general data protec on regula on
play

General Data Protec-on Regula-on Based on the Pinsent Mason Paper - PowerPoint PPT Presentation

Aug 24, 2023 •254 likes •355 views

General Data Protec-on Regula-on Based on the Pinsent Mason Paper New Features of the GDPR Accountability measures: GDPR requires compliance and evidence of compliance: documented policies and procedures, records of consents etc.

  1. General Data Protec-on Regula-on Based on the Pinsent Mason Paper

  2. New Features of the GDPR • Accountability measures: GDPR requires compliance and evidence of compliance: – documented policies and procedures, – records of consents etc. – Registra-on with supervisory authori-es (e.g. ICO) no longer required. • internal record-keeping obliga-ons • supervisory authori-es can demand informa-on, conduct audits, order remedia-on etc. • Territorial scope (Ar-cle 3) – extending to non-EU controllers and processors in some cases. – "one stop shop”: organisa-ons opera-ng in mul-ple EU Member States report to only one main supervisory authority. – Consistency mechanism to promote harmonisa-on across EU Member States and resolve cross-border issues.

  3. New Features of the GDPR • Amended defini-ons (Ar-cle 4), e.g. – expanded defini-ons of "personal data" and "data subject" (catching more types of data and processing opera-ons) – new defini-ons e.g. "pseudonymisa-on" and "profiling”. – Consent will be more difficult to use as a legal basis. • Direct statutory obliga-ons (Ar-cles 28, 30, 44-49, 33(2)) and liability (Ar-cle 82) on processors, and addi-onal requirements regarding the minimum terms that must be included in personal data processing contracts (Ar-cle 28). • Tighter rules on interna-onal transfers, applicable to both controllers and processors.

  4. New Features of the GDPR • Requirement for data protec-on impact assessments before ini-a-ng certain types of processing or other processing opera-ons likely to result in a high risk to individuals: – must consider at least the issues specified by the Regula-on (Ar-cle 35) – consulta-on with the supervisory authority required in some circumstances (Ar-cle 36). • Controllers and processors required to appoint a data protec-on officer in certain circumstances (Ar-cles 37-39). • Mechanisms for the purposes of demonstra-ng compliance with the Regula-on, involving codes of conduct (Ar-cles 40-41) or cer-fica-ons (Ar-cles 42-43) approved under the Regula-on for these purposes.

  5. New Features of the GDPR • Responses to a subject access request will have to be provided within a -ghter -mescale and free of charge (Ar-cle 12). • New data subject rights: – "right to be forgo`en" or right to erasure (Ar-cle 17), – "data portability" (Ar-cle 20). • Security breach no-fica-on: – mandatory "personal data breach" no-fica-ons to the supervisory authority without undue delay (within 72 hours where feasible) (Ar-cle 33) – personal data breach no-fica-ons to the data subject without undue delay where there is a high risk to their privacy (Ar-cle 34).

  6. New Features of the GDPR • The introduc-on of the Board (Sec-on 3 - Ar-cles 68-76) to replace the Ar-cle 29 Working Party, with an enhanced role and powers. • Harsher sanc-ons and a new framework for fines (in two -ers), which will be substan-ally higher than under the DPA(Ar-cle 83). – DPA: the maximum fine is £500,000, – GDPR: two -ers of administra-ve fines levied by supervisory authori-es: • up to 20 million EUR or 4% of total worldwide turnover if higher • up to 10 million EUR or 2% of total worldwide turnover if higher.

  7. DPA Principles in the GDPR DPA (1998) GDPR 1. Personal data shall be processed fairly 1. Personal data must be: and lawfully and, in par-cular, shall a) processed lawfully, fairly and in a not be processed unless: (a) at least transparent manner in rela-on to the data subject ("Lawfullness, fairness and one of the condi-ons in Schedule 2 is transparency"). met, and (b) in the case of sensi-ve b) collected for specified, explicit and personal data, at Least one of the legiBmate purposes and not further condi-ons in Schedule 3 is also met. processed in a manner that is incompa-ble 2. Personal data shall be obtained only with those purposes; further processing for for one or more specified and lawful archiving purposes in the public interest, purposes , and shall not be further scien-fic or historical research purposes or sta-s-cal purposes shall, in accordance processed in any manner incompa-ble with Ar-cle 89(1), not be considered to be with that purpose or those purposes. incompa-ble with the ini-al purposes 3. Personal data shall be adequate, ("purpose limita-on”) relevant and not excessive in rela-on c) adequate, relevant and limited to what is to the purpose or purposes for which necessary in rela-on to the purposes for they are processed. which they are processed ("data minimisa-on").

  8. DPA Principles in the GDPR DPA (1998) GDPR d) accurate and, where necessary, kept up to date ; 4. Personal data shall be every reasonable step must be taken to ensure accurate and, where that personal data that are inaccurate, having regard to the purposes for which they are necessary, kept up to date . processed, are erased or recBfied without delay ("accuracy"). 5. Personal data processed for e) kept in a form which permits iden-fica-on of data subjects for no longer than is necessary for the any purpose or purposes shall purposes for which the personal data are processed; personal data may be stored for longer not be kept for longer than is periods insofar as the personal data will be processed solely for archiving purposes in the necessary for that purpose or public interest, scien-fic or historical research purposes or sta-s-cal purposes in accordance those purposes. with Ar-cle 89(1) subject to implementa-on of the appropriate technical and organisa-onal 6. Personal data shall be measures required by this Regula-on in order to safeguard the rights and freedoms of the data processed in accordance with subject ("storage limita-on"). the rights of data subjects under this Act.

  9. DPA Principles in the GDPR 7. Appropriate technical and f) processed in a manner that ensures appropriate security of the personal organisa-onal measures shall data, including protec-on against betaken against unauthorised or unauthorised or unlawful processing unlawful processing of personal and against accidental loss, data and against accidental loss or destruc-on or dam age, using destruc-on of, or damage to, appropriate technical or personal data. organisaBonal measures ("integrity and confiden-ality"). 8. Personal data shall not be transferred to a country or No equivalent principle , although the area territory outside the European of transferring personal data to a third country or interna-onal organisa-on is Economic Area unless that dealt with at length in the GDPR. country or territory ensures an 2. The controller shall be responsible for adequate LeveE of protec-on for and be able to demonstrate the rights and freedoms of data compliance with paragraph 1 subjects in rela-on to the ("accountabiLity"). processing of personaL data.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief

GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief

GDPR Leyla Hannbeck MRPharmS, MBA, MSc, MA NPA Chief Pharmacist and Director of Pharmacy General Data Protec<on Regula<on (GDPR)

576 views • 36 slides
Will new regula,ons change the rules of adver,sing? GDPR and e-privacy regula,on Will the new

Will new regula,ons change the rules of adver,sing? GDPR and e-privacy regula,on Will the new

Will new regula,ons change the rules of adver,sing? GDPR and e-privacy regula,on Will the new regula,ons be a threat or an opportunity? It is probably depending of which side you represent! It is a complex marketing picture today The value

302 views • 19 slides
Click to add title Speakers: Thomas Roth , Global Data Protec.on Officer, Boehringer Ingelheim

Click to add title Speakers: Thomas Roth , Global Data Protec.on Officer, Boehringer Ingelheim

Data overload? Data protec.on - GDPR and beyond Click to add title Speakers: Thomas Roth , Global Data Protec.on Officer, Boehringer Ingelheim Click to add subtitle Sara Fernndez , Privacy Strategy Director, Liberty Global Eric van Dam ,

128 views • 11 slides
Promo%ng Emo%on Regula%on for Op%mal Pa%ent Well-Being Presented by Le%cia Garcia Tiware M.S.,

Promo%ng Emo%on Regula%on for Op%mal Pa%ent Well-Being Presented by Le%cia Garcia Tiware M.S.,

Promo%ng Emo%on Regula%on for Op%mal Pa%ent Well-Being Presented by Le%cia Garcia Tiware M.S., CYT Barbara Johnson DNP, FNP-C Emo%on Regula%on Image obtained from: hMp://www.ganneM-cdn.com Allosta%c load McEwen B.S. (2000) The Body Under

414 views • 18 slides
Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016

Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016

Spac ace e and Da Data ta Protec tection tion GLI LIS, S, 7 June ne 2016 2016 Introduction Space Policies all around the globe put emphases on space services supporting growth, jobs, innovation and competitiveness. Technology

219 views • 10 slides
FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes,

FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes,

FlowFence: Prac-cal Data Protec-on for Emerging IoT Applica-on Frameworks Earlence Fernandes, Jus/n Paupore, Amir Rahma/, Daniel Simionato, Mauro Con/, Atul Prakash University of Michigan, University of Padova Published at USENIX Security 2016

468 views • 22 slides
Informa(on security suppor(ng data protec(on Rodica.Tirtea@enisa.europa.eu

Informa(on security suppor(ng data protec(on Rodica.Tirtea@enisa.europa.eu

Informa(on security suppor(ng data protec(on Rodica.Tirtea@enisa.europa.eu ABC4trust panel @ TDL, Vienna, 7 th April, 2014 1 European Union Agency for Network and Information Security

339 views • 11 slides
PROTEC TING YOUR DATA FROM CYBER PIRATES Key Steps to Cyber Security ABOUT EXEC UTEC H

PROTEC TING YOUR DATA FROM CYBER PIRATES Key Steps to Cyber Security ABOUT EXEC UTEC H

PROTEC TING YOUR DATA FROM CYBER PIRATES Key Steps to Cyber Security ABOUT EXEC UTEC H IT Services With a Personal Touch 80+ Certified Technicians No Contracts Most Awarded IT Firm in Utah WHAT IS RANSOMWARE? PENETRATION

266 views • 14 slides
The Big Picture KNOW THE DIFFERENCES Cour r t t-Or Order dered ed Protec ective e Men

The Big Picture KNOW THE DIFFERENCES Cour r t t-Or Order dered ed Protec ective e Men

Cour r t t-Or Order dered ed Protec ective e Men ental H Heal ealth Emer er gen ency Custody dy Dete tenti tion on Ser Ser vi vices The Big Picture KNOW THE DIFFERENCES Cour r t t-Or Order dered ed Protec ective

501 views • 35 slides
Distillation of quantum coherence in non-asymptotic settings Bartosz Regula School of

Distillation of quantum coherence in non-asymptotic settings Bartosz Regula School of

Distillation of quantum coherence in non-asymptotic settings Bartosz Regula School of Mathematical Sciences University of Nottingham AQIS, 11 September 2018 B. Regula, K. Fang, X. Wang, G. Adesso, Phys. Rev. Lett. 121, 010401 (2018) K. Fang,

511 views • 25 slides
Regula'ons, training, protocols and other how tos Do

Regula'ons, training, protocols and other how tos Do

Regula'ons, training, protocols and other how tos Do you need to submit a protocol? Vertebrate research Maintaining in the lab Collec'ng

304 views • 7 slides
New Regula*ons? A Perspec*ve from Aus*n, Texas Chuck

New Regula*ons? A Perspec*ve from Aus*n, Texas Chuck

New Regula*ons? A Perspec*ve from Aus*n, Texas Chuck Lesniak City of Aus*n Environmental Officer Aus*n s Pipeline Experience No new transmission

173 views • 6 slides
Module'8:'Evalua-ng'Immune'Correlates'of' Protec-on''

Module'8:'Evalua-ng'Immune'Correlates'of' Protec-on''

Module'8:'Evalua-ng'Immune'Correlates'of' Protec-on'' Instructors:!Peter!Gilbert,!Ivan!Chan,!Paul!T.!Edlefsen,!Ying!Huang ' Talk'6:'Introduc-on'to'Sieve'Analysis'of' ! Pathogen'Sequences' ! !

373 views • 15 slides
Protec'on, iden'ty, and trust Illustrated with Unix setuid

Protec'on, iden'ty, and trust Illustrated with Unix setuid

Protec'on, iden'ty, and trust Illustrated with Unix setuid Jeff Chase Duke University The need for access control Processes run programs on behalf of users. ( subjects )

1.02k views • 70 slides
EP EPA Measur Measures t es to Pr Protec ect t Pollinators from m Pesticides Michael

EP EPA Measur Measures t es to Pr Protec ect t Pollinators from m Pesticides Michael

EP EPA Measur Measures t es to Pr Protec ect t Pollinators from m Pesticides Michael Goodis Director, Registration Division Office of Pesticide Programs AAPCOs 71 st Annual Meeting March 5, 2018 EPAs Final Acute Mitigation Policy

356 views • 12 slides
aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h

Review of Leture 12 Cho osing a regula rizer Regula rization aug ( h ) = E in ( h ) + onstrained unonstrained : heuristi smo oth, simple h N ( h ) E most used: w eight dea y onst. in = ( h )

357 views • 23 slides
Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect

Privacy Policy This privacy policy sets out how the Talking Slides Ltd websites use and protect any information that you provide when you use this website. Talking Slides Ltd is committed to ensuring that your privacy is protected. Should we ask

164 views • 4 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an

The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an

The new data protection regime: The GDPR and the Data Protection Act 2018 Robin Hopkins Robin Hopkins 4 October 2017 GDPR: an introduction The problem: Processing of personal data ramps up with technology 1990s legislation

379 views • 17 slides
How Vembu BDR Suite ensures the data protection for your Modern Data Centers? www.vembu.com

How Vembu BDR Suite ensures the data protection for your Modern Data Centers? www.vembu.com

How Vembu BDR Suite ensures the data protection for your Modern Data Centers? www.vembu.com Vembu Technologies Founded in 2002 Headquartered in Chennai 10+ Years of Experience 100+ Countries 4000+ Partners 60000+ Businesses TRUSTED BY OVER

350 views • 16 slides
The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU

The EU is coming to get you New risks for US businesses targeting Europe and exploding some EU data privacy myths Stephen Groom BAA Chicago 7 November 2014 osborneclarke.com What is this deck about? Exploding four myths around US

321 views • 17 slides
Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott

Protecting patient confidentiality in research: the Scottish landscape Janet Murray Caldicott Guardian ISD Outline National data and SHIP Information governance The Scottish structures Legal NHS Scotland policy

327 views • 17 slides
Introduction to Privacy Technologies Claudia Diaz KU Leuven COSIC Summer School on real-world

Introduction to Privacy Technologies Claudia Diaz KU Leuven COSIC Summer School on real-world

Introduction to Privacy Technologies Claudia Diaz KU Leuven COSIC Summer School on real-world crypto and privacy June 2017 Claudia Diaz (KU Leuven) 1 Overview What is privacy? (non-technical definitions) What are the privacy

794 views • 36 slides
Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar

Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar

Supporting Better Care Fund resubmissions Risk Stratification and information governance Webinar 28 August 2014 CONFIDENTIAL AND PROPRIETARY Overview of webinars Several webinars will be held across 3 topics over the next 3 weeks; Todays

905 views • 43 slides

More recommend