gdpr one year on
play

GDPR: One year on 19 June 2019 Gareth Yates & Nathan Bilton - PowerPoint PPT Presentation

Nov 27, 2022 •280 likes •746 views

GDPR: One year on 19 June 2019 Gareth Yates & Nathan Bilton Newcastle | Leeds | Manchester 2 Housekeeping Guest WiFi email: guest@wardhadaway.com | Guest WiFi password: F1rew0rk$ Newcastle | Leeds | Manchester 3 Introduction ICO

  1. GDPR: One year on 19 June 2019 Gareth Yates & Nathan Bilton Newcastle | Leeds | Manchester

  2. 2 Housekeeping Guest WiFi email: guest@wardhadaway.com | Guest WiFi password: F1rew0rk$ Newcastle | Leeds | Manchester

  3. 3 Introduction • ICO Decisions • Accountability • Data Breaches and Reporting Obligations • Subject Access Requests Newcastle | Leeds | Manchester

  4. ICO Decisions • The majority of enforcement actions have concerned the Data Protection Act 1998 • The ICO received 14,072 breach notifications between May 2018 and May 2019, 4 times more than it received the previous year • Between 25 May 2018 and 24 May 2019: • The ICO issued 34 monetary penalties • The ICO issued 15 enforcement notices • The ICO made 9 prosecutions Newcastle | Leeds | Manchester

  5. 5 HMRC • HMRC launched a voice recognition system which requested callers to use their voice to confirm their identity, approximately 7 million callers were enrolled on this service • Callers were not given the choice to opt out of the service • The ICO investigation found that HMRC had failed to give callers sufficient information about the processing of their biometric data and had not given them the opportunity to give or withhold consent • The ICO held that the system represented a significant breach of the GDPR due to: • the large number of individuals affected; and • the significant power imbalance between HMRC and its customers • HMRC was issued with an enforcement notice and was required to delete all biometric data it held under the voice recognition system which it did not have explicit consent for Newcastle | Leeds | Manchester

  6. 6 London Borough of Newham • Newham Council was fined £145,000 after a Council employee sent a police intelligence database to 44 recipients • The database recorded information relating to more than 200 gang members including their home address and associated gang • Rival gang members obtained photographs of the database • When issuing the fine, the ICO placed emphasis on the fact that: • there was a real risk that the loss of control over the database would result in physical harm; • the Council failed to notify the ICO; • the investigation carried out by the Council was limited; and • the Council provided inaccurate and misleading responses to the ICO Newcastle | Leeds | Manchester

  7. 7 True Visions Productions • The ICO fined TVP £120,000 for unlawfully filming at a maternity clinic • TVP placed CCTV-style cameras and microphones in examination rooms, for use in a Channel 4 documentary • TVP posted notices near to the cameras and left letters on waiting room tables • The ICO investigation found that despite having the permission to be on site, TVP did not adequately inform patients that they would be filmed and nor did TVP get prior explicit consent from the patients affected by the filming Newcastle | Leeds | Manchester

  8. 8 Uber • The ICO fined Uber £385,000 for failing to protect its customers’ personal data during a cyber attack • Due to a series of avoidable security flaws, cyber attackers were able to access and download the names, email addresses and phone numbers of approximately 2.7 million UK customers and the records of around 82,000 UK drivers • The ICO found that the security arrangements adopted by Uber US (who acted as a processor on behalf of Uber) were inadequate • Uber did not notify the ICO or the affected individuals either at the time of the attack or when it first became aware of the attack • Uber also failed to take mitigating measures such as monitoring accounts or offering fraud protection until 12 months later Newcastle | Leeds | Manchester

  9. 9 Facebook Ireland Ltd and Facebook Inc • The ICO fined Facebook £500,000 for failing to protect its users’ personal data • Between 2007 and 2014, Facebook allowed third parties to operate apps on its platform and to obtain Facebook users' personal data without their consent • The third parties had access to the personal data of: • Facebook users who installed the app; • their Facebook friends who had not installed the app; and • those who exchanged Facebook messages with app users • One app, which was used by 300,000 Facebook users worldwide, harvested approximately 87 million user profiles. The data was shared with various organisations, including SCL Elections Ltd which controls Cambridge Analytica, and was used to target voters in political campaigns Newcastle | Leeds | Manchester

  10. 10 Heathrow Airport Limited • The ICO fined Heathrow Airport £120,000 for failing to ensure that the personal data held on its network was properly secured • A member of the public found a USB stick belonging to a Heathrow Airport employee which contained over 1,000 files • The USB stick was not password protected or encrypted and contained sensitive personal data including the name, nationality, date of birth, passport details and phone numbers of various individuals • The USB stick was handed to a national newspaper who made copies of the file • The ICO investigation found a "catalogue of shortcomings in corporate standards" and that only 2% of the workforce had been trained in data protection Newcastle | Leeds | Manchester

  11. 11 Equifax Ltd • The ICO fined Equifax Ltd £500,000 for failing to ensure that its US parent and processor protected UK customers' personal data • Equifax suffered a data breach which affected 146 million individuals, including 15 million UK citizens • The affected personal data included names, dates of birth, addresses, passwords, and financial details • The ICO's investigation revealed serious inadequacies which resulted in data being retained for longer than necessary and vulnerable to unauthorised access • When issuing the fine, the ICO placed emphasis on the fact that: • the loss of personal data by a credit rating agency is likely to cause individuals particular stress; • some of the personal data had the potential to be misused in the furtherance of fraud; and • the significant scale of the data breach is likely to undermine trust in the wider financial system Newcastle | Leeds | Manchester

  12. Bounty • Bounty (UK) Limited fined £400,000 for illegally sharing personal information belonging to more than 14 million people. • Bounty’s “pregnancy and parenting club” collected personal information for the purpose of membership registration through its website and mobile app, merchandise pack claim cards and directly from new mothers at hospital bedsides. • Bounty also operated as a data broking service until 30 April 2018, supplying data to third parties for the purpose of electronic direct marketing. • Bounty breached the Data Protection Act 1998 by sharing personal information with a number of organisations without being fully clear with people that it might do so. • The company shared approximately 34.4 million records between June 2017 and April 2018 with credit reference and marketing agencies, including Acxiom, Equifax, Indicia and Sky. • The personal information shared was not only of potentially vulnerable, new mothers or mothers-to-be but also of very young children, including the birth date and sex of a child. Newcastle | Leeds | Manchester

  13. 13 Jayana Morgan-Davis • Former administration assistant at a used car dealership • Prosecuted for unlawfully obtaining the personal data of customers and other employees • Ms Morgan-Davis forwarded several work emails to her personal email account which contained personal data of customers and employees • Admitted 3 offences of unlawfully obtaining personal data in breach of s.55 DPA 1998 • Penalties: • £200 fine • £590 costs • £30 victim surcharge Newcastle | Leeds | Manchester

  14. 14 Kevin Bunsell • Former senior local government officer • Prosecuted for sharing the personal information of rival job applicants with his partner who had applied for a job at the Council • Mr Bunsell accessed the recruitment system and emailed the personal information of 9 shortlisted candidates to his partner’s email account • Penalties: • £660 fine • £713.75 costs • £66 victim surcharge Newcastle | Leeds | Manchester

  15. 15 Hannah Pepper • Former doctor’s surgery employee • Prosecuted for inappropriately accessing records of patients and staff members • Ms Pepper accessed the records of 228 patients and 3 staff members outside of her role • Penalties: • £350 fine • £643.75 costs • £35 victim surcharge Newcastle | Leeds | Manchester

  16. Wendy Masterson • A former customer service advisor at Stockport Homes - prosecuted for accessing records relating to anti-social behaviour without authorisation. • An internal investigation found that she had inappropriately accessed cases without any business reason to do so - the records related to victims, witnesses and perpetrators of anti-social behaviour. • Penalties: • fined £300 • £364.08 costs • victim surcharge of £30 Newcastle | Leeds | Manchester

  17. What can be learnt from these cases? • Make sure you understand all the types of data you are processing • Have you identified the correct lawful base for processing? • Are you only processing data you actually need? • Can you justify why you are processing the data? • Have you clearly notified individuals what you are doing with their data? • Has appropriate training been given? • Do you share data? Have you carried out a data protection assessment? Have you reviewed the Data Sharing Code? Newcastle | Leeds | Manchester

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
Space-variant Generalized Gaussian Regularization for Image Restoration Alessandro Lanza, Serena

Space-variant Generalized Gaussian Regularization for Image Restoration Alessandro Lanza, Serena

Space-variant Generalized Gaussian Regularization for Image Restoration Alessandro Lanza, Serena Morigi, Monica Pragliola, Fiorella Sgallari University of Bologna Computational Methods for Inverse Problems in Imaging Workshop July 16-18,

445 views • 26 slides
DSGE Model Nonlinearities Frank Schorfheide University of Pennsylvania, CEPR, NBER, PIER June

DSGE Model Nonlinearities Frank Schorfheide University of Pennsylvania, CEPR, NBER, PIER June

DSGE Model Nonlinearities Frank Schorfheide University of Pennsylvania, CEPR, NBER, PIER June 2017 JEDC Plenary Lecture 2017 SCE/CEF Conference Papers and software available at https://web.sas.upenn.edu/schorf/ DSGE Model Nonlinearities Large

564 views • 35 slides
Compressive Imaging by Generalized Total Variation Minimization Jie Yan and Wu-Sheng Lu

Compressive Imaging by Generalized Total Variation Minimization Jie Yan and Wu-Sheng Lu

Compressive Imaging by Generalized Total Variation Minimization Jie Yan and Wu-Sheng Lu Department of Electrical and Computer Engineering University of Victoria, Victoria, BC, Canada Aug 10, 2012 1 / 26 OUTLINE Introduction 1 Generalized

547 views • 26 slides
The Target Visitation Problem Achim Hildenbrandt 1 Olga Heismann 2 Gerhard Reinelt 1 1

The Target Visitation Problem Achim Hildenbrandt 1 Olga Heismann 2 Gerhard Reinelt 1 1

The Target Visitation Problem Achim Hildenbrandt 1 Olga Heismann 2 Gerhard Reinelt 1 1 Ruprecht-Karls-Universit at Heidelberg 2 Zuse-Institut Berlin January 09, 2014 A. Hildenbrandt (Heidelberg) An extended formulation for the TVP January 09,

541 views • 33 slides
Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution /

Symbolic execution for binary-level security / 50 3 A number of shades of symbolic execution / / Sbastien Bardin & Richard Bonichon 20180409 CEA LIST 1 1,1,L Model Source qb int foo (int t ) { 0,1,L 0,1,L int y = t * t - 4 * t ;

567 views • 34 slides
HO HOW MANY W MANY SMAR SMART CARS T CARS DOES IT TAKE T DOES IT T AKE TO MAKE O MAKE A

HO HOW MANY W MANY SMAR SMART CARS T CARS DOES IT TAKE T DOES IT T AKE TO MAKE O MAKE A

HO HOW MANY W MANY SMAR SMART CARS T CARS DOES IT TAKE T DOES IT T AKE TO MAKE O MAKE A SMART TRAFFIC A SMAR T TRAFFIC NETWORK? NETW ORK? C. G . G. Cassand . Cassandras as Division of Systems Engineering Dept. of Electrical and

559 views • 23 slides
4. Coordination and Social Models Part 2: Coordination models (I): ( ) D) ems Design (MASD

4. Coordination and Social Models Part 2: Coordination models (I): ( ) D) ems Design (MASD

4. Coordination and Social Models Part 2: Coordination models (I): ( ) D) ems Design (MASD Social Models Trust and Reputation Multiagent Syste Javier Vzquez-Salceda MASD https://kemlg.upc.edu Coordination Social Models for

937 views • 18 slides
Agenda Introduction to our panelists Training in the Pandemic: European Wind Academy Feedback

Agenda Introduction to our panelists Training in the Pandemic: European Wind Academy Feedback

Agenda Introduction to our panelists Training in the Pandemic: European Wind Academy Feedback from last weeks webinar Questions? Presenter Ralph Savage Head of Communication 20+ years in journalism and communication

523 views • 15 slides

More recommend