Presentation is loading. Please wait.

Presentation is loading. Please wait.

The new data protection rules

Published byShana Lynch Modified over 5 years ago

Similar presentations

Presentation on theme: "The new data protection rules"— Presentation transcript:

1 The new data protection rules
GDPR ©Mortgagecomply.com Limited 2018 The new data protection rules

2 Personal Information Personal information is any information that you hold about an individual or any information that can identify an individual. This includes things like addresses, telephone numbers and other contact details as well as information about their bank accounts, their dependents, their mortgages, their credit and so on. It applies both to business to business as well as customers, so is not personal information but is personal information. ©Mortgagecomply.com Limited 2018

3 Sensitive Personal Information
Sensitive personal information is any information that you hold about an individual or any information that can identify an individual where it relates to : Sexual orientation Religious beliefs Health issues Genetic issues Criminal convictions (actually, this is now more than sensitive) This is all sensitive because it can be used in a discriminatory manner if obtained illegally. ©Mortgagecomply.com Limited 2018

4 Financial Information
Financial information is NOT sensitive personal information BUT certain matters should be treated in the same way: Never allow customers to send full bank card details by Never pass on full bank card details to any other parties Do not leave details about full bank card details lying about visible on desks Destroy bank card full details as soon as used. ©Mortgagecomply.com Limited 2018

5 SO what is GDPR? GDPR ( general data protection regulations) is European Legislation that comes into place on 25th May 2018. It only applies to UK and Europe and will continue to apply after BREXIT. Information should not be passed outside of European Countries except on special circumstances. E.g. USA has special agreements with Europe and requires firms like Microsoft to sign up to a special agreement. These are new, more strict rules about protection of data for the electronic age. ©Mortgagecomply.com Limited 2018

6 The basic requirements
You cannot collect any personal information from anyone without obtaining their permission to do so first. You must treat all personal information confidentially and securely, taking appropriate measures to keep it safe. You must treat sensitive personal information more securely, e.g encryption You must be particularly careful with information about criminal convictions ©Mortgagecomply.com Limited 2018

7 How to get Consent You cannot collect any personal information from anyone without obtaining their permission to do so first. SO you ask for consent before you collect any personal in formation. This is done by getting them to sign a privacy Notice or ing confirmation that they agree to one (a PN) that has been sent to them. Sometimes you need to collect personal information before you can send them a privacy notice! So, ©Mortgagecomply.com Limited 2018

8 Getting consent by telephone
To be able to collect any personal information from a person, you need to ask for consent. An example script is as follows: ©Mortgagecomply.com Limited 2018

9 Getting consent by telephone
“Before we can collect any personal information about you, we will need your consent to do so. Once we have some basic details we will forward a copy of our Privacy Notice to you. This tells you about how we will use your personal information, who we may share it with and your rights. You will need to sign it and return it to us. Firm Name is the name of the firm that is collecting this information. The initial information that we collect enables us to decide whether we can assist you in arranging [a mortgage /your insurance/ a loan/a suitable product for you]. You have the right to object to our processing of your personal information at any time. Do you consent for us to proceed on this basis?” ©Mortgagecomply.com Limited 2018

10 Demonstrating consent
You should not deviate from this script in any significant way but you can use your own style Once you have obtained consent (i.e they same something like Yes, Sure, That’s OK), you should record this on paper or on screen depending on the system you are using. However, you must make a record of date given. ©Mortgagecomply.com Limited 2018

11 Collecting the personal information
Once you have consent, you can go on to collect the information you need from the client. If the case is going ahead, then you will need to issue a Privacy Notice to the customer as well and get their signature or agreement by . Getting verbal consent DOES NOT REPLACE THE PRIVACY NOTICE. ©Mortgagecomply.com Limited 2018

12 Other considerations At this point in the process you do not have consent to do a DIP. At this point in the process you do not have permission to record calls. ©Mortgagecomply.com Limited 2018

13 Consent to DIP Add the following to the previous consent script “We may make preliminary enquiries to a lender and this may result in the lender carrying out a credit search on all applicants. Depending upon the type of search the lender uses, this may leave a footprint on your credit profile. Are you ok for us to proceed and can you confirm that you are authorised to act on behalf of any other applicants?” ©Mortgagecomply.com Limited 2018

14 Consent to record calls
Add the following to the previous consent script “Please note that telephone calls are recorded for the purposes of training and compliance” ©Mortgagecomply.com Limited 2018

15 Post Sales Calls Once a PN has been issued and agreed by the client, the firm can contact the client or receive additional personal information under the terms of the notice. Where other parties are involved, such as packagers, they can contact the client also under the terms of the PN as the firm has indicated that it may share personal information with such firms. A packager would be required to explain who they were and why they were contacting the client at the first contact. ©Mortgagecomply.com Limited 2018

16 Customers’ rights under GDPR
Information about how their personal information will be used Rectification / correction of errors Access to their information Erasure – the right to be forgotten To object to processing To withdraw consent ©Mortgagecomply.com Limited 2018

17 Responding to requests
We must respond to a customer request about their information within one month in all cases Requests can be made in writing, by or verbally We can refuse to comply but we must tell the customer that they can complain to the ICO. All requests must be referred to management Records must be kept to demonstrate compliance We cannot charge a customer for completing with a request ©Mortgagecomply.com Limited 2018

18 Breaches Where there is a breach in data protection, action must be taken A breach includes loss of data, passing data to the wrong person and so on Breaches must be reported to management who must report to the ICO within 72 hours of the breach occuring ©Mortgagecomply.com Limited 2018

19 Failure to comply The ICO has the power to fine companies
Disciplinary action ©Mortgagecomply.com Limited 2018

20 What you should do next You should read and be familiar with the privacy notice or customers You should read and sign the privacy notice or staff You should read and sign the data protection procedures ©Mortgagecomply.com Limited 2018

Download ppt "The new data protection rules"

Similar presentations

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.

1. As a Florida KidCare community partner families entrust you to not only help them navigate the Florida KidCare system but to keep the information they.
HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website: www.mc.vanderbilt.edu/HIPAA.

HIPAA Basic Training for Privacy & Information Security Vanderbilt University Medical Center VUMC HIPAA Website:
1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.

1 HIPAA Education CCAC Professional Development Training September 2006 CCAC Professional Development Training September 2006.
WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.

WHAT IS HIPAA? The Health Insurance Portability and Accountability Act of 1996 (HIPAA) provides certain protections for any of your health information.
COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.

COMPLYING WITH HIPAA PRIVACY RULES Presented by: Larry Grudzien, Attorney at Law.
Data Protection.

Data Protection.
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Practical Information Management

Practical Information Management
HIPAA PRIVACY AND SECURITY AWARENESS.

HIPAA PRIVACY AND SECURITY AWARENESS.
Data Protection, Freedom of Information and Information/Records Management.

Data Protection, Freedom of Information and Information/Records Management.
Personal Health Budgets – Direct Payments Agreement The agreement This is an agreement between you/the patient and NHS Norfolk Primary Care Trust (PCT)

Personal Health Budgets – Direct Payments Agreement The agreement This is an agreement between you/the patient and NHS Norfolk Primary Care Trust (PCT)
OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.

OCR Nationals Level 3 Unit 3.  To understand how the Data Protection Act 1998 relates to the data you will be collecting, storing and processing  To.
FERPA Family Educational Rights and Privacy Act A Tutorial.

FERPA Family Educational Rights and Privacy Act A Tutorial.
12/12/2015 Data Protection Act 1998. 12/12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.

12/12/2015 Data Protection Act /12/2015 The DP Act A law that protects personal privacy and upholds individual’s rights Anyone who handles personal.
Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.

Computer Laws Data Protection Act 1998 Computer Misuse Act 1990.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???

Similar presentations

Ads by Google