Presentation is loading. Please wait.

Presentation is loading. Please wait.

Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE.

Published byJulian Quinn Modified over 9 years ago

Similar presentations

Presentation on theme: "Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE."— Presentation transcript:

1 Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE 2016 A CCRA, G HANA 28 – 29 J ANUARY 2016

2 The SME sector  Owner-Managed businesses (SME)  None has a dedicated Data Protection Officer

3 Insider threat  Many data breaches occur due to employee error  A disgruntled employee with a USB stick or camera smartphone can cause a lot of damage  Data Protection Supervisor – vital tool in minimising the risk of data breaches by  raising awareness of privacy and data protection  ensuring technical and organisational controls in place

4 Lifecycle of data

5 What is data protection?  The means of protecting personal data, and the systems that hold that data, from unauthorised access, use, disclosure, disruption, modification, perusal, inspection, recording or destruction.  To protect the privacy of individuals  In order not to put them at risk of harm

6 Risk of Harm to Individual When personal data is inadequate, insufficient or out of date excessive or irrelevant kept for too long improperly disclosed to others used in ways that are unacceptable or unexpected by the person it is about used or misused not kept securely Individual at risk of physical harm threat to emotional wellbeing financial loss fear of identity theft damage to personal relationships humiliation/ embarrassment harassment annoyance

7  Operational disruption - Diverted time and resources  Loss of consumer confidence  Legal/regulatory sanctions, liability and financial penalties  Reputational damage  Financial loss Risk of Organisational Harm

8 Data Protection Act  To protect the privacy of individuals by regulating how organisations process personal data.  Gives meaning to:  Article 8 (1) of the Human Rights Act 1998 (UK), “Everyone has the right to respect for his private and family life, his home and his correspondence  Article 18 (2) of the Constitution of the Republic of Ghana 1992, “No person shall be subjected to interference with the privacy of his home, property, correspondence or communication…”

9  Principle 1 – fair and lawful  Principle 2 – purposes  Principle 3 – adequacy  Principle 4 – accuracy  Principle 5 – retention  Principle 6 – rights  Principle 7 – security  Principle 8 – international Principles of the UK Data Protection Act

10 Key Terminology  Personal data: information that can be used on its own or with other information to identify and individual  Processing: collection, use, disclosure, retention or disposal of personal data  Sensitive personal data: personal data that may put an individual at substantial risk of harm should their privacy not be respected  Privacy: Informational privacy. Right of individual to decide how, when and to what extent their personal data is processed

11 The Role of the Data Protection Supervisor (DPS) To promote awareness and maintain high standards of practice in data protection and privacy by undertaking the following duties across the business:  Manage Data Protection and Privacy Compliance  Facilitate training  Develop, implement and enforce a Data Protection Policy  Provide advice and guidance to managers and staff  Produce best practice guides  Process, co-ordinate and respond to Subject Access Requests and any Complaints under the Act  …and any other duties related to the Data Protection Act

12 Managing Data Protection Compliance  Ensure compliance with the Principles of the Data Protection Act.  Ensure your data controller registration is valid and details are up to date  Ensure data processor compliance  Personal data breaches – reporting to the data protection regulator is mandatory for some business sectors

13  Should be suitable and relevant to your business  Review annually  Policy should set out clear commitment Develop, Implement and enforce Data Protection policy

14 Data Protection Policy Our data protection policy below sets out our clear commitment to protecting personal data and shows how we have carried out that commitment. We are committed to ensuring that we comply with the 8 data protection principles, as listed below: [List principles here] We have demonstrated that commitment by:  Putting adequate security measures in place to protect personal data  Putting measures in place to ensure that the personal data we process is accurate and up to date  Establishing a retention period of … so that personal data that is out of date is safely archived/deleted......

15 Subject Access Requests & Complaints The individual has the right to determine how, when and to what extent their personal data is processed. The data subject is the individual that the personal data is about.

Download ppt "Breakaway Session 2: Data Protection and The Role of the Data Protection Supervisor Michael Mingle Director, NTSS Solutions (UK) D ATA P ROTECTION C ONFERENCE."

Similar presentations

NATIONAL INFORMATION GOVERNANCE BOARD

NATIONAL INFORMATION GOVERNANCE BOARD
Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Data Protection Information Management / Jody McKenzie.

Data Protection Information Management / Jody McKenzie.
BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date: 09.07.14.

BIOMETRICS, CCTV & DATA PROTECTION By Drudeisha Madhub Data Protection Commissioner Date:
Www.dataprotection.gov.je The Data Protection (Jersey) Law 2005.

The Data Protection (Jersey) Law 2005.
Getting data sharing right for every child

Getting data sharing right for every child
The Australian Privacy Principles Protecting information rights –­ advancing information policy.

The Australian Privacy Principles Protecting information rights –­ advancing information policy.
Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.

Data Protection webinar: Data Protection & Volunteers 19 th June 2014 Welcome. We’re just making the last few preparations for the webinar to start at.
Data Protection and Records Management

Data Protection and Records Management
Www.oaic.gov.au Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.

Introduction to the APPs and the OAIC’s regulatory approach Presented by: Este Darin-Cooper Director, Regulation and Strategy May 2015.
Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.

Duncan Woodhouse – Assistant Registrar for Information Security, Risk Management and Business Continuity Helen Wollerton – Administrative Officer (Legal.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.

Information Commissioner’s Office: data protection Judith Jones Senior Policy Officer Strategic Liaison – public security 16 November 2011.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Data Protection Overview

Data Protection Overview
Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)

Protecting information rights –­ advancing information policy Privacy law reform for APP entities (organisations)
Data Protection for Church of Scotland Congregations

Data Protection for Church of Scotland Congregations
The Information Commissioner’s Office David Evans.

The Information Commissioner’s Office David Evans.
Implementation of Security and Confidentiality in GP Practices.

Implementation of Security and Confidentiality in GP Practices.
Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Data Protection in Financial Services Are you Seeing the Bigger Picture? 17 September 2008.

Similar presentations

Ads by Google