5 things hr must do in the role of the data protection
play

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER - PowerPoint PPT Presentation

Sep 14, 2022 •32 likes •172 views

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

  1. 5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON – DATA PROTECTION DEIRDRE ALLISON – RECORDS MANAGEMENT YEARN2LEARN TRAINING

  2. GENERAL DATA PROTECTION REGULATION What is it? • GDPR represents the most significant shift in European data protection legislation since the Data Protection Directive • Will harmonise data protection laws throughout the EU • Will replace the Data Protection Act 1998 • Applies from 25 May 2018 • The current Data Protection Bill which will become the Data Protection Act 2018 fills the gaps in GDPR, addressing areas in which flexibility and derogations are permitted • UK’s decision to leave the EU will not effect the commencement of the legislation.

  3. TOP 5 THINGS HR MUST DO  1 Know the legislation – what is the impact on your organisation  2 Understand the Role of a Data Protection Officer  3 Know what information you hold  4 Understand what ‘accountable’ means  5 Develop an action plan to meet the key tasks to be carried out

  4. 2 . UNDERSTAND THE ROLE OF DATA PROTECTION OFFICER WHICH ORGANISATIONS ARE REQUIRED TO APPOINT A DPO? (ARTICLE 37(1)) The GDPR requires the designation of a DPO in three specific cases:  where the processing is carried out by a public authority or body (irrespective of what data is being processed);  where the core activities of the controller or the processor consist of processing operations, which require regular and systematic monitoring of data subjects on a large scale;  where the core activities of the controller or the processor consist of processing on a large scale of special categories of data or personal data relating to criminal convictions and offences.

  5. Frequently Asked Questions  Can organisations appoint a DPO jointly? ‘ easily accessible from each establishment ’  Appoint an external DPO? ‘ fulfil the tasks on the basis of a service contract’  Professional qualities DPO should have (article 37(5) ‘Shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability of fulfil the task referred to Article 39’  Who cannot be DPO? DPO can not be someone who determines the purpose and the means of processing of personal data.

  6. POSITION OF THE DPO  Involvement in all issues relating to the protection of personal data  Opinion of the DPO must be given due weight  DPO consulted promptly once a data breach occurs  Must be given necessary resources - Article 38(2)  Act in an independent manner  Must report directly to the ’ highest level of management’ within the organisation’.

  7. DATA PROTECTION OFFICER ROLE TASKS

  8. 3. KNOW WHAT INFORMATION YOU HOLD Asset Name of What does Personal Risks / impact Key asset number Location Owner Volume Access Shared Format Retention asset it do data or ID An Information Asset Register (IAR) is a simple way to help your understand and manage your organisation’s What does your organisation do? information assets and the risks to them. What information do you have? Where is your information kept? It is important to know and fully understand what Do you have duplicate information? information you hold in order to protect it and be able to Document what you know. exploit its potential. Keep it up to date. Use of self assessments

  9. 4 ACCOUNTABILITY 9

  10. ACCOUNTABILITY CONTINUED:- Documentation is a new requirement under the GDPR . Records must be kept on processing purposes, data sharing, and retention. Will require internal records of your processing activities. Your obligation to ensure (and demonstrate) that what you do with people’s personal data is in line with the GDPR. Article 30 sets out the different types of information you need to document including the purposes of processing, categories of personal data and recipients of personal data. You can use your existing register entry for the 1998 Act as a basis from which to create your record of processing activities

  11. 5 DEVELOPMENT OF AN ACTION PLAN  Documenting your processing activities - it is a legal requirement. As a key element of the accountability principle, documenting your processing activities can also help you to ensure (and demonstrate) your compliance with other aspects of the GDPR.  Drafting your privacy notice – much of the information you have to document is very similar to what you need to tell people in your privacy notice.  Responding to access requests – knowing what personal data is held and where it is will help you to efficiently handle requests from individuals for access to their information.  Taking stock of your processing activities – this will make it much easier to address other matters under the GDPR such as ensuring that the personal data you held is relevant, up to date and secure.  Improve data governance – highlighting and addressing data protection matters through documentation will support good practice in data governance. This can give you assurance as to data quality, completeness and provenance.  Increase business efficiency – knowing what personal data is held, why you hold it is held and for how long, will help to develop more effective and streamlined business processes.  Data Breaches – how does your organisation deal with data breaches  Training – how will your organisation train staff to reduce data governance incidents occurring

  12. ADDITIONAL RESOURCES Legal- Island’s GDPR eLearning Yearn2Learn, an ILM Recognised Provider event for all employees For free access & 25% discount contact ‘ I’m the new Data Protection Officer – the First 100 Days ’ Debbie@legal-island.com  Date:Tuesday 24 April 2018 Time:10.00 – 4.30 pm (Registration 9.30)   Venue: Children in NI (CINI) Cost  Cost £169.00 per person To book, contact dallison.yearn2learn@live.co.uk or Tel: 07761586390

  13. Yearn2Learn are an ILM Recognised Provider and Accredited Member of IRMS (Information & Records Management Society) UK and ROI For further information or to arrange a site visit for advice, guidance or support, contact: Deirdre Allison – dallison.yearn2learn@live.co.uk Tel: 07761586390 Gillian Acheson – gacheson.yearn2learn@outlook.com Visit our website at www.yearn2learntraining.com CONTACTS

  14. ADDITIONAL RESOURCES Yearn2Learn, an ILM Recognised Provider event Legal- Island’s GDPR eLearning for all employees ‘ I’m the new Data Protection Officer – the First 100 Days ’ For free access & 25% discount contact Debbie@legal-island.com  Date:Tuesday 24 April 2018 Time:10.00 – 4.30 pm (Registration 9.30)   Venue: Children in NI (CINI)  Cost £169.00 per person To book, contact dallison.yearn2learn@live.co.uk or Tel: 07761586390

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie LOUVEAUX London 14-15 November 2016 Big Data Means Opportunities More Knowledge, Large Computing and Large Availability of Better Personal Data

377 views • 18 slides
Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner

Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner

Computer Security Day 2016 Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner 30.11.16 Internet of Things (IoT) The IoT is an infrastructure in which sensors embedded in common, everyday devices

741 views • 41 slides
Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner 30.11.16

Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner 30.11.16

Computer Security Day 2016 Privacy and Internet of Things Presenter: Drudeisha Madhub Data Protection Commissioner 30.11.16 Internet of Things (IoT) The IoT is an infrastructure in which sensors embedded in common, everyday devices

781 views • 41 slides
Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant

Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant

Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant Commissioner (Wales) One Voice Wales Annual Conference 5 October 2013 Overview 1. The ICOs role 2. Freedom of Information Act basics 3. FOI

154 views • 13 slides
GDPR 5 things HR Must Do! YEARN2LEARN TRAINING, GILLIAN ACHESON, DEIRDRE ALLISON GENERAL

GDPR 5 things HR Must Do! YEARN2LEARN TRAINING, GILLIAN ACHESON, DEIRDRE ALLISON GENERAL

GDPR 5 things HR Must Do! YEARN2LEARN TRAINING, GILLIAN ACHESON, DEIRDRE ALLISON GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant shift in European data protection legislation since the Data

731 views • 15 slides
Personal information and data protection What is personal data? Any information about you that

Personal information and data protection What is personal data? Any information about you that

Personal information and data protection What is personal data? Any information about you that can identify you! This could be: your name, address, date of birth or telephone number; the type of job you do; the things you buy;

585 views • 24 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
www.YaleRuddCenter.org The Role of States 50 opportunities to try new things Less industry

www.YaleRuddCenter.org The Role of States 50 opportunities to try new things Less industry

www.YaleRuddCenter.org The Role of States 50 opportunities to try new things Less industry influence More rapid turnaround Connection with Attorneys General Precedent (e.g., tobacco) State Legislation Near Term Wins School

710 views • 45 slides
Business Statistics CONTENTS The role of data The data matrix Data types Aspects of data

Business Statistics CONTENTS The role of data The data matrix Data types Aspects of data

DATA Business Statistics CONTENTS The role of data The data matrix Data types Aspects of data Obtaining data Further study THE ROLE OF DATA Data refers to observed facts there are 82 persons in this train the weight of

683 views • 22 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
THE EU'S ROLE IN HUMANITARIAN AID AND CIVIL PROTECTION DG Humanitarian Aid and Civil Protection

THE EU'S ROLE IN HUMANITARIAN AID AND CIVIL PROTECTION DG Humanitarian Aid and Civil Protection

European Commission THE EU'S ROLE IN HUMANITARIAN AID AND CIVIL PROTECTION DG Humanitarian Aid and Civil Protection The Directorate General for Humanitarian Aid and Civil Protection (ECHO) is the service of the European Commission

666 views • 34 slides
DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
Course Content Lecture 6 Week 10 (May 12) and Week 11 (May 19) 33459-01 Principles of Knowledge

Course Content Lecture 6 Week 10 (May 12) and Week 11 (May 19) 33459-01 Principles of Knowledge

Course Content Lecture 6 Week 10 (May 12) and Week 11 (May 19) 33459-01 Principles of Knowledge Discovery Introduction to Data Mining in Data Association analysis Sequential Pattern Analysis Clustering Analysis: Agglomerative,

374 views • 22 slides
Reactors Daniel Cooper Department of Materials Science and Engineering Daniel Cooper The

Reactors Daniel Cooper Department of Materials Science and Engineering Daniel Cooper The

Materials for Molten Salt Nuclear Reactors Daniel Cooper Department of Materials Science and Engineering Daniel Cooper The University of Sheffield Department of Materials Science and Engineering The University of Sheffield Supervisors : Mark

448 views • 20 slides
Crucial Problems of Nuclear Power Prof. Michael Golay

Crucial Problems of Nuclear Power Prof. Michael Golay

Crucial Problems of Nuclear Power Prof. Michael Golay golay@mit.edu Regula<on of prolifera<on risks of nuclear energy systems Quan<fica<on of

215 views • 3 slides
1 TIVI Phase One-Set T one & Rules Introductions Set the tone for the interview

1 TIVI Phase One-Set T one & Rules Introductions Set the tone for the interview

Trauma Informed Victim Interviews (TIVI) for the Justice System Part Two Battered Womens Justice Project January 11, 2019 This project was supported by Grant No. 2015 TA AX K027 awarded by the Office on Violence Against Women,

338 views • 9 slides
Bio(tech) Interlude 3 Nobel Prizes: PCR: Kary Mullis, 1993 Electrophoresis: A.W.K. Tiselius,

Bio(tech) Interlude 3 Nobel Prizes: PCR: Kary Mullis, 1993 Electrophoresis: A.W.K. Tiselius,

Bio(tech) Interlude 3 Nobel Prizes: PCR: Kary Mullis, 1993 Electrophoresis: A.W.K. Tiselius, 1948 DNA Sequencing: Frederick Sanger, 1980 PCR 2: 95C 1: 25C 3: 60C G A T A A G 5 3 T 3 5 T C T G T 5: 72C 6:

508 views • 23 slides
Code Metrics SWEN-261 Introduction to Software Engineering Department of Software Engineering

Code Metrics SWEN-261 Introduction to Software Engineering Department of Software Engineering

Code Metrics SWEN-261 Introduction to Software Engineering Department of Software Engineering Rochester Institute of Technology A metric is not just a number. A metric is a quantitative function that calculates some characteristic and

1.04k views • 6 slides
The Defjnitional Side of the Forcing . G. Jaber G. Lewertowski P.-M. Pdrot M. Sozeau N.

The Defjnitional Side of the Forcing . G. Jaber G. Lewertowski P.-M. Pdrot M. Sozeau N.

. . . . . . . . . . . . The Defjnitional Side of the Forcing . G. Jaber G. Lewertowski P.-M. Pdrot M. Sozeau N. Tabareau INRIA TYPES 24th May 2016 Pdrot & al. (INRIA) The Defjnitional Side of the Forcing 24/05/2016 .

673 views • 40 slides
Collaborating Across Borders: ANZAC Gallipoli Archaeological Database (AGAD) MICHELLE NEGUS

Collaborating Across Borders: ANZAC Gallipoli Archaeological Database (AGAD) MICHELLE NEGUS

Collaborating Across Borders: ANZAC Gallipoli Archaeological Database (AGAD) MICHELLE NEGUS CLEARY & PETER NEISH UNIVERSITY OF MELBOURNE agad.anzac.unimelb.edu.au ANZAC Gallipoli Archaeological Database A key resource for academics,

561 views • 29 slides

More recommend