general data protection
play

General Data Protection Regulation FSSU Workshops June 2018 - PowerPoint PPT Presentation

Dec 17, 2023 •234 likes •691 views

General Data Protection Regulation FSSU Workshops June 2018 Presented by Bernadette Kinsella Assistant General Secretary JMB Bernadette Kinsella, JMB, FSSU Workshops 2018 New Resource! www.gdpr4schools.ie The GDPR emphasises

  1. General Data Protection Regulation FSSU Workshops June 2018 Presented by Bernadette Kinsella Assistant General Secretary JMB Bernadette Kinsella, JMB, FSSU Workshops 2018

  2. New Resource! www.gdpr4schools.ie

  3. ▪ The GDPR emphasises transparency, security and accountability by data controllers and processors, while at the same Transparency, time standardising and security and strengthening the right of European accountability citizens to data privacy. Bernadette Kinsella, JMB, FSSU Workshops 2018

  4. ▪ lawfulness, fairness and transparency ▪ specified, explicit and legitimate purpose ▪ adequate, relevant, and limited to the minimum necessary ▪ accurate and kept up to date GDPR Principles ▪ data minimisation relating to ▪ appropriate security of the personal data personal data ▪ processed under the responsibility and liability of the controller, who shall ensure and demonstrate for processing each processing operation the compliance with the provisions of the GDPR Regulation. ▪ Article 5 GDPR Bernadette Kinsella, JMB, FSSU Workshops 2018

  5. • Schools are required to explicitly inform data subjects what lawful basis is being relied upon for each data processing operation as part of the transparency requirements. Understanding the lawful basis ▪ The data controller must inform the data subject of “the purposes of the for processing processing for which the personal data are intended as well as the legal basis for the processing”. ▪ Article 6 Bernadette Kinsella, JMB, FSSU Workshops 2018

  6. ▪ For example, where the School is subject to a legal obligation to process certain educational data relating to students pursuant to the Education Act 1998, that legal obligation will constitute the lawful basis for that processing. Article 6(1)(c): the processing is necessary for compliance with a ▪ By way of further example, the obligation to legal obligation inform the Education Welfare Officer (TUSLA) when a student has been absent for 20 school days or more; this is a legal obligation under section 21(4)(b) Education (Welfare) Act 2000. Bernadette Kinsella, JMB, FSSU Workshops 2018

  7. ▪ A school asks parents whether they give consent to their child’s photograph being taken at the school sports day and put up on the school website. Article 6(1)(a): the data ▪ Parents are informed that giving subject has given consent is truly optional, and they do consent to the not have to give consent if they do not processing wish to do so, and if the parent declines to give consent their child can still fully participate in every event at sports day. Bernadette Kinsella, JMB, FSSU Workshops 2018

  8. ▪ ‘personal data’ means any information relating to an identified What is or identifiable natural person (‘data personal data? subject’); ▪ Article 4 (1) Bernadette Kinsella, JMB, FSSU Workshops 2018

  9. ▪ ‘ controller’ determines the purposes and means of the processing of personal data; Who is the ▪ Board of Management deemed data Data Controller? controller ▪ Article 4 (7) Bernadette Kinsella, JMB, FSSU Workshops 2018

  10. ▪ ‘processing’ means any operation or set of operations which is performed on personal data or on sets of personal data ▪ Everyday tasks ▪ Collecting ▪ Recording What is data ▪ Filing processing? ▪ Storage ▪ Disclosure ▪ Retention ▪ Destruction ▪ Article 4 (2) Bernadette Kinsella, JMB, FSSU Workshops 2018

  11. ▪ ‘processor’ means a natural or legal person, public authority, agency or other body which processes personal data on behalf of the Data Processor controller ▪ Article 4 (8) Bernadette Kinsella, JMB, FSSU Workshops 2018

  12. ▪ ‘ third party’ means a natural or legal person under the direct authority of the controller or processor, are authorised to Third Party process personal data. ▪ Article 4 (10) ▪ Article 28 ▪ Article 32 Bernadette Kinsella, JMB, FSSU Workshops 2018

  13. ▪ Each controller shall maintain a record of processing activities Records of Data under its responsibility. Processing Activities ▪ Article 30 (1) Bernadette Kinsella, JMB, FSSU Workshops 2018

  14. ▪ Where personal data relating to a data subject are collected from the data subject, the controller shall, at the time when personal data are obtained, provide the data subject Information to be provided to the with specific information. Data Subject ▪ This information is contained in a Privacy Notice. ▪ Article 13 Bernadette Kinsella, JMB, FSSU Workshops 2018

  15. ▪ Whether the data will be transferred ▪ When first collecting personal data, the school must outside of the EU provide the following information to individuals: ▪ Legal basis for the processing of the data ▪ The name of the data controller ▪ Right to access, rectification and erasure ▪ Contact details ▪ Retention period ▪ Reasons for collecting the data ▪ Right to lodge a complaint ▪ Uses to which the data will be put ▪ Right to know further processing of data other than that for which it was collected. ▪ Contractual or statutory requirement ▪ Information must be set out in clear, concise ▪ If processing is based on consent, the right to and in an easily accessible manner withdraw consent ▪ Article 13 GDPR ▪ To whom the data will be disclosed Bernadette Kinsella, JMB, FSSU Workshops 2018

  16. ▪ Data controllers must be clear about the length of time for which personal data will be kept and the reasons why the information is being retained. ▪ In determining appropriate retention periods, regard must be had for any statutory obligations imposed on a data controller. Retention ▪ If the purpose for which the information was obtained has ceased and the personal information is no longer required, the data must be deleted or disposed of in a secure manner. ▪ Processing for archiving purposes – Article 89 – is subject to appropriate safeguards. Bernadette Kinsella, JMB, FSSU Workshops 2018

  17. ▪ Right to complain to supervisory authority. ▪ Right of access. ▪ Right to rectification. Data Subjects ▪ Right to be forgotten. Rights ▪ Right to restrict processing. ▪ Right to data portability. ▪ Right to object and automated decision making/profiling. ▪ Articles 12-23 Bernadette Kinsella, JMB, FSSU Workshops 2018

  18. Subject Access Request (SAR) Bernadette Kinsella, JMB, FSSU Workshops 2018

  19. ▪ Right of rectification: ▪ “Something is wrong. I want that tweaked.” Significantly greater rights of ▪ Right of erasure: access ▪ “I want that removed.” Bernadette Kinsella, JMB, FSSU Workshops 2018

  20. ▪ Email request ▪ Written letter seeking ‘all my stuff’ What does a ▪ Arrive up to the school asking for their SAR look like? data ▪ Who is responsible for dealing with SARs? Bernadette Kinsella, JMB, FSSU Workshops 2018

  21. What to do? Bernadette Kinsella, JMB, FSSU Workshops 2018

  22. ▪ Calendar month ▪ Protocol for responding ▪ Data mapping/data audit trail Responding to a ▪ Redaction Subject Access Request ▪ Complex and time consuming ▪ Sanctions and fines Bernadette Kinsella, JMB, FSSU Workshops 2018

  23. Data Breach Bernadette Kinsella, JMB, FSSU Workshops 2018

  24. ▪ Processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against Integrity and accidental loss, destruction or damage, Confidentiality using appropriate technical or organisational measures (‘integrity and confidentiality’). ▪ Article 5(1)f) Bernadette Kinsella, JMB, FSSU Workshops 2018

  25. ▪ Recommend a simulation exercise ▪ In real time assess how you are going to respond ▪ Can happen at any time on any day in the Incident breach year management ▪ Remember, the clock starts ticking from the time of the breach ▪ Data vulnerability v data breach? Bernadette Kinsella, JMB, FSSU Workshops 2018

  26. ▪ Type of Breach ▪ How serious? ▪ Risk to affected individuals? Data Breach ▪ Data Breach Notification Form Notification ▪ https://www.dataprotection.ie/documents/gdpr_forms/ National_Breach_Notification_Form.pdf Bernadette Kinsella, JMB, FSSU Workshops 2018

  27. Cyber attack Bernadette Kinsella, JMB, FSSU Workshops 2018

  28. DO ▪ Update your software regularly ▪ Use anti-virus software ▪ Browse and download software only from trusted websites ▪ Regularly back up the data stored on your computer ▪ Report it! Plan for when not ▪ Consult your anti-virus provider on how to unlock and remove the if! infection from the device DON’T ▪ Click on attachments, banners and links without knowing their true origin ▪ Install mobile apps from unknown providers/sources. ▪ Take anything for granted. ▪ Install or run non-trusted or unknown software. ▪ Do not pay out any money Bernadette Kinsella, JMB, FSSU Workshops 2018

  29. Awareness Bernadette Kinsella, JMB, FSSU Workshops 2018

  30. ▪ What kind of data do I process? ▪ What kind of data is on the files? ▪ Where is it stored? Log your data ▪ What type of software system is it on ? activities ▪ Who has access to it? ▪ What levels of security are in place? ▪ How long do I keep it for? Bernadette Kinsella, JMB, FSSU Workshops 2018

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining

Data Protection Reform preparing for the General Data Protection Regulation By Philip Brining Data Protection People 18 th April 2016 Agenda Introduction Current Rules (DPA 98 & PECR) Overview of GDPR Business-wide impact Practical

479 views • 28 slides
The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data

The Data Protection Landscape Before and aft fter GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection) and 2002/58/EC

440 views • 19 slides
Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11

Introduction to Data Protection and the General Data Protection Regulation Address: Contact: 11 Staple Inn Tel: +44 (0)20 7209 2000 London Fax: +44 (0)20 7209 2001 WC1V 7QH DX 0001 London Chancery Lane Myth Busting GDPR doesnt apply to

657 views • 8 slides
5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION

5 THINGS HR MUST DO IN THE ROLE OF THE DATA PROTECTION OFFICER GILLIAN ACHESON DATA PROTECTION DEIRDRE ALLISON RECORDS MANAGEMENT YEARN2LEARN TRAINING GENERAL DATA PROTECTION REGULATION What is it? GDPR represents the most significant

172 views • 14 slides
GENERAL DATA PROTECTION REGULATIONS HOW DO WE DO THIS IN PRACTICE? WHAT TO DO WHAT TO

GENERAL DATA PROTECTION REGULATIONS HOW DO WE DO THIS IN PRACTICE? WHAT TO DO WHAT TO

GENERAL DATA PROTECTION REGULATIONS HOW DO WE DO THIS IN PRACTICE? WHAT TO DO WHAT TO AVOID FOCUS POINTS TIPS AND TRICKS GDPR IMPLICATIONS P rotect G ather & data categorise For as long as you are All existing allowed to

458 views • 10 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data

Data Protection Act 1998/General Data Protection Regulation 2016 Freedom of Information Act Ewan Robson Director, IG Compliance ltd 1 Todays Training Look at the History of the Data Protection Act/General Data Protection

575 views • 40 slides
General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps

General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps

General Data Protection Regulations Overview Introduction (1) (2) Definitions (3) 10 Steps (4) Q&A [GDPR] lays down rules relating to the protection of natural persons with regard to the processing of personal data and the free

759 views • 47 slides
on data protection and fundamental rights Anna Fielder 16-06 TISA Countries No general data

on data protection and fundamental rights Anna Fielder 16-06 TISA Countries No general data

Data flows between the EU and partner countries: how to comply with the EU standards on data protection and fundamental rights Anna Fielder 16-06 TISA Countries No general data protection law in red Australia, Canada, Chile, Chinese Taipei,

527 views • 6 slides
General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 +

General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 +

London | Bristol | Dublin | Dubai General Data Protection Regulation: Preparation for Employers James Hutchinson 14 June 2017 + Introduction General Data Protection Regulation in effect from 25 May 2018 Probably the most lobbied EU law

363 views • 12 slides
INFORMATION SEMINAR FOR LICENSEES 2018 General Data Protection Regulation (GDPR) 25 May

INFORMATION SEMINAR FOR LICENSEES 2018 General Data Protection Regulation (GDPR) 25 May

PROPERTY SERVICES REGULATORY AUTHORITY INFORMATION SEMINAR FOR LICENSEES 2018 General Data Protection Regulation (GDPR) 25 May 2018 Data Protection Commission Website WWW.GDPRANDYOU.IE Relates to Personal Data/Information held

545 views • 30 slides
General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by Accredited by Powered by with General Data Protection Regulation (GDPR) Why? Supports a single digital market place Protect privacy

413 views • 22 slides
7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679

7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679

GDPR Is your Fund ready? Etain de Valera 21 st September 2017 7642284v1 Countdown to GDPR General Data Protection Regulation - Regulation (EU) 2016/679 Replaces existing data protection law in all member states on 25 May 2018 Designed to

807 views • 53 slides
General Data Protection Regulation/Freedom of the Press Act Protection of personal data and

General Data Protection Regulation/Freedom of the Press Act Protection of personal data and

General Data Protection Regulation/Freedom of the Press Act Protection of personal data and Public Access to Information Public Access to Information/Right to Privacy Freedom of the Press Act: Every Swedish citizen are entitled to have free

205 views • 6 slides
General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR

General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR

General Data Protection Regulation and the UT System GDPRs Intent The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world that is vastly different from the time in which the

199 views • 9 slides
Municipal Groundwater Municipal Groundwater Monitoring in Waterloo Monitoring in Waterloo

Municipal Groundwater Municipal Groundwater Monitoring in Waterloo Monitoring in Waterloo

Municipal Groundwater Municipal Groundwater Monitoring in Waterloo Monitoring in Waterloo Region Region Tammy Middleton, M.Sc. P.Geo. Senior Hydrogeologist Regional Municipality of Waterloo Presentation Overview Presentation Overview

495 views • 45 slides
1,4-Dioxane October 2014 August 2015 North Carolina Division of Water Resources Overview

1,4-Dioxane October 2014 August 2015 North Carolina Division of Water Resources Overview

A Cooperative Study on 1,4-Dioxane October 2014 August 2015 North Carolina Division of Water Resources Overview What is 1,4-Dioxane? Potential sources Treatment and removal Background UCMR3 Current studies/monitoring

709 views • 45 slides
Environmental sensitivity Assessment by MOIRA-PLUS Lakes vre-Heimdalsvatn (Norway) Bracciano

Environmental sensitivity Assessment by MOIRA-PLUS Lakes vre-Heimdalsvatn (Norway) Bracciano

Environmental sensitivity Assessment by MOIRA-PLUS Lakes vre-Heimdalsvatn (Norway) Bracciano (Italy) The lakes: Bracciano The lakes: Heimdalsvatn First step: model calibration (data of contamination following the Chernobyl accident) First

526 views • 21 slides
The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life

The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life

The Unfortunate Truth Managin ing C Contam taminat ated S Site tes throughout the L Life fe-Of Of-Mine t e to Reduce e Ris isks an and L Liab iabilities Overview Notable issues associated with application of requirements under

761 views • 16 slides
General Data Protection Regulation (GDPR) Sasha Hewitt Associate Director, HQIP www.hqip.org.uk

General Data Protection Regulation (GDPR) Sasha Hewitt Associate Director, HQIP www.hqip.org.uk

General Data Protection Regulation (GDPR) Sasha Hewitt Associate Director, HQIP www.hqip.org.uk What is the GDPR and why is it important? GDPR is the new legal framework for the EU Applies to personal and sensitive personal data

502 views • 15 slides
EU Data Protection Monday 18 November 13 1 Table of Contents 1. Introduction 2. Scope 3.

EU Data Protection Monday 18 November 13 1 Table of Contents 1. Introduction 2. Scope 3.

Presentation to IAPP November 18, 2013 EU Data Protection Monday 18 November 13 1 Table of Contents 1. Introduction 2. Scope 3. Substantive Obligations 4. Formal Obligations 5. International Transfers 6. Enforcement 7. Sanctions,

1.26k views • 66 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
Scale Dependency Analysis of Atmospheric Pollutants with EMEP MSC-W Model Semeena Valiyaveetil

Scale Dependency Analysis of Atmospheric Pollutants with EMEP MSC-W Model Semeena Valiyaveetil

Scale Dependency Analysis of Atmospheric Pollutants with EMEP MSC-W Model Semeena Valiyaveetil Shamsudheen Bias % = Model - Obs Model Validation 100 Obs Component No. of Obs Bias% Bias% Bias% Bias% Corrn Corrn Corrn Corrn Stns

297 views • 8 slides

More recommend