GDPR what is it? A new data protection framework which puts - - PowerPoint PPT Presentation

gdpr what is it
SMART_READER_LITE
LIVE PREVIEW

GDPR what is it? A new data protection framework which puts - - PowerPoint PPT Presentation

Mar 21, 2024 242 likes •544 views

GDPR what is it? A new data protection framework which puts individuals back in control of their personal data ICO 12 steps to GDPR compliance 7. Consent 1. Awareness 2. Document the personal data you hold 8. Children 3. Communicating

slide-1
SLIDE 1

GDPR – what is it?

A new data protection framework which puts individuals back in control

  • f their personal data
slide-2
SLIDE 2
  • 1. Awareness
  • 2. Document the personal data you hold
  • 3. Communicating privacy information
  • 4. Individuals rights
  • 5. Subject access requests
  • 6. Lawful process for processing personal data
  • 7. Consent
  • 8. Children
  • 9. Data breaches
  • 10. Data protection by design and default
  • 11. Data Protection Officer
  • 12. International

Watch the video here… www.moneyinfo.com/Videos/GDPR12Steps

ICO 12 steps to GDPR compliance

slide-3
SLIDE 3

Make sure key people in your organisation are aware that the law is changing. Get a team together involving compliance, HR and key decision makers and look at what needs to be done for May 2018.

Step 1: Awareness

slide-4
SLIDE 4
  • What information do you hold?
  • What is it’s purpose?
  • Where is it stored?
  • Where is it shared?

Step 2: Document the personal data you hold

slide-5
SLIDE 5

Owner Who is responsible for this information asset? Name A way to identify the information asset. Description A description of what the information asset is and what It records. Specifically note if your information asset contains personal or sensitive information. Format e.g. SQL Database, Excel Spreadsheet Purpose Why do you hold this information and what it is used for. Location Where is the information stored? Security How is the information secured? E.g. password protected, encryption etc. Users Who has access to this information asset? Retention Period How long is the data kept for and why? Risks/Impacts What would be the impact of losing the information asset? Consider loss of confidentiality i.e. a data breach, loss of availability and loss of integrity. What would be the cost of replacing the information? External Sharing Is this information shared externally with any third parties? Legal basis What is your basis for processing this information? e.g. consent, legitimate interest

Information Asset Register

slide-6
SLIDE 6

“a concise, transparent, intelligible and easily accessible form, using clear and plain language…”

ARTICLE 12

Step 3: Communicating privacy information

slide-7
SLIDE 7
  • the right to be informed
  • the right of access
  • the right to be forgotten
  • the right to restrict processing
  • the right to data portability
  • the right to object
  • The right not to be subject to

automated decision-making including profiling

Step 4: Individuals’ rights

slide-8
SLIDE 8

“Where possible, the controller should be able to provide remote access to a secure system which would provide the data subject with direct access to his or her personal data.” RECITAL 63

Step 5: Subject access requests

slide-9
SLIDE 9
  • consent
  • necessary for the performance of a contract
  • compliance with a legal obligation
  • to protect the vital interest of a data subject
  • for tasks in the public interest
  • legitimate interests

DETERMINE WHAT IT IS AND DOCUMENT IT

Step 6: Lawful basis for processing personal data

slide-10
SLIDE 10

Step 7: Consent

When capturing consent “…include:

  • the name of your organisation;
  • the name of any third party controllers who will rely on

the consent;

  • why you want the data;
  • what you will do with it; and
  • that individuals can withdraw consent at any time.”

INFORMATION COMMISSIONERS OFFICE

slide-11
SLIDE 11

Gain consent from someone with parental responsibility Apply consent rules when capturing and recording consent

Step 8: Children

slide-12
SLIDE 12
  • lost?
  • destroyed?
  • corrupted?
  • disclosed?

Step 9: Data breaches

slide-13
SLIDE 13

RECOGNISE INVESTIGATE NOTIFY MITIGATE

Step 9: Data breaches

slide-14
SLIDE 14

“In order to be able to demonstrate compliance with this regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default.” RECITAL 78

Step 10: Data Protection by Design and Data Protection Impact Assessments

slide-15
SLIDE 15

“… description of the envisaged processing operations… …assessment of the necessity… … assessment of the risks to the rights and freedoms of subjects… …measures envisaged to address the risks…” ARTICLE 35

Step 10: Data Protection by Design and Data Protection Impact Assessments

slide-16
SLIDE 16

You need to appoint someone in your

  • rganisation, or an external adviser,

who has the knowledge, support and authority to take responsibility for your data protection compliance.

Step 11: Data Protection Officer

slide-17
SLIDE 17

Determine your lead supervisory authority

.

Step 12: International

slide-18
SLIDE 18

The do’s and don’ts for keeping data safe

slide-19
SLIDE 19

Data Access Data Quality Data Privacy by Design Secure communications Subject Access Requests Data Portability

.

How can technology help?

slide-20
SLIDE 20

.

How can technology help?

slide-21
SLIDE 21

.

How can technology help?

slide-22
SLIDE 22

.

How can technology help?

slide-23
SLIDE 23

.

How can technology help?

slide-24
SLIDE 24

.

How can technology help?

slide-25
SLIDE 25

.

How can technology help?

slide-26
SLIDE 26

.

How can technology help?

slide-27
SLIDE 27

.

How can technology help?

slide-28
SLIDE 28

. @moneyinfotech www.moneyinfo.com

How can technology help?