Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? www.thehrspecialists.co.uk Call Kerry on 01279 814888 Or email.

Published byGeorgia Anastasia Bradley Modified over 6 years ago

Similar presentations

Presentation on theme: "Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? www.thehrspecialists.co.uk Call Kerry on 01279 814888 Or email."— Presentation transcript:

1 Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or

2 Introduction Personal Data needs to be protected you should already be complying with current data protection legislation. The New GDPR will add to those regulations and will come into force in May 2018

3 The Information Commissioner’s office (ICO)
The ICO has created a readiness 12 step plan. The 12 steps are: Awareness – off key decision makers Document what personal information you hold Communicate and amend your privacy notices Check procedures for individuals rights e.g. deleting and providing electronic access to info Subject access requests within the new timescales Update your lawful basis for holding personal data through privacy policies

4 The Information Commissioner’s office (ICO)
The ICO has created a readiness 12 step plan. The 12 steps are: Refresh existing consent processes to meet new GDPR standard Verification on ages if you have any under 18’s in the workforce as new rules apply Right procedures are in place to detect, report and investigate data breaches Be familiar with ICO code of practice on Privacy Impact Assessments Designate someone senior to take responsibility for Data Protection Compliance If your organisation operates across EU borders and personal data is processed across borders who is the lead data protection authority

5 What is personal information
Any personal information you hold (relating to an identified or identifiable person)

6 Special category data There is also a distinction between personal data and special category data which could be: • Racial or ethnic origin • Political opinion • Religious/philosophical beliefs • Trade union membership • Physical or mental health or condition • Sexual life or sexual orientation

7 Employee rights Ensure that the rights of people about whom information is held can be fully exercised under the GDPA These rights include: • The right to be informed • The right of access to personal information • The right to request rectification • The right to request erasure • The right to restrict processing in certain circumstances • The right to data portability • The right to object to processing • The Principles of Data Protection

8 The 6 principles Anyone processing personal data must comply with 6 principles of good practice. These principles are legally enforceable. 1. Lawful, fair and transparent processing of data 2. The purpose for which personal data is collected must be specified, explicit and legitimate and the data must be processed in a manner that remains compatible with the initial purpose of which it is collected 3. The data must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed 4. Accurate data must be maintained 5. Kept in a form which permits identification of data subjects for no longer than is necessary 6. Processed in a manner that ensures appropriate security of the personal data

9 Data Breaches You will be required to notify the ICO of a breach where it is likely to result in a high risk to the rights and personal freedoms of individuals. i.e. a detrimental effect on an individual Breaches must be reported within 72 hours of becoming aware of it (you will have a short window to investigate). If you do not have an action plan to rectify breach you may face a fine. You have to notify individuals directly if there is a high risk to their rights and freedoms (the threshold is higher to notify individuals) What should you do? Train your staff to identify what constitutes a breach Create an internal breach procedure Create a breach notification form

10 What do you need to do – next steps
1. Appoint someone in the organisation to oversee the GDPR implementation 2. Create a Data Protection Impact Assessment (DPIA). A DPIA is effectively an audit or a map or what: personal data you hold Where it is stored (is it in one location or over many locations and formats) Who it is shared with Who processes it How the data is obtained and processed Risk reduction measures such as do you encrypt data Then you can create a traffic light action plan to work on the areas of risk within your organisation. Decide how you will hold all data going forward, are changes required such as creating an online HR platform to securely hold your data if you don’t have one.

11 What do you need to do – next steps
3. Keep relevant records of your processes 4. Update your data security policies, plans and procedures including your monitoring and privacy policies and procedures 5. Create a Privacy Impact Assessment (PIA) to identify and reduce privacy risks involved in projects and processes for example – recruitment processes or equality monitoring 6. Securely delete unnecessary data (seek advice form your HR representative if required) 7. Prepare a plan for handling subject access requests 8. Update your data consent form (separate to your contracts of employment) *Speak to your HR representative 9. Check if your data goes across EU borders if so identify supervisory authority

12 Data Protection Officer (DPO)
It wont be a legal requirement for most small businesses to appoint a DPO but it will be beneficial to appoint a senior responsible person for the data obligations. If you do appoint a DPO it can be an internal or external person. Their tasks should include: To inform and advise organisation and its employees about their obligations to comply with GDPR To monitor your compliance with GDPR (including advising on impact assessments) Train staff and conduct internal audits To be the first point of contact for individuals and authorities Manage responses to subject access requests Create a data breach policy/plan and manage communication and notifications of breaches Staying up to date with developments on GDPR and codes of practice

13 Finally Communicate to employees
Under the regulations the rights of individuals are extended to give them more control over their own data Explain to employees: The 6 data protection principles What is personal data What is sensitive/special categories of data What happens during processing of data What are data controllers and data processors How is their data filed e.g. manually and location or on an a centralised automated HR system How to make a subject access request and what they are entitled to request Data breaches What the organisation is doing to meet GDPR Call Kerry on Or

Download ppt "Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? www.thehrspecialists.co.uk Call Kerry on 01279 814888 Or email."

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.

Data Protection: An enabler? David Freeland, Senior Policy Officer 23 October 2014.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.

Data Protection - Rights & Responsibilities Information Commissioner’s Office Orkney Practice Forum 4 th July 2007.
Data Protection Act 1998. The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.

Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
DATA PROTECTION ACT 1998. INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March 2000. It is more far reaching than its predecessor,

DATA PROTECTION ACT INTRODUCTION The Data Protection Act 1998 came into force on the 1 st March It is more far reaching than its predecessor,
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation

Similar presentations

Ads by Google