Presentation is loading. Please wait.

Presentation is loading. Please wait.

Managing Data Darren Wright.

Published byEarl Mosley Modified over 5 years ago

Similar presentations

Presentation on theme: "Managing Data Darren Wright."— Presentation transcript:

1 Managing Data Darren Wright

2 Objectives Legal requirements GDPR Looking at the types of data that you collect How to balance data types Open data

3 Issues with data Compliance Accuracy Feedback loop

4 Legal Requirements Personal data should be processed fairly and lawfully Data should be collected for a clear purpose Collection should be adequate for that purpose Data shouldn’t be kept for too long People supplying data should understand their rights

5 What is personal sensitive data?
Data that relates to racial or ethnic origin Data that relates to religious beliefs Data that relates to a physical or mental health condition Data that relates to someone’s sexual life Data that relates to political views New – Biometric and genetic data

6 Conditions for processing One of the following must be met:-
Individual has explicitly consented Processing is necessary to enter into a contract Processing is required as part of a legal obligation Processing is necessary to protect vital interests

7 Update of the Data Protection Directive 1995
GDPR Regulations Update of the Data Protection Directive 1995 Privacy and Electronic Communications (EC Directive) Regulations 2003 – Cookies & Direct Marketing Three objectives:- One unified regulation for 27 member states Managing corporate data transfer rules outside the European Union Emphasising individual control over personal identifying data Compliance date of 25th May 2018

8 GDPR - Significant changes
Removes the distinction between a data controller and data processor Pays attention to how data moves across EU boundaries Greater fines (20 million euros or 4% of global turnover) Much more of a focus on consent and transparency Right to be forgotten and data portability Right to object to processing and automation

9 GDPR Key Elements Data Protection policy and procedure Knowing what data you collect Informed consent & Privacy

10 Accountability How is data protection monitored at board level? Is your formal mechanism set out in the policy? Who is the accountable individual if there is a data breach? Do you meet the criteria for a Mandatory Data Protection Officer? How is policy communicated to staff (induction/training)?

11 Data collection Is your data schema incorporated into your policy? Do you record who has access to data? Do you have a process for removing access to data? Do you have a process for dealing with subject access requests? How and when do you remove data?

12 Consent Is your consent process incorporated into your policy? Do you carry out privacy impact assessments for projects? (data protection by design) Review dates (for both consent and policy itself)

13 Data Protection Policy - Other
Infrastructure – patch policy for IT equipment Password policy Basic cyber security Cyber Security Guidance for Business How do you manage a change in IT provider?

14 All organisations collect four types of data
Demographics – Data that identifies individuals Activity – What has happened to an individual Outcome – What benefits, or disbenefits, have been received Satisfaction – How happy the individual is

15 Name Definition Examples Strengths Weaknesses Demographic data The identifying factors for individuals Gender Age Ethnicity Can help to measure how representative of a community a service is Can be used as a comparator for outcome data On its own it is not very useful data Ease of collection can result in excess collection Data protection issues Activity data A measurement of the inputs provided by a service Number of people that have used a service Number of referrals (in and out) Number of sessions carried out Easy to measure An important element in calculating your costs More of a measure of how busy a service is rather than how effective Not a measure of quality Outcome data A measurement of the change in an individual Clients that have given up smoking Clients that have lost weight Clients accessing entitled range of benefits. Much more focus on the person receiving the service A measure of the quality of the service you provide Can be used to compare with other services Can be hard to measure Requires measurement at two points Satisfaction data Perception of the intervention Client satisfaction surveys Satisfaction is important in assessing if people will return to a service Can be used as a basis adding a personal element to reporting Inherently subjective Not comparable inside an organisation let alone with other organisations People liking a service doesn’t mean it is a good service

16 Audit your data List every item of data you collect Identify which type of data it is List the function of collection Identify how long you keep it for If data has no purpose, stop collecting it

17 Privacy and Consent Privacy is a statement of values e.g. you could obtain data through wider means than consent Consent is an affirmative action and granular in what it tries to achieve

18 Managing Consent Be clear on why data is being collected What are you going to do with it? Consent cannot be hidden in terms of conditions Consent cannot be a condition for receiving a service Consent cannot be given by opt out (pre-ticked boxes)

19 Privacy Contact details of controller Reason for collecting and processing Third party relationships Method to remove consent Existence of automated decision making process

20 Emphasis on the individual
Must comply with right of access (subject access requests) Information must be provided within a month Two months if compliance can be shown to be complex Cannot charge for access unless request is “manifestly unfounded” Right of access requests should be able to be made electronically

21 Right to erasure Right of erasure is not absolute Should erase when original purpose is no longer necessary When consent is withdrawn Information has been unlawfully processed To comply with legal obligation

22 Right to erasure - Exemptions
Exercising right of freedom of expression To comply with legal obligation Public health purposes (public interest) Archiving purpose (public interest) Defence of legal claim

23 Right to object to processing
There are three rights to object to processing Direct marketing (absolute) Research processing (relating to personal situation) Legitimate/public interest (compelling legitimacy or defence of legal claim)

24 Legitimate Interest The most flexible reason for data processing Would people reasonably expect the way you use data? Three part test:- Identify a legitimate interest; Show that the processing is necessary to achieve it; and Balance it against the individual’s interests, rights and freedoms

25 Legitimate Interest The legitimate interests can be your own interests & can include commercial interests If you can reasonably achieve the same result in another less intrusive way, legitimate interests will not apply. You must balance your interests against the individual’s. You must include details of your legitimate interests in your privacy information.

26 Reconsent Do you need to seek fresh consent? Generally no Are you sure you originally got consent? Did the consent relate to the current condition for processing? Can you audit consent? PECR 2003 – soft opt in on existing data (opt out as part of a sale)

27 Consent – Things to remember
You must inform 3rd parties you have shared data with when erasure takes place The heart of consent is transparency of why you collect data and what you do with it You must review your consent process to ensure it reflects the things you use data for Consent must be in plain language Consent must be easily revoked

28 Open data Anonymised data Machine readable format Consistent structure

29 Data for social good Local services know more about communities than anyone else Local data is more responsive than national data You can influence the way services develop Authority gives you more power in commissioning Linking with other data promotes integration

30 Data for business planning
Outcomes assessed against demographics can give you insight into where you have greater access to communities Outcomes assessed against demographics can highlight training needs for staff Outcomes divide by the cost of the service can be used as a unit costing mechanism Business insight provides a basis for tender opportunities

31 Data collection tips:-
1. There should be a balance in data types you collect 2. All data collected should have a purpose 3. If data isn’t analysed then free text provides improved narrative 4. Audit your data; if you don’t know why you’re collecting it, stop 5. The more data you collect the more errors you collect 6. Old data can be harmful 7. You know a lot about the area you work in, share it

Download ppt "Managing Data Darren Wright."

Similar presentations

Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.

Data Protection Act & Freedom of Information Simon Mansell Corporate Governance and Information Team.
Data Protection Act 1998. The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.

Data Protection Act The Data Protection Act (DPA) is a balance between rights of the DATA SUBJECT and obligations of the DATA CONTROLLER DATA CONTROLLER.
© University of Reading 2007 www.reading.ac.uk/data_protection Lee Shailer 06 June 2016 Data Protection the basics.

© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Www.clarkholt.com Clark Holt Limited (Co. No. 8774683), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.

Students’ Unions 2011 Data Protection and Students’ Unions Mairead O’Reilly 19 July 2011.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Tony Sheppard Mobile Guardian

Tony Sheppard Mobile Guardian
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
Key changes with the GDPR

Key changes with the GDPR
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???

Similar presentations

Ads by Google