Presentation is loading. Please wait.

Presentation is loading. Please wait.

General Data Protection Regulation (GDPR)

Published byMaud Greene Modified over 6 years ago

Similar presentations

Presentation on theme: "General Data Protection Regulation (GDPR)"— Presentation transcript:

1 General Data Protection Regulation (GDPR)
Kate Belinis CDA Herts East Herts Village Halls Conference 05 December 2017 Little Hadham Village Hall

2 What is it? New European Legislation (replacing existing European Directive 95/46/EC) It will apply from 25 May 2018! Overview: Same basic principles as current Data Protection Law Accountability New rights for individuals and strengthening of existing rights Breach reporting Data Protection Impact Assessments Higher penalties for non-compliance

3 Preparing for this: 12 steps
Awareness: ensure decision makers and key people are aware. Need to appreciate the impact Information you hold: document what personal data you hold, where it came from and who you share it with. You will need an information audit Communicating privacy information: review your current privacy notices and put a plan in place for making any necessary changes in time for implementation Individual’s rights: check procedures to ensure rights are covered, including how you would delete personal data or provide data electronically and in a commonly used format Subject access requests: update your procedures and play how you will handle requests within the new timescales and provide any additional information Legal basis for processing personal data: look at the various types of data processing you carry out, identify your legal basis for doing this and record it.

4 Preparing for this 7. Consent: review how you are seeking, obtaining and recording consent and whether you need to make any changes. Children: start thinking now about putting systems in place to verify individuals’ ages and to gather parental/guardian consent Data breaches: ensure you have right procedures to detect, report and investigate a personal data breach Data Protection by Design & Impact Assessments: familiarise yourself now with guidance from ICO and work out how and when to implement them Data Protection Officer: designate someone to take responsibility and assess where this role will sit within structure and governance International: if you do then determine which is the protection supervisory authority

5 Where do I start? Governing body and management team
Responsibility of designated Officer What personal information is held? Carry out Information Audit: Overview How is it collected? Where is it stored? Who has access? How is it shared?

6 Legal basis for processing
ICO due to issue guidance: GDPR lawful Processing (Article 6, Section 1) Consent Contractual Obligation Legal Obligation Protect a person In the public interest Legitimate interests of the controller But currently it is either: Consent or Legitimate interests NOTE: when personal data is SHARED or Sensitive Personal Data is COLLECTED, the Individual must explicitly CONSENT to processing of Personal

7 Review of Consent processes
Fair Processing Notices People must opt in Recording and managing consent Fair Processing Notice for children under 16 Individual’s Rights Right to Access Accountability principle – YOU need to show Maintaining relevant documentation Privacy Impact Assessments Breach notification

8 References Overview of GDPR: Fair Processing Notices Guidance: Consent Guidance (includes checklist): Conducting Privacy Impact Assessments Code of Practice:

9 Resources Information Commissioners Office: Guidance and templates: GDPR myth-busting blogs: Thanks to Sefton CVS for this information and presentation 

Download ppt "General Data Protection Regulation (GDPR)"

Similar presentations

An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.

Introduction to the Australian Privacy Principles & the OAIC’s regulatory approach Privacy Awareness Week 2016.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Regulation

Data Protection Regulation
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Ireland’s transition towards the GDPR

Ireland’s transition towards the GDPR
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
Information Destruction; 2017 and beyond!

Information Destruction; 2017 and beyond!
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation

General Data Protection Regulation
Getting Ready for the GDPR

Getting Ready for the GDPR
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017

Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017

GDPR Overview Gydeline – October 2017
GDPR support January GDPR support January 2018.

GDPR support January GDPR support January 2018.

Similar presentations

Ads by Google