gdpr
play

GDPR Legitimate interests Data Protection Practitioners #DPPC2018 - PowerPoint PPT Presentation

Aug 25, 2022 •285 likes •818 views

GDPR Legitimate interests Data Protection Practitioners #DPPC2018 Conference 2018 Whats new? What is the legitimate interests basis? When can we rely on legitimate interests? How do we apply legitimate interests? The key there are

  1. GDPR Legitimate interests Data Protection Practitioners’ #DPPC2018 Conference 2018

  2. What’s new? What is the legitimate interests basis? When can we rely on legitimate interests? How do we apply legitimate interests?

  3. The key …there are some elements of changes to the legitimate detail interests are the same, but...

  4. Legitimate interests are no You can now longer limited to consider the interests your own of any third party, interests or including the wider those of third benefits to society parties to whom you disclose data

  5. Legitimate For example an interests is not individual’s rights just a pure may override harm-based legitimate interests if they don’t assessment reasonably expect the processing

  6. You have new You need to: accountability • Document your and assessment of how transparency legitimate interests requirements applies • Tell individuals what your legitimate interests are

  7. The GDPR also specifically highlights children’s data as needing special consideration

  8. What’s new? What is the legitimate interests basis? When can we rely on legitimate interests? How do we apply legitimate interests?

  9. Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child. Article 6(1)(f) Legitimate interests

  10. The legitimate interests provision can be broken down into a three-part test

  11. What is the three-part test? 3 2 1 Balancing test Necessity test Purpose test Do the individual’s Is the processing Are you pursuing interests override necessary for that a legitimate the legitimate purpose? interest? interest?

  12. What counts as a legitimate interest?

  13. The ‘legitimate interest’ could be for example: • your own interests; • the interests of a third party; • commercial interests; or • wider societal interests.

  14. The term ‘legitimate interest’ is broad. The interests could be compelling or in some cases could be more trivial. However you or a third party must have some clear or specific benefit or outcome in mind.

  15. GDPR mentions use of client or employee data, marketing, fraud prevention, intra group transfers, IT security and disclosing information about possible criminal acts or security threats as potential legitimate interests but this is not an exhaustive list

  16. When is processing necessary?

  17. Necessary means the processing must be a targeted and proportionate way of achieving your purpose

  18. If there is another reasonable and less intrusive way to achieve the same result you can’t rely on legitimate interests

  19. What is the balancing test?

  20. The balancing test is where you balance your interests against the interests, rights and freedoms of the individual

  21. The interests, rights and freedoms of individuals could cover any type of impact including physical or financial harm, or any social or economic disadvantage

  22. What’s new? What is the legitimate interests basis? When can we rely on legitimate interests? How do we apply legitimate interests?

  23. When might legitimate interests be appropriate?

  24. It might be appropriate when: The processing is not required by law but is of a clear benefit to you or others; There’s a limited privacy impact on the individual; The individual should reasonably expect you to use their data in that way; or You can’t or don’t want to give the individual full upfront control or bother them with disruptive requests.

  25. Can public authorities use legitimate interests? Yes, in some But not if the instances processing is to they can perform their tasks as a public authority

  26. Can legitimate interests be used to process children’s data? Yes, the GDPR But you have a doesn’t prevent responsibility to protect you relying on them from risks and legitimate consequences that they interests to may not fully process children’s understand or envisage, data and adequately protect their interests

  27. Can we use legitimate interests for direct marketing? Yes, in some But you will need cases to apply the three- part test and ensure that you comply with other marketing laws

  28. When might legitimate interests be inappropriate?

  29. For example you should avoid legitimate interests if: You are a public authority and the processing is to perform your tasks as a public authority; Your processing does not comply with broader legal, ethical or industry standards; You don’t want to take full responsibility for protecting the interests of the individual or would prefer to put the onus on them; or You’re not confident of the outcome of the balancing test.

  30. What’s new? What is the legitimate interests basis? When can we rely on legitimate interests? How do we apply legitimate interests?

  31. Legitimate interests assessment (LIA)

  32. What is an LIA? This is where We call it a ‘legitimate you assess each interests assessment’ part of the or LIA for short three-part test An LIA is a light-touch and record the risk assessment based outcome on the specific context and circumstances

  33. Do we need to record our LIA? Yes, you need to There’s no specific record your LIA requirement to do and the this but you are outcome likely to need an audit trail of your decisions and justifications

  34. How do we do the purpose test

  35. Ask yourself: Why do you want to process the data? What benefit do you expect to get from the processing? Who else benefits from the processing (third parties/the public)? How important are those benefits? What would the impact be if you couldn’t go ahead?

  36. What is the intended outcome for individuals? Are you complying with other relevant laws and industry guidelines/codes? Are there any ethical issues with the processing? Are you processing for fraud prevention, IT security or any of the purposes highlighted by the GPDR?

  37. How do we do the necessity test

  38. Ask yourself: Will the processing actually help you achieve your purpose? Is the processing proportionate to that purpose? Can you achieve your purpose without processing the data, or processing less data? Can you achieve your purpose by processing the data in another more obvious or less intrusive way?

  39. How do we do the balancing test

  40. As a minimum consider: The nature of the personal data you want to process; The reasonable expectations of the individual; and The likely impact of the processing on the individual and whether any safeguards can be put in place to mitigate negative impacts.

  41. Nature of the personal data You need to For example is it: think about the sensitivity of • special category data? • criminal offence data? the personal • c hildren’s data? data • data about personal or professional life?

  42. Nature of the data The more sensitive or ‘private’ the data the more likely the processing will be considered intrusive or create significant risks to the individual’s rights and freedoms

  43. Reasonable expectations You need to think For example : what people what is the nature of • would reasonably your relationship with expect you to do them? with their data in • did the data come the particular directly from them? circumstances is your intended • purpose widely understood?

  44. Reasonable expectations This is an objective test – you don’t have to show that every individual expects you to use their data in this way. Instead you have to show that a reasonable person would expect it.

  45. Impact and safeguards You need to For example could the consider the processing lead to: potential impact on individuals • difficulty in and any damage exercising rights? the processing • physical harm? might cause • financial loss or them identify fraud?

  46. Impact and safeguards If you identify potential for high risk you need a much more compelling legitimate interest to satisfy the balancing test. You also may need to conduct a DPIA.

  47. Impact and safeguards You may want to Appropriate consider if there safeguards can change are any the balance and mean safeguards you that the individual’s can build in to interests no longer reduce or override yours, but this mitigate the risk will not always be possible

  48. Deciding the outcome of an LIA

  49. You need to You should be as weigh up all the objective as possible factors that you when deciding identified during whether you think your LIA for and your interests take against the priority over any risk processing to individuals

  50. Sometimes the Sometimes it may be outcome will harder to decide very obviously weigh in one If you’re not sure it direction might be safer to see if another basis applies

  51. More information is available… Visit our Pick up a Check out our website leaflet from lawful basis www.ico.org.uk the hub tool

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
A Scalable Server for 3D Metaverses Ewen Cheslack-Postava, Tahir Azim, Behram F.T. Mistree,

A Scalable Server for 3D Metaverses Ewen Cheslack-Postava, Tahir Azim, Behram F.T. Mistree,

A Scalable Server for 3D Metaverses Ewen Cheslack-Postava, Tahir Azim, Behram F.T. Mistree, Daniel Reiter Horn, Je ff Terrace, Philip Levis, and Michael J. Freedman sirikata.com Metaverses 2 Metaverses 3 Metaverses 3 Metaverses 3

846 views • 65 slides
Are p and q connected? Network connectivity Yes, they are connected! Network connectivity

Are p and q connected? Network connectivity Yes, they are connected! Network connectivity

Are p and q connected? Network connectivity Yes, they are connected! Network connectivity Problem: Given a set of nodes N and a set of links between pairs of nodes L. Find connectivity for node p and node q.(p N,q N) Real World

903 views • 57 slides
INTEGRATION VALERIY KOSYKH, EVGENII VIAZILOV, ALEXANDER STERIN, OLGA BULYGINA RIHMI-WDC, OBNINSK

INTEGRATION VALERIY KOSYKH, EVGENII VIAZILOV, ALEXANDER STERIN, OLGA BULYGINA RIHMI-WDC, OBNINSK

WDCS IN OBNINSK, RUSSIA: ON A WAY TO WDS RESOURCE INTEGRATION VALERIY KOSYKH, EVGENII VIAZILOV, ALEXANDER STERIN, OLGA BULYGINA RIHMI-WDC, OBNINSK RUSSIA ABOUT WDCS OBNINSK: SOME HISTORY IGY 1957: HISTORICALLY, THE SET OF WDCS IN THE FUSSR

339 views • 18 slides
Alpha Presentation Using Sensors to Study Human Behavior The Capstone Experience Team Michigan

Alpha Presentation Using Sensors to Study Human Behavior The Capstone Experience Team Michigan

Alpha Presentation Using Sensors to Study Human Behavior The Capstone Experience Team Michigan State University CSE Rainier Devolder Merryn Marderosian Ben Seeger Lianghao Shu Taylor Whitacre Department of Computer Science and Engineering

1.07k views • 9 slides
Proposed EU General Data Protection Regulation Robert L. Rothman June 5, 2014 6/5/2014 1

Proposed EU General Data Protection Regulation Robert L. Rothman June 5, 2014 6/5/2014 1

Proposed EU General Data Protection Regulation Robert L. Rothman June 5, 2014 6/5/2014 1 Purpose At last Privacy Committee Meeting there was a request to review the proposed EU General Data Protection Regulation and the associated

739 views • 34 slides
Adding CSPm Functions and Data Types to CSP++ Daniel GARNER, Markus ROGGENBACH, Bill GARDNER

Adding CSPm Functions and Data Types to CSP++ Daniel GARNER, Markus ROGGENBACH, Bill GARDNER

Adding CSPm Functions and Data Types to CSP++ Daniel GARNER, Markus ROGGENBACH, Bill GARDNER DITTO% CPA 2015 2 Motivation: Fault-tolerant computer of the ISS 1. Protocol verified by Lamport (1980ties) 2. Implementation in Occam (1990ties)

512 views • 22 slides
Delayed Evaluation and Runtime Code Generation as a means to Producing High Performance Numerical

Delayed Evaluation and Runtime Code Generation as a means to Producing High Performance Numerical

Delayed Evaluation and Runtime Code Generation as a means to Producing High Performance Numerical Software Francis Russell October 3, 2006 Francis Russell Delayed Evaluation and Runtime Code Generation as a means to About the Investigation

596 views • 43 slides
VideoForest: Interactive Visual Summarization of Video Streams Based on Danmu Data Zhida Sun ,

VideoForest: Interactive Visual Summarization of Video Streams Based on Danmu Data Zhida Sun ,

VideoForest: Interactive Visual Summarization of Video Streams Based on Danmu Data Zhida Sun , Mingfei Sun , Nan Cao , Xiaojuan Ma Department of Computer Science and Engineering, Hong Kong University of Science and Technology

529 views • 28 slides

More recommend