Presentation is loading. Please wait.

Presentation is loading. Please wait.

GENERAL DATA PROTECTION REGULATION (GDPR)

Published byYulia Johan Modified over 6 years ago

Similar presentations

Presentation on theme: "GENERAL DATA PROTECTION REGULATION (GDPR)"— Presentation transcript:

1 GENERAL DATA PROTECTION REGULATION (GDPR)
Staff Training MAY 2018

2 What is gdpr? New data protection legal framework across the EU. Need to show we are working towards compliance by 25 May 2018 Applies to ‘Data Controllers’ (school and GB), ‘Data Processors’ (3rd party organisations) and ‘Joint Data Controllers’ (school, GB and 3rd party joint decisions) GDPR applies to personal data and sensitive personal data (special category personal data), including developing digital technologies.

3 GDPR principles Processed lawfully, fairly & transparently
Collected for specific, explicit & legitimate reasons, and not processed further in a manner incompatible with those purposes (does not include ‘in the public interest’) Adequate, relevant & limited to the purposes Kept no longer than necessary (does not include ‘archiving in the public interest’) Processed securely. Protected from unauthorised / unlawful processing, accidental loss, destruction / damage.

4 Legal basis Consent: the individual has freely given clear and unambiguous consent Contract: the processing is necessary for a contract you have with the individual Legal obligation: the processing is necessary for you to comply with the law Vital interests: the processing is necessary to protect someone’s life. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, i.e. needed to run the school safely and effectively Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party

5 (Groupcall: GDPR for schools)
“A school is considered to be a public body and it is obviously in the public interest that we operate schools and educate our children. Accordingly, for all the common tasks carried out by schools we do not need to ask for the data subject’s consent but rather we can use ‘public interest’ as our legal basis for processing the appropriate personal data. This would cover our use of personal data for all the everyday tasks within schools – operating a curriculum, storing personal data about our pupils, their parental contacts, staff, timetable information, cashless catering, library systems, the annual census requirements…” (Groupcall: GDPR for schools)

6 Personal data Relates to an identifiable living individual. Name
Identification number Location data Online identifier Physical, physiological, genetic, mental, economic, cultural or social identity.

7 Sensitive personal data
Greater legal protection: expected to be treated as private and confidential. SEND Medical Race or ethnicity Political opinions, religious beliefs or membership of trade unions, Physical and mental health or sexuality Criminal offences, genetic or biometric data

8 Data protection officer (DPO)
Inform and advise school re. obligations. Monitor compliance and policies. Raise staff awareness. Staff training. Advice regarding Data Protection Impact Assessments. Contact point for Information Commissioner Office.

9 Steps to compliance 1. Raise awareness: SLT, GB, staff
2. Data Mapping: Document what personal data held & process, where it comes from & who it is shared with 3. Privacy notices: Review / update and plan any necessary changes 4. Individual’s Rights: Consider all personal data held / processed. Does it comply? Could we deal with data erasure requests or withdrawn consent? 5. Subject Access Requests: Update and develop procedures. 6. Agree Lawful basis for processing: Identify & document legal basis and update Privacy Notices to explain it 7. Consent: Decide how to get it, record & update it 8. Data breaches: Everyone’s responsibility. Report to DPO 9. Privacy Impact Statements: Required for high-risk processing and new technologies

10 Reportable Data breaches
Loss or unauthorised access to personal info is likely to cause most harm Staff must be aware of process and inform DPO / HT Penalties are for major breaches, affecting large numbers or causing huge issues ICO must be notified within 72 hours If breach is potentially ‘high risk’ schools must also notify the Data Subject

11 consent Consent conditions have been strengthened considerably
Data Subjects have the right to be informed: what data you are using, why and for what purpose (applies across all lawful bases for processing as well) Must be freely given., for a specific purpose and clearly explained and informed Consent must be a clear affirmative action Can be withdrawn at any time Only requested if no legal way of obtaining / processing information

12 rights To be in formed Consent Access Rectification Erasure
Restrict processing Rights may are dependent on the basis they are being processed (e.g. Public Interest: generally no right to Erasure)

13 Data map Share current document. Staff suggest additional data collection, processing and who data is shared with.

Download ppt "GENERAL DATA PROTECTION REGULATION (GDPR)"

Similar presentations

DATA PROTECTION and Research University Research Ethics Committee – 30.05.2008 David Cauchi David Cauchi Office of the Commissioner for Data Protection.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi David Cauchi Office of the Commissioner for Data Protection.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Corporate training 2012. Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.

Data Protection Corporate training Data Protection Act 1998 Replaces DPA 1994 EC directive 94/46/EC The Information Commissioner The courts.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Www.clarkholt.com Clark Holt Limited (Co. No. 8774683), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Key changes with the GDPR

Key changes with the GDPR
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)

Similar presentations

Ads by Google