GDPR Training Event Manchester 22 nd May 2018 GDPR Resources and - - PDF document

gdpr
SMART_READER_LITE
LIVE PREVIEW

GDPR Training Event Manchester 22 nd May 2018 GDPR Resources and - - PDF document

Sep 11, 2023 17 likes •148 views

23/05/2018 GDPR Training Event Manchester 22 nd May 2018 GDPR Resources and Toolkit 1 23/05/2018 Targeted & Bespoke Guidance Targeted Guidance Phase 1 Model Templates Phase 2 Model Policies & Procedures Phase 3

slide-1
SLIDE 1

23/05/2018 1

GDPR

Training Event – Manchester 22nd May 2018

GDPR

Resources and Toolkit

slide-2
SLIDE 2

23/05/2018 2

Targeted & Bespoke Guidance

Phase 1

  • Targeted Guidance

Phase 2

  • Model Templates

Phase 3

  • Model Policies & Procedures

Phase 4

  • Training

What is Personal Data?

“‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person”

slide-3
SLIDE 3

23/05/2018 3

What is Personal Data?

Name Address Email Address Telephone Number Photographs Bank Details Credit Card Details Forms of ID and Numbers MAC / IP Address Opinions

What is Personal Data?

slide-4
SLIDE 4

23/05/2018 4

The Data Protection Principles

1. Data must be processed lawfully, fairly and in a transparent manner; 2. Data must be collected for specified, explicit and legitimate purposes (Purpose Limitation); 3. Data must be Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed (Data Minimisation); 4. Data must be Accurate and where necessary kept up to date (Accuracy); 5. Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed (Limited Retention); 6. Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical and organisational measures – (Security).

What's on the TMCP Website?

www.tmcp.org.uk

  • GDPR at a Glance
  • GDPR Changes at a Glance
  • GDPR Guidance Note
  • 9 Steps to take now
  • 9 Steps Checklist
  • Template Data Mapping Form
  • Template Consent Form (updated)
  • Guidelines on Lawful Basis for Processing Personal Data
  • Data Protection Responsibilities in a Nutshell
  • Who are the Data Controllers and where to get help
  • Data Protection Do’s and Don'ts
  • Information on Church Directories
  • GDPR Myth-Buster
  • FAQ’s
slide-5
SLIDE 5

23/05/2018 5

9 Steps to Take Now

  • 9 Steps for Managing

Trustees to Take

Step 1:

Awareness

Step 2:

Data Mapping.

Step 3:

Privacy Policy

Step 4:

Lawful Basis

Step 5:

Rights

Step 6:

Consent

Step 7:

Children

Step 8:

Data Breaches.

Step 9:

Assessment

A Toolkit for Managing Trustees

slide-6
SLIDE 6

23/05/2018 6

What’s in the Toolkit?

Data Protection Responsibilities in a Nutshell

Data Protection Responsibilities in a Nutshell

slide-7
SLIDE 7

23/05/2018 7

What’s in the Toolkit?

Data Protection Responsibilities in a Nutshell Overarching Data Protection Policy

Data Protection Policy

slide-8
SLIDE 8

23/05/2018 8

Data Protection Policy “We’re not looking for perfection, we’re going to be looking for commitment.”

(Elizabeth Denham, 20th April 2018 in an interview with the BBC)

Data Protection Policy

Compliance Training Record keeping Security and retention Breach Rights Risk-based approach to Processing

slide-9
SLIDE 9

23/05/2018 9

Data Protection Policy

Specifics to the Methodist Church:

Consent; Privacy by Design; Fundraising; Sharing Personal Data;

What’s in the Toolkit?

Data Protection Responsibilities in a Nutshell Overarching Data Protection Policy Specific Policies

slide-10
SLIDE 10

23/05/2018 10

Specific Policies

Guidelines on Lawful Basis for Processing Personal Data Privacy Notice Data Security Policy IT Policy Data Subject Access Request Policy Data Retention Policy Data Breach Policy

What’s in the Toolkit?

Data Protection Responsibilities in a Nutshell Key Template Documents Specific Policies Overarching Data Protection Policy

slide-11
SLIDE 11

23/05/2018 11

key Template Documents

Privacy Notice Breach Register Legal Basis Register Website Privacy Notice Data Mapping Form (already on website) Consent Form (already on website)

Privacy Notice Transparency:

  • What information do you collect?
  • Why do you collect that information?
slide-12
SLIDE 12

23/05/2018 12

Privacy Notice

Remember the Principles?

1. Data must be processed lawfully, fairly and in a transparent manner; 2. Data must be collected for specified, explicit and legitimate purposes (Purpose Limitation);

Privacy Notice

1. IMPORTANT INFORMATION AND WHO WE ARE 2. THE DATA WE COLLECT ABOUT YOU 3. HOW IS YOUR PERSONAL DATA COLLECTED 4. HOW WE USE YOUR PERSONAL DATA 5. DISCLOSURES OF YOUR PERSONAL DATA 6. INTERNATIONAL TRANSFERS 7. DATA SECURITY 8. DATA RETENTION 9. YOUR LEGAL RIGHTS 10. GLOSSARY

slide-13
SLIDE 13

23/05/2018 13

Questions?