Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR what do we need to do?

Published byFranklin Myron Jacobs Modified over 5 years ago

Similar presentations

Presentation on theme: "GDPR what do we need to do?"— Presentation transcript:

1 GDPR what do we need to do?
Clare sanderson Ig solutions liverpool ltd Mobile: 0(044) Office: 0(044)

2 What is GDPR? ……..The thing that no-one finds exciting ……..The thing that is someone else’s responsibility ……..The thing that IT are responsible for

3 Who am I? I was the Executive Director of Information Governance at the NHS Information Centre now NHS Digital from 2007 to December 2013…….. A member of CQCs National Information Governance Committee UK Council of Caldicott Guardians DH hosted National IG Advisory Group I am a member of the Confidentiality Advisory Group (Chair Team) Since January 2014 I have been providing Independent Consultancy on Information Governance, Privacy and Confidentiality I AM an expert in data protection I AM an expert in health and social care I AM NOT an expert in housing!

4 Personal Data …data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller Data protection law applies when housing associations, as data controllers are processing personal data. What is personal data? See slide. It includes tenant and staff records, as well as information held and used about previous tenants. CCTV images, website photos and information, housing apps, etc. Paper-based and digital. “Processing” refers to anything a housing association does with personal data – collecting, using, analysing, sharing, and disposal

5 The Data Protection Act 1998
Current DP law – the DPA 98. It applies when data controllers are processing PD. You are effectively the data controller (technically it’s the governing body), therefore the association is responsible for data protection compliance. (Even when you use data processors, shredding companies or cloud IT providers – they are your data processors and you are still responsible.) Brief summary of principles 1 – Fair and lawful Comply with other laws Cause no unwarranted detrimental effects on people Only do with people’s data what they would reasonably expect you to Be transparent – inform people what you are doing with their data 2 – Limited and specified purposes Be clear for what purpose you collect, hold and use people’s data – and don’t use for other unrelated purposes 3, 4, 5 – data quality principles Adequate, relevant, not excessive – enough for what you need the data for, but no more Accurate and up to date Kept no longer that is necessary – have a appropriate retention policy in place, and stick to it 6 – processed in line with data subjects’ rights E.g. subject access rights – 7 – Secure Actually the requirement is to have appropriate measures in place to secure the data Includes having appropriate agreements with data processors 8 – Transfers outside the EEA OK as long as adequate protection is in place

6 Loads of advice on ico website and these are being updated to reflect the new GDPR requirements

7 What could possibly go wrong?
So how does a DC fails to comply with the principles? what happens if they do…..

8 ICO data protection enforcement
£500,000 So what happens if a DC fails to comply with the principles? Currently, the ICO has a range of enforcement tools available to use when a data controller fails to comply with the DPA: - offer advice, no further action taken Enforcement tools available: - agree an undertaking - issue an enforcement notice - issue a civil monetary penalty of up to £500,000

Download ppt "GDPR what do we need to do?"

Similar presentations

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.

Identifying Data Protection Issues Developing Lifelong Learner Record Systems and ePortfolios in FE and HE: Planning for, and Coping with, Legal Issues.
Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner.

Can data protection regulation ever keep pace with technological change? Jonathan Bamford Assistant Information Commissioner.
Introduction to Information Governance (IG)

Introduction to Information Governance (IG)
Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
Confidentiality & Records Management. What is Information Governance? What is Records Management?

Confidentiality & Records Management. What is Information Governance? What is Records Management?
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Data Protection Act.

Data Protection Act.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.

 The Data Protection Act 1998 is an Act of Parliament which defines UK law on the processing of data on identifiable living people and it is the main.
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
Practical Information Management

Practical Information Management
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Health & Social Care Apprenticeships & Diploma

Health & Social Care Apprenticeships & Diploma

Similar presentations

Ads by Google