magazines. Please be advised that you can request for your data not to be used for any of these purposes at any time by contacting us: Telephone:

19 Summary Using the documents, provided by TAT, will give a U3A the means to demonstrate compliance. They need to be read carefully to understand and implement what responsibilities Committee Members and Group Organisers have. Group Organisers will have to be ‘trained’ to understand their responsibilities. The U3A must decide how much data to collect and be prepared to justify that collection e.g. If you collect the colour of a members eyes, blood group etc., you are open to the question ‘WHY ?’

20 Summary Members consent to the use of their data is vital and MUST be obtained. Without consent the U3A has no legal basis to store or use the data. Data compliance has to be reviewed on a regular basis and the practices of the U3A changed in order to comply. There is no guidance from TAT as to how to respond to a member who refuses consent. I think we would simply say that, ‘The U3A will be unable to communicate with you in any way’. I think some guidance should be forthcoming from TAT.

21 Summary This is complicated and complex legislation
We are being asked to look at our existing processes in terms of Data Protection and Management and change those to a common standard in order to comply with this legislation. If a U3A is in any doubt about any aspect of these requirements advice should be sought from TAT.

Download ppt "General Data Protection Regulations"

Similar presentations

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Per Anders Eriksson

Per Anders Eriksson
Individual User Logins

Individual User Logins
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998

The Data Protection Act 1998
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
PAC Constitution & Bylaws

PAC Constitution & Bylaws
CANADA’S ANTI-SPAM LEGISLATION (CASL)

CANADA’S ANTI-SPAM LEGISLATION (CASL)
Handout 2: Data Protection and Copyright

Handout 2: Data Protection and Copyright
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
GDPR – What’s it all about???

GDPR – What’s it all about???
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
Data Protection The Current Regime

Data Protection The Current Regime
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017

Similar presentations

Ads by Google