gdpr
play

GDPR District Chairs Meeting 14 th March 2018 Who are the Data - PDF document

Jun 09, 2023 •245 likes •421 views

29/03/2018 GDPR District Chairs Meeting 14 th March 2018 Who are the Data Controllers in the Methodist Church Trustees for Methodist The Methodist Church Church Purposes in Great Britain 1 29/03/2018 Data Champions Targeted & Bespoke

  1. 29/03/2018 GDPR District Chairs Meeting 14 th March 2018 Who are the Data Controllers in the Methodist Church Trustees for Methodist The Methodist Church Church Purposes in Great Britain 1

  2. 29/03/2018 Data Champions Targeted & Bespoke Guidance • Targeted Guidance Phase 1 • Model Templates Phase 2 • Model Policies & Procedures Phase 3 • Training Phase 4 2

  3. 29/03/2018 What's on the TMCP Website? www.tmcp.org.uk � GDPR at a Glance � GDPR Guidance Note � 9 Steps to take now � Template Data Mapping Form � Who are the Data Controllers and where to get help � Data Protection Do’s and Don’t’s � Information on Church Directories � GDPR Myth-Buster What’s Coming to TMCP’s Website? www.tmcp.org.uk � FAQ’s � Template Privacy Policy with Guidance � Template Consent Form � Data Responsibilities in a Nutshell � Lawful Bases Flowchart & Overview � Church Websites & Newsletters 3

  4. 29/03/2018 9 Steps to Take Now 9 Steps for Managing Trustees to Take Now 9 Steps to Take Now Step 1: Awareness 9 Steps for Managing Trustees to Take Now 4

  5. 29/03/2018 Awareness How the Data Champions can help promote Awareness: � Filter the information to the Local Church � Get the Local Church on board � Help promote best practice � Help provide support locally 9 Steps to Take Now Step 1: Step 2: Awareness Data Mapping. 9 Steps for Managing Trustees to Take Now 5

  6. 29/03/2018 Data Mapping Is any data kept Do you by or circulated How is the data Do you have Who holds to persons process any For what held and what How long is How is the Document/list What data is explicit Special the data and outside of the purpose is the security the data kept data description collected? consent to Categories of who has Methodist data held? measures are for? destroyed? use the data? personal access to it? Church including in place? Data? any Ecumenical partners? Data Collection Minister, consent form Names, Church (locked filing Paper Yes, it is Example: To provide a addresses, Administrator, cabinet) and shredder and published on our email Circuit list of church No Until asked to Yes Church electronic website and Church members and addresses, Administrator, remove administrator’s deletion from freely available Directory office holders telephone District Laptop laptop from the church numbers Administrator (password protected) 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy 9 Steps for Managing Trustees to Take Now 6

  7. 29/03/2018 Privacy Policies Transparency & Openness What information do we process? Why do we process this information? How is the information stored? Examples: Databases Pastoral records CCTV Privacy Policies How is the Working Party helping? • A Model Privacy Policy • Associated Guidance • List of examples 7

  8. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 4: Lawful Basis 9 Steps for Managing Trustees to Take Now Lawful Basis • Consent • Performance of a Contract • Legal Obligation • Vital Interests • In the public interest • Legitimate interests 8

  9. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 4: Lawful Basis 9 Steps for Managing Trustees to Take Now Step 5: Rights Rights • Right to be Informed • Right of Access • Right to Rectification • Right to request Erasure • Right to Restrict Processing • Right to Data Portability • Right to Object • Right to Non Automated Decision Making 9

  10. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 4: Lawful Basis 9 Steps for Managing Trustees to Take Now Step 5: Step 6: Rights Consent Consent • Only one of the Legal Basis for Processing • Seen as a Last Resort • Consent can be withdrawn Must be: • Explicit • Given freely • Recorded 10

  11. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 4: Lawful Basis 9 Steps for Managing Trustees to Take Now Step 5: Step 6: Rights Step 7: Consent Children Children • Consent only one Legal Basis • 13 years of age for consent • Consent from person with parental responsibility • Right to Request Erasure • Online Services & Marketing • Privacy information must be clear and in a language they understand 11

  12. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 4: Lawful Basis 9 Steps for Managing Trustees to Take Now Step 8: Data Breaches . Step 5: Step 6: Rights Step 7: Consent Children Data Breaches “a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed” • All Breaches must be recorded • Notification to the ICO if the Breach is “ likely to result in a risk to the rights and freedoms of natural persons” 12

  13. 29/03/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 9: Step 4: Assessment Lawful Basis 9 Steps for Managing Trustees to Take Step 8: Data Breaches . Step 5: Step 6: Rights Step 7: Consent Children Assessment Privacy Impact Assessments only applicable, if: • High Risk to the Rights and Freedoms • Processing is on a ‘large scale’ • Privacy by Design • Risk Assessment • Promoting best practice 13

  14. 29/03/2018 GDPR Myth-Buster GDPR does not mean you need consent for everything.. • Yes there are now more exacting rules about obtaining valid consent, but Managing Trustees need to bear in mind that they do not need consent for everything. “Consent is one way to comply with the GDPR, but it’s not the only “Consent is one way to comply with the GDPR, but it’s not the only way.” (Elizabeth Denham, 16 August 2017. ICO blog “Consent is way.” (Elizabeth Denham, 16 August 2017. ICO blog “Consent is not the Silver bullet for GDPR compliance”) not the Silver bullet for GDPR compliance”) GDPR will not automatically lead to small charities paying huge fines.. • Yes GDPR gives the ICO much greater powers to impose eye watering fines, but the ICO stresses that it is a proportionate regulator and as explained by: “..it’s scaremongering to suggest that we'll [the ICO] be making “..it’s scaremongering to suggest that we'll [the ICO] be making early examples of organisations for minor infringements or that early examples of organisations for minor infringements or that maximum fines will become the norm.” Elizabeth Denham, 9 August maximum fines will become the norm.” Elizabeth Denham, 9 August 2017. ICO blog “GDPR – sorting the fact from the fiction” 2017. ICO blog “GDPR – sorting the fact from the fiction” GDPR is not Y2k.. • Managing Trustees may remember the hype surrounding Y2k? Rest assured that GDPR is not a cliff edge. “GDPR compliance is an ongoing journey”. Elizabeth Denham, 22 “GDPR compliance is an ongoing journey”. Elizabeth Denham, 22 December 2017. ICO blog “GDPR is not Y2K” December 2017. ICO blog “GDPR is not Y2K” Data Protection Officer • Statutory Role • Articles 37, 38 and 39 of GDPR • Not required by Managing Trustees • Alternatives to this role may be: – Data Protection Administrator – Privacy Co-ordinator – Data Compliance Manager 14

  15. 29/03/2018 Contacts TMCP: dataprotection@tmcp.methodist.org.uk www.tmcp.org.uk/contact 0161 235 6770 Connexional Team: dataprotection@methodistchurch.org.uk 020 7486 5502 Question 1 Q. The 9 Steps guidance suggests that manual files should be held in locked filing cabinets. Many people work at home and do not have lockable filing cabinets. A. We have to take a common sense approach, we know that office holders do not always have the luxury of having a church office. However, we need to ensure that personal data is safe when kept in people’s homes. The church should have procedures in place to deal with files which are kept at residential addresses e.g what happens when a new person takes over that role. 15

  16. 29/03/2018 Question 2 Q. Which Officers (District, Circuit & Local Church) can hold what data? A. There is no definitive answer, again a common sense approach needs to be take. Look to the Data Protection Principles to ensure that the data is adequate, accurate, limited to the purpose for which it is collected. Data Protection is about protecting people, therefore only the people who actually need the data should hold it. Question 3 Q. Who does the Legitimate Interest Basis apply to? A. Difficult question to answer because it applies to anybody where the processing of the data is necessary. There must also be an expectation from the individual that their data will be used in such way. E.g. a tenant of church property must expect that church officers will hold their essential contact details. 16

  17. 29/03/2018 Questions GDPR 17

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
27 February 2020 A nuts and bolts guide to Section 21 Notices Presenter Elizabeth Dwomoh

27 February 2020 A nuts and bolts guide to Section 21 Notices Presenter Elizabeth Dwomoh

27 February 2020 A nuts and bolts guide to Section 21 Notices Presenter Elizabeth Dwomoh Elizabeth is an established property practitioner with particular expertise in the fields of housing, commercial and residential landlord and tenant

483 views • 37 slides
Adaptive Treatment Strategies Getting SMART About Developing Individualized Sequences of

Adaptive Treatment Strategies Getting SMART About Developing Individualized Sequences of

Adaptive Treatment Strategies Getting SMART About Developing Individualized Sequences of Adaptive Health Interventions Association for Behavioral and Cognitive Therapies November 10, 2011 Susan A. Murphy & Daniel Almirall Outline

1.91k views • 164 slides
Disclosures I have nothing to disclose Outline Growing obesity epidemic Not just about

Disclosures I have nothing to disclose Outline Growing obesity epidemic Not just about

5/18/13 Disclosures I have nothing to disclose Outline Growing obesity epidemic Not just about weight loss: treating metabolic disease and reducing mortality. RY gastric bypass, gastric band, sleeve gastrectomy: what is the

310 views • 10 slides
Human Subjects in Research Nicole Farnese-McFarlane Sr. Compliance Coordinator Research Office

Human Subjects in Research Nicole Farnese-McFarlane Sr. Compliance Coordinator Research Office

Human Subjects in Research Nicole Farnese-McFarlane Sr. Compliance Coordinator Research Office nicolefm@udel.edu 302-831-1119 Humans Subjects in Research Regulations What is Research with Human Subjects? Ethical and Regulatory

334 views • 18 slides
Clinics Data Collection: Challenges and opportunities James Sandbach Director of Policy and

Clinics Data Collection: Challenges and opportunities James Sandbach Director of Policy and

Clinics Data Collection: Challenges and opportunities James Sandbach Director of Policy and External Affairs, LawWorks LawWorks Clinics Infoexchange #ClinicsConference #PowerOfProBono To boldy go - a data journey through the clinic network -

739 views • 22 slides
US Sailing Sanctioned Safety at Sea Courses Designed for sailors of all types and levels

US Sailing Sanctioned Safety at Sea Courses Designed for sailors of all types and levels

US Sailing Sanctioned Safety at Sea Courses Designed for sailors of all types and levels cruisers and racers, novices and experts. More than 2,500 sailors attend safety courses around North America every year and many bring their

287 views • 7 slides
Conference Call Brooks Automation Second Quarter FY15 Financial Results April 30, 2015 1 Safe

Conference Call Brooks Automation Second Quarter FY15 Financial Results April 30, 2015 1 Safe

Conference Call Brooks Automation Second Quarter FY15 Financial Results April 30, 2015 1 Safe Harbor Statement Safe Harbor Statement under the U.S. Private Securities Litigation Reform Act of 1995; certain matters in this presentation,

399 views • 17 slides
Good afternoon. Welcome to Clearfields fiscal third quarter 2018 earnings conference call. My

Good afternoon. Welcome to Clearfields fiscal third quarter 2018 earnings conference call. My

Good afternoon. Welcome to Clearfields fiscal third quarter 2018 earnings conference call. My name is Ariel, and I will be your operator this afternoon. Joining us for todays presentation are the Company's President and CEO, Cheri Beranek

596 views • 21 slides

More recommend