what the future holds
play

what the future holds Zach Thornton, External Affairs Manager, DMA - PowerPoint PPT Presentation

Jan 31, 2023 •411 likes •752 views

@DMA_UK #dma General Data Protection Regulation what the future holds Zach Thornton, External Affairs Manager, DMA EU Data Protection reform where are we? Dec 2015 Political agreement reached on text Apr 2016 Justice and Home

  1. @DMA_UK #dma General Data Protection Regulation – what the future holds Zach Thornton, External Affairs Manager, DMA

  4. EU Data Protection reform – where are we? • Dec 2015 Political agreement reached on text • Apr 2016 Justice and Home Ministers sign off • Apr 2016 European Parliament signs off • 25 May 2016 Regulation becomes law • Oct/Nov 2016 UK issues Art 50 notice to EU • 25 May 2018 Regulation comes into force • Oct/Nov 2018 UK ceases to be EU Member State What kind of UK- EU trade deal?

  5. Will Brexit change anything ? • No • Any free trade arrangement with EU will require equivalent data protection legislation • Data protection now a global issue so any free trade agreement with other countries will require equivalent data protection legislation

  6. ICO Referendum result response • Data Protection Act 1998 remains UK law irrespective of the vote to leave the EU • UK will want to have access to EU Single Market in goods and services therefore at minimum would need to have equivalent data protection laws to EU in order for Brussels to grant UK at minimum Adequacy Status under GDPR • Organisations operating across UK, EU and other countries international consistency around data protection laws and individual rights is crucial. Need to comply with GDPR • Organisations operating in UK only – possibility of GDPR lite version only • ICO will lobbying UK government for reform of UK data protection law • DMA stance same as ICO • UK DMA will work with FEDMA at European level

  7. Information Commissioner and Minister’s views • Limit business costs while respecting individual’s data protection rights • Implementation of text will be complex and demanding • Support organisations to make changes • Powerful driver to good practice in treating consumers well • Building long term business rather than quick buck • ICO will deal with rogues and use fining powers proportionately and appropriately • ICO and Article 29 Working Party (senior representatives from other EU Member States) will issue Guidance Notes – ICO published draft timetable • New ICO Elizabeth Denham from Canada familiar with GDPR plus ICO will have GDPR change management unit

  8. Albrecht Statement • "The general data protection regulation makes a high, uniform level of data protection throughout the EU a reality. This is a great success for the European Parliament and a fierce European 'yes' to strong consumer rights and competition in the digital age. Citizens will be able to decide for themselves which personal information they want to share". • "The regulation will also create clarity for businesses by establishing a single law across the EU. The new law creates confidence, legal certainty and fairer competition"

  9. Headline proposed changes • Expanded definitions: “personal data” and “data subject” • Changes to information requirements • Right to be forgotten • Greater emphasis on accountability • Notification of data security breaches • More onerous sanctions for breach • Data processors directly covered

  11. Consent Consent: Current Consent: GDPR Position Position (1995 Directive) - Freely given, specific, -Freely given, specific, informed informed indication of the and unambiguous indication of data subject’s wishes data subject’s wishes - Explicit consent required -Given either by a statement or a for sensitive personal clear affirmative action data only - Data controller / data subject relationship to be taken into account - Burden of proof on controller to demonstrate consent

  12. Consent (Recital 32) • Practical difference between “explicit "and “unambiguous” consent • Written, including electronic or oral statement • Includes • Ticking a box when visiting an internet website • Choosing technical settings • By any other statement or conduct which clearly indicates acceptance • Does Not include • Silence • Pre- ticked boxes • Inactivity

  13. Effect of change • Existing rules for post and telephone remain the same for first and third party marketing • Email and SMS marketing - rules in Privacy and Electronic Communications Directive remain the same for first party and third party marketing • NB Changes to information requirements you have to provide individuals • Remember that if you are outsourcing processing to a bureau, that bureau is not a third party • Hopefully brands will be able to grandfather existing marketing permissions obtained in compliance with existing law to new GDPR without having to go through a re-permissioning exercise. • Ned to comply with other GDPR provisions, for example information requirements

  14. Legitimate interests of data controller (Recital 47) • Alternative legal basis for processing personal data • Direct marketing recognised as a legitimate interest in text of Regulation • Cannot use it where fundamental rights and freedoms of individuals override rights of organisations • Need for balancing test • Provision of unsubscribe/.opt-out normally satisfies test • Cannot use it for processing personal data about children

  15. Information requirements in privacy policies (Article 13 and 14) • Name and contact details of data controller • Used for direct marketing purposes • Third parties to which information passed on • Transfers to countries outside Europe • Length of time for which information kept for • Data subject’s rights • Information about profiling

  16. Introduction of new rules on consent/legitimate interests • Review whether going to use consent or legitimate interests as basis for direct marketing activities • Do people understand what they are agreeing to? – nation of liars • Need for clear and transparent information about what direct marketing customers and registered prospects will receive • How will you demonstrate proof of consent • Legitimate interest route – opt out /unsubscribe must be clear and easy to use • Preference centre – by brand/ channel?

  17. IP addresses and cookies • Definition of personal data extended so could cover some IP addresses and cookies as “online identifiers” (Article 4 (1) • But IP addresses identify a device not an individual + some IPs are general • Huge implications for digital marketers • Web analytics & profiling made much more difficult, if not impossible • Interaction with new cookie rules problematic

  18. IP addresses and cookies • Think about how you will deal with extension to Include location data, IP addresses, cookies, online identifiers • Pseudonymous/anonymous data – will you be able to take advantage of exceptions? • Justice and Home Affairs Ministers – pseudonymous data is a subset of personal data • Amend wording on privacy policies/data collection notices to take account of new rules on profiling.

  19. Profiling (Articles 21 and 22) • Right to unsubscribe/opt-out from decision based on profiling, which produces legal effects concerning the individual or similarly significantly affects the individual. The right to unsubscribe/opt-out does not apply if the decision • a) is necessary for entering into or the performance of a contract between the individual and the data controller – an example of this would be credit-scoring if an individual applied for a new credit card or an increase in their credit limit • b) is based on the individual’s explicit consent • c) is authorised under EU or Member State Law – unlikely to apply to direct marketing

  20. Profiling (Articles 21 and 22) • In the case of a) or c) individual the right to ask the organisation • for a human to intervene in the profiling, • the right for the individual to express their point of view and the right to contest decision • Profiling for direct marketing purposes – right to object at any time under general right to object principle • Need to explain in data collection notice/privacy policy • whether or not the organisation uses automated decision making and profiling • meaningful information about how the automated decision making/profiling works • how the automated decision making/profiling will affect the individual.

  22. Data Breach Notification (Articles 33 and 34) • Any data security breach to be notified to ICO within /72 hours/undue delay • Report to cover: • nature of breach • number of data subjects • categories of data • proposed mitigation • Not always obvious if there has been a breach or how extensive it is • No need to notify if breach is unlikely to result in risk for rights and freedoms of individuals • Notification to affected individuals only if breach likely to result in high risk to rights and freedoms of individuals

  23. Data security breach notification • Introduce breach notification detection procedures • Think about how you will notify data protection authorities and affected individuals within timescale is agreed • Develop/review your data breach response plan • Guidance needed on high risk

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

The Story of Technology How We Got Here and What the Future Holds What is technology and where

The Story of Technology How We Got Here and What the Future Holds What is technology and where

The Story of Technology How We Got Here and What the Future Holds What is technology and where does it come from? Can technology be managed? What is the appropriate balance discovery and prudence? What does the history of technology tell us

253 views • 11 slides
GRAFT ENGINEERING AND CELLULAR IMMUNOTHERAPY What the present and future holds Dr Mickey Koh

GRAFT ENGINEERING AND CELLULAR IMMUNOTHERAPY What the present and future holds Dr Mickey Koh

GRAFT ENGINEERING AND CELLULAR IMMUNOTHERAPY What the present and future holds Dr Mickey Koh St Georges Hospital, London, UK Division Director, Blood Services Gp, HSA Medical Director, Cell Therapy Facility History of Immunotherapy

446 views • 29 slides
DRUG Metabolism Holds its Destiny in its own Hands Dennis A. Smith, 2010 In future drug

DRUG Metabolism Holds its Destiny in its own Hands Dennis A. Smith, 2010 In future drug

DRUG Metabolism Holds its Destiny in its own Hands Dennis A. Smith, 2010 In future drug metabolism will have evolved into a set of separate sections and disciplines capable of being outsourced and multiplexed into partner lines thus providing

813 views • 65 slides
BUCS WHAT THE FUTURE HOLDS AUGUST, 2017 Mike Gold RVP Sales, US and Canada Terrasat

BUCS WHAT THE FUTURE HOLDS AUGUST, 2017 Mike Gold RVP Sales, US and Canada Terrasat

BUCS WHAT THE FUTURE HOLDS AUGUST, 2017 Mike Gold RVP Sales, US and Canada Terrasat Communications Terrasat Overview We make intelligent BUCs! Thats all we do - no modems, antennas, hubs, etc. Originated 1994, private

378 views • 8 slides
What the fu future holds for nuclear energy? akira OMOTO, Tokyo Institute of Technology

What the fu future holds for nuclear energy? akira OMOTO, Tokyo Institute of Technology

What the fu future holds for nuclear energy? akira OMOTO, Tokyo Institute of Technology omoto@nr.titech.ac.jp, akira.omoto@mac.com Outline 1. Introduction 2. Projection of energy to 2050 and the role of Nuclear Energy 3. Paradigm shift

600 views • 49 slides
Preliminaries Q1 Is p & G(p -> XX p) a solution to the p on even states but saying

Preliminaries Q1 Is p & G(p -> XX p) a solution to the p on even states but saying

Preliminaries Q1 Is p & G(p -> XX p) a solution to the p on even states but saying nothing about odd states puzzle? A: no if p holds in an odd state, then it holds in all future odd states. We didnt want this. Preliminaries

1.06k views • 66 slides
On Order Holds LOPL Pilot Statistics Results Overall Summary Tracked all on order holds placed

On Order Holds LOPL Pilot Statistics Results Overall Summary Tracked all on order holds placed

On Order Holds LOPL Pilot Statistics Results Overall Summary Tracked all on order holds placed by LOPL patrons between 7/1/19 and 10/15/19 Total LOPL holds in that timeframe: 54,686 Total on order holds in that timeframe: 6,840 On

328 views • 8 slides
Writing Convincing Arguments I have a number x R . For any positive y > 0, it holds that x

Writing Convincing Arguments I have a number x R . For any positive y > 0, it holds that x

Writing Convincing Arguments I have a number x R . For any positive y > 0, it holds that x y . Is it true that x 0? Can you convince a classmate? Can you prove it? A proof is a finite list of logical deductions which establishes the

447 views • 25 slides
Correction: the condition (6.29) holds for any function of this form, regardless of whether b and

Correction: the condition (6.29) holds for any function of this form, regardless of whether b and

Correction: the condition (6.29) holds for any function of this form, regardless of whether b and C are positive. However, it only defines a normalisable wavefunction for positive b and nonzero C. Gaussian wavepackets are the minimum uncertainty

1.2k views • 101 slides
What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same

What is Anomalies? If Efficient Market Hypothesis holds, all securities should have the same risk-adjusted returns. Lecture 2: Anomalies and Market o Therefore, observable stock characteristics such as size, PE ratio, or price-book value

248 views • 9 slides
FY2017 AGM 16 April 2018 Launching the Red Dot to the World! Who holds the No. 1 position in

FY2017 AGM 16 April 2018 Launching the Red Dot to the World! Who holds the No. 1 position in

FY2017 AGM 16 April 2018 Launching the Red Dot to the World! Who holds the No. 1 position in the university domain? Number 1 position in Singapore MindChamps, Total: 91 centres; Busy Bees, 26.4% Etonhouse, 5.5% Others, 29.7% Market

1.04k views • 61 slides
Future deans in Indonesia: Lions or lambs? Jenny Ngo Sekolah Tinggi Teknik Surabaya, Indonesia

Future deans in Indonesia: Lions or lambs? Jenny Ngo Sekolah Tinggi Teknik Surabaya, Indonesia

Future deans in Indonesia: Lions or lambs? Jenny Ngo Sekolah Tinggi Teknik Surabaya, Indonesia ABSTRACT Leadership is a mysterious phenomenon, often perceived as a critical factor in an organisations success. This also holds true for

323 views • 17 slides
San Diego is a community that holds the talent, resources and progressive mindset that provides

San Diego is a community that holds the talent, resources and progressive mindset that provides

San Diego is a community that holds the talent, resources and progressive mindset that provides businesses the opportunity to flourish. George Stelling, President and COO, Altec Lansing The perfect place. The perfect environment. LIFESTYLE

448 views • 29 slides
Jail (SRJ). The ACSO holds the distinct honor of holding the Triple Crown Accreditation award

Jail (SRJ). The ACSO holds the distinct honor of holding the Triple Crown Accreditation award

Alameda County Sheriffs Office provides for the care, custody and control of the inmates housed at the Glenn E. Dyer Detention Facility (GEDDF) and Santa Rita Jail (SRJ). The ACSO holds the distinct honor of holding the Triple Crown

531 views • 36 slides
Indexing Ramakrishnan/Gehrke Ch. 8 How index -learning turns no student pale Yet holds the eel

Indexing Ramakrishnan/Gehrke Ch. 8 How index -learning turns no student pale Yet holds the eel

Indexing Ramakrishnan/Gehrke Ch. 8 How index -learning turns no student pale Yet holds the eel of science by the tail. -- Alexander Pope (1688-1744) 340151 Big Databases & Cloud Services (P. Baumann) 1 Range Searches `` Find

476 views • 23 slides
T2 What the Second Generation Holds Philip Levis, David Gay, David Culler, Vlado Handziski, Jan

T2 What the Second Generation Holds Philip Levis, David Gay, David Culler, Vlado Handziski, Jan

T2 What the Second Generation Holds Philip Levis, David Gay, David Culler, Vlado Handziski, Jan Hauer, Cory Sharp, Ben Greenstein, Jonathan Hui, Joe Polastre, Robert Szewczyk, Kevin Klues, Gilman Tolle, Lama Nachman, Adam Wolisz, and a few

802 views • 50 slides
Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant

Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant

Freedom of information, data protection and the role of the ICO: an update Anne Jones Assistant Commissioner (Wales) One Voice Wales Annual Conference 5 October 2013 Overview 1. The ICOs role 2. Freedom of Information Act basics 3. FOI

154 views • 13 slides
New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap -

New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap -

New Data Protection law - Impact on the University LSBUs compliance roadmap Roadmap - continuity, change, uncertainty Data Protection Act 1998 GDPR 2016 Agreed Dec 2015 Approved Apr 2016 In force 25 May 2018 Still to be resolved

478 views • 10 slides
Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation

Information Sharing with Police Seamus Watson PHE DI Frankie Westoby Insert Presentation Title 1 History and Importance of Information Sharing Multi organisational process - links between people, care and treatment, objects and

358 views • 7 slides
Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh

Requesting information under the Freedom of Information Act and the Data Protection Act Leigh Day / CORE Training Event on Access to Information 10 July 2015 Emily Soothill Freedom of Information Act 2000 (FOIA) " Freedom of Information

568 views • 18 slides
In Information Sh Shar aring -The Fac acts Bob Fr Bo Fraser Scottish Government TAKING

In Information Sh Shar aring -The Fac acts Bob Fr Bo Fraser Scottish Government TAKING

TAKING CARE OF OUR FUTURE | A CELEBRATION OF HEALTH VISITING ACROSS SCOTLAND #HVFu #H Futures2 s2017 17 In Information Sh Shar aring -The Fac acts Bob Fr Bo Fraser Scottish Government TAKING CARE OF OUR FUTURE A CELEB ELEBRA RATIO

540 views • 19 slides
(The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County

(The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County

GDPR (The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County Council GDPR Context 1998 Act established concept of citizen privacy rights in a very different technological world 2018

254 views • 7 slides
Confidentiality and Data Sovereignty in the Cloud ABSTRACT To the extent that most of the content

Confidentiality and Data Sovereignty in the Cloud ABSTRACT To the extent that most of the content

Confidentiality and Data Sovereignty in the Cloud ABSTRACT To the extent that most of the content and software application are only accessible online, users have no longer control over the manner in which they can access their data and the extent

308 views • 13 slides
THE APPLICATION OF GDPR IN SOUTH AFRICA General Data Protection Regulation (EU) 2016/679 The

THE APPLICATION OF GDPR IN SOUTH AFRICA General Data Protection Regulation (EU) 2016/679 The

THE APPLICATION OF GDPR IN SOUTH AFRICA General Data Protection Regulation (EU) 2016/679 The road to GDPR compliance Introduction The General Data Protection Regulation (EU) 2016/679 (" GDPR ") seeks to restructure the existing

248 views • 11 slides

More recommend