SlideShare a Scribd company logo

Amberhawk - Law Enforcement Parts of the Data Protection Bill

techUK
techUK

Presentations on How Will Policing and Justice Be Affected By the Data Protection Bill? event held on 14 November

Technology
1 of 11
LAW ENFORCEMENT PARTS OF THE DP BILL Divergence from the Applied GDPR chris.pounder@amberhawk.com 1
DP BILL FOR LAW ENFORCEMENT • PART 3. Law Enforcement Processing (Clauses 27-79) Implements the LED for law enforcement data processing • Schedule 7 (List of competent authorities covered by LED) • Schedule 8 (Conditions for sensitive processing under Part 3) • PART 4. Intelligence Services Processing (Clauses 80-111): adopts data protection standards for intelligence services data processing. • Schedules 9-11 (Conditions for processing, sensitive processing and other exemptions under Part 4) 2
LAW ENFORCEMENT PURPOSES The “law enforcement purposes” are: • the “prevention, investigation, detection or prosecution of criminal offences” and • “execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” Any processing not for a law enforcement purpose (e.g. Human Resources) is subject to the GDPR elements of the DP Bill CCTV – is that processing for a law enforcement purpose? Answer “NO” if the controller is not a competent authority 3
WHO DOES “LAW ENFORCEMENT”? • All organisations in Schedule 7 (i.e. the usual suspects) And • any other person if and to the extent that the person has statutory functions for any of the law enforcement purposes • (e.g. Trading standards for Local Authority) 4
COMMENTS ON DEFINITIONS 1. If a law requires personal data to be processed for a law enforcement purpose, then the organisation that is required by law to processes the personal data is the controller (like S.1(4) DPA). 2. The grounds for the processing are limited to (a) data subject consent or (b) necessary for the functions of a competent authority. Processing policies needed for both (e.g. how consent is obtained; what are the functions). Policies are subject to FOIA/FOISA requests 3. There is no “special personal data” but there is “sensitive processing” of personal data 5
COMMENTS ON PRINCIPLES 1. If the processing is necessary for a law enforcement purpose, then the fairness provisions are negated if informing the data subject would be likely to “undermine” the law enforcement purpose 2. Disclosures from one law enforcement purpose for any further law enforcement purpose by another controller is likely to be compatible. 3. Fourth Principle requires; – Facts separate from opinions – Distinction between suspects, convicted, victims and witnesses 6
COMMENTS ON SECURITY • Security Principle in general applies to ALL processing of personal data for a law enforcement purpose. For automated processing, each controller & processor must: • do an evaluation of the risks (e.g. DPIA) • prevent unauthorised processing or unauthorised interference with the systems used in connection with it, • ensure that it is possible to establish the precise details of any processing that takes place (logging requirements in Cl. 60) • ensure that systems function properly and may, in the case of interruption, be restored • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions 7
COMMENTS ON TRANSFERS (Clauses 71-75) Data transfers to “comparable” law enforcement agencies in Third Countries for law enforcement purposes can occur when: • an adequacy decision exists for that Third Country • there is not an adequacy decision but there are alternative safeguards for the transfer (e.g. binding contract or the organisation transferring can assess adequacy; Brexit option?) • there is neither of the above but special circumstances apply for the transfer to the Third Country (e.g. vital or legitimate interests of data subject; serious security threat) In the last two cases, the transfer has to be fully documented (e.g. date, time, justification for transfer, details of recipient etc) 8
COMMENTS ON RIGHTS Several rights apply (e.g. right of access to personal data, rectification, erasure, restriction). Rights negated if satisfying the right: • obstructs an official/legal inquiry, investigation or procedure • prejudices the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; • jeopardises public security, national security or the rights and freedoms of others. Rules similar to “FOIA’s neither confirm nor deny” apply But ICO can check whether exemption is properly applied 9
FINAL COMMENTS (LED LIKE GDPR) • “Personal data” and “filing system” definitions the same • A Data Protection Officer is definitely needed • Data Protection Impact Assessments and prior notification of a high risk that cannot be mitigated • Data Loss reporting within 72hrs at the latest • Data Protection by Design included in procurement processes • Must have detailed records of processing activities (in addition to the detailed logging arrangements) • Processor arrangements and sub-contracting procedures • Joint controllership rules identified in advance. 10
THE END ©Chris Slane 11 More on the GDPR and LED in all Amberhawk DP courses …. and on HAWKTALK (wholly balanced blog) Q U E S T I O N S

Recommended

DPIA
DPIADPIA
DPIA
Martyn Ripley
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QAFest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
Frederick Lane
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
Ethisphere
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy Framework
Shankar Subramaniyan
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
TrustArc
 

Recommended

DPIA
DPIADPIA
DPIA
Martyn Ripley
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QAFest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
Frederick Lane
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor Webinar
Ethisphere
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy Framework
Shankar Subramaniyan
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & Act
TrustArc
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data Portability
Busola Awani
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
Patrick Soenen
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services EL
Eugene Lee
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
Online
 
Gdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELGdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework EL
Eugene Lee
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
Omar Toor
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?
TrustArc
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
David Erdos
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
isc2-hellenic
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
Dione McBride, CISSP, CIPP/E
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
Black Duck by Synopsys
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
Lava Consult BVBA
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
Erik Vollebregt
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
JakeAldrinDegala1
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
Synopsys Software Integrity Group
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
Emerson Bryan
 

More Related Content

What's hot

GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data Portability
Busola Awani
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?
TrustArc
 

What's hot (7)

GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data Portability
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services EL
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
Gdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELGdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework EL
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?
 

Similar to Amberhawk - Law Enforcement Parts of the Data Protection Bill

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
David Erdos
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
Samir Jha
 

Similar to Amberhawk - Law Enforcement Parts of the Data Protection Bill (20)

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 

More from techUK

More from techUK (20)

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
 
Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum Access
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum Management
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for Utilities
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MOD
 
India Secondment
India SecondmentIndia Secondment
India Secondment
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDI
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations Priorities
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA Workshop
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's Perspective
 

Recently uploaded

Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Victor Rentea
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
WSO2
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 

Recently uploaded (20)

How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Six Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal OntologySix Myths about Ontologies: The Basics of Formal Ontology
Six Myths about Ontologies: The Basics of Formal Ontology
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Vector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptxVector Search -An Introduction in Oracle Database 23ai.pptx
Vector Search -An Introduction in Oracle Database 23ai.pptx
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024Finding Java's Hidden Performance Traps @ DevoxxUK 2024
Finding Java's Hidden Performance Traps @ DevoxxUK 2024
 
Decarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational PerformanceDecarbonising Commercial Real Estate: The Role of Operational Performance
Decarbonising Commercial Real Estate: The Role of Operational Performance
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Navigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern EnterpriseNavigating Identity and Access Management in the Modern Enterprise
Navigating Identity and Access Management in the Modern Enterprise
 
Simplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptxSimplifying Mobile A11y Presentation.pptx
Simplifying Mobile A11y Presentation.pptx
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
API Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governanceAPI Governance and Monetization - The evolution of API governance
API Governance and Monetization - The evolution of API governance
 
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...Stronger Together: Developing an Organizational Strategy for Accessible Desig...
Stronger Together: Developing an Organizational Strategy for Accessible Desig...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 

Amberhawk - Law Enforcement Parts of the Data Protection Bill

  • 1. LAW ENFORCEMENT PARTS OF THE DP BILL Divergence from the Applied GDPR chris.pounder@amberhawk.com 1
  • 2. DP BILL FOR LAW ENFORCEMENT • PART 3. Law Enforcement Processing (Clauses 27-79) Implements the LED for law enforcement data processing • Schedule 7 (List of competent authorities covered by LED) • Schedule 8 (Conditions for sensitive processing under Part 3) • PART 4. Intelligence Services Processing (Clauses 80-111): adopts data protection standards for intelligence services data processing. • Schedules 9-11 (Conditions for processing, sensitive processing and other exemptions under Part 4) 2
  • 3. LAW ENFORCEMENT PURPOSES The “law enforcement purposes” are: • the “prevention, investigation, detection or prosecution of criminal offences” and • “execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” Any processing not for a law enforcement purpose (e.g. Human Resources) is subject to the GDPR elements of the DP Bill CCTV – is that processing for a law enforcement purpose? Answer “NO” if the controller is not a competent authority 3
  • 4. WHO DOES “LAW ENFORCEMENT”? • All organisations in Schedule 7 (i.e. the usual suspects) And • any other person if and to the extent that the person has statutory functions for any of the law enforcement purposes • (e.g. Trading standards for Local Authority) 4
  • 5. COMMENTS ON DEFINITIONS 1. If a law requires personal data to be processed for a law enforcement purpose, then the organisation that is required by law to processes the personal data is the controller (like S.1(4) DPA). 2. The grounds for the processing are limited to (a) data subject consent or (b) necessary for the functions of a competent authority. Processing policies needed for both (e.g. how consent is obtained; what are the functions). Policies are subject to FOIA/FOISA requests 3. There is no “special personal data” but there is “sensitive processing” of personal data 5
  • 6. COMMENTS ON PRINCIPLES 1. If the processing is necessary for a law enforcement purpose, then the fairness provisions are negated if informing the data subject would be likely to “undermine” the law enforcement purpose 2. Disclosures from one law enforcement purpose for any further law enforcement purpose by another controller is likely to be compatible. 3. Fourth Principle requires; – Facts separate from opinions – Distinction between suspects, convicted, victims and witnesses 6
  • 7. COMMENTS ON SECURITY • Security Principle in general applies to ALL processing of personal data for a law enforcement purpose. For automated processing, each controller & processor must: • do an evaluation of the risks (e.g. DPIA) • prevent unauthorised processing or unauthorised interference with the systems used in connection with it, • ensure that it is possible to establish the precise details of any processing that takes place (logging requirements in Cl. 60) • ensure that systems function properly and may, in the case of interruption, be restored • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions 7
  • 8. COMMENTS ON TRANSFERS (Clauses 71-75) Data transfers to “comparable” law enforcement agencies in Third Countries for law enforcement purposes can occur when: • an adequacy decision exists for that Third Country • there is not an adequacy decision but there are alternative safeguards for the transfer (e.g. binding contract or the organisation transferring can assess adequacy; Brexit option?) • there is neither of the above but special circumstances apply for the transfer to the Third Country (e.g. vital or legitimate interests of data subject; serious security threat) In the last two cases, the transfer has to be fully documented (e.g. date, time, justification for transfer, details of recipient etc) 8
  • 9. COMMENTS ON RIGHTS Several rights apply (e.g. right of access to personal data, rectification, erasure, restriction). Rights negated if satisfying the right: • obstructs an official/legal inquiry, investigation or procedure • prejudices the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; • jeopardises public security, national security or the rights and freedoms of others. Rules similar to “FOIA’s neither confirm nor deny” apply But ICO can check whether exemption is properly applied 9
  • 10. FINAL COMMENTS (LED LIKE GDPR) • “Personal data” and “filing system” definitions the same • A Data Protection Officer is definitely needed • Data Protection Impact Assessments and prior notification of a high risk that cannot be mitigated • Data Loss reporting within 72hrs at the latest • Data Protection by Design included in procurement processes • Must have detailed records of processing activities (in addition to the detailed logging arrangements) • Processor arrangements and sub-contracting procedures • Joint controllership rules identified in advance. 10
  • 11. THE END ©Chris Slane 11 More on the GDPR and LED in all Amberhawk DP courses …. and on HAWKTALK (wholly balanced blog) Q U E S T I O N S

Editor's Notes

  1. Go through the courseware; identify action plan for controllers – parking rights for the moment