Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Data Protection Regulation

Published byAde Sudirman Modified over 6 years ago

Similar presentations

Presentation on theme: "General Data Protection Regulation"— Presentation transcript:

1 General Data Protection Regulation
New regulation that will replace GDP by May 2018 GDPR expects businesses to put data protection accountability at the centre of their business processes. The ICO’s website has a twelve step plan to help organisations prepare for the GDPR

2 Who will it apply to? It will apply to controllers and processors of personal data A controller determines the purposes and means of processing personal data. A processor is responsible for processing personal data on behalf of a controller. If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach. However, if you are a controller, you are not relieved of your obligations where a processor is involved – the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. The GDPR applies to processing carried out by organisations operating within the EU. It also applies to organisations outside the EU that offer goods or services to individuals in the EU.

3 Principles processed lawfully, fairly and in a transparent manner in relation to individuals; collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; , having regard to the purposes for which they are processed, are erased or rectified without delay;

4 Principles of GDPR adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccuratekept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; and

5 Principles processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.”

6 The Controller’s responsibilities .”
The controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

7 Penalty and fines For the most serious violations of the law, my office will have the power to fine companies up to twenty million Euros or four per cent of a company’s total annual worldwide turnover for the preceding year.

8 What information does the GDPR apply to?
Personal data The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier Sensitive personal data The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9). The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

9 Consent The GDPR sets a high standard for consent. But you often won’t need consent. If consent is difficult, look for a different lawful basis. Consent means offering individuals real choice and control. Check your consent practices and your existing consents. Refresh your consents if they don’t meet the GDPR standard. Consent requires a positive opt-in. Don’t use pre-ticked boxes or any other method of default consent. Explicit consent requires a very clear and specific statement of consent. Keep your consent requests separate from other terms and conditions. Be specific and ‘granular’ so that you get separate consent for separate things. Vague or blanket consent is not enough. Be clear and concise.

10 Consent Name any third party controllers who will rely on the consent.
Make it easy for people to withdraw consent and tell them how. Keep evidence of consent – who, when, how, and what you told people. Keep consent under review, and refresh it if anything changes. Avoid making consent to processing a precondition of a service. Public authorities and employers will need to take extra care to show that consent is freely given, and should avoid over-reliance on consent.

11 What is a Data Protection Impact Assessment?
Data protection impact assessments (also known as privacy impact assessments or PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur

12 When does a Data Protection Officer need to be appointed under the GDPR?
When the organisation : are a public authority carry out large scale systematic monitoring of individuals (for example, online behaviour tracking) carry out large scale processing of special categories of data

13 How can I demonstrate that I comply?
You must: implement appropriate technical and organisational measures that ensure and demonstrate that you comply. This may include internal data protection policies such as staff training, internal audits of processing activities, and reviews of internal HR policies; maintain relevant documentation on processing activities; where appropriate, appoint a data protection officer;

14 How can I demonstrate that I comply
implement measures that meet the principles of data protection by design and data protection by default. Measures could include: data minimisation pseudonymisation transparency allowing individuals to monitor processing; and creating and improving security features on an ongoing basis. use data protection impact assessments where appropriate. adhere to approved codes of conduct and/or certification schemes. See the section on codes of conduct and certification for more detail.

Download ppt "General Data Protection Regulation"

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Www.clarkholt.com Clark Holt Limited (Co. No. 8774683), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998

The Data Protection Act 1998
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Trevor Ellis Trainee Programmer (1981 – 28 years ago)

Trevor Ellis Trainee Programmer (1981 – 28 years ago)
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
Data Protection Act.

Data Protection Act.

Similar presentations

Ads by Google