gdpr
play

GDPR Lawful basis Data Protection Practitioners #DPPC2018 Conference - PowerPoint PPT Presentation

Sep 11, 2022 •292 likes •632 views

GDPR Lawful basis Data Protection Practitioners #DPPC2018 Conference 2018 Whats new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs Whats new? Mirrors the Requirement to Changes

  1. GDPR Lawful basis Data Protection Practitioners’ #DPPC2018 Conference 2018

  2. What’s new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs

  3. What’s new? Mirrors the Requirement to Changes for requirement to be transparent public satisfy a and to authorities ‘condition for document processing’

  4. What’s new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs

  5. The first principle requires personal data to be processed lawfully, fairly and in a transparent manner You need a lawful basis under Article 6 for processing to be lawful You must be able to demonstrate that a lawful basis applies to comply with the accountability principle in Article 5(2)

  6. Articles 13 and 14 require you to include your lawful basis within the privacy information you give to individuals You should include this information in your privacy notice The lawful basis for your processing can affect which rights are available to individuals

  7. What’s new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs

  8. What lawful bases are available? Legal Consent Contract obligation

  9. What lawful bases are available? Vital Public Legitimate interests task interests

  10. Please see the separate consent Consent slideshow for more • Offers individuals real choice and control • Requires a positive opt in • Is specific and granular • Is clear, concise and kept separate from other terms and conditions • Is easy to withdraw

  11. Contract You can rely on this basis if you need to process someone's personal data: To fulfil a contractual • obligation to them; or • • Because they have asked you to do something prior to entering into a contract. The processing must be necessary – it must be a reasonable and proportionate way of achieving your purpose.

  12. Contract Take care if the contract is with a child under the age of 18 – you may need to check their capacity The right to object will not apply when using contract as a lawful basis (unless objecting to marketing). Individuals will have the right to data portability Remember to document your lawful basis and include it in your privacy notice

  13. Legal obligation You can rely on this basis if you are required to process personal data to comply with a common law or statutory obligation Includes regulatory requirements where there is a statutory regulatory regime and regulated organisations are required to comply You must be able to identify the obligation in statute or an appropriate source of guidance

  14. Legal obligation The processing must be necessary – it must be a reasonable and proportionate way of achieving your purpose When using legal obligation as your lawful basis, the individual has no right to erasure, data portability or to object Remember to document your lawful basis and include it in your privacy notice

  15. Vital interests You can rely on vital interests if you need to process the personal data to protect someone’s life The processing must be necessary – it must be a reasonable and proportionate way of achieving your purpose Less likely to be appropriate for non-emergency medical care or for large scale processing, unless on humanitarian grounds

  16. Vital interests Less likely to be appropriate to process one person's data for the vital interests of another person Vital interests is most likely to be relevant in the context of health data – if so you also need to identify a condition for processing special category data

  17. Public task You can rely on public task if you process personal data: • In the exercise of official authority; or • To perform a specific task in the public interest that is set out in law You do not need a specific statutory power to process personal data, but your underlying task, function or power must have a clear basis in law You do not need to be a public authority.

  18. Public task The processing must be necessary – it must be a reasonable and proportionate way of achieving your purpose The Data Protection Bill says the following will be covered: • administration of justice parliamentary functions • • statutory functions • governmental functions (but this isn’t exhaustive) You must be able to identify the obligation in statute or an appropriate guidance source.

  19. Public task You should also ensure that you can demonstrate there is no other reasonable and less intrusive means to achieve your purpose The right to data portability does not apply, however the right to object will If you later process the data for archiving, scientific research or statistical purposes, a separate lawful basis is not needed

  20. Legitimate interests Likely to be most appropriate where you use data in ways people would reasonably expect, with minimal privacy impact, or where there is compelling justification. Public authorities can only use where the processing is not to perform their tasks as a public authority See our separate legitimate interests slideshow for more

  21. What’s new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs

  22. No basis is better, safer or more important than the others 22

  23. You should consider a number of factors when deciding your lawful basis, including: • What is your purpose? Can you reasonably • achieve it a different way? Do you have a • choice over whether you process the data? • Are you a public authority?

  24. What’s new? Why is a lawful basis important? What bases are available? Which basis is most appropriate? FAQs

  25. FAQs When should Before starting to we decide on process the data. our lawful It is important to get it basis? right first time as it is difficult to swap later. You need to be clear and transparent from the start.

  26. FAQs What happens You may not need to if we have a change your basis. new purpose? You should assess if the new purpose is compatible with the old. If not, you need to identify a new basis.

  27. FAQs How should we You need to keep a document our record of the lawful basis lawful basis? for each processing activity be able to demonstrate why you believe it applies. There is no standard form, provided you have included sufficient detail.

  28. FAQs What do we You need to include need to tell information about your people? purposes for processing and your lawful basis in your privacy notice. This applies whether you obtain the data directly from the individual or a another source.

  29. FAQs What about You need both a lawful special category basis for processing data? and a special category condition for processing. You should document both.

  30. FAQs What about You need both a lawful criminal basis for processing offence data? and a separate condition for processing this data. You should document both.

  31. More information is available… Pick up a Check out our Visit our website leaflet from lawful basis www.ico.org.uk the hub tool

  32. This slideshow will restart shortly Subscribe to our e-newsletter at www.ico.org.uk or find us on… @iconews Data Protection Practitioners’ #DPPC2018 Conference 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
20 2019 9 Year End r End P Processing and nd Intr Introduction t to o 2020 2020 Form orm

20 2019 9 Year End r End P Processing and nd Intr Introduction t to o 2020 2020 Form orm

Office of Operations, DTA Tax Administration PUG Training Presentation October 3, 2019 20 2019 9 Year End r End P Processing and nd Intr Introduction t to o 2020 2020 Form orm W W-4 Diane Moore Tax Administration 1 STATE OF NEW

555 views • 29 slides
CRCP Electronic Payment High Level Overview Effective April 1, 2019 Presentation Topics

CRCP Electronic Payment High Level Overview Effective April 1, 2019 Presentation Topics

CRCP Electronic Payment High Level Overview Effective April 1, 2019 Presentation Topics Background Information How to submit electronic payments on the CRCP Types of payments accepted How to view your Electronic Payment History on

355 views • 33 slides
P RINCIPAL C OMPONENT A NALYSIS (PCA) Singular Value Decomposition (SVD) is a method to Y

P RINCIPAL C OMPONENT A NALYSIS (PCA) Singular Value Decomposition (SVD) is a method to Y

M ODEL I DENTIFICATION BY G RADIENT M ETHODS Dr. Julien Billeter Laboratoire d'Automatique Ecole Polytechnique Fdrale de Lausanne (EPFL) MLS-S03 | 2013-2014 M ODEL I DENTIFICATION BY G RADIENT METHODS D YNAMIC M ODELS Conservation

356 views • 25 slides
Rating Soccer Defenders Jason van der Merwe Bridge Eimon Jack Craddock Motivation Methodology

Rating Soccer Defenders Jason van der Merwe Bridge Eimon Jack Craddock Motivation Methodology

Rating Soccer Defenders Jason van der Merwe Bridge Eimon Jack Craddock Motivation Methodology Results Motivation Methodology Results Motivation Methodology Results Player salary vs. FIFA rating vs. goals conceded Linear regression

703 views • 25 slides
HR: Summer 2020 Academic Personnel Processing Workshop Sponsored by The Tseng College Presented

HR: Summer 2020 Academic Personnel Processing Workshop Sponsored by The Tseng College Presented

HR: Summer 2020 Academic Personnel Processing Workshop Sponsored by The Tseng College Presented by: The Office of Human Resources & The Office of Faculty Affairs Tuesday, May 5, 2020 10:00 a.m. 12:00 p.m. Via Zoom Toda days T

743 views • 30 slides
Financial Aid 101 Presented by: Katie Sprunger Edgewood College Financing A College Education

Financial Aid 101 Presented by: Katie Sprunger Edgewood College Financing A College Education

Financial Aid 101 Presented by: Katie Sprunger Edgewood College Financing A College Education A successful experience requires a collaborative effort by: S tudent Parent Institution Government What is an EFC? Federal

692 views • 42 slides
I CH Q3 D elem ental im purities & I CH M7 m utagenic im purities recent considerations EMA

I CH Q3 D elem ental im purities & I CH M7 m utagenic im purities recent considerations EMA

I CH Q3 D elem ental im purities & I CH M7 m utagenic im purities recent considerations EMA SME workshop: Focus on quality for medicines containing chemical substances London 4 April, 2014 Presented by: Diana van Riet-Nales Senior

468 views • 23 slides
February 1, 2007 MITSUI CHEMICALS, INC. February 1, 2007 MITSUI CHEMICALS, INC.

February 1, 2007 MITSUI CHEMICALS, INC. February 1, 2007 MITSUI CHEMICALS, INC.

February 1, 2007 MITSUI CHEMICALS, INC. February 1, 2007 MITSUI CHEMICALS, INC. Functional Polymeric Materials Group - - Specialty Resins Div. Specialty Resins Div. Functional Polymeric Materials Group Contents Contents

593 views • 33 slides

More recommend