Data protection reform GDPR for the Advice sector 22 August 2017 Shauna Dunlop NI Regional Manager Paula McGahey Lead Policy Officer General Data Protection Regulation 25 th May 2018 Technological developments ID: 765673
Download Presentation The PPT/PDF document "Data protection reform:" is the property of its rightful owner. Permission is granted to download and print the materials on this web site for personal, non-commercial use only, and to display it on your personal computer provided you do not modify the materials and that you retain all copyright notices contained in the materials. By downloading content from our website, you accept the terms of this agreement.
Data protection reform: GDPR for the Advice sector 22 August 2017 Shauna Dunlop NI Regional Manager Paula McGaheyLead Policy Officer
General Data Protection Regulation 25th May 2018
Technological developments New challenges such as…
Consistent data protection framework Requires a…
Enhanced rights for individuals Together with…
Greater accountability & transparency Leading to…
“While we should all be assured that data is well protected in the UK, change is needed. The technology, and society has changed.” “The Data Protection Bill will allow the UK to continue to set the gold standard on data protection.” Matt Hancock MP Minister of State for Digital DCMS Statement of Intent 7 August 2017
?What’s in it for us?
Doing goodAccountability Putting citizens first Transparency Being responsible EqualityMaking voices heardGood governanceEmpowerment
GDPR Overview
What information is protected?Personal data Sensitive personal data/Special categories
Who must comply?Data controllers Data processors
The Principles
Ais for…Accountability
The Accountability Principle The controller shall be responsible for, and be able to demonstrate compliance
Accountability & GovernanceRecords of processing activities Data protection by design and by default Data protection impact assessments Data protection officer Codes of conduct and certification
Privacy notices
Children Privacy notices for children must be written in a clear, plain way Consent from parent or guardian if you offer an ‘information society service’
Lawful processing
Legal bases (personal data) Consent Performance of a contract with the data subject Legal obligation Vital interests of a data subject or another person Performance of a task carried out in the public interest or in the exercise of official authority vested in the controller Legitimate interests
What is Consent? …any freely-given, specific and informed indication of his wishes by which the data subject signifies his agreement to personal data relating to him being processed.Article 2(h) Directive EC/95/46 The [recipient] has previously notified the [caller or sender] that he consents for the time being to such communications being sent by, or at the instigation of, the [caller or sender] Regulations 19,21&22 PECR 2003 DPA PECR
How will it change… …any freely-given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by a statement or by a clear affirmative action , signifies agreement to the processing of personal data relating to him or her.Article 4(11) GDPR GDPR
GDPR Consent at a glanceHigher standardGenuine choice & control Positive opt-inClear and specific Easy to withdrawEvidence of consent
Enhanced rights for individuals
Individuals' rights The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights related to automated decision-making and profiling Individuals' rights The right to be informed The right of access The right to rectification The right to erasure The right to restrict processing The right to data portability The right to object Rights related to automated decision-making and profiling
Breach reportingMandatory reportingWithin 72 hours Notify individuals concerned
Administrative fines €10,000,000OR2% turnover €20,000,000 OR 4% turnover Lower Tier Higher Tier
Are we ready for the new world of data protection?
Self assessment toolkit www.ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment-toolkit/
ICO Guidance: GDPR Overview 12 Steps Privacy Notice CoP ICO Next Steps: Contracts and liability ConsentArticle 29 WG Guidance: Data portability Lead supervisory authorities Data protection officersArticle 29 WG Next steps: Consent Transparency Profiling High risk processing Certification Administrative fines Breach notification Data transfers
Case studies
Questions?
www.ico.org.uk www. ico.org.uk/for-organisations/data-protection-reform/ni@ico.org.uk 028 9027 8757