gdpr
play

GDPR General Data Protection Regulation Its application for - PowerPoint PPT Presentation

Feb 13, 2024 •193 likes •549 views

GDPR General Data Protection Regulation Its application for Businesses David Cauchi Head Compliance Regulation (EU) 2016/679 ... on the protection of natural persons with regard to the processing of personal data and on the free movement of

  1. GDPR General Data Protection Regulation Its application for Businesses David Cauchi Head Compliance

  2. Regulation (EU) 2016/679 ... on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, repealing Directive 95/46/EC. www.idpc.org.mt 1

  3. NO REVOLUTION but an EVOLUTION of the existing framework www.idpc.org.mt 2

  4. How does personal data affect you and your business? What is your role? www.idpc.org.mt 3

  5. Data Controller “… a person who alone or jointly with others determines the means and purposes of the processing of personal data” Who is the Data Controller? In the case of Business Organisations normally the Data Controller is the Head of Organisation or Managing Director www.idpc.org.mt 4

  6. Processor “… a person who processes personal data on behalf of a controller ” Who can be a processor? Any person or entity engaged by the data controller to provide a particular service and entrusted with the processing of personal data necessary to render such service. Examples: Provision of IT services, Accountancy. www.idpc.org.mt 5

  7. Technology and global players radically changed the way personal data is processed www.idpc.org.mt 6

  8. Need for change Information is becoming increasingly exposed and vulnerable leading to security breaches, hacking or other unlawful action especially in the globalised online environment. Data protection and privacy challenges are on the increase. Modernising the existing set of data protection rules was part of the EC’s Digital Single Market strategy. More accountability, consistency and harmonisation across the EU. Rebalancing of rights in a digital world. Provide legal certainty for economic operators. www.idpc.org.mt 7

  9. Main principles and elements underpinning the GDPR Accountability Principle Ability to demonstrate compliance. Empowerment to the user User controls through a privacy dashboard. Granular options. Scalable and transparent. Privacy by default settings. www.idpc.org.mt 8

  10. Proximity Principle In cases of cross border breaches, the data subject may complain to the national DPA. One-Stop-Shop Consistency mechanism. Shift from ex-ante to ex-post Generally, no notification to the DPA. www.idpc.org.mt 9

  11. Powers of the Commissioner Investigative powers - access personal data being processed; - obtain information on the processing of personal data and its security; - enter and search any premises with the same powers as are vested in the executive police; Corrective powers - issue warnings and reprimands to the controller and processor; - order rectification or erasure of personal data; - impose temporary or definitive ban on the processing activity; - impose administrative fines [a.83 of the GDPR – effective, proportionate and dissuasive – up to a maximum of 4% of annual turnover or €20 Million]. 10 www.idpc.org.mt

  12. Powers of the Commissioner Authorisation and advisory powers - authorise processing which is subject to a prior checking requirement; - issue opinions and approve draft codes of conduct; - advise the Parliament, Government and the general public on any issue related to the protection of personal data; - accredit certification bodies. Engage in legal proceedings - any person aggrieved by a decision of the Commissioner may appeal to the Data Protection Appeals Tribunal; - recourse to the Court of Appeal shall also lie to a party or to the Commissioner where they feel aggrieved from a decision of the Tribunal; - Commissioner may institute proceedings in a Court of law against any person. www.idpc.org.mt 10

  13. Scope Material Scope: - applies to the processing of personal data. Territorial Scope: - applies to data controllers and data processors with an establishment in the EU; or - having an establishment outside the EU that targets individuals in the EU by offering goods and services. In similar cases, a representative established in an EU MS shall be appointed. www.idpc.org.mt 11

  14. Conditions for consent freely-given, specific, informed and unambiguous indication of the data subject’s wishes given by a statement or by a clear affirmative action Data controller shall be able to demonstrate that the data subject has consented to the processing of data. Consent shall be presented in a manner which is clearly distinguishable from other matters. Use of clear and plain language in the information clauses. Silence, pre-ticked boxes or inactivity should not therefore constitute consent (Recital 32). The right to withdraw consent (easy to withdraw as to give consent). www.idpc.org.mt 12

  15. Conditions for consent Explicit consent is required: - in certain situations of serious data protection risks - where a high level of individual control is deemed appropriate. Explicit consent applies in the following cases: - processing of special categories of data (A.9) - data transfers to third countries in the absence of adequate safeguards (A.49) - automated individual decision making (profiling) (A.22). Shall be obtained in a clearly separate fashion. Ideally, in a written statement to remove doubt and potential lack of evidence. www.idpc.org.mt 13

  16. Other legal criteria Consent is not the only option for processing. Other possible criteria:  Performance of a contract  Legal obligation  Vital interest  Public interest  Legitimate overriding interest Organisations should carefully consider which legal criteria is appropriate for their processing operations. More stringent criteria apply for special categories of data. www.idpc.org.mt 14

  17. Direct Marketing In case of marketing communications sent out by conventional mail / post or made by telephone, the OPT-OUT regime applies. Recital 45 of GDPR recognises that the processing for direct marketing may be regarded as in the legitimate interest. Data subject has the right to object  at any time  free of charge; This right should be explicitly brought to the attention of the individual. www.idpc.org.mt 15

  18. Direct Marketing In cases where the marketing communication is sent out by email, fax or SMS, the OPT-IN regime applies. prior consent in writing Exception (SOFT OPT-IN) Where the contact details are obtained in the context of a sale and provided that they are used by the same company to market s imilar products or services . Opt-out must be offered upon obtaining the information and with each message sent. www.idpc.org.mt 16

  19. Information to data subjects Transparency principle (A. 5(1)(a)) Provided at the time the personal data are collected from the data subject (A.13) Information to include: - purposes of processing - the intention to transfer personal data to a third country - retention period or criteria used to determine that period - the existence of data protection rights - the right to withdraw consent - the right to lodge a complaint with the DPA - the existence of automated decision making. www.idpc.org.mt 17

  20. Information to data subjects Using clear and plain language Easily accessible Use of layered notices to avoid information fatigue: - information is not provided in a single notice - allowing users to navigate through the section they wish to read - first layer should provide a clear overview of the information (information which has the most impact on the data subject ) - clear indication where to find additional information Incorporating in the architecture a privacy dashboard – a single point where to view privacy information and manage preferences. www.idpc.org.mt 18

  21. Retention of records General requirement (A.5(1)(e)) “Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for the personal data are processed” www.idpc.org.mt 19

  22. Right of access Data controller shall provide , within one month , a copy of the personal data undergoing processing together with access to other information: - purpose of processing - categories of personal data concerned - recipients to whom the personal data have been disclosed - where possible, the envisaged retention period - the existence of the rights to rectify, erase or restrict processing - the right to lodge a complaint with the DPA - the existence of automated decision-making, including profiling, and other meaningful information about the logic involved and envisaged consequences. www.idpc.org.mt 20

  23. Right to data portability The right to receive personal data which the data subject has provided to the controller: - in a structured, commonly used and machine-readable format . Applies where processing is based on consent or a contract and by automated means. Transmitted to the data subject or directly to another data controller without hindrance from the original controller and where technically feasible. Underlying scope is to allow individuals in quickly changing from one service provider to another, without unnecessary obstacles due to their data. www.idpc.org.mt 21

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
M AINFREIGHT L IMITED S CRIPTED ADDRESS AND P RESENTATION 25 th Annual Meeting of Shareholders 4.00

M AINFREIGHT L IMITED S CRIPTED ADDRESS AND P RESENTATION 25 th Annual Meeting of Shareholders 4.00

M A I N F R E I G H T L I M I T E D Mainfreight Lane | off Saleyards Road | Otahuhu 1062 | New Zealand Tel +64 9 259 5500 | Fax +64 9 270 7400 PO Box 14-038 | Panmure | Auckland 1741 | New Zealand M AINFREIGHT L IMITED S CRIPTED ADDRESS AND P

484 views • 4 slides
Post-18 Options Evening Mrs K Galvin Dr J Welch Welcome Purpose of evening Outline of

Post-18 Options Evening Mrs K Galvin Dr J Welch Welcome Purpose of evening Outline of

Post-18 Options Evening Mrs K Galvin Dr J Welch Welcome Purpose of evening Outline of evening We are currently preparing students for jobs that dont yet exist . . . using technologies that havent been invented . . . in order

583 views • 42 slides
2015/16 Annual General Meeting Welcome Dr Hari Pathmanathan tweet #ENHCCGAGM follow us

2015/16 Annual General Meeting Welcome Dr Hari Pathmanathan tweet #ENHCCGAGM follow us

2015/16 Annual General Meeting Welcome Dr Hari Pathmanathan tweet #ENHCCGAGM follow us @enhertsccg Financially Healthy? 2015/16 Finance Report Alan Pond Chief Finance Officer Statutory financial duties To keep spending within

939 views • 58 slides
One Public Sector Estate The Hampshire Experience Patrick Blogg Colin Jackson Hampshire County

One Public Sector Estate The Hampshire Experience Patrick Blogg Colin Jackson Hampshire County

One Public Sector Estate The Hampshire Experience Patrick Blogg Colin Jackson Hampshire County Council 19 April 2012 Hampshire East Sussex 1450 sq miles 660 sq miles 1,700,000 520,000 4.6 people / ha 3.0 people / ha

714 views • 27 slides
A Police Perspective Inspector Lucy King Norfolk Constabulary The Challenges 15% of calls

A Police Perspective Inspector Lucy King Norfolk Constabulary The Challenges 15% of calls

Mental Health Crisis A Police Perspective Inspector Lucy King Norfolk Constabulary The Challenges 15% of calls received by our Control Room are related in some way to mental health. Timely support/advice is often not available in crisis

462 views • 5 slides
Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me

Ke e p Safe is a c ommunity safe ty sc he me for pe ople with le ar ning disabilitie s E me r ge nc y Ke e p Safe is for he lp and suppor t whe n out and about. T o make a phone c all in c ase of e me r ge nc y to the polic e ,

201 views • 18 slides
BRITISH TRANSPORT POLICE SUMMARY EFFICIENCY PLAN DELIVERING EFFICIENCIES WHILST MAINTAINING

BRITISH TRANSPORT POLICE SUMMARY EFFICIENCY PLAN DELIVERING EFFICIENCIES WHILST MAINTAINING

BRITISH TRANSPORT POLICE SUMMARY EFFICIENCY PLAN DELIVERING EFFICIENCIES WHILST MAINTAINING CAPABILITY 1 Delivering Against the Challenge DfT Efficiency Target 8% = 16m in Year 4 (2020/21) Known 2017 Budgetary Pressures = 19.8m

216 views • 10 slides
20/00462/AVC HAMPSHIRE CONSTABULARY HQ, ROMSEY ROAD, WINCHESTER. LAYOUT OF PROPOSED SIGNAGE

20/00462/AVC HAMPSHIRE CONSTABULARY HQ, ROMSEY ROAD, WINCHESTER. LAYOUT OF PROPOSED SIGNAGE

20/00462/AVC HAMPSHIRE CONSTABULARY HQ, ROMSEY ROAD, WINCHESTER. LAYOUT OF PROPOSED SIGNAGE SIGNAGE DESIGNS. Parking Totem. Totem. Flag. ROMSEY ROAD HOARDINGS. LIVING WALL SIGN. SIGNAGE TYPES AND LOCATIONS.

76 views • 6 slides

More recommend