Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Protection Act obligations and pseudonymisation Dawn Monaghan Group Manager Information Commissioners Office.

Published byNorah Floyd Modified over 9 years ago

Similar presentations

Presentation on theme: "Data Protection Act obligations and pseudonymisation Dawn Monaghan Group Manager Information Commissioners Office."— Presentation transcript:

1 Data Protection Act obligations and pseudonymisation Dawn Monaghan Group Manager Information Commissioners Office

2 The Basics Do you process personal data? In other words do you collect, hold, use, disclose, retain or destroy information about an identifiable living individual Are you a Data Controller/Data Processor/both? Obligations under DPA – Notification, Principles, Rights (exemptions)

3 The Basics : DC/DP - health DC’s Department of Health, NHS England, HSCIC Clinical Commissioning Groups Foundation Trusts GP Practices DP’s Organisations providing outsourced IG services Payroll Neither Commissioning Support Units Data Management Integration Centres

4 The Basics Notification Failure to do this is a criminal offence Who you are and how to contact you Details of what you are processing, the purpose for processing Who you are processing about (data subjects) Classes of the data e.g. financial details, goods provided Sources and disclosure of the data Security Questions

5 The Basics 8 Principles Fair and Lawful - Conditions for processing Purpose for processing Adequate, Relevant and not excessive Accuracy Retention Rights Security Transfer overseas

6 Subject Access Requests s7 Must be answered Entitled to their own data but not that of others May need verification of who they are Someone can act on behalf of someone else, may need verification Entitled to be told whether their data is being processed by that organisation Given a description of that data, the reasons it is being processed, and whether it is being shared with any other organisation or people Given a copy of the information Details of the source of the data if available Individuals can also ask about reasons behind any automated decisions taken Respond within 40 days

7 Key things to consider when Processing Information Have you notified – have you checked notification Are you training staff? Do you have a fair processing notice/s in place Are you sharing data with anyone else? Are their processes for answering SAR’s in place? Are there processes for updates, retention/disposal? How secure is the data? Is the data being transferred/processed overseas at any point?

8 Data Sharing Code of Practice Responsibility Data Sharing Agreements Privacy impact Assessments Data Standards Things to Avoid

9 Anonymisation: Code of Practice Anonymisation / pseudonymisation? Anonymisation and Personal Data Ensuring effectiveness Key techniques What happens if data is re identified?

10 www.twitter.com/iconews Keep in touch Subscribe to our e-newsletter at www.ico.gov.uk or find us on…

Download ppt "Data Protection Act obligations and pseudonymisation Dawn Monaghan Group Manager Information Commissioners Office."

Similar presentations

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.

Records Management and the NHS Code of Practice (Foundation) Information Governance Policy Team NHS Connecting for Health.
ICO view of care.data Dawn Monaghan, Group Manager, Strategic Liaison ICO UK.

ICO view of care.data Dawn Monaghan, Group Manager, Strategic Liaison ICO UK.
CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.

CHARTERED SECRETARIES AUSTRALIA New Privacy Laws 6 June 2013.
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Data Protection.

Data Protection.
The Australian Privacy Principles Protecting information rights –­ advancing information policy.

The Australian Privacy Principles Protecting information rights –­ advancing information policy.
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.

What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Hong Kong Privacy Code on Human Resource Management

Hong Kong Privacy Code on Human Resource Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Transparency in Public Administration – FOI and EIR

Transparency in Public Administration – FOI and EIR
3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
Data Protection Act 1998. Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.

Data Protection Act Description The Data Protection Act controls how your personal information can be used and protects from the misuse of your.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales  2074 6677  2074 5626 

DATA PROTECTION AND PATIENT CONFIDENTIALITY IN RESEARCH Nic Drew Data Protection Manager University Hospital of Wales   
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
An overview of the Data Protection Act 1998. Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.

An overview of the Data Protection Act Legal framework The Data Protection Act 1998 came into force in March 2001, replacing the Data Protection.
The Data Protection Act

The Data Protection Act
Data Protection Act. Lesson Objectives To understand the data protection act.

Data Protection Act. Lesson Objectives To understand the data protection act.

Similar presentations

Ads by Google