Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR & Accountability ISACA Ireland Annual Conference 2018

Published byAmelia Webb Modified over 5 years ago

Similar presentations

Presentation on theme: "GDPR & Accountability ISACA Ireland Annual Conference 2018"— Presentation transcript:

1 GDPR & Accountability ISACA Ireland Annual Conference 2018
Ultan O’Carroll, Assistant Commissioner (Technology) November 2018 @DPCIreland

2 Regulations Universal Declaration on Human Rights (1948)
European Convention on Human Rights (1950) Constitution of Ireland (1937; case-law) Convention 108 (Council of Europe, 1981) Data Protection Act, 1988 EU Directive 95/46/EC Data Protection (Amendment) Act, 2003 GDPR ePrivacy Regulation? EU Charter of Fundamental Rights – Art.7: “Everyone has the right to respect for his or her private and family life, home and communications.” Art.8: “Everyone has the right to the protection of personal data concerning him or her.” + to be processed fairly for specified purposes and on a legitimate basis + subject to control by an independent authority

3 Data Protection Principles Obligations Fair obtaining & processing
Transparent Data minimisation Specified purpose - Relevant, not excessive Non disclosure Accurate Safe & Secure Specified Retention period Accountability : demonstrate compliance with principles. DP by Design & Default Risk Management User rights

4 Accountability by… Transparency Record Keeping Codes of Conduct
Certification Impact Assessment Governance and Data Protection By Design & Default Contract, transfers, agreements, BCRs User rights Data Protection Officer

5 Data Protection by Design
Start to finish – business case to end-of-life Design and Non Functional Requirement Whole organisation to engage Delete means delete Security – encryption and pseudonymisation are not anonymization Know your data, processes, configuration, deployment and risks – Data Protection Impact Assessment [35,36] Default settings observing principles must be used

6 Impact Assessment (Art 35)
Prior Assessment (audit) for high risk processing Screening & record keeping (Art 30) Structured & Methodical approach Documents processing, inherent and residual risk Determines whether processing can take place Prior Consultation - Art 36?

7 Accreditation & Certification
765/2008 still applies but Art 43(1) also applies ISO basis – products and services INAB will accredit, DPA to approve criteria – GDPR based DPA to specify “additional requirements” – expertise etc. Legal, Technical, Security, Evaluation, Assessment skills Cross border – “EDPB Seal” Other certification still possible

8 GDPR Opportunities Skills needed across organisations to demonstrate and be accountable for processing – compliance Documentation & record keeping; DP by Design; Governance; Internal audit; Process, change & risk management; DPO support; Certification; Contracts Technical, legal, communications expertise Enjoy the day!

9 www.dataprotection.ie www.GDPRandyou.ie
@DPCIreland

Download ppt "GDPR & Accountability ISACA Ireland Annual Conference 2018"

Similar presentations

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.

Public Administration use of Social Networks - Data Protection Implications European Public Administration Network, Dublin Castle, 5 April 2013 Billy Hawkes.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.

Data Protection Billy Hawkes Data Protection Commissioner Irish Human Rights Commission 20 November 2010.
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Big Data and data protection

Big Data and data protection
Data Protection and Records Management

Data Protection and Records Management
Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection: International. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.

Data Protection & Human Rights. Data Protection: a Human Right Part of Right to Personal Privacy Personal Privacy : necessary in a Democratic Society.
M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.

M. ANGELA JIMENEZ 1 UNIT 5. REGULATION OF EXTERNAL AUDIT IFAC AND E.C.
The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.

The Eighth Asian Bioethics Conference Biotechnology, Culture, and Human Values in Asia and Beyond Confidentiality and Genetic data: Ethical and Legal Rights.
IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.

IBT - Electronic Commerce Privacy Concerns Victor H. Bouganim WCL, American University.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.

Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.

INTERNATIONAL E-DISCOVERY: WHEN CULTURES COLLIDE Alvin F. Lindsay Hogan & Hartson LLP.
Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.

Chapter 21 Internal, Operational, and Compliance Auditing McGraw-Hill/IrwinCopyright © 2014 by The McGraw-Hill Companies, Inc. All rights reserved.
Data protection and European citizens’ initiatives

Data protection and European citizens’ initiatives
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.

Data Protection – the Lisbon Effect Billy Hawkes Data Protection Commissioner Institute of International and European Affairs Dublin, 17 September 2009.
Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.

Ethical, legal and social aspects of public health genomics Mark Taylor, School of Law, University of Sheffield 7 th November 2014.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.

Similar presentations

Ads by Google