Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR How does it apply to me?.

Similar presentations


Presentation on theme: "GDPR How does it apply to me?."— Presentation transcript:

1 GDPR How does it apply to me?

2 What is GDPR? It is the LAW! GDPR – ADINJC 2018
No getting away from it IT’S THE LAW! So we MUST be aware of it and how it affects us GDPR – ADINJC 2018

3 What is GDPR? The General Data Protection Regulation
Comes into force on May 25th GDPR – ADINJC 2018

4 1995 Data Protection Directive and Data Protection Act (1998).
Make a point about how little DPA has really affected any of us…. And that GDPR will probably really be the same… BUT Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). GDPR – ADINJC 2018

5 What is GDPR? The EU's GDPR website says the legislation is designed to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. BREXIT doesn’t affect this – it is LAW As it comes into force before BREXIT and is writen into UK law Brexit? GDPR – ADINJC 2018 Source: ICO GDPR

6 What is GDPR? In a ‘nut-shell’:
General Public - Greater control of their own ‘personal data’ Businesses - More obligations to the handling of this data Discuss fines?  Up to €20 million, or 4% annual global turnover – whichever is higher. Potential £5000 from ICO for not regsitering UK Regulated by the ICO – Fines for non-compliance and non-registration GDPR – ADINJC 2018

7 In reality… Why is Data Protection important? Identity theft
Responsibility to our customers - as business owners and human beings! Will we ever really fall under the scrutiny of the ICO? Identity theft Responsibility as a person – never mind as a buisness GDPR – ADINJC 2018 Source: ICO GDPR

8 What about ADIs? Do we have to adhere to GDPR?
1) “GDPR will apply to any business that ‘processes’ ‘personal data’.” 2) Are you a ‘business’? Simple answer is yes 3) Do you ‘Process’ ‘Personal Data’? GDPR – ADINJC 2018 Source: ICO GDPR

9 Some definitions: Process
“any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc” Personal Data The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. GDPR – ADINJC 2018 Source: ICO GDPR

10 What about ADIs? How many ‘types’ of ADI are there? Sole Trader?
Part Timer? Small School? Multi Car School? GDPR applies to us in different ways, depending on number of factors Large School? ‘Hobbyist? GDPR – ADINJC 2018

11 Some definitions: Data Processor
A processor is responsible for processing personal data on behalf of a controller. Are you a processor? GDPR – ADINJC 2018 Source: ICO

12 Some definitions: Data Controller
A controller determines the purposes and means of processing personal data. Are you a controller? Could you be both? GDPR – ADINJC 2018 Source: ICO

13 Some definitions: Data Subject
A natural person whose personal data is processed by a controller or processor. GDPR – ADINJC 2018 Source: ICO GDPR

14 Data Subject’s rights 1) The right to be informed.
2) The right of access 3) The right to rectification 4) The right to erase 5) The right to restrict processing 6) The right to data portability 7) The right to object 8) Rights in relation to automated decision making and profiling GDPR – ADINJC 2018

15 GDPR’s 6 Principals 1) Lawfulness, fairness and transparency.
2) Purpose limitations 3) Data minimisation 4) Accuracy 5) Storage limitations 6) Integrity and confidentiality GDPR – ADINJC 2018

16 What should I do next? 1) Assess Awareness. 2) Review Data
3) Individual’s Rights 4) Privacy Polices 5) Subject Access Requests 6) Lawful Basis for Processing 7) Consent 8) Data Breaches GDPR – ADINJC 2018

17 ICO Should I register? “A ‘data controller’ who is processing personal information to register with the ICO unless they are exempt. ‘A data controller can be a company, partnership, sole trader or other organisation.’ £5000 fine ADIs have not been looked into as an industry by HMRC or ICO for a very, very long time…. Is it due ? A business that fails to register will be guilty of a criminal offence; in the case of companies, sanctions can also be imposed on the directors personally. GDPR – ADINJC 2018

18 £5000 fine ADIs have not been looked into as an industry by HMRC or ICO for a very, very long time…. Is it due ? GDPR – ADINJC 2018


Download ppt "GDPR How does it apply to me?."

Similar presentations


Ads by Google