Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR: How to ensure a culture of compliance

PublishFelix Moody Modified over 5 years ago

Similar presentations

Presentation on theme: "GDPR: How to ensure a culture of compliance"— Presentation transcript:

1 GDPR: How to ensure a culture of compliance
Dai Durbridge

2 Understanding why behaviours and practices need to change
Types of behaviour that may well breach GDPR How best to change behaviours to ensure compliance

3 The basics Up to €20,000,000 fine Get your policies and other docs in order Appoint your DPO All achievable by 25 May 2018 and gets you 80% of the way there

4 The basics The final 20% is the culture change
Not going to be achieved in next nine weeks Need longer to win hearts and minds

5 Why behaviours and practices need to change

6 Behaviours and practices change
Up to €20,000,000 fine Accountability and compliance focus under GDPR “Keep it just in case” mantra Privacy and data security not at the forefront of minds

7 Behaviours and practices change
Rely too heavily on broad consent for our reason for processing Moving to a regime where privacy and data security need to be thought about with the same seriousness as safeguarding in schools

8 Types of behaviour that breach GDPR

9 Types of behaviours USB pen drives
Member of staff downloads personal data onto USB drive and loses it. Would the member of staff tell you…?

10 Types of behaviours Subject access request
You receive an from asking for copies of his records (former pupil) Do you provide them? Is he who he says he is? Paranoia, adversarial, distrusting

11 Types of behaviours Governor using personal email address
Governor s your lawyers from her account with the subject line ‘dismissal of headteacher’ and content including allegations, salary and proposed settlement terms Problem?

12 Types of behaviours Downloading onto home computer
Staff member remotely accesses the school system and downloads safeguarding information to his home computer What are the risks?

13 Types of behaviours Leaving laptop in the car overnight
Teacher has a school laptop and leaves in the car overnight. The car is broken into. The laptop is password protected, but the password is ‘password’. It is not encrypted. Does this sound realistic? What’s on the laptop? What are the risks?

14 Types of behaviours Emails accessed on personal phone
Staff member confirms that absolutely no one else can access the phone…accept her husband and the kids to play games. Assures you they’d never look at her s… Is this a risk?

15 How best to change behaviours to ensure compliance
Dai Durbridge

16 Changing behaviours A balance to be struck between changing behaviours and adding safeguards to existing behaviours May not need to stop anything, but may need to build processes and procedures around approaches to ensure and evidence compliance Some behaviours will need to change

17 Changing behaviours Case studies: USB pen drives
governor personal addresses downloading onto home computer laptop in car s on personal phone.

18 Changing behaviours Can’t change behaviours overnight
Has to be done at the right time at the right pace in the right way Unlikely to be achieved in the next nine weeks

19 Changing behaviours Don’t mention GDPR
Position it as changing working practices to make staff lives better Remote working Not lugging documents around Heightened security to protect their own hardware

20 Changing behaviours Help them with new skills How to guides Top tips
Do it for them! Outcome is more important than timeframe

21 Outcomes All about the evidence
Review how staff are trained and how regular updates are provided Think about ways to engage staff and evidence outcomes: staff quiz survey monkey questions in team meeting plenty of others.

22 Our tookit Browne Jacobson GDPR toolkit for schools £700 plus VAT £575 plus VAT for Optimus members Available next week

23

24 Dai Durbridge| 0330 045 2105| dai.durbridge@brownejacobson.com
Please note The information contained in these notes is based on the position at March It does, of course, only represent a summary of the subject matter covered and is not intended to be a substitute for detailed advice. If you would like to discuss any of the matters covered in further detail, our team would be happy to do so. © Browne Jacobson LLP Browne Jacobson LLP is a limited liability partnership. Dai Durbridge| |

Download ppt "GDPR: How to ensure a culture of compliance"

Similar presentations

Webinar: How to handle PRP appeals -------------------------------------- Presented by Heather Mitchell, employment lawyer at Browne Jacobson.

Webinar: How to handle PRP appeals Presented by Heather Mitchell, employment lawyer at Browne Jacobson.
Making the most out of Wildern Supporting your children as they start their Wildern journey to ensure they get the best results when they leave us in 2019!

Making the most out of Wildern Supporting your children as they start their Wildern journey to ensure they get the best results when they leave us in 2019!
SECURITY: 2014. Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.

SECURITY: Personal Health Information Protection Act, 2004 this 5 min. course covers: changing landscape of electronic health records security threats.
Public Bodies Governance Conference 8 March 2013 Performance and risk: keeping your finger on the pulse!

Public Bodies Governance Conference 8 March 2013 Performance and risk: keeping your finger on the pulse!
Privacy and Information Management ICT Guidelines.

Privacy and Information Management ICT Guidelines.
Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.

Session 12 Information management and security. 1 Contents Part 1: Introduction Part 2: Legal and regulatory responsibilities Part 3: Our Procedures Part.
Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:

Session 11 Data protection. 1 Contents Part 1: Introduction Part 2: Applicability and responsibility Part 3: Our procedures on data protection Part 4:
Fraud Risk – some context first Year ending September 2015 there were 604,601 fraud offences reported (ONS) The National Fraud Indicator report in 2013.

Fraud Risk – some context first Year ending September 2015 there were 604,601 fraud offences reported (ONS) The National Fraud Indicator report in 2013.
1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.

1 Information Governance (For Dental Practices) Norman Pottinger Information Governance Manager NHS Suffolk.
Information Management and the Departing Employee.

Information Management and the Departing Employee.
How to minimise the risks for your children online

How to minimise the risks for your children online
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
KCSIE 2016: Ensuring implementation in your school or setting

KCSIE 2016: Ensuring implementation in your school or setting
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
Nick MacKenzie, Partner, Browne Jacobson LLP

Nick MacKenzie, Partner, Browne Jacobson LLP
GDPR – What’s it all about???

GDPR – What’s it all about???
Volunteers Governors New members of Staff

Volunteers Governors New members of Staff
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know

Similar presentations

Ads by Google