Implementing the GDPR the Regulators Perspective David Murphy

  • Slides: 18
Download presentation
“Implementing the GDPR: the Regulator’s Perspective” David Murphy Office of the Data Protection Commissioner,

“Implementing the GDPR: the Regulator’s Perspective” David Murphy Office of the Data Protection Commissioner, Ireland @DPCIreland PSD 2 Re-inventing Payments in the Digital Age Frankfurt 16 -11 -2017 1

2

2

4 th Industrial Revolution 3

4 th Industrial Revolution 3

CLEAR RATIONALE FOR NEW DATA PROTECTION LAWS IN EUROPE Lisbon Treaty Article 8 :

CLEAR RATIONALE FOR NEW DATA PROTECTION LAWS IN EUROPE Lisbon Treaty Article 8 : Protection of personal data CJEU Technological Revolution Charter of Fundamental Rights 4

Key elements of GDPR • • Accountability – demonstrating compliance Transparency – providing information

Key elements of GDPR • • Accountability – demonstrating compliance Transparency – providing information pre-processing Risk-based mandatory data breach reporting (72 hours) Strengthened ‘Consent’ obligations New and enhanced Data Subject rights Administrative Fines Data Protection Officer (DPO) for certain organisations 5

6

6

The 8 Principles of Data Protection Obtain and process information fairly Keep it only

The 8 Principles of Data Protection Obtain and process information fairly Keep it only for one or more specified, explicit and lawful purposes Use and disclose it only in ways compatible with these purposes Keep it safe and secure Keep it accurate, complete and up-to-date Ensure that it is adequate, relevant and not excessive Retain it for no longer than is necessary for the purpose or purposes Give a copy of his/her personal data to that individual on request 7

Data Integrity Pseudonymisation Anonymization Accountability Data Protection Officer Data Protection Impact Assessments Data minimisation

Data Integrity Pseudonymisation Anonymization Accountability Data Protection Officer Data Protection Impact Assessments Data minimisation Cryptography Notification of Personal Data Breaches 8

Accountability Article 24. 1 “…. the controller shall implement appropriate technical and organizational measures

Accountability Article 24. 1 “…. the controller shall implement appropriate technical and organizational measures to ensure and to be able to demonstrate that processing is performed in accordance with this Regulation” Article 24. 3 “Adherence to approved codes of conduct as referred to in Article 40 or approved certification mechanisms as referred to in Article 42 may be used as an element by which to demonstrate compliance with the obligations of the controller” 9

Demonstrating Accountability • Privacy by Design • Privacy by Default • Data Protection Impact

Demonstrating Accountability • Privacy by Design • Privacy by Default • Data Protection Impact Assessment (DPIA) • Codes of Conduct • Certification 10

Consent • Demonstrate Valid Consent • Specific Consents • Freely Given • Right to

Consent • Demonstrate Valid Consent • Specific Consents • Freely Given • Right to Withdraw Consent 11

Profiling/Automated Processing • Right to Object • Transparency 12

Profiling/Automated Processing • Right to Object • Transparency 12

Data Portability • Commonly used formats • Structured • Machine readable • Puts the

Data Portability • Commonly used formats • Structured • Machine readable • Puts the customer in control 13

Data Protection Officer (Articles 37, 38 & 39) • Public Authority or Body •

Data Protection Officer (Articles 37, 38 & 39) • Public Authority or Body • Regular and systematic monitoring of data subjects on a large scale • Processing on a large scale of special categories of data (Articles 9 and 10) 14

Anti-money Laundering • Large scale data processing • Investigative role • Proportionality • Transparency

Anti-money Laundering • Large scale data processing • Investigative role • Proportionality • Transparency 15

Enforcement • Article 83 • Up to € 20 m or • 4% of

Enforcement • Article 83 • Up to € 20 m or • 4% of global turnover for the preceding financial year 16

Engagement • Awareness • Guidance • Consultation 17

Engagement • Awareness • Guidance • Consultation 17

www. dataprotection. ie @DPCIreland info@dataprotection. ie Thank You 18

www. dataprotection. ie @DPCIreland info@dataprotection. ie Thank You 18

GDPR GDPR GDPR The European Commission support forGDPR GDPR GDPR The European Commission support for
GDPR Overview GDPR Overview GDPR Individuals Rights ToGDPR Overview GDPR Overview GDPR Individuals Rights To
GDPR Case Studies David Sumner EU GDPR PGDPR Case Studies David Sumner EU GDPR P
GAMING REGULATORS AFRICA FORUM 2017 Regulators Evaluation ofGAMING REGULATORS AFRICA FORUM 2017 Regulators Evaluation of
PLANT GROWTH REGULATORS Plant Growth Regulators AKA PlantPLANT GROWTH REGULATORS Plant Growth Regulators AKA Plant
Growth Regulators Growth Regulators Two primary groupings auxinGrowth Regulators Growth Regulators Two primary groupings auxin
PLANT GROWTH REGULATORS Plant growth regulators or phytohormonesPLANT GROWTH REGULATORS Plant growth regulators or phytohormones
PLANT GROWTH REGULATORS Plant Growth Regulators aka PlantPLANT GROWTH REGULATORS Plant Growth Regulators aka Plant
Perspective The Trinity Perspective Perspective Masaccio 1427 PerspectivePerspective The Trinity Perspective Perspective Masaccio 1427 Perspective
APOLLO Onemillimeter LLR Tom Murphy UCSD Tom MurphyAPOLLO Onemillimeter LLR Tom Murphy UCSD Tom Murphy
Murphy 2012 Bruneau River and Murphy Flows LizMurphy 2012 Bruneau River and Murphy Flows Liz
Murphy Murphy is a male Labrador Retriever DOBMurphy Murphy is a male Labrador Retriever DOB
MURPHY OIL CORPORATION FEBRUARY 15 MURPHY OIL CORPORATIONMURPHY OIL CORPORATION FEBRUARY 15 MURPHY OIL CORPORATION
Murphy Murphy is a male Labrador Retriever DOBMurphy Murphy is a male Labrador Retriever DOB
General Data Protection Regulation GDPR What is GDPRGeneral Data Protection Regulation GDPR What is GDPR
GDPR Workshop G LEFTHERIOTIS 21 3 18 GDPRGDPR Workshop G LEFTHERIOTIS 21 3 18 GDPR
Algorithmic fairness meets the GDPR How the GDPRAlgorithmic fairness meets the GDPR How the GDPR