Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introduction to GDPR 09/11/2018.

Published byAlan McDaniel Modified over 5 years ago

Similar presentations

Presentation on theme: "Introduction to GDPR 09/11/2018."— Presentation transcript:

1 Introduction to GDPR 09/11/2018

2 GENERAL DATA PROTECTION REGULATIONS: AN INTRODUCTION
Background to the Regulations Timescale for change GDPR and Brexit GDPR aims Key changes Areas of uncertainty Contacts and further information 09/11/2018

3 GENERAL DATA PROTECTION REGULATIONS BACKGROUND
UK Data Protection Act 1998 derives from EU Data Protection Directive 95/46/EC Data Protection Act now almost 20 years old Amendments and related law have been enacted, but fundamental review required Potential changes discussed at EU level for 4 years Reform consists of 2 instruments: General Data Protection Regulations (GDPR) Data Protection Directive (for police & criminal justice sector) 09/11/2018

4 GDPR approved by European Parliament on 14 April 2016
Entered into force on 25 May Will apply in UK (potentially with changes) from May 2018 09/11/2018

5 GDPR AND BREXIT GDPR will still apply from May 2018, at least for the duration of the Article 50 process UK will still have powers to amend some parts of GDPR GDPR will still apply to our processing of EU citizen data 09/11/2018

6 GDPR AIMS To give citizens back control over of their personal data
To simplify the regulatory environment for business To create a modern and harmonised data protection framework across the EU Reform seen as ‘key enabler’ of Digital Single Market & EU Agenda on Security 09/11/2018

7 GENERAL DATA PROTECTION REGULATIONS KEY CHANGES: Governance
Accountability – need to be able to demonstrate compliance with main Principles (similar to DPA Principles) (Art. 5) Record Keeping – must maintain records of processing activities, inc. storing, sharing and transfers (Art. 30) Data Protection Officer – required post, must have expert knowledge, be independent, report directly to ‘highest management’ (Art ) Data sharing agreements – no longer just for Data Processors (Art. 28), ‘Joint controllers’ now covered (Art. 26) No more annual notification to ICO (Recital 89) 09/11/2018

8 GENERAL DATA PROTECTION REGULATIONS KEY CHANGES: Rights (1)
Consent – more clearly defined, easier to withdraw, record keeping required (Art. 7) Right of Access – 30 (instead of 40) day response, no more £10 fees (exceptions apply) (Art. 15) Transparency – significantly more information to be provided where data are collected (Art ) ‘Right to be forgotten’ – new (limited) right for people to have their personal data erased without undue delay, controllers must also take reasonable steps to tell other controllers (Art. 17) 09/11/2018

9 GENERAL DATA PROTECTION REGULATIONS KEY CHANGES: Rights (2)
Data Portability – limited right to have data provided in ‘structured, commonly-used and machine readable format’ (Art. 20) Automated decision making, including profiling – new rights and rules, designed to provide additional safeguards for people subject to decisions which produce ‘legal effects’ (Art )  Profiling = ‘Any form of automated processing intended to evaluate certain personal aspects of an individual, in particular to analyse or predict their: performance at work; economic situation; health; personal preferences; reliability; behaviour; location; or movements.’ (ICO GDPR overview) 09/11/2018

10 KEY CHANGES: When things go wrong
Fines – 2 tiers of fines for different offences, up to 20M EUR or 4% of global turnover (Art. 83) Data breaches – ICO and affected individuals must be informed of significant breaches. ICO notification within 72 hours (Art. 33) 09/11/2018

11 GENERAL DATA PROTECTION REGULATIONS KEY CHANGES: Privacy by Design
Data Protection by Design and by Default – ‘general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities’ (ICO overview) (Art. 25) Risk minimisation approach – e.g. pseudonymisation, encryption, data minimisation, testing, ensuring systems can cope with new data subject rights (Art. 25 & 32) Data Protection Impact Assessment – (a.k.a. Privacy Impact Assessment) required prior to high-risk processing (Art ) Codes of Conduct – approved codes of conduct and certification mechanisms to demonstrate compliance (Art ) 09/11/2018

12 (SOME) AREAS OF UNCERTAINTY
Processing conditions applicable to UEA (no ‘legitimate interests’?) International data transfers – will depend on UK position National derogations – don’t yet know what Gov. plans to do Crime Directive, and what we can / cannot do with data on criminal offences 09/11/2018

13 GENERAL DATA PROTECTION REGULATIONS CONTACTS AND FURTHER INFORMATION
Telephone: x2431 UEA Data Protection Reform webpage: Information Commissioner’s Office: GDPR text (PDF): 09/11/2018 All images sourced from Pixabay, CC0 Public Domain

Download ppt "Introduction to GDPR 09/11/2018."

Similar presentations

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Key changes with the GDPR

Key changes with the GDPR
General Data Protection Regulations: The Key Changes

General Data Protection Regulations: The Key Changes
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
TRUSTED | PROTECTED | SECURED

TRUSTED | PROTECTED | SECURED
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.

WORLD OF CLOUD COMPUTING AFTER GDPR challenges, opportunities and the unknown Matjaž Drev, MA. National Supervisor for Personal Data Protection, Information.
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation

Similar presentations

Ads by Google