Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection & Freedom of Information- An Introduction

Published byPavel Mašek Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Protection & Freedom of Information- An Introduction"— Presentation transcript:

1 Data Protection & Freedom of Information- An Introduction
20th March 2018 Data Protection & Freedom of Information- An Introduction Caroline Llewellyn Information Compliance Officer

2 Environmental Information Regulations Act (2004)
The Information Compliance Team manages all aspects of legal compliance with the Data Protection Act 1998, General Data Protection Regulation (GDPR)/ Data Protection Bill, Freedom of Information Act 2000 and related legislation.closely with key stakeholders across the whole university to establish best practice. City, University of London is obliged to comply with certain legislation, including: Data Protection Act (1998) General Data Protection Regulation (GDPR) Freedom of Information Act (2000) Environmental Information Regulations Act (2004) Member of the Senate Research Ethics Committee Provide data protection advice to all of City’s Research Ethics Committees

3 What is the Data Protection Act?
Intended to balance interests of data subjects (living individuals) with data controllers (City, University of London). Freedom to process data vs. privacy of individuals. Consent has to be freely given by data subject There are certain exemptions to the above, e.g. Research purposes, Crime and taxation, National security etc. The results of the research or any resulting statistics should not be made available in a form which identifies any Data Subject. S.33(1) There are 8 principles of the DPA:

4 EIGHT PRINCIPLES of Personal Data:
Must be processed fairly and lawfully. (Why, what and whom it will be passed to). Obtained only for specified purposes and not further processed in a manner incompatible with those purposes. (Be specific about data purpose - Consent). Adequate, relevant and not excessive. (Avoid the “wouldn’t it be nice to have” scenario). Accurate and kept up to date. (Periodic revalidation). Must not be kept longer than necessary. (Retention Schedules- Ten years). Processed in accordance with the rights afforded to individuals under the legislation, including the right of subject access. (Prevent processing likely to cause damage or distress). Kept secure and protected from accidental loss or destruction. (Encryption). Not transferred to countries outside the European Economic Area (EEA) without adequate protection. (Safe Harbor-Privacy Shield).

5 General Data Protection Regulation (GDPR) Principles – 25th May 2018
Personal data should be: Processed lawfully, fairly and in a transparent manner Collected for specified, explicit and legitimate purposes Adequate, relevant and limited to what is necessary Accurate and where necessary kept up to date Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which those data are processed, and Processed in a manner that ensures appropriate security of the personal data Accountability is central to GDPR. Data Controllers are responsible for compliance with the principles (above) and must be able to demonstrate this to data subjects and the regulator (Information Commissioner’s Office

6

7 Personal data - DPA 1998 GDPR 25th May 2018
Personal data - any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. name, identification number, location data or online identifier, automated personal data and to manual filing systems where personal data are accessible according to specific criteria - e.g. chronologically ordered sets of manual records containing personal data. Personal data that has been pseudonymised – e.g. key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.

8 Sensitive personal data
Sensitive personal data (DPA 1998) (a) the racial or ethnic origin of the data subject, (b) his political opinions, (c ) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. Special Category Data (GDPR) GDPR refers to sensitive personal data as “special categories of personal data” and has been extended to include genetic and biometric data where processed to uniquely identify an individual. Personal data relating to criminal convictions and offences are not included, but similar extra safeguards apply to its processing under GDPR (see Article 10).

9

10 What is the Freedom of Information Act?
The Act created a right of access to information held by the City. Gives general right of access to recorded information held by public authorities. It promotes openness, transparency and accountability City, University of London is obliged to respond to requests, assists requesters, operate a publication scheme and have complaints procedure.

11 There is a presumption of openness, unless an exemption applies.
Exemptions There is a presumption of openness, unless an exemption applies. There are in total 24 exemptions. 8 Absolute - need not be disclosed. E.g. personal information. 16 Qualified – not to be disclosed unless the public interest test is met. E.g. commercial information.

12 Please visit the legal section on our website

13 Information Compliance
Contact Details Compliance Information Compliance Tel:+44 (0) Location: City, University of London Northampton Square London, EC1V 0HB United Kingdom Thank you!

Download ppt "Data Protection & Freedom of Information- An Introduction"

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.

Convention for the protection of individual with regard to automatic processing of personal data “The purpose of this convention is to secure in the territory.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.

Data Protection & Freedom of Information The Practical Implications of Data Protection and Freedom of Information Caroline Dominey Data Protection Officer.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.

Data Protection: The Law. EU & Irish Legislation Data Protection Directive 95/46/EC Electronic Privacy Directive 2002/58/EC EUROPOL etc Data Protection.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.

CENTRAL SCOTLAND POLICE Data Protection & Information Security Stuart Macfarlane Information Governance Unit Police Service of Scotland.
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.

Public rights of access to information Grisilda Ponniah, Corporate Information Governance Manager Mary Elliott, FOI Officer Legal & Democratic Services.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Similar presentations

Ads by Google