Presentation is loading. Please wait.

Presentation is loading. Please wait.

MAD Academy Training Day 22nd April 2018.

Published byAshlynn George Modified over 6 years ago

Similar presentations

Presentation on theme: "MAD Academy Training Day 22nd April 2018."— Presentation transcript:

1 MAD Academy Training Day 22nd April 2018.
Curved text with shaded colors (Basic) To reproduce the text effects on this slide, do the following: On the Home tab, in the Slides group, click Layout, and then click Blank. On the Insert tab, in the Text group, click Text Box, and then on the slide, drag to draw the text box. Enter text in the text box, select the text, and then on the Home tab, in the Font group, select Franklin Gothic Heavy from the Font list and then select 36 from the Font Size list. On the Home tab, in the Paragraph group, click Align Text Left to align the text left in the text box. Under Drawing Tools, on the Format tab, in the WordArt Styles group, click Text Effects, point to Transform, and then under Warp click Wave 2 (fifth row, second option from the left). Under Drawing Tools, on the Format tab, in the Size group, set the Shape Height to 2”. Drag the pink diamond adjustment handles (at the left and bottom center of the text box) to adjust the amount of text warp. Under Drawing Tools, on the Format tab, in the WordArt Styles group, click the arrow next to Text Fill, point to Gradient, and then click More Gradients. In the Format Text Effects dialog box, click Text Fill in the left pane, select Gradient Fill in the right pane, and then do the following : Click the button next to Preset colors, and then click Ocean (second row, second option from the left). In the Type list, select Radial. Click the button next to Direction, and then click From Center (third option from the left). To reproduce the background on this slide, do the following: Right-click the slide background area, then click Format Background. In the Format Background dialog box, click Fill in the left pane, select Gradient fill in the right pane, and then do the following: In the Type list, select Linear. Click the button next to Direction, and then click Linear Down (first row, second option from the left). In the Angle box, enter 90%. Under Gradient stops, click Add gradient stops or Remove gradient stops until two stops appear in the drop-down list. Also under Gradient stops, customize the gradient stops that you added as follows: Select the first stop from the left in the slider, and then do the following: In the Stop position box, enter 50%. Click the button next to Color, and then under Theme Colors click Black, Text 1, Lighter 5% (sixth row, second option from the left). Select the second stop from the left in the slider, and then do the following: In the Stop position box, enter 100%. Click the button next to Color, and then under Theme Colors click Dark Blue, Text 2, Lighter 40% (fourth row, fourth option from the left).

2 Training on the new Data Protection Legislation GDPR.
Curved text with shaded colors (Basic) To reproduce the text effects on this slide, do the following: On the Home tab, in the Slides group, click Layout, and then click Blank. On the Insert tab, in the Text group, click Text Box, and then on the slide, drag to draw the text box. Enter text in the text box, select the text, and then on the Home tab, in the Font group, select Franklin Gothic Heavy from the Font list and then select 36 from the Font Size list. On the Home tab, in the Paragraph group, click Align Text Left to align the text left in the text box. Under Drawing Tools, on the Format tab, in the WordArt Styles group, click Text Effects, point to Transform, and then under Warp click Wave 2 (fifth row, second option from the left). Under Drawing Tools, on the Format tab, in the Size group, set the Shape Height to 2”. Drag the pink diamond adjustment handles (at the left and bottom center of the text box) to adjust the amount of text warp. Under Drawing Tools, on the Format tab, in the WordArt Styles group, click the arrow next to Text Fill, point to Gradient, and then click More Gradients. In the Format Text Effects dialog box, click Text Fill in the left pane, select Gradient Fill in the right pane, and then do the following : Click the button next to Preset colors, and then click Ocean (second row, second option from the left). In the Type list, select Radial. Click the button next to Direction, and then click From Center (third option from the left). To reproduce the background on this slide, do the following: Right-click the slide background area, then click Format Background. In the Format Background dialog box, click Fill in the left pane, select Gradient fill in the right pane, and then do the following: In the Type list, select Linear. Click the button next to Direction, and then click Linear Down (first row, second option from the left). In the Angle box, enter 90%. Under Gradient stops, click Add gradient stops or Remove gradient stops until two stops appear in the drop-down list. Also under Gradient stops, customize the gradient stops that you added as follows: Select the first stop from the left in the slider, and then do the following: In the Stop position box, enter 50%. Click the button next to Color, and then under Theme Colors click Black, Text 1, Lighter 5% (sixth row, second option from the left). Select the second stop from the left in the slider, and then do the following: In the Stop position box, enter 100%. Click the button next to Color, and then under Theme Colors click Dark Blue, Text 2, Lighter 40% (fourth row, fourth option from the left).

3 What is it GDPR ? GDPR stands for General Data Protection Regulation.
GDPR is a new stricter data regulation coming into place in May across Europe which aims to unify how consumers’ personal data is protected in EU member states. It also aims to create more transparency about how businesses are storing and using people's personal data. . The main goals of this legislation are to protect people’s personal information, to increase the accountability and responsibilities of organisations which process personal data, and to simplify the regulatory environment for businesses, The law is being put into place to protect people’s personal information and ensure the data collected is required, stored and used for the agreed purpose.

4 Brexit I hear you shouting
Even when the UK leave the EU to allow the country to continue trading with the EU, they will need to be GDPR ready and if we don’t follow this it is likely the UK government will bring out a similar programme, which is why the UK has decided to follow this process.

5 How will the GDPR be Enforced
The GDPR will be enforced by the data protection agency such as ICO this is mainly for investigations and breeches of practise. However the biggest enforcer is going to be YOUR CUSTOMERS as there is going to be a huge investment and advertisement campaign to heighten the public’s awareness of their rights. There are fines for not complying with GDPR this can be as high as 4% of revenue of the company.

6 Who is responsible for GDPR
This has two parts there are processors and controllers. Data Processor A processor is someone who process information on your behalf. This is commonly software operators such as mail chimp they have a responsibility to ensure there programmes are compliant and GDPR ready. Data controllers Controllers have the main responsibility this is the person responsible for the operation of the business. Such as manager owner. It is also the controller’s responsibility to ensure they have confirmed the processor is compliant. The controller is responsible for how the data is used. This is You.

7 GDPR 6 Key Principles GDPR has 6 key principles these set out the main responsibilities for organisations. GDPR requires that personal data shall be: 1.Processed 2.Collected 3. Adequate and relevant 4. Accurate and, where necessary, kept up to date 5. Storage and timely 6. Security

8 Key Principles explained
Principle 1 Processed this means the information gained needs to be lawfully, fairly and in a transparent manner in relation to individuals. Principle 2 Collected there needs to be a specified, explicit and legitimate purposes for the collection of the information but very important, is not to further process the information in a manner that is incompatible with those purposes.

9 Key Principles explained
Principle 3 Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. This means you must only gather information that is required. Principle 4 Accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay.

10 Key Principles explained
Principle 5 Storage All information must only be Kept in a form which permits identification of data for no longer than is necessary for the purposes for which the personal data are processed. Principle 6 Security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures must be put in place.

11 Processing lawfully To process people’s personal data you must have a valid lawful basis, which in the legislation there are 6 lawful bases for processing. Which basis is most appropriate to use will depend on your purpose and relationship with the individual. The key consideration is you need to be able to demonstrate that processing is ‘necessary’. As if you can reasonably achieve the same purpose without the processing, you won’t have a lawful basis. The lawful basis must be selected before you begin processing this will also need to be documented. The lawful basis cannot be swapped at a later date without very good reason. If this did occur the change would need to be documented and reason why.

12 What are the lawful bases for processing? I hear you ask.
There are 6 lawful bases for processing. At least one of these must apply whenever you process personal data:    Consent 2 Contract 3 Legal obligation 4 Vital interests 5 Public task 6 Legitimate interest

13 Lawful bases for processing explained.
Consent: the individual has given clear consent for you to process their personal data for a specific purpose. Contract: the processing is necessary for a contract you have with the individual, or because they have asked you to take specific steps before entering into a contract. Legal obligation: the processing is necessary for you to comply with the law (not including contractual obligations). Vital interests: the processing is necessary to protect someone’s life. Public task: the processing is necessary for you to perform a task in the public interest or for your official functions, and the task or function has a clear basis in law. Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests. The most common lawful base which will apply to you and your customers is consent and legitimate interest.

14 Consent The GDPR sets a high standard for consent. Consent means offering individuals real choice and control. Genuine consent should put individuals in charge, Consent must be freely given; this means giving people genuine ongoing choice and control over how you use their data. The consent request is required to be very clear and specific statement of consent. (head office is working on examples of these for you)

15 Consent It must be specific so that you get separate consent for separate things. Vague or blanket consent is not acceptable. So for example if you are requesting consent to store a customer’s full name and address as they attend a class this would be one consent but if you was requesting consent to use this information to market information to them this requires a different consent. Consent must specifically cover the controller’s name, the purposes of the processing and the types of processing activity. Consent requests need to be kept separate from other terms and conditions. This helps to build customer trust and engagement, and enhance your reputation.

16 Consent Refresh and Op – in option.
Consent Op-in Consent requires a positive opt-in system rather than the opt out system. Pre-ticked boxes or any other method of default consent are not acceptable. Consent must be clear and concise. Name any third party controllers who will rely on the consent. Make it easy for people to withdraw consent and tell them how. Keep evidence of consent – who, when, how, and what you told people. Keep consent under review, and refresh it if anything changes. Avoid making consent to processing a precondition of a service. Consent refresh This is requiring you to gain new consent from your customers to hold, store and use their personal data. This can be carried out electronically or manually. But a record of gaining refresh consent is required.

17 Recording and management of consent
Recording consent A record of when and how consent was achieved from the individual is required. A record of the consent is also required. This can be achieved through having a chart of gaining consent which head office are creating a template to support you with this and then storing the consent gained. Managing consent As part of the GDPR law you are required to regularly review consents to check that the relationship, the processing and the purposes have not changed. A process for gaining refresh consent at appropriate intervals needs to be operated. Again head office is working on this. We recommend that reviewing the consent is carried out at the end of each term and refresh consent is achieved on a yearly basis.

18 Withdrawal of consent Individuals have the right to withdraw their consent at any time. This must be publicise to individual. Head office are adding a statement to the registration forms and will be on the new consent template. It will also be covered in the refresh statement and privacy notice. This supports you in achieving the GDPR law in making it easy for individuals to withdraw consent. If a withdrawal request is made by a customer this must be acted on ASAP. No customer can be penalise for withdrawing consent.

19 How should you obtain consent?
Consent request need to be prominent, concise, separate from other terms and conditions, and easy to understand. They need to include: the name of your organisation; e.g. MAD Academy. the name of any third party controllers who will rely on the consent; Active. Why you want the data; e.g. to invoice and in case you need to contact them due to changes of classes. what you will do with it; e.g. use the information to create a register, contact log, invoices That individuals can withdraw consent at any time.

20 Example of gaining consent
Example of obtaining Consent Scenario: A photographer attended a MAD class and you are requesting the parents to allow you to buy copies. You need to make them aware this would be to advertise your classes and where you would be doing this whether it would be in leaflet from face book a local Champaign or national. Example of statement of consent Please could you provide your consent to Hayley Brabrook-Cherry of MAD Academy to purchase a photo with your child…Melody Smith…. to use on a social media advert Champaign to promote the Mad Academy classes. This would be a national Champaign.

21 Legitimate interests To use legitimate interests: you need to demonstrate that you have carried out an LIA this is legitimate interests assessment which must be kept and stored. You must be able to identify the relevant legitimate interest such as insurance. The processing most be necessary and there is no less intrusive way to achieve the same result. Necessary’ means that the processing must be a targeted and proportionate way of achieving your purpose. You cannot rely on legitimate interests if there is another reasonable and less intrusive way to achieve the same result.  A balancing test needs to be carried out, and needs to demonstrate that the individual’s interests do not override those legitimate interests. Individuals’ data is only used in ways they would reasonably expect. People’s data is not being used in ways they would find intrusive or which could cause them harm, unless we have a very good reason. .

22 What is an LIA legitimate interest’s assessment?.
This is required when a Controller (you) wishes to rely on Legitimate Interests as the Lawful Basis for a processing operation, you will need to be able to demonstrate to an individual, when challenged, that you have fully considered the necessity of the purpose of processing, against the rights of the individuals and came to a decision that the individual’s rights did not override the interest of the Controller. The decision should be documented and reviewed.

23

24 Collecting Data The main purpose of the GDPR is to ensure you are only collecting data you require, Data it applies for you are. Persons name DOB Address Medical details Photos Phone numbers There is other data it applies to but these are the key for you.

25 Sharing Data with agents
If you have agents work for you clearly you will need to share personal information. To allow them to carry out there role. But you must make sure you are only providing information required. You must have safeguards in ,Setting barriers so they only have access to the data required. Example they will need access to the child’s name and DOB and contact number but wouldn’t need to access there address or whether they had siblings etc. Need to ensure when sharing personal data you can prove it is for a legitimate reason. Such as to achieve job role.

26 Reviewing and storing data
Reviewing data You need to consider the length of time you keep information. This is needs to be realistic so for an example if you have had a child attend a trial session in the spring term then they haven’t returned and you are now in the autumn term it is probably unlikely that child will be joining the classes so you no longer require there personal information so deleting this information is the way forward. If there is a legal or insurance reason you need to hold data for a period of time such as 5 or 7 years. This is acceptable as it is a legitimate reason. Please remember the more data you hold the more vulnerable you will be. Storage You need to ensure that all personal data you store is protected. This can be achieved in a number of ways these can be. ever through using an erupted software password protecting files a separate portal device which can then be securely stored away when not in use.

27 Documentation What does documentation mean under the GDPR. It means to: Maintain a record of processing activities To record the processing purpose Data sharing Data retention This is all classified as documentation .

28 Documentation As part of the new regulations you are now required to document all data you hold. This is important and there are several reasons. The first being it is a legal requirement. However if you was investigated and requested to make the information available having it documented will support this process. It will support you to respond in an effective and professional manner to requests from individuals for access to their information.

29 Documentation chart example
Below is a chart that we have been recommended to use as an example. Purposes of processing Categories of individuals Categories of personal data Marketing Customers Contact details Lifestyle information

30 Documentation Documentation using the type of chart, shown in the previous example you will help you create a complete and comprehensive record of your processing activities. Within which you document the different types of information and meaningfully linking them together.

31 Updating our record of processing activities?
Keeping a record of your processing activities is not a one-off exercise; the information you document must reflect the current situation as regards to the processing of personal data. So you should treat the record as a living document that you update as and when necessary. This means you should conduct regular reviews of the information you process to ensure your documentation remains accurate and up to date. We recommend a review at the end of each term.

32 How should we document our findings?
The documentation of your processing activities must be in writing; this can be in paper or electronic form. Head Office recommend it would be beneficial to you to maintain your documentation electronically so you can easily add to, remove, and amend as necessary. The key is being able to demonstrate a meaningful link between the data and the purpose.

33 Security of data The GDPR requires personal data to be processed in a manner that ensures its security. This includes protection against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical or organisational measures are used.

34 Marketing and being compliant
You Company If you are carrying out your own marketing. The basic rule to follow is you can not cold call people. You need to gain consent to sent regular marketing material. Also if you are making a marketing call you are require to display your number. If you have a company carrying out marketing on your behalf you need to ensure that they are GPRS complaint as well. This can be achieved through asking to see there policy. At present mail chimp have stated they are in the process of becoming compliant. If you do use mail chimp there is a facebook closed group based on the GPRS ups/mailchimpanswers/ Which could support you to gain further information.

35 Social Media On every social media network be it Facebook, LinkedIn,
Twitter consent is automatically present. Your audience proactively initiates the first point of engagement by liking, following, or connecting with your page.      

36 SOCIAL MEDIA & GDPR Social media is such a big part of any digital marketing strategy. As far as data collection and usage is concerned, these will be covered by the terms and conditions and privacy policies of each platform. And when it comes to advertising on social media, all channels have worked on this to support you to be compliant. For example In most instances Facebook will act as a data controller, but there are some cases when the platform acts as a data processor, making businesses, and not Facebook, responsible for ensuring that the data they provide and/or collect is GDPR compliant.

37 Good News So the good news is it is NOT your responsibility to ensure social media sites such as Facebook, Instagram, Ripl are GDPR compliant. But it is your responsibility to ensure that you are using customer’s details to the agreed manner with the customer and in a manner they are comfortable. They need to opt in for such use.

38 SOCIAL MEDIA & GDPR You will need strong evidence to prove you have gained permission to use the data in the manner it has been used. This is why we are in the process of creating new templates to support you with this to ensure you are being GDPR complaint. You need to ensure you exercise proper care with your use of personal data from your social media followers. For example, it will not be acceptable to take a customer’s address and then look to use that in any undeclared marketing or data processing activities. This is why opt in is so important.

39 SOCIAL MEDIA KEY POINTS
You will be pleased to hear that as far as consent and data use is concerned, these will be effectively covered by the terms and conditions and privacy notices of each of these software tools. While you might not be a big fan of small print, social media users will need to be presented with a clear Privacy Notice or similar, which is available for their consideration before they decide to sign up and start participating.

40 Marketing marketing is common practise and can provide great results. However the audience we target now has to be. Needs to be for existing customers. This is to ensure you can demonstrate legitimate interest. You must ensure your customers are aware of there ability to opt-out. New customers must opt in to receive these s.

41 How to prepare? To get prepared you need to identify the data you collect and store, a positive way to achieve this is to carry out a data mapping exercise. This will allow you to clarify the personal data you hold and where. Once you have identified the data you collect and where, the next step is to ask yourself the following questions Why do you use personal data? Who do you hold information for? What information do you hold about them? Who do you share it with? How long do you hold it for? How do you keep it safe?

42 Mapping Chart So lets get started
We are now going to carry this mapping exercise out. To get you on your way to being GDPR ready.

43 Further information. .http://cobb.agency/blog/gdpr
PRforonlineentrepreneurs/ lchimpanswers/ We also have PDF information we are going to share. We have done so much research on this for you to support you from webinars, training, networks and general research. There is no way we can cover all the information today so to support you further here is a few links to useful sites to provide further information on the new regulations.

44 What we are doing to ensure MAD is compliant.
Attended training and gained advice on the GDPR and how to be compliant. We are reviewing the privacy policy. We are reviewing outside source GDPR compliancy to either start work or continue work. We are creating new consent templates for you to use. Creating a refresh consent template for you to use. The processing mapping chart. Controllers personal data checklist. Review date protection policy. We will be providing you regular updates as we receive them on the changes.

45 What are the next steps.. To ensure you are compliant by May 25th 2018 you need to: Complete the mapping chart. Review the personal information you hold and delete any that you don’t require any more. Complete the processing chart. Ensure all personal data is stored securely. Send out refresh consent forms. Be prepared to use the new templates. Set yourself dates for reviewing the processing chart. If you use any third parties check they are GDPR compliant. Be prepared for head office to request to carry out a data protection audit.

46 Final summary of how to be compliant.
Data must be collect in a fair transparent and lawful way. You must limit the information you are collecting. You need to be specific on the data you are collecting and there must be legitimate reasons for the collection. Information held must be accurate and up to date. Good practise would be asking parents to review the information you hold every 6months. Only keep the personal data for as long as is required for processing. You must store the data in a manner that is deemed secure.

47 Thank you for attending

Download ppt "MAD Academy Training Day 22nd April 2018."

Similar presentations

Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
The Data Protection Act 1998. What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;

The Data Protection Act What Data is Held on Individuals? By institutions: –Criminal information, –Educational information; –Medical Information;
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
3M Partners and Suppliers Click to edit Master title style USER GUIDE Supplier eInvoicing USER GUIDE The 3M beX environment: Day-to-day use.

3M Partners and Suppliers Click to edit Master title style USER GUIDE Supplier eInvoicing USER GUIDE The 3M beX environment: Day-to-day use.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998

The Data Protection Act 1998
A Mile High Professional Development Experience From AMATYC

A Mile High Professional Development Experience From AMATYC
Static picture effects for PowerPoint slides

Static picture effects for PowerPoint slides
GDPR – What’s it all about???

GDPR – What’s it all about???
Steps To Support Online Courses with Large Enrollments Dr. Paula Jones

Steps To Support Online Courses with Large Enrollments Dr. Paula Jones
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
Data Protection The Current Regime

Data Protection The Current Regime
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
For children born between 1st September 2013 and 31st August 2014

For children born between 1st September 2013 and 31st August 2014
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
The Data Protection Act 1998

The Data Protection Act 1998

Similar presentations

Ads by Google