Download presentation
Presentation is loading. Please wait.
Published byRandall Neal Modified over 6 years ago
1
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
Managing Director, Protecture Ruth Williams, Marketing Director, Restore Scan
2
Gary Shipsey Managing Director Protecture Ruth Williams
Meet the Presenters Gary Shipsey Managing Director Protecture Ruth Williams Marketing Director Restore Scan
3
Revolution or Evolution
Transparency and Accountability Significant Actual Resources (SARs)? Forget me (not)? Security GDPR and paper records - Why it’s not all cyber and fines
4
Revolution or Evolution?
GDPR and paper Revolution or Evolution?
5
Revolution or Evolution?
What happens next day…? 26th 27th 28th May June July 2018 / 19 /20 “I’ve heard about this new law…” “I know my rights…” “The Daily Mail / The Guardian says…” “You have now told me I have these rights...”
6
Transparency and Accountability
GDPR and paper Transparency and Accountability
7
Transparency and Accountability
Open up… 1. Tell them their rights 2. Tell them about your needs 3. Tell anyone about your handling of personal data
8
Transparency and Accountability
Mandatory breach reporting Without undue delay… not later than 72 hours if likely to “…result in a risk to” person’s rights/freedoms if likely to “…result in a high risk” to person’s rights/freedoms Staff awareness + Internal reporting and incident management procedures + Assessment of risk / external reporting + Disciplinary process / proof
9
Transparency and Accountability
Clarity of purpose and lawful basis How much to collect purposes of the processing the legal basis for each the legitimate interest* a record of consent* Who needs to see it Who to share it with How long to keep it * If you’re relying on it Extent to which people can use / enforce their rights Purpose Lawful basis
10
Transparency and Accountability
Data Controller and Data Processor contracts Contract Contract + Data Controller Data Processor the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…
11
Significant Actual Resources? (SARs)
GDPR and paper Significant Actual Resources? (SARs)
12
Significant Actual Resources (SARs)
"Right of access by the data subject" ICO stats
13
Significant Actual Resources (SARs)
"Right of access by the data subject" Disproportionate effort “The DPA places a high expectation on you to provide information in response to a SAR... you should ensure that your information management systems are well-designed and maintained so that you can efficiently locate and extract information requested by the data subjects...” Sept 2017 Reason for the request “Whether or not the applicant has a ‘collateral purpose’ (i.e. other than seeking to check or correct their personal data) for making the SAR is not relevant. However the court does have a wide discretion as to whether or not to order compliance with a SAR...”
14
Significant Actual Resources (SARs)
"Right of access by the data subject" GDPR and subject access = very similar, but… Abolition of a £10 administration fee Shortening of the timescale: 30 calendar. Failure to uphold right of subject access = in the higher tier of penalties (max. 4% global turnover / £17m) Potential: people pursue their rights in court Sept 2017 Disruption | Costs (resource / litigation) | Reputational damage = as significant (or more) than regulatory penalties?
15
GDPR and paper Forget me (not)?
16
Forget me (not)? "Right to erasure ('right to be forgotten')" without undue delay where one of the following grounds applies... no longer necessary (for the purpose(s) they were processed) withdraws consent (+ no other legal ground for processing) objects* to the processing (+ no overriding legitimate grounds) * Task carried out in public interest * Legitimate interests Purpose Lawful basis
17
GDPR and paper Security
18
Security Certainly not all cyber… ICO stats
19
PROVISION OF DOCUMENT SCANNING, ARCHIVING AND DESTRUCTION SERVICES
Restore Document Management – Digital transformation, scanning and physical storage of documents through to confidential destruction 74% of FTSE 100 Companies 90% of top 100 UK Legal Practices 78% of top 50 UK Accountancy Companies 73% of UK National Health Service Trusts 54% of local authorities in England, Scotland and Wales
20
PROVISION OF GDPR AND PRIVACY SUPPORT SERVICES
Protecture – Data Protection Newsletters Insights Events Services Do you agree? Getting consent projects right Updating consent Implications of the Flybe and Honda fines Better the devil you know Personal data breach reporting and GDPR
21
PROVISION OF GDPR AND PRIVACY SUPPORT SERVICES
Protecture – Data Protection We are your DPO’s expert For those with responsibility for data protection compliance across their organisation. Preparing for the GDPR | Audit | Training | Policies | Entry to our seminars | Ad-hoc advice | DP Impact Assessments | IRMS Retention Toolkit
22
Q&A Thank You Ruth Williams T: 07879 484 544
@RestoreDigital Q&A Gary Shipsey T:
Similar presentations
© 2024 SlidePlayer.com. Inc.
All rights reserved.