data protection reform
play

Data Protection Reform preparing for the General Data Protection - PowerPoint PPT Presentation

Nov 26, 2022 •190 likes •479 views

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

  1. Data Protection Reform … preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016

  2. Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical Preparation

  3. http://ec.europa.eu/avservices/video/player.cfm?sitelang=en&ref=I119067

  4. Introduction – Data Protection People Specialists DP company based in Leeds. Aim = to make data protection easy and understandable; to ease DP pain points. Services: Audits, reviews, DP projects Managed Service Compliance Management tools

  5. Data Protection Act 1998 Derived from Directive Requirement to register 95/46/EC 8 x DP Principles 28 variations across Europe 1. Fair and lawful 2. For specific purposes Drive for harmony of DP law 3. Relevant and not excessive Directive’s Aim = facilitate the 4. Maintained accurate/up-to-date free movement of data across 5. Limited retention the EU and uphold citizens’ right 6. Data Subjects’ Rights to privacy. 7. Sufficient security arrangements 8. No processing outside of EEA http://www.information-age.com/technology/security/1687058/uk-ranks-21st-in-europe-for-privacy-protection http://ec.europa.eu/unitedkingdom/press/press_releases/2010/pr1097_en.htm http://amberhawk.typepad.com/amberhawk/2011/02/european-commission-explains-why-uks-data-protection-act-is-deficient.html

  6. “Approved Countries” Andorra Argentina Canada Switzerland Faroe Islands Guernsey Isle of Man Jersey State of Israel New Zealand Eastern Republic of Uruguay USA via “Privacy Shield”

  7. Privacy and Electronic Communications Regulations 2015 Implements Directive Regulates marketing activities: 2002/58/EC Telephone/SMS Mail Concerning the processing of Email personal data and the protection Cookies, Pixels etc. of privacy in the electronic communications sector. Regulates network providers: Ofcom Breach notification

  8. General Data Protection Regulation Replaces DPA98 Enacted Spring 2016 A European Regulation Two cornerstones: Data is “theirs” and not “ours” We need to be more responsible Also More comprehensive definitive “dos” and “don’ts” More interaction with the Regulator Larger fines and greater Regulatory powers Data is not ours: we simply process it on Aim is still free movement of data behalf of data subjects in order to across the EU and right to privacy provide services that they have requested and on their instruction .

  9. http://audiovisual.europarl.europa.eu/Assetdetail.aspx?id=a25be131-dce9-4e2e-89f1-a5e700ebd088 http://www.vieuws.eu/live-panel-debate/debate-can-the-next-eu-regulation-guarantee-data-protection-for-all/

  10. Concepts • “Their” data not “ours” • We are simply temporary custodians of their data for as long as they want us to be. • We need to take greater account of their rights. • The data acquisition land-grab is over. If you cannot demonstrate a legitimate right to be processing an individuals’ data then it is a toxic liability – a time bomb in your organisation.

  11. GDPR : business-wide paradigm shift 6 Principles Some Key Points 1. Fair, lawful & transparent New definitions of “Personal Data” 2. Specific, explicit & legitimate No more implied consent purposes More transparency needed 3. Limited to what is necessary Balance DS rights with DC rights 4. Accurate Anonymise data asap 5. Anonymised ASAP Need to keep records / audit 6. Processed securely with integrity Greater control of data processes and confidentiality Mandatory breach reporting Responsible for being able to Profiling demonstrate compliance DPO & privacy by design Data processors Reform of ICO powers and fines

  12. Why is it a paradigm shift? CURRENTLY GDPR ICO has few powers and small Still some wriggle room BUT: fines You need to evidence more You need to justify more Law has plenty of wriggle room You need to control processing Who has a DPO? Who has DP In-house whistle blower audits? Who has a PIA process? Due consideration of DS rights Processors will influence you New powers and bigger fines Consistency of application Passive compliance through lack of Active compliance through risk management and breaches and minimum standards. balancing of rights. Big Stick too!

  13. € 20,000,000 Or 4% of Global Annual Turnover

  14. Data Lifecycle and GDPR interventions Sharing Transfer Disclosure Data Data Processing Capture Activities Anonymisation Destruction Influences

  15. Data Lifecycle and GDPR interventions Sharing Transfer Disclosure Data Data Processing Capture Activities Anonymisation GDPR Considerations: Destruction • Privacy by Design/PIA • Privacy Notices • Consent • Grounds for processing • 6# DP Principles Influences

  16. Data Lifecycle and GDPR interventions GDPR Considerations: Sharing • PROCESS CONTROL Transfer • Transparancy Disclosure Data • Data Subject rights Data Processing Capture • ID verification Activities • Record-keeping & policies Anonymisation • Processes acting on data Destruction • Protecting data in transit • Protecting data at rest • Retention • Profiling • Work Instructions • Training Influences • Security breach/incident • Special Considerations

  17. Data Lifecycle and GDPR interventions Sharing Transfer Disclosure Data Data Processing Capture GDPR Considerations: Activities Register of 3 rd parties • Anonymisation • Register of transfers Destruction T/F to 3 rd countries • • Subject Access Requests • Ad-Hoc data sharing • Data Portability • Prior Authorisation Influences

  18. Data Lifecycle and GDPR interventions Sharing Transfer Disclosure Data Data Processing Capture Activities Anonymisation Destruction GDPR Considerations: • Default retention periods • Retention exceptions • Anonymisation • Data subject rights (R2BF) Influences

  19. Data Lifecycle and GDPR interventions Sharing Transfer Disclosure Data Data Processing Capture Activities Anonymisation GDPR Considerations: Destruction • Supervisory Authorty • Consistency Mechanism • Powers • Fines • Compensation • DS Rights/awareness • In-house DPO Influences • Certification/Codes of Practice

  20. Compensation • The Claimants’ claim was based on the distress suffered from learning that their personal characteristics formed the basis for Defendant’s targeted advertisements, or from having learnt that such matters might have come to the knowledge of third parties who had used or seen their devices. The Cs’ claims were exclusively for distress and anxiety, not financial damage. • The Cs used Apple’s Safari browser, which was set to block Third Party Cookies which would enable the tracking and collation of browser activity. The Cs pleaded that a Safari workaround operated by D allowed it to obtain and record information about their internet use and use it for the purposes of its AdSense advertising service. They pleaded that D collated their private and personal information and used it to serve adverts to them via Adsense. • The Cs’ claims were in misuse of private information, breach of confidence, and under the Data Protection Act 1998 (DPA). The Cs claimed general and aggravated damages, an account of profits, an injunction and other relief.

  22. GDPR Considerations Data Processing • PROCESS CONTROL • Transparency • Data Subject rights • ID verification • Record-keeping & policies • Processes acting on data • Protecting data in transit Transfer Sharing Disclosure • Register of 3 rd parties Protecting data at rest • Data Collection • Retention • Register of transfers • Privacy by Design/PIA • T/F to 3 rd countries Profiling • Destruction • Privacy Notices • • Work Instructions • Default retention periods Subject Access Requests • Consent • • Training • Retention exceptions Ad-Hoc data sharing • Grounds for processing • • Security breach/incident • Anonymisation Data Portability • 6# DP Principles • • Special Considerations • Data subject rights (R2BF) Prior Authorisation External Influences: Supervisory Authorty, Consistency Mechanism, Powers, Fines, Compensation, DS Rights/awareness, In- house DPO, Certification/Codes of Practice

  23. Powers and Penalties Powers Fines Warnings €10m or 2% (A8, 10, 23-39) Enter Premises/seize equipment €20m or 4% (A5, 6, 7, 9, 12-20, 40-44, 53) Stop NOW! Fines Penalties Compensation Fines

  24. GDPR Impact IT – PIAs, policy and documentation, breach reporting, data sharing, retention, portability. HR – training and awareness, policy. Risk – risk assessment/PIA, audit, record keeping, retention. DPA/FOI DPO tasks/role, independence, SARs, ICO/EDPB, ICO powers. Brand/Image/Reputation - consent, profiling, right to be forgotten, privacy notices, bought-in data, retention. Contact Centre – ID verification, consent, privacy notices Operations – regulation and monitoring conformance to procedures Exec/Board – DPO, record keeping, fines, compensation, change in emphasis, management and control Customers – data portability, SARs, privacy notices, consent.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform

what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform

@DMA_UK #dma General Data Protection Regulation what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform where are we? Dec 2015 Political agreement reached on text Apr 2016 Justice and Home

752 views • 33 slides
The intersection of EU Data Protection Law Reform and everyday ambient computing design:

The intersection of EU Data Protection Law Reform and everyday ambient computing design:

The intersection of EU Data Protection Law Reform and everyday ambient computing design: challenges and opportunities Lachlan Urquhart Co-Authors: Prof Tom Rodden and Dr Ewa Luger Mixed Reality Lab APSN 4th International Conference - July

384 views • 13 slides
Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19,

Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19,

Complete Reform of European Data Protection Law: How Will This Impact Your Business? April 19, 2012 Mark Prinsley, Partner Oliver Yaros, Senior Associate Isabel Simon, Associate Mayer Brown is a global legal services organisation comprising

395 views • 15 slides
Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney,

Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney,

October 6, 2014 Reform of Act on the Protection on Personal Information in JAPAN Mitsuhiro KATO Patent Attorney, Attorney at Law Patent and Law Firm JuJu TOPICS 1. Data Protection in JAPAN - Evaluation based on LAWASIA Privacy Principle 2.

168 views • 12 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline

Plan & Deploy Data Protection & Availability Kaushal Devater Data Protection & Availability Discipline Lead - RDC Planning & Deploy Data Protection & Availability Industry Typical Data Retention Requirements Patient

662 views • 9 slides
Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

Data protection in the EU Area of Data protection in the EU Area of ection tection freedom,

isor visor Superv Super Data protection in the EU Area of Data protection in the EU Area of ection tection freedom, security and justice under the Lisbon Treaty d th Li b T t ta Prot ta Pro ean Da an Da Bndicte Havelange

739 views • 10 slides
Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions

Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions

July 21, 2010 CLIENT MEMORANDUM Dodd-Frank Wall Street Reform and Consumer Protection Act Preliminary Assessment of Provisions Effective Immediately or Very Soon After Enactment Today, President Obama signed the Dodd-Frank Wall Street Reform

388 views • 7 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or

Healthcare Reform The Patient Protection and Affordable Care Act Version 2.0 Imitation or Innovation? March 8, 2017 1 CPA for Ernst & Young Nashville, TN MBA Vanderbilt University CFO for Public and Private Healthcare

653 views • 26 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from

Protection Issues I/O protection Protection and System Calls Prevent users from performing illegal I/Os Memory protection Otto J. Anshus Prevent users from modifying kernel code and data (including slides from Kai Li,

350 views • 6 slides
Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and

Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and

Whistleblower Protections in the Dodd-Frank Wall Street Reform and Consumer Protection Act and Consumer Protection Act Presented by: Larry L Turner Presented by: Larry L. Turner Morgan, Lewis & Bockius LLP 2011 NATIONAL EMPLOYMENT LAW

474 views • 20 slides
L U N C H M O N E Y B U D D Y J E S S I C A B E C K E R I N T R O D U C T I O N Keeping up

L U N C H M O N E Y B U D D Y J E S S I C A B E C K E R I N T R O D U C T I O N Keeping up

I N T E R A C T I V E P R O T O T Y P E L U N C H M O N E Y B U D D Y J E S S I C A B E C K E R I N T R O D U C T I O N Keeping up with your childrens lunch schedule has never been easier. The Lunch Money Buddy app was designed to allow

324 views • 11 slides
Crossing borders and boundaries - The politics of marriage migration, mobility and citizenship in

Crossing borders and boundaries - The politics of marriage migration, mobility and citizenship in

Crossing borders and boundaries - The politics of marriage migration, mobility and citizenship in an inter-disciplinary perspective Rikke Wagner, PhD Candidate, LSE Migration Across the Disciplines, University of Queen Mary, 30 June 1

292 views • 11 slides
Community Navigation in Brighton & Hove 16 th November 2017 Mel Pickett (Navigation

Community Navigation in Brighton & Hove 16 th November 2017 Mel Pickett (Navigation

Community Navigation in Brighton & Hove 16 th November 2017 Mel Pickett (Navigation Coordinator) Bh-impetus.org/navigation @BHImpetus 01273 229385 Background Initially a collaborative partnership between AgeUK Brighton & Hove to

490 views • 9 slides
Budget Conference Highlights February 23, 2013 1 Resolution: Major Differences Area of House

Budget Conference Highlights February 23, 2013 1 Resolution: Major Differences Area of House

HB 1500 Budget Conference Highlights February 23, 2013 1 Resolution: Major Differences Area of House Senate Conference Government Public Salary Increases : Fund 11 Salary Increases : Fund 12 Salary Increases : $70.2 months for teachers

691 views • 52 slides
Bringing SMEs onto the E-commerce Highway Quan Zhao, ITC Trade Policy Advisor UNCTAD e-commerce

Bringing SMEs onto the E-commerce Highway Quan Zhao, ITC Trade Policy Advisor UNCTAD e-commerce

Bringing SMEs onto the E-commerce Highway Quan Zhao, ITC Trade Policy Advisor UNCTAD e-commerce week Date: 18 April 2018 E-commerce opportunities New Pathways to for inclusive trade E-commerce: A Global MSME Competitiveness Survey

409 views • 14 slides
WELCOME TO HIGH SCHOOL Class of 2021 THE DIFFERENCES BETWEEN MIDDLE SCHOOL AND HIGH SCHOOL

WELCOME TO HIGH SCHOOL Class of 2021 THE DIFFERENCES BETWEEN MIDDLE SCHOOL AND HIGH SCHOOL

WELCOME TO HIGH SCHOOL Class of 2021 THE DIFFERENCES BETWEEN MIDDLE SCHOOL AND HIGH SCHOOL Middle High Grades do not count as credits Grades become credits that are required for graduation You go to the same classes every You

327 views • 30 slides
Protection - Information for Enhanced Resil ilience Overview ASPIRE will integrate

Protection - Information for Enhanced Resil ilience Overview ASPIRE will integrate

ASPIRE Adaptive Social Protection - Information for Enhanced Resil ilience Overview ASPIRE will integrate climate information into social protection decision making in the Sahel so that it can bec become resp espon onsiv ive to

230 views • 9 slides
2017 Financial Efficiency Report Finance, HR, Administration Purchasing reductions over 31

2017 Financial Efficiency Report Finance, HR, Administration Purchasing reductions over 31

2017 Financial Efficiency Report Finance, HR, Administration Purchasing reductions over 31 transactions: $61,710 savings IT subscription for GIS software: $18,000 savings IT staff for livestreaming: $12,927 savings Increased

361 views • 34 slides

More recommend