GENERAL DATA PROTECTION REGULATION GDPR What it means
- Slides: 19
GENERAL DATA PROTECTION REGULATION (GDPR) What it means for businesses
INTRODUCTION What to expect from this presentation ▪ What is GDPR? ▪ What do businesses need to know? ▪ What might we need to do?
WHAT IS GDPR?
SUMMARY ▪ General Data Protection Regulation – enforced by EU ▪ Expands on some parts of DPA/existing Directive; creates other new requirements ▪ First global data protection law ▪ Determines how personal data should be processed and used ▪ Comes into effect on 25 May 2018, regardless of Brexit
WHO IT INVOLVES Data subject Any EU citizen who has entrusted a controller with their personal data Customers, service users, employees Data controller Who the data subject entrusts with their data. Responsible for deciding how the data is handled Data processor Any entity that handles personal data on the data controller's behalf
WHAT DO BUSINESSES NEED TO KNOW?
WHAT’S NEW? ▪ Expanded definition of “personal data” ▪ Transparency and consent ▪ Enhanced rights for data subjects ▪ Accountability ▪ Data protection by design ▪ Notifying subjects of data breaches
PERSONAL DATA Examples Now also includes… Personal data Name; ID number; any physical, physiological, economic, cultural or social data Location; online identifiers (e. g. IP address, cookies) Sensitive personal data Race/ethnicity; politics; religious beliefs; sexual orientation Biometric data; genetic data
TRANSPARENCY ▪ Must tell individuals how personal data is processed ▪ Clear, concise and easily accessible format ▪ Must include: ▪ Legal basis for processing ▪ Legitimate interests (if any) ▪ Right to lodge complaint ▪ How long data will be retained
ACCOUNTABILITY – DATA PROTECTION BY DESIGN ▪ Must demonstrate compliance with GDPR ▪ How? ▪ Policies and procedures (audits, HR policies) ▪ Staff training ▪ Pseudonymisation ▪ Data protection impact assessments ▪ Appointing data protection officer
ACCOUNTABILITY – NOTIFICATION OF DATA BREACHES ▪ Destroyed, lost, altered, disclosed to or accessed by unauthorised people ▪ Reported to: ▪ Supervisory authority ▪ Discrimination, reputational damage, financial loss, confidentiality ▪ Individual(s) affected ▪ Same, but high risk ▪ Report within 72 hours of breach
WHAT MIGHT WE NEED TO DO?
STEPS ▪ Review data protection policies ▪ Establish legal basis for processing ▪ Identify how to demonstrate compliance ▪ Consider whether to appoint DPO
REVIEW POLICIES ▪ Individuals told about right to object, at first communication ▪ Understanding of what constitutes “data breach” – more than loss of data ▪ Procedures for detecting, investigating and reporting breaches ▪ Insurance coverage in case of breach
ESTABLISH LEGAL BASIS FOR PROCESSING ▪ Be clear on grounds for lawful processing ▪ If consent: ▪ Obtained correctly, as mentioned earlier ▪ Subjects informed of right to withdraw at any time, and given simple methods to do so
DEMONSTRATE COMPLIANCE ▪ New policies – data protection by design ▪ Regular audits ▪ Staff training ▪ Pseudonymisation ▪ Review and update existing information notices
CONSIDER A DATA PROTECTION OFFICER ▪ Informs and advises on obligations ▪ Monitors compliance – manages internal activities and audits, trains staff ▪ First point of contact for supervisory authorities and data subjects ▪ Compulsory that DPO: ▪ Reports to board/directors ▪ Independent, and not penalised for performing job ▪ Has resources to meet obligations ▪ Can be existing employee as long as compatible and no conflict of interest ▪ No qualifications, but should have professional experience and knowledge of law
25 MAY 2018
FURTHER HELP AND SUPPORT Qualsys Limited Aizlewood’s Mill Nursery Street Sheffield S 3 8 GG emily. hill@qualsys. co. uk +44 (0)114 282 3338 marc. gardner@qualsys. co. uk +44 (0)114 282 3338
- Unifida
- General safety regulation
- General safety regulation
- What is the meaning of three sides in the pathfinder emblem
- Lima tingkat pencegahan
- Insurance specialty group
- General industry subpart for fire protection
- Osha 1910 subpart l
- Asset protection for general contractors
- Poly means many and gon means
- Metamorphic rocks
- Meta means change and morph means heat
- Biodiversity and conservation
- Bio means life
- Ssl inspection gdpr
- Aws gdpr
- Gdpr implementation timeline
- Gdpr refresher training
- Eu-gdpr-p
- Codeigniter gdpr