gdpr annual refresher training annual refresher training
play

GDPR Annual Refresher Training Annual refresher training - intro - PowerPoint PPT Presentation

May 21, 2023 •287 likes •682 views

GDPR Annual Refresher Training Annual refresher training - intro It is a legal requirement that all staff and volunteers have GDPR refresher training on an annual basis. Logistically, it makes sense to offer refresher training electronically

  1. GDPR Annual Refresher Training

  2. Annual refresher training - intro It is a legal requirement that all staff and volunteers have GDPR refresher training on an annual basis. Logistically, it makes sense to offer refresher training electronically to ensure that all staff are able to complete it within a reasonable timescale that fits with everyone’s busy schedules. Please ensure that you complete the training by the deadline given.

  3. GDPR Annual Refresher Training

  4. The Information Commissioner’s Office • The UK’s independent body set up to uphold information rights • Enforce and regulate freedom of information and data protection laws • Provide information and advice • Promote good practice • We are registered with the ICO

  5. 3 key definition of terms • Personal data • Processing • Data controller v data processor

  6. What is personal data? Data which relate to a living individual who can be identified – (a) from those data, or – (b) from those data and other information in the possession of the data controller/ processor It includes names, addresses, contact info, medical info, employment status, etc. Also, how you describe someone that clearly identifies an individual! Not business contact details.

  7. What is data processing? Processing’ refers to anything an organisation does with personal data collecting using analysing sharing disposal

  8. Data controller vs data processor “The GDPR data controller is the organisation that decides how and why customers’ personal data is processed. They control the data but do not necessarily hold or process it, however, they are responsible for how it’s used, stored and deleted.” e.g. us, Cornwall Council, NHS Kernow “A data processor … is a company or person who processes personal data on behalf of the controller. This could include something as simple as storing the data on a third party’s server but also includes, for example, payroll services, commissioned services and market research businesses.” i.e. us! www.cybersmart.co.uk

  9. What is GDPR? • General Data Protection Regulations - law from 25 May 2018 • Organisations must be able to demonstrate compliance with the principles – Same basic principles as old data protection law but strengthened – Greater accountability – New rights for individuals and strengthening of existing rights – Breach reporting – Data Protection Impact Assessments – Higher penalties for non-compliance

  10. Brexit BREXIT does not affect UK compliance with GDPR – Data Protection Bill is in effect from 25 May 2018. “ While the GDPR will not be directly applicable post-Brexit, the Data Protection Bill (which will become the Data Protection Act 2018) will ensure continuity with the legislation set out in the GDPR ” https://ico.org.uk/for-organisations/data-protection-and- brexit/

  11. What is the key difference between DPA and GDPR? DPA Compliant until proven not to be GDPR Must prove compliance from day 1

  12. Comparing Principles! Personal data shall be … DPA Principles GDPR principles 1. Processed fairly and lawfully 1. Processed lawfully, fairly and in 2. Obtained for specified and lawful a transparent manner purposes 2. Collected for specified, explicit 3. Adequate, relevant and not legitimate purposes excessive 3. Adequate, relevant and limited 4. Accurate and kept up-to-date to what is necessary 5. Not be processed for any 4. Accurate and kept up-to-date purpose, shall not be kept for 5. Kept in a form which permits longer than is necessary identification of data subjects for 6. Processed in line with the rights no longer than is necessary of data subjects 6. Processed in a manner that 7. Secure and protected against ensures appropriate security, unauthorised or unlawful including protection against processing, loss, destruction or unauthorised or unlawful damage processing, accidental loss, 8. Not be transferred to any country destruction or damage . without adequate protection 7. Not be transferred to any country without adequate protection

  13. Why is GDPR necessary? Data storage and How we use technology has technology for evolved rapidly since work has changed the 1990s how information is collected, stored, Mobile technology is used, etc, and much more versatile: changed risk mobile phones, factors . tablets, etc Legislation across Social media means Europe has been personal information is complex and much more publicly disjointed. GDPR available; we are also imposes more sharing much more consistency and private information. stronger requirement for compliance

  14. Consent Where we are requesting an individual to give us any of their personal data, active consent must be sought . We must ask for Consent must be on an opt-in Consent forms consent basis (not opt-out). must make it without offering absolutely clear any incentive what to do so. information is needed, why it is needed and how it will be used (including Individuals who it might be must be told shared with e.g. how to other services or withdraw their organisations ). consent. Evidence of consent must be Consent forms must use clear, recorded. plain language.

  15. Consent to use personal data Consent must be freely given, explicit, specific, informed, and an unambiguous indication of wishes    requested using accessible intelligible clear language    provable that provided with the consent was necessary ability to withdraw given

  16. Children’s data Children need particular • protection when you are collecting and processing their personal data - may not understand the risks. For online services offered • directly to child : – in the UK children aged 13+ able to provide own consent. Children under 13, you need – parental consent - unless the online service you offer is a preventive or counselling service. You should write clear privacy • notices for children so that they are able to understand what will happen to their personal data and what rights they have.

  17. Data Subject Rights The rights of the individual are central to data processing The right to restrict processing The right to data portability Rights in relation to profiling Right to rectification Right to erasure

  18. Data Subject Rights Right to Restrict Processing • Individuals have a right to ‘block’ or suppress processing of personal data. • When processing is restricted, you are permitted to store the personal data, but not further process it. E.g. keeping a list of people • who have requested their data is removed

  19. Data Subject Rights The Right to Data Portability • Allows individuals to obtain and re-use their personal data for own purposes across different services. • To move, copy or transfer personal data from one IT environment to another in a safe and secure way Enables consumers to take • advantage of applications and services which can use this data to find them a better deal, or help them understand their spending habits

  20. Data Subject Rights Rights in Relation to Profiling The GDPR includes provisions on: • ‘automated individual decision - making’ (making a decision solely by automated means without any human involvement) • profiling (automated processing of personal data to evaluate certain things about an individual). Profiling can be part of an automated decision-making process. • E.g. • an online decision to award a loan; and • a recruitment aptitude test which uses pre-programmed algorithms and criteria. (ICO)

  21. Data Subject Rights Right to Rectification Individuals have right to have personal data rectified where is inaccurate • or incomplete. E.g. criminal records, medical information • Right to Erasure Also known as ‘the right to be forgotten’. • To enable an individual to request the deletion or removal of personal • data where there is no compelling reason for its continued processing. Google and ‘right to be forgotten’ case NB In order to administer this a ‘request to be forgotten’ list needs to be maintained. Examples: trainee not wanting to know of other course or a carer who has had support does not want newsletter

  22. Demonstrating compliance “The controller shall be responsible for, and be able to demonstrate compliance with the Principles” Article 5(2) Some of this applies to data processors too. Requirement to implement Requirement to appoint a • • appropriate technical and data protection officer organisational measures (all) (controllers) Maintaining records on Data protection by design • • processing activities (all) and default (all) Data protection impact Codes of conduct and • • assessments (all) certification schemes (all)

  23. What happens if we don’t comply?

  24. What is a data breach? A data breach is any situation where an individual can be identified by someone other than who is ‘authorised’ to have access to that data

  25. Data Breaches Requirement to report ‘high risk’ breaches to the ICO and the relevant data subjects within 72 hours. Failure to notify a breach can result in a significant fine of up to 10 million euros

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher

Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher

Laney Business Office College Flex Day March 30, 2020 Training/Refresher LBO Training/Refresher Agenda Timesheets electronic Personnel Action Forms (ePAFs) Independent Contractor/Consultant services contract (ICC) Resources

473 views • 29 slides
Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course

Asb Asbesto estos s Worker Worker Refresher Refresher Trainin Training g Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry standards and current EPA and OSHA

522 views • 30 slides
Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher

Asb Asbesto estos s Contractor Contractor Sup Supervis ervisor or Refresher Refresher Training Training Course Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry

425 views • 40 slides
Refresher Training Course Notice to Viewer: This sample slideshow includes our standard, up to

Refresher Training Course Notice to Viewer: This sample slideshow includes our standard, up to

Asbestos Inspector Refresher Training Course Notice to Viewer: This sample slideshow includes our standard, up to date information that is based on industry standards and current EPA and OSHA requirements. We can customize this material to

450 views • 24 slides
BSTR-P Basic Safety Training Refresher Online Partial Release Webinar April 2020 Presenter

BSTR-P Basic Safety Training Refresher Online Partial Release Webinar April 2020 Presenter

BSTR-P Basic Safety Training Refresher Online Partial Release Webinar April 2020 Presenter Jakob Bjrn Nielsen, Head of Standards Development Air Force Officer Supply Chain Engineer Training leadership roles Royal Danish

653 views • 31 slides
Case Management Refresher Training Presented by: Senior Connection Center, Inc. February 18,

Case Management Refresher Training Presented by: Senior Connection Center, Inc. February 18,

Case Management Refresher Training Presented by: Senior Connection Center, Inc. February 18, 2016 1 A GENDA Every star has a corresponding handout in back of manual... Introductions 1 ADRC Information and Referral Overview

908 views • 89 slides
Accrual Quality Improvement Online Accrual Reporting System (AQuIP OARS) Refresher Training

Accrual Quality Improvement Online Accrual Reporting System (AQuIP OARS) Refresher Training

October 17, 2019 2012 Consortia Accrual Quality Improvement Online Accrual Reporting System (AQuIP OARS) Refresher Training Tiana Tower, B.S. DCP Help Desk Specialist Technical Resources International (TRI), Inc. monitoring, auditing and

394 views • 35 slides
5 Simple Rules for Making Slides that Make More Sense Certified Designer Refresher Training, LLC

5 Simple Rules for Making Slides that Make More Sense Certified Designer Refresher Training, LLC

5 Simple Rules for Making Slides that Make More Sense Certified Designer Refresher Training, LLC >20 years of experience >2000 presentations >100K people trained Wendy Gates Corbett Making slide design simple Poll Question #1 Yes

788 views • 75 slides
Volunteer Refresher Training READ 2 SUCCEED PROGRAM READ 2 SUCCEED PROGRAM Introductions Flash

Volunteer Refresher Training READ 2 SUCCEED PROGRAM READ 2 SUCCEED PROGRAM Introductions Flash

Volunteer Refresher Training READ 2 SUCCEED PROGRAM READ 2 SUCCEED PROGRAM Introductions Flash Topics What is your favorite childhood book? Why is volunteering with children important to you? Foundation for Orange County Public Schools

305 views • 27 slides
REFRESHER TRAINING February / March 2019 Nicotine Delivery Royal College of Physicians. Nicotine

REFRESHER TRAINING February / March 2019 Nicotine Delivery Royal College of Physicians. Nicotine

Stop Smoking Practitioner Program REFRESHER TRAINING February / March 2019 Nicotine Delivery Royal College of Physicians. Nicotine without smoke: Tobacco harm reduction. London: RCP, 2016 Toxicity of Nicotine Nicotine is a naturally

869 views • 53 slides
INDUSTRIAL GENERAL PERMIT REFRESHER TRAINING February 20, The basics and a few new things 2013

INDUSTRIAL GENERAL PERMIT REFRESHER TRAINING February 20, The basics and a few new things 2013

Casper, Wyoming 1 INDUSTRIAL GENERAL PERMIT REFRESHER TRAINING February 20, The basics and a few new things 2013 Contact Information 2 Barb Sahl Permit Writers 307-777-7570 barb.sahl@wyo.gov John Gorman 307-5622

1.37k views • 72 slides
HR Partners Meeting June 6, 2018 1 MyTrack Trainings BOLI Trainings Offers Refresher

HR Partners Meeting June 6, 2018 1 MyTrack Trainings BOLI Trainings Offers Refresher

HR Partners Meeting June 6, 2018 1 MyTrack Trainings BOLI Trainings Offers Refresher Documentation, Discipline Thursday, June 14th , 11am-12pm and Discharge HR Training Room Tuesday, June 12th , 9am-12pm Recruitment Module Training Record

460 views • 27 slides
Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher

Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher

Communications Update Circuit Trails Coalition Semi-Annual Meeting May 2017 Quick Refresher Objectives Raise awareness of Circuit Trails vision Increase use of existing trails Drive support for trails among influencers,

322 views • 28 slides
incidents to make a meaningful refresher program? What are these incidents telling you about

incidents to make a meaningful refresher program? What are these incidents telling you about

How do you use the lessons from incidents to make a meaningful refresher program? What are these incidents telling you about your initial training program? Incident report As a safety manager, do you? Do you? Do you? What do you do

273 views • 10 slides
KEEPING THE PROMISE ALIVE REFRESHER EVERY FIVE YEARS 1 2 3 4 5 Select your parish or

KEEPING THE PROMISE ALIVE REFRESHER EVERY FIVE YEARS 1 2 3 4 5 Select your parish or

KEEPING THE PROMISE ALIVE REFRESHER EVERY FIVE YEARS 1 2 3 4 5 Select your parish or school 6 1. Type in the last name of person you want to assign training 2. Click add 7 Name should appear then click Add. Do not click Submit until

417 views • 12 slides
Live Training Dates Agenda Appeals & Live Training Who, How and Where to send your

Live Training Dates Agenda Appeals & Live Training Who, How and Where to send your

Appeal Refresher & Live Training Dates Agenda Appeals & Live Training Who, How and Where to send your appeal Timeline and steps for appeals Best Practices Live Training 2018 Questions 3 Appeals Where to

232 views • 22 slides
DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main

DATA PROTECTION and SCRA www.scra.gov.uk Data Protection Act 1998 (DPA) DPA is the main legislation in the UK governing information on individuals. It places obligations on organisations that hold and use information on

518 views • 37 slides
GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq.,

THOMSON REUTERS GDPR is here. Is your cyberinsurance ready? By James E. Scheuermann, Esq., Lucas J. Tanglen, Esq., and Reymond E. Yammine, Esq., K&L Gates AUGUST 3, 2018 The European Unions General Data Protection Regulation, Violations

320 views • 4 slides
GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will

GDPR what is it? Replaces the Data Protection Act 1998 European legislation will not be gold plated Comes into force 25 May 2018 BREXIT Data Protection Bill Why is GDPR relevant to me? Healthcare has been an area

692 views • 17 slides
Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie

Big data and the new EU data protection Regulation The role of Big Data in Healthcare Sophie LOUVEAUX London 14-15 November 2016 Big Data Means Opportunities More Knowledge, Large Computing and Large Availability of Better Personal Data

377 views • 18 slides
Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019

CONSUMER AWARENESS WORKSHOP on Data Protection and Privacy & Impact of Personal Data Protection Bill (PDPB) 1 November, 2019 Kolkata OBJECTIVE Engage with the consumer and civil society organisations (CSOs) in tier II locations to

623 views • 50 slides
Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international

Big Data, Key Challenges: Privacy Protection & Cooperation Observations on international efforts to develop frameworks to enhance privacy while realising big datas benefits Seminar arranged by the Office for Personal Data Protection, Macao,

305 views • 8 slides
Information session for public sector Political agreement reached in mid-December Text

Information session for public sector Political agreement reached in mid-December Text

Information session for public sector Political agreement reached in mid-December Text currently being prepared in all languages, and streamlined Formal adoption expected in late April or early May Will apply from April/May 2018

548 views • 30 slides
GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of

GDPR what is it? A new data protection framework which puts individuals back in control of their personal data ICO 12 steps to GDPR compliance 7. Consent 1. Awareness 2. Document the personal data you hold 8. Children 3. Communicating

540 views • 28 slides

More recommend