data protection act 2017
play

DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 - PowerPoint PPT Presentation

Oct 18, 2023 •117 likes •931 views

The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs 15.30 hrs InterContinental Mauritius Resort, Balaclava Fort, Coastal Road,

  1. The Ministry of Technology, Communication and Innovation and The Data Protection Office Workshop On DATA PROTECTION ACT 2017 Tuesday 06 March 2018 from 08.30 hrs – 15.30 hrs InterContinental Mauritius Resort, Balaclava Fort, Coastal Road, Balaclava

  2. Topics  Registration  Principles relating to Processing of personal data  Roles and Responsibilities of Controllers  Roles of Data Protection Officer Mrs Jasbir B. HAULKHORY Data Protection Officer/Senior Data Protection Officer

  3. Registration Part III, Section 14 3

  4. Why to Register? ‘‘ ... no person shall act as controller or processor unless he or it is registered with the Commissioner... ’’ Part III, Section 14: Legal Requirement to Register 4

  5. Who should Register? Medical Practitioner, Barrister, Ministry, private companies • A person who or public body which, alone or jointly with others, • determines the purposes and • means of the processing of personal data and Controller • has decision making power with respect to the processing. Company A manages and hosts servers of Company X • A person who, or public body which, processes personal data on behalf of a controller Processor 5

  6. Process of Registration Fill in Application Effect Approval by Issuance of Form and Payment DPC Certificate submit documents 6

  7. Registration Form Controller / Processor details Data Risks and Protection security Officer measures details Transfer of Types of personal personal data data abroad Special Categories Disclosure of personal data Purpose 7

  8. Amendment to Registration / Renewal With the coming of the New Regulation Only 1 form for Registration and amended fee structure Validity of Registration Certificate: 3 Years Renewal Deadline: 3 months prior to Expiry Date Notify the Commissioner about the change in particulars within 14 days Cancellation and variation of Terms of Registration Certificate 8

  9. Offence For providing any false or misleading information in the particulars of information A fine not exceeding 100,000 rupees Imprisonment for a term not exceeding 5 years 9

  10. Offence Failure to notify about change in particulars A fine not exceeding 50,000 rupees 10

  11. 6 Privacy Principles for Controllers and Processors Principles relating to Processing of Personal Data Section 21

  12. Principles relating to Processing of personal data (1) • Employer to disclose salary details Lawfulness, fairness of employees to tax authorities, and transparency without consent. Purpose limitation • A General Practitioner cannot Explicit, specified and legitimate purposes and disclose patients details to his wife not processed in a way who owns a travel agency. incompatible with the purposes Data minimisation • Specific questions about health Adequate, relevant and conditions are queried to only limited to what is relevant manual occupations. necessary, in relation to the purposes 12

  13. Principles relating to Processing of personal data (2) Accuracy: • A mis-diagnosis of a medical condition is still kept as it is relevant Accurate and, where necessary, up-to-date. for the treatment given to the patient Erasure and rectification or to additional health problems. without delay. Storage limitation: • Deletion of emergency numbers for Storage of personal data permitting Identification of staff who have left the organisation. data subjects for no longer than necessary Data subjects‟ rights: • Rectification of an incorrect address Processing in accordance with data subject’s rights 13

  14. TO-DO List Review internal policies and audit procedures Update these policies and procedures where necessary to ensure that they are consistent with the revised principles. Provide appropriate training to ensure that the business is thinking about data protection issues at all levels. 14

  15. Roles and Responsibilities of Controllers Part IV

  16. Roles and Responsibilities of Controllers/Processors (1) Adopt policies and implement appropriate Ensure verification technical and organisational and effectiveness of measures to demonstrate these measures compliance for processing of personal data 16

  17. Roles and Responsibilities of Controllers/Processors(2) Collection of data Bear the burden of Notify and Ensure appropriate for a lawful proof for data Communicate data security and subject‟s consent purpose and is about for Personal organisational necessary for that for the processing Data Breach measures purpose of personal data Comply with the Duty to destroy Ensure the Consent for the requirements to personal data as lawfulness of processing of process Special soon as purpose processing of personal data of Category of lapses personal data children Personal Data Keep records of all Perform data Comply with the Designate an processing protection impact requirements for officer responsible operations under assessment for prior authorisation for data protection his or its high risks or consultation compliance issues responsibility operations from DPO 17

  18. Collection of Personal Data Section 23 For a lawful purpose connected with a function or activity of the controller Necessary for that purpose

  19. Collection of Personal Data Direct or Indirect Collection – Requirement to inform data subjects about: Identity and Contact Whether the details of the Purpose of the Intended Recipients collection is controller and its personal data of the data voluntary or representative mandatory Existence of right Existence of of rectification, Existence of the Automated decision restriction, erasure Period for storing right to withdraw making, and the of personal data personal data consent at any time consequences of and to object to such processing processing Transfer of personal Further information Right to lodge a data abroad and the necessary to complaint with the adequacy of guarantee fair Commissioner protection by that processing of the country personal data 19

  20. Exemption • The data subject already has the information. • The provision of such information proves impossible or would involve a disproportionate effort. • The recording or disclosure of the data is laid down Indirect Data Collection by law. 20

  21. Role of Data Protection Officer Section 22

  22. Who can be a Data Protection Officer? Mandatory appointment of an officer responsible for data protection compliance issues. Existing Employee As long as there is no conflict of interest with professional duties Professional with experience New Employee and knowledge of data protection laws External Officer As long as there is a rigorous contract for appropriate safeguards 22

  23. Roles of Data Protection Officer Inform and advise the controller/processor and the employees about the obligations to comply with the DPA 2017 Monitor compliance with the DPA 2017 Advise on data protection impact assessments Train staff Conduct internal audits Be the point of contact for the Data Protection Office and for individuals whose data are processed 23

  24. Obligations of Controllers/Processors Provide Determine adequate Ensure that whether to Enable DPO resources to DPO reports appoint a Data to work fulfill the to the highest Protection Independently obligations management Officer under the DPA 2017 24

  25. Thank you 25

  26. Date: 06 March 2018 Venue: Intercontinental Hotel, Balaclava Fort

  27.  Consent  Notification of personal data breach and Communication of personal data breach to data subject By Mrs Pravina Dodah Data Protection Officer/Senior Data Protection Officer 27

  28. What is consent? 28

  29. Consent Indication signifying agreement to processing Unambiguous by Informed statement or a clear affirmative action Specific Freely Given 29

  30. Elements of valid consent Freely given Provide genuine choice Not penalised for refusing consent Specific Concise on the processing operation and purpose/s. Informed Provide clear information and in plain language , at minimum containing: • The controller‟s identity, • The purpose/s of the processing, • The processing activities, • The right to withdraw consent at any time Amount of information depends on circumstances and context of a case Unambiguous To avoid implied form of actions by the data subject such indication (by as pre-ticked opt-in boxes statement or a clear affirmative action) 30

  31. How is consent in DPA 2017 different from DPA 2004 ? 31

  32. Differences Definition Conditions Controllers have the burden of proof for establishing consent Unambiguous Data subject can withdraw his consent by statement anytime or a clear affirmative Consent is presumed not to be freely given action if the performance of a contract, including the provision of a service, is dependent on the consent which is not necessary for such execution of the contract/service. Suppose a customer has a contract with a bank for ordinary bank account services. In the contract, the bank asks customers consent to use their payment details for marketing and customer‟s refusal would lead to the denial of banking services. 32

  33. Why should consent matter to me? 33

  34. Is one criterion to demonstrate that you are processing data lawfully 34

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
Principles of Protection: 11/01/2017 Cybersecurity Julia Breaux Data Protection William

Principles of Protection: 11/01/2017 Cybersecurity Julia Breaux Data Protection William

Principles of Protection: 11/01/2017 Cybersecurity Julia Breaux Data Protection William Sellers Introductions Julia Breaux Internal Controls and Compliance Manager (225) 214-3898 Julia.Breaux@eatel.com William Sellers Data Center

508 views • 25 slides
Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program

Data Loss Prevention Academic Senate Meeting October 18, 2017 Data Protection Program Empower users with the Secure critical data assets, ability to use new protect data confidentiality, and technologies while managing minimize

329 views • 4 slides
The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an

The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an

The new data protection regime: The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an introduction The problem: Processing of personal data ramps up with technology 1990s legislation

379 views • 17 slides
Geodemographics in a digital age: Ethical and data protection considerations CGG Seminar 2 nd

Geodemographics in a digital age: Ethical and data protection considerations CGG Seminar 2 nd

Geodemographics in a digital age: Ethical and data protection considerations CGG Seminar 2 nd May 2017 Dr. Michelle Goddard Director of Policy & Standards Complicated matrix of ethical and legal data protection requirements ePrivacy

103 views • 6 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 +

General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 +

London | Bristol | Dublin | Dubai General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 + Introduction General Data Protection Regulation in effect from 25 May 2018 Probably the most lobbied EU law

363 views • 12 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679

7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679

GDPR Is your Fund ready? Etain de Valera 21 st September 2017 7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679 Replaces existing data protection law in all member states on 25 May 2018 Designed to

807 views • 53 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents

Invention-Con 2017 - International 2 Protection - Patents International Protection: Patents Presented By: Robin Hylton Session on International Protection: Patents Patent Protection Outside the United States Paris Convention Basics

584 views • 54 slides
DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
General Data Protection Regulations September 2017 We will be members of the EU in 2018 and

General Data Protection Regulations September 2017 We will be members of the EU in 2018 and

General Data Protection Regulations September 2017 We will be members of the EU in 2018 and therefore it would be expected and quite normal for us to opt into the GDPR and then look later at how best we might be able to help British business

229 views • 18 slides
Examination and Assessment Instructions (EB) A review of the changes made to the regulation. The

Examination and Assessment Instructions (EB) A review of the changes made to the regulation. The

Examination and Assessment Instructions (EB) A review of the changes made to the regulation. The updated version entered into force on 1 August 2019 Coordinator Ole Karlsson 18.11.2019 fo o te r 1 Conte nts of this pr e se ntation Our re g

227 views • 18 slides
CA. Rashmin Vaja Khandhar Mehta & Shah 1 CONTENTS REGISTRATION INVOICE PATTERN DEBIT

CA. Rashmin Vaja Khandhar Mehta & Shah 1 CONTENTS REGISTRATION INVOICE PATTERN DEBIT

REGISTRATION, INVOICE, RETURNS & PAYMENT UNDER GST CA. Rashmin Vaja Khandhar Mehta & Shah 1 CONTENTS REGISTRATION INVOICE PATTERN DEBIT NOTES & CREDIT NOTES RETURNS PAYMENT OF TAXES 2 REGISTRATION 3 Section 23

1.14k views • 98 slides
10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI,

10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI,

10. Forensic Issues I A MERICAN P SYCHOLOGICAL A SSOCIATION Forensic Issues For people with SMI, the prevalence of containment in prison/forensic system is high: men 15%; women 31% For people exhibiting symptoms: 67 % greater likelihood of

366 views • 7 slides
FDI in Central, East and Southeast Europe: FDI in Central, East and Southeast Europe: Recovery

FDI in Central, East and Southeast Europe: FDI in Central, East and Southeast Europe: Recovery

Wiener Institut fr The Vienna Institute for www.wiiw.ac.at Internationale International Economic Wirtschaftsvergleiche Studies wiiw FDI Report 2017 FDI in Central, East and Southeast Europe: FDI in Central, East and Southeast Europe:

270 views • 13 slides
Course Name- LL.B 2 nd sem Subject- Special Contract Law Teacher Neeru Mangla Concept

Course Name- LL.B 2 nd sem Subject- Special Contract Law Teacher Neeru Mangla Concept

Course Name- LL.B 2 nd sem Subject- Special Contract Law Teacher Neeru Mangla Concept Registration of Firm Section 57 APPOINTMENT OF REGISTRAR OF FIRMS AND DEPUTY AND ASSISTANT REGISTRARS OF FIRMS. (1) The State Government may, by

804 views • 25 slides
Benefits of the European Trademark Reforms Enforcing IP Rights Under the New System, Potential

Benefits of the European Trademark Reforms Enforcing IP Rights Under the New System, Potential

Presenting a live 90-minute webinar with interactive Q&A Protecting IP Rights in Europe: Deciphering and Maximizing Key Benefits of the European Trademark Reforms Enforcing IP Rights Under the New System, Potential Advantages for Brand

598 views • 34 slides
Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1.

Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1.

CNPD Course: Data Protection Basics Basic elements Esch-sur-Alzette Carmen Schanck 4 September 2018 Legal Department Outline 1. Introduction 2. Basic elements 3. The rights of data subjects 4. The obligations of controllers and processors

965 views • 83 slides
The Trinidad and Tobago Securities and Exchange Commission Draft Collective Investment Schemes

The Trinidad and Tobago Securities and Exchange Commission Draft Collective Investment Schemes

The Trinidad and Tobago Securities and Exchange Commission Draft Collective Investment Schemes By-Laws February 20 th 2019 Presentation outline 1. What is a CIS 2. Historical Context 3. Current CIS Environment 4. IOSCO Assessment 5. Key changes

358 views • 31 slides

More recommend