Data Protection Training Think How will this affect

  • Slides: 15
Download presentation
Data Protection Training

Data Protection Training

Think? How will this affect: 1. Me 2. My department/colleagues 3. RGU 4. External

Think? How will this affect: 1. Me 2. My department/colleagues 3. RGU 4. External environment

Legislative Context • Data Protection Act (1998) • General Data Protection Regulation (2018) •

Legislative Context • Data Protection Act (1998) • General Data Protection Regulation (2018) • Data Protection Bill

Key Definitions • Personal Data/Special Category Data • Processing of Data • Legal basis

Key Definitions • Personal Data/Special Category Data • Processing of Data • Legal basis to process

What’s new? • Transparency • Enhanced individual rights • Accountability

What’s new? • Transparency • Enhanced individual rights • Accountability

Individual Rights 1. 2. 3. 4. 5. 6. 7. 8. To be informed Access

Individual Rights 1. 2. 3. 4. 5. 6. 7. 8. To be informed Access Rectification Erasure* Restrict processing Data Portability* To object Automated decision making and profiling

Subject Access Request Would you recognise a subject access request? • Response within 1

Subject Access Request Would you recognise a subject access request? • Response within 1 month • Seek guidance (Dept Champions/ Data Protection Officer) • Good e-mail practice • Importance of good records management

Records Management • Compliance with data protection legislation is reliant on good records management

Records Management • Compliance with data protection legislation is reliant on good records management practice • Data Retention – Ma. RS – Kept for no longer than necessary • Version Control/ Draft documents • Destruction of Data – Confidential, Secure

Keeping data secure • • • Passwords Shared drive Portable devices Lockable cabinets Clear

Keeping data secure • • • Passwords Shared drive Portable devices Lockable cabinets Clear desk policy • • Cloud services E-mail Post Sharing data – Internally – Externally

Cyber Security Weak links • Passwords • Phishing attacks

Cyber Security Weak links • Passwords • Phishing attacks

Data Breach “A security incident that has affected the confidentiality, integrity or availability of

Data Breach “A security incident that has affected the confidentiality, integrity or availability of personal data. ”

A data breach can happen for a number of reasons • • • Loss

A data breach can happen for a number of reasons • • • Loss or theft of data or equipment Lack of appropriate access controls Equipment failure/ disaster (fire, flood etc) Hacking attack blagging

Initial action to be taken 1. Take steps to recover and/or contain the breach

Initial action to be taken 1. Take steps to recover and/or contain the breach 2. Report to Information Governance Officer, DP Champion and /or Head of School/Department immediately. 3. Consult guidance

Further Resources • • • Information Governance Policy & Supporting Guidance Use of IT

Further Resources • • • Information Governance Policy & Supporting Guidance Use of IT facilities policy & Supporting Guidance Departmental Data Protection Champions Information Governance Officer ICO website https: //ico. org. uk/for-organisations/guide-tothe-general-data-protection-regulation-gdpr/

Questions and FAQs Ian Croft Information Governance Officer i. f. croft@rgu. ac. uk Ext.

Questions and FAQs Ian Croft Information Governance Officer i. f. croft@rgu. ac. uk Ext. 2076 Emily Whitters Policy Officer e. whitters@rgu. ac. uk Ext. 3164