This document provides training on data protection and handling personal information. It defines personal information and sensitive personal information. It explains that the General Data Protection Regulation (GDPR) increases standards for obtaining consent and making people aware of how their data is used. It provides examples of different types of personal and sensitive information and gives guidance on properly identifying and managing this information.
A #COVID19 tem transformado os hábitos de consumo em todo o mundo e impactado diretamente as empresas de varejo, que enfrentam o desafio de contornar as dificuldades operacionais num cenário em que o isolamento social é a medida mais recomendada e o consumidor tem novas demandas a serem atendidas.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
This document provides a summary of key findings from a benchmark study report on data privacy and the General Data Protection Regulation (GDPR). Some of the main findings include:
- 86% of participants said their organization values protecting customer and prospect data to a moderate or significant extent.
- Nearly three-quarters of participants will invest in technology to improve their approach to data privacy.
- 59% of marketing teams said they will become more dependent on customer data moving forward.
- Only 32% of participants are currently tracking metrics to measure their data privacy approach.
- Over half of participants listed "understanding the GDPR" as their top data privacy challenge.
Ø Data protection principles set out the main responsibilities for organizations handling personal data, including processing data fairly and lawfully, only collecting data needed for the purpose, keeping data accurate, not storing it longer than needed, securing the data, and being accountable.
Ø Organizations must have a lawful basis to process personal data and do so in a transparent way by providing privacy notices. They can only use data for the specified purpose, not indefinitely or for new unspecified purposes. They must also minimize the data collected, keep it accurate, securely delete unneeded data, and keep records demonstrating compliance.
Ready your Organisation: Senior Managers and Certification RegimeMyComplianceOffice
The UK’s Senior Managers and Certification Regime (SMCR) came into force for banks, other deposit-takers and PRA-regulated investment firms in March 2016. The regime is expected to be brought into effect for the rest of the UK financial services industry in 2018.
Watch recordings of the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/ready-your-firm-senior-managers-and-certification-regime-fundamentals
The document discusses social media, web 2.0, and privacy. It notes that while social media allows people to share information, it also means that personal data is increasingly collected and used in ways that impact privacy. The document outlines how companies collect and use personal data from social media as well as employees' online activities, and the privacy and legal issues this raises for both individuals and employers. It also provides recommendations for how companies can improve their data privacy and security practices.
The document discusses regulatory requirements and technologies related to anti-money laundering (AML). It covers the following key points in 3 sentences:
Regulatory requirements on AML include know-your-customer procedures, sanctions list screening, transaction monitoring, and reporting of suspicious transactions. Remote account opening procedures outlined involve using technologies like facial recognition to verify a customer's identity by matching their selfie to their photo ID. Facial recognition technology works by measuring distance between facial feature points and determining if the difference between a selfie and ID photo is within an established error threshold based on historical data.
This document summarizes a webinar about AI leadership for corporate boards. The webinar was presented by three experts: Liselotte Engstam, Fernanda Torre, and Robin Teigland. They discussed the challenges boards face in governing AI and other new technologies, presented research findings on boards' current capabilities and ambitions for AI. The research found that most boards are not currently guiding or supervising companies' AI efforts but see a need to do so in the future. The presenters provided examples of the types of questions boards should ask to properly guide and supervise AI. Finally, they announced a new book by the 4Boards.ai research project providing a checklist of such questions to help boards improve their
A #COVID19 tem transformado os hábitos de consumo em todo o mundo e impactado diretamente as empresas de varejo, que enfrentam o desafio de contornar as dificuldades operacionais num cenário em que o isolamento social é a medida mais recomendada e o consumidor tem novas demandas a serem atendidas.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
This document provides a summary of key findings from a benchmark study report on data privacy and the General Data Protection Regulation (GDPR). Some of the main findings include:
- 86% of participants said their organization values protecting customer and prospect data to a moderate or significant extent.
- Nearly three-quarters of participants will invest in technology to improve their approach to data privacy.
- 59% of marketing teams said they will become more dependent on customer data moving forward.
- Only 32% of participants are currently tracking metrics to measure their data privacy approach.
- Over half of participants listed "understanding the GDPR" as their top data privacy challenge.
Ø Data protection principles set out the main responsibilities for organizations handling personal data, including processing data fairly and lawfully, only collecting data needed for the purpose, keeping data accurate, not storing it longer than needed, securing the data, and being accountable.
Ø Organizations must have a lawful basis to process personal data and do so in a transparent way by providing privacy notices. They can only use data for the specified purpose, not indefinitely or for new unspecified purposes. They must also minimize the data collected, keep it accurate, securely delete unneeded data, and keep records demonstrating compliance.
Ready your Organisation: Senior Managers and Certification RegimeMyComplianceOffice
The UK’s Senior Managers and Certification Regime (SMCR) came into force for banks, other deposit-takers and PRA-regulated investment firms in March 2016. The regime is expected to be brought into effect for the rest of the UK financial services industry in 2018.
Watch recordings of the webinar here; https://mco.mycomplianceoffice.com/mco-webinar/ready-your-firm-senior-managers-and-certification-regime-fundamentals
The document discusses social media, web 2.0, and privacy. It notes that while social media allows people to share information, it also means that personal data is increasingly collected and used in ways that impact privacy. The document outlines how companies collect and use personal data from social media as well as employees' online activities, and the privacy and legal issues this raises for both individuals and employers. It also provides recommendations for how companies can improve their data privacy and security practices.
The document discusses regulatory requirements and technologies related to anti-money laundering (AML). It covers the following key points in 3 sentences:
Regulatory requirements on AML include know-your-customer procedures, sanctions list screening, transaction monitoring, and reporting of suspicious transactions. Remote account opening procedures outlined involve using technologies like facial recognition to verify a customer's identity by matching their selfie to their photo ID. Facial recognition technology works by measuring distance between facial feature points and determining if the difference between a selfie and ID photo is within an established error threshold based on historical data.
This document summarizes a webinar about AI leadership for corporate boards. The webinar was presented by three experts: Liselotte Engstam, Fernanda Torre, and Robin Teigland. They discussed the challenges boards face in governing AI and other new technologies, presented research findings on boards' current capabilities and ambitions for AI. The research found that most boards are not currently guiding or supervising companies' AI efforts but see a need to do so in the future. The presenters provided examples of the types of questions boards should ask to properly guide and supervise AI. Finally, they announced a new book by the 4Boards.ai research project providing a checklist of such questions to help boards improve their
This chapter summary covers simple linear regression models. Key topics include determining the simple linear regression equation, measures of variation such as total, explained, and unexplained sums of squares, assumptions of the regression model including normality, homoscedasticity and independence of errors. Residual analysis is discussed to examine linearity and assumptions. The coefficient of determination, standard error of estimate, and Durbin-Watson statistic are also introduced.
The GDPR is a new EU regulation that protects personal data and privacy rights. It applies broadly to any organization that handles EU citizens' data. Key provisions include:
- Significant fines for non-compliance up to €20 million or 4% annual global turnover
- Rights for data subjects to access, correct, and delete their personal data
- Mandates for consent, privacy by design, and data protection officers.
- Breach notification requirements for reporting certain data incidents within 72 hours.
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
As stewards of personal data for more than 1.2 million Rotarians and friends of Rotary worldwide, Rotary takes data privacy and protection seriously. To ensure compliance with the European Union's new privacy law, the General Data Protection Regulation (GDPR), we will apply these standards globally. Find out more about these efforts and how they affect data privacy and protection for Rotary.
This document discusses cybercrime in India, including the Information Technology Act 2000 and its amendments. It provides definitions of cybercrime, classifications of offenses like those against individuals, property, organizations and society. Examples of famous cybercrime cases in India are mentioned. Statistics on cybercrime growth are presented. The role of organizations like NASSCOM in combating cybercrime through initiatives focused on engagement, education, enactment and enforcement is summarized. Suggestions for dealing with cybercrime through international cooperation, funding research, upgrading laws and training law enforcement are provided.
This document summarizes a webinar on international data transfers. It discusses recent EU data transfer enforcement actions against a Norwegian toll road operator and Hamburg public authorities for transferring personal data to China and the US without proper safeguards. It also provides an overview of the EU's standard contractual clauses and transfer risk assessment requirements, as well as the UK's international data transfer agreements and risk assessment process. Finally, it briefly mentions other international data transfer mechanisms and opens the floor for questions.
The document discusses the key aspects and requirements of the General Data Protection Regulation (GDPR). It notes that the GDPR strengthens and unifies data protection for individuals within the European Union. It applies to all companies processing personal data of EU residents, regardless of the company's location. The GDPR requires organizations to implement measures regarding data processing activities, data subject rights, security, breaches, and accountability. Non-compliance can result in significant fines of up to 4% of annual global turnover or €20 million. The GDPR has important implications for financial institutions and other organizations in how they manage personal data.
This document discusses whether health data constitutes big data. It identifies several sources of health data, such as clinical data, medical publications, and genomic data. While health data storage is projected to reach 25,000 petabytes by 2020, health data only accounts for 30% of the world's total data storage compared to other data-rich domains. However, the healthcare system has not fully optimized the potential benefits of big data due to issues like a lack of data integration and standardization. While health data is large, it is not as big as data from other domains that have more successfully harnessed the value of big data analytics.
The document provides an overview of the UK Data Protection Act of 1998. It was introduced due to public concerns about privacy with advancing computer technology. The Act gives individuals rights over their personal data and requires organizations to be open about how data is collected and used. It established 8 principles of good practice that require data to be fairly and lawfully processed, stored securely, and not transferred without adequate protections.
The SEC has proposed new rules to standardize and enhance climate-related disclosures for public companies. Key elements of the proposal include:
- Requiring governance, strategy, risk management, and targets disclosures around climate-related issues.
- Mandating financial statement metrics on the impact of severe weather events and the transition to a lower-carbon economy if such impacts exceed 1% of the relevant line item.
- Specifying greenhouse gas emissions disclosure of Scope 1, 2 and material Scope 3 emissions over time, starting with limited assurance and progressing to reasonable assurance.
- Placing most climate disclosures in a new section before the Management Discussion and Analysis rather than within the financial statements themselves. A
True Bayesians actually consider conditional probabilities as more basic than joint probabilities. It is easy to define P(A|B) without reference to the joint probability P(A,B). To see this note that we can rearrange the conditional probability formula to get:
P(A|B) P(B) = P(A,B)
Bcg true luxury global cons insight 2017 - presentataGabriela Otto
The document summarizes key findings from the 4th Edition of the True-Luxury Global Consumer Insight report by BCG Altagamma:
1) The number of true luxury consumers grew to 17 million, with China and the US driving most of the growth. Average luxury spending increased to 36,000 euros per consumer.
2) While the overall luxury market remained steady, there was a shift towards higher-spending consumers. True luxury consumers now represent 32% of the global luxury market, up from 29%.
3) Consumer appetite for luxury remains healthy, with the True Luxury Barometer showing 24% of consumers expect to increase spending in 2017. Chinese and American consumers will be the biggest drivers
DCH Data Protection Training PresentationMark Gracey
This document provides an overview of a training module on data protection. It discusses how the General Data Protection Regulation (GDPR) was implemented in the UK through the Data Protection Act 2018. The training aims to help organizations understand their obligations to comply with data protection laws and ensure all employees understand their roles. It covers key concepts like personal data, processing, data subjects, controllers, and processors. It also outlines the core data protection principles of lawful, fair and transparent processing.
At EY, we are committed to building a better working world — with increased trust and confidence in business, sustainable growth, development of talent in all its forms, and greater collaboration.
As stated by Mark Weinberger, Global Chairman and CEO, "We have developed a plan — Vision 2020 — that considers the changing world today, how it will be tomorrow and how we will adapt to the challenges and opportunities we will face. Amid the changes we see, EY also sees great opportunity and relevance in the role we play in building a better working world. The quality services and insights we deliver help build trust and confidence in capital markets in economies the world over. In so doing, we help build a better working world for our people, for our clients and for our communities. This is our purpose."
The EY Global Review 2013 covers the changes EY is making to better serve our clients, develop our people and leverage our highly integrated global structure.
This document provides an overview of the General Data Protection Regulation (GDPR) for employees. It defines personal data and special categories of personal data. It outlines the key rights of individuals, including rights to access, rectification, erasure, and objection. It discusses lawful processing of personal data and consequences for non-compliance such as fines. It provides examples of data breaches and emphasizes the importance of following the company's data protection policies and procedures.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Randomization tests provide an alternative to t-tests and F-tests that does not rely on assumptions of normality or random sampling. However, randomization tests can be too liberal or conservative depending on differences in sample sizes. Bootstrapping and Gill's algorithm can help address these issues. Bootstrapping resamples the larger sample to match the size of the smaller sample, controlling for liberal bias. Gill's algorithm uses Fourier expansion to efficiently calculate p-values from all permutations, reducing computational cost compared to full enumeration. However, conservative bias remains a challenge without a known solution.
The document provides an introduction to the General Data Protection Regulation (GDPR). It defines personal data and data privacy, explaining that the GDPR aims to strengthen data protection for individuals in the EU. It outlines key areas the GDPR covers such as consent, transparency, profiling, data transfers, and rights of individuals. It discusses penalties for non-compliance, which include fines of up to 20 million Euros or 4% of annual global turnover. The document provides an overview of the GDPR's requirements and changes organizations need to make to be compliant, such as conducting data audits and impact assessments, and establishing governance frameworks with accountability.
Italian consumers are increasingly pessimistic about the economy, with many aiming to reduce spending and modify consumption habits.
Italian consumers are increasingly worried about the effects of rising prices, as well as the invasion of Ukraine. Of Italians surveyed, six in ten expressed a negative view of the current economy; hopes for an economic recovery are lower than they were throughout the entire COVID-19 pandemic. Consumers perceived the highest price increases in groceries and fuel, along with strong increase in spend. These sentiments have translated into reduced consumption. Changed consumer behavior is also apparent, with a shift towards discounters and private-label brands. Price, value for money and availability are the biggest drivers of these choices.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
Data protection is all about respecting an
individual’s right to privacy and the new data
protection regulations, currently going
through final review by the European
parliament, will provide organizations with
the momentum they need to manage their
data more effectively. But what do you need
to do in order to ensure your organization
complies with data protection legislation
while increasing customer satisfaction?
This chapter summary covers simple linear regression models. Key topics include determining the simple linear regression equation, measures of variation such as total, explained, and unexplained sums of squares, assumptions of the regression model including normality, homoscedasticity and independence of errors. Residual analysis is discussed to examine linearity and assumptions. The coefficient of determination, standard error of estimate, and Durbin-Watson statistic are also introduced.
The GDPR is a new EU regulation that protects personal data and privacy rights. It applies broadly to any organization that handles EU citizens' data. Key provisions include:
- Significant fines for non-compliance up to €20 million or 4% annual global turnover
- Rights for data subjects to access, correct, and delete their personal data
- Mandates for consent, privacy by design, and data protection officers.
- Breach notification requirements for reporting certain data incidents within 72 hours.
The document discusses privacy laws in India related to digital data and personally identifiable information. It outlines key concepts around data privacy, categories of private data under Indian law, and relevant sections of the Information Technology Act 2000 regarding unauthorized access to data, compensation for failure to protect sensitive personal data, and criminal offenses for disclosure of private information. It also briefly mentions some global privacy laws like the Gramm–Leach–Bliley Act in the US.
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
As stewards of personal data for more than 1.2 million Rotarians and friends of Rotary worldwide, Rotary takes data privacy and protection seriously. To ensure compliance with the European Union's new privacy law, the General Data Protection Regulation (GDPR), we will apply these standards globally. Find out more about these efforts and how they affect data privacy and protection for Rotary.
This document discusses cybercrime in India, including the Information Technology Act 2000 and its amendments. It provides definitions of cybercrime, classifications of offenses like those against individuals, property, organizations and society. Examples of famous cybercrime cases in India are mentioned. Statistics on cybercrime growth are presented. The role of organizations like NASSCOM in combating cybercrime through initiatives focused on engagement, education, enactment and enforcement is summarized. Suggestions for dealing with cybercrime through international cooperation, funding research, upgrading laws and training law enforcement are provided.
This document summarizes a webinar on international data transfers. It discusses recent EU data transfer enforcement actions against a Norwegian toll road operator and Hamburg public authorities for transferring personal data to China and the US without proper safeguards. It also provides an overview of the EU's standard contractual clauses and transfer risk assessment requirements, as well as the UK's international data transfer agreements and risk assessment process. Finally, it briefly mentions other international data transfer mechanisms and opens the floor for questions.
The document discusses the key aspects and requirements of the General Data Protection Regulation (GDPR). It notes that the GDPR strengthens and unifies data protection for individuals within the European Union. It applies to all companies processing personal data of EU residents, regardless of the company's location. The GDPR requires organizations to implement measures regarding data processing activities, data subject rights, security, breaches, and accountability. Non-compliance can result in significant fines of up to 4% of annual global turnover or €20 million. The GDPR has important implications for financial institutions and other organizations in how they manage personal data.
This document discusses whether health data constitutes big data. It identifies several sources of health data, such as clinical data, medical publications, and genomic data. While health data storage is projected to reach 25,000 petabytes by 2020, health data only accounts for 30% of the world's total data storage compared to other data-rich domains. However, the healthcare system has not fully optimized the potential benefits of big data due to issues like a lack of data integration and standardization. While health data is large, it is not as big as data from other domains that have more successfully harnessed the value of big data analytics.
The document provides an overview of the UK Data Protection Act of 1998. It was introduced due to public concerns about privacy with advancing computer technology. The Act gives individuals rights over their personal data and requires organizations to be open about how data is collected and used. It established 8 principles of good practice that require data to be fairly and lawfully processed, stored securely, and not transferred without adequate protections.
The SEC has proposed new rules to standardize and enhance climate-related disclosures for public companies. Key elements of the proposal include:
- Requiring governance, strategy, risk management, and targets disclosures around climate-related issues.
- Mandating financial statement metrics on the impact of severe weather events and the transition to a lower-carbon economy if such impacts exceed 1% of the relevant line item.
- Specifying greenhouse gas emissions disclosure of Scope 1, 2 and material Scope 3 emissions over time, starting with limited assurance and progressing to reasonable assurance.
- Placing most climate disclosures in a new section before the Management Discussion and Analysis rather than within the financial statements themselves. A
True Bayesians actually consider conditional probabilities as more basic than joint probabilities. It is easy to define P(A|B) without reference to the joint probability P(A,B). To see this note that we can rearrange the conditional probability formula to get:
P(A|B) P(B) = P(A,B)
Bcg true luxury global cons insight 2017 - presentataGabriela Otto
The document summarizes key findings from the 4th Edition of the True-Luxury Global Consumer Insight report by BCG Altagamma:
1) The number of true luxury consumers grew to 17 million, with China and the US driving most of the growth. Average luxury spending increased to 36,000 euros per consumer.
2) While the overall luxury market remained steady, there was a shift towards higher-spending consumers. True luxury consumers now represent 32% of the global luxury market, up from 29%.
3) Consumer appetite for luxury remains healthy, with the True Luxury Barometer showing 24% of consumers expect to increase spending in 2017. Chinese and American consumers will be the biggest drivers
DCH Data Protection Training PresentationMark Gracey
This document provides an overview of a training module on data protection. It discusses how the General Data Protection Regulation (GDPR) was implemented in the UK through the Data Protection Act 2018. The training aims to help organizations understand their obligations to comply with data protection laws and ensure all employees understand their roles. It covers key concepts like personal data, processing, data subjects, controllers, and processors. It also outlines the core data protection principles of lawful, fair and transparent processing.
At EY, we are committed to building a better working world — with increased trust and confidence in business, sustainable growth, development of talent in all its forms, and greater collaboration.
As stated by Mark Weinberger, Global Chairman and CEO, "We have developed a plan — Vision 2020 — that considers the changing world today, how it will be tomorrow and how we will adapt to the challenges and opportunities we will face. Amid the changes we see, EY also sees great opportunity and relevance in the role we play in building a better working world. The quality services and insights we deliver help build trust and confidence in capital markets in economies the world over. In so doing, we help build a better working world for our people, for our clients and for our communities. This is our purpose."
The EY Global Review 2013 covers the changes EY is making to better serve our clients, develop our people and leverage our highly integrated global structure.
This document provides an overview of the General Data Protection Regulation (GDPR) for employees. It defines personal data and special categories of personal data. It outlines the key rights of individuals, including rights to access, rectification, erasure, and objection. It discusses lawful processing of personal data and consequences for non-compliance such as fines. It provides examples of data breaches and emphasizes the importance of following the company's data protection policies and procedures.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Randomization tests provide an alternative to t-tests and F-tests that does not rely on assumptions of normality or random sampling. However, randomization tests can be too liberal or conservative depending on differences in sample sizes. Bootstrapping and Gill's algorithm can help address these issues. Bootstrapping resamples the larger sample to match the size of the smaller sample, controlling for liberal bias. Gill's algorithm uses Fourier expansion to efficiently calculate p-values from all permutations, reducing computational cost compared to full enumeration. However, conservative bias remains a challenge without a known solution.
The document provides an introduction to the General Data Protection Regulation (GDPR). It defines personal data and data privacy, explaining that the GDPR aims to strengthen data protection for individuals in the EU. It outlines key areas the GDPR covers such as consent, transparency, profiling, data transfers, and rights of individuals. It discusses penalties for non-compliance, which include fines of up to 20 million Euros or 4% of annual global turnover. The document provides an overview of the GDPR's requirements and changes organizations need to make to be compliant, such as conducting data audits and impact assessments, and establishing governance frameworks with accountability.
Italian consumers are increasingly pessimistic about the economy, with many aiming to reduce spending and modify consumption habits.
Italian consumers are increasingly worried about the effects of rising prices, as well as the invasion of Ukraine. Of Italians surveyed, six in ten expressed a negative view of the current economy; hopes for an economic recovery are lower than they were throughout the entire COVID-19 pandemic. Consumers perceived the highest price increases in groceries and fuel, along with strong increase in spend. These sentiments have translated into reduced consumption. Changed consumer behavior is also apparent, with a shift towards discounters and private-label brands. Price, value for money and availability are the biggest drivers of these choices.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
Data protection is all about respecting an
individual’s right to privacy and the new data
protection regulations, currently going
through final review by the European
parliament, will provide organizations with
the momentum they need to manage their
data more effectively. But what do you need
to do in order to ensure your organization
complies with data protection legislation
while increasing customer satisfaction?
This document provides an overview of the General Data Protection Regulation (GDPR). It discusses what personal data is, the rights to privacy and data protection under the GDPR and European law. It explains that the GDPR applies broadly to any company that processes personal data of EU residents, regardless of location. Companies have obligations around obtaining permission for data processing, providing transparency around data usage, implementing security measures, and designating a data protection officer if required. The GDPR aims to better protect privacy and give individuals more control over their personal data.
The document provides an overview of ethics, legislation, and privacy issues related to big data. It discusses the necessity of regulating big data and the differences between privacy and data protection. It also provides details on the General Data Protection Regulation (GDPR), including its goals, requirements for companies, and individual rights it aims to protect.
This document provides an overview of the key elements of the UK Data Protection Act of 1998 as amended in 2000. It explains that the Act aims to protect personal data by regulating its processing. It outlines the main roles in the Act, including Data Controller, Data Processor, and Data Subject. It defines what types of data are covered, the principles Data Controllers must comply with, and individuals' rights. Exceptions to the Act are noted. Requirements for businesses and staff responsibilities are also reviewed.
Talk by Polina Zvyagina, Airbnb (San Francisco), at Stanford Engineering on February 25 2019, Session #6: 'Growing ‘Bitcoin Cities’ Across the Globe from Slovenia || GDPR Compliance Case Study || EU Digital Economy Policy'.
Website: http://www.StanfordEuropreneurs.org
YouTube Channel: https://www.youtube.com/user/StanfordEuropreneurs
Twitter: @Europreneurs
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
The document provides an overview of the General Data Protection Regulation (GDPR) that goes into effect in the European Union on May 25, 2018. Some key points:
- GDPR strengthens data protection rights for EU citizens and applies to any organization that collects data from EU individuals, regardless of location.
- It establishes high fines for noncompliance (up to 4% of global revenue or 20 million euros) and requires clear and easy-to-withdraw consent for data collection and use.
- Individuals have new rights regarding their data, including rights to access, correct, and delete personal data, and object to automated decision making. Organizations must also notify about data breaches.
- While
General Data Protection Regulation specifies how customers data can be used and protected. The primary objective of the GDPR is to give citizens control of their personal data. Failing to comply with GDPR can cost you 4% of global turnover or €20 million or whichever is greater.
1. The GDPR significantly changes data protection requirements for companies doing business in the EU and increases obligations for advertisers and networks/publishers who can now be jointly liable. It comes into effect in May 2018 with fines up to 4% of global revenue.
2. Under the GDPR, personal data is more broadly defined and users have more rights around consent, access, and removal of their data. Requirements around ad profiling and tracking remain unclear as guidance is still pending.
3. Companies should map their data flows, review consents and policies, and engage regulators to understand impacts on their business from the GDPR. Industry alignment with the FTC is also discussed.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
Everything you need to know about the GDPRSpoon London
The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed
to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
In the shadow of the global pandemic and the associated economic downturn, organizations are focused on cost optimization, which often leads to impulsive decisions to deprioritize compliance with all nonrevenue programs.
Regulators have evolved to adapt with the notable increase in data subject complaints and are getting more serious about organizations that don’t properly protect consumer data. Marriott was hit with a $124 million fine while Equifax agreed to pay a minimum of $575 million for its breach. The US Federal Trade Commission, the US Consumer Financial Protection Bureau (CFPB), and all 50 U.S. states and territories sued over the company’s failure to take “reasonable steps” to secure its sensitive personal data.
Privacy and data protection are enforced by a growing number of regulations around the world and people are actively demanding privacy protection — and legislators are reacting. More than 60 countries have introduced privacy laws in response to citizens’ cry for transparency and control. By 2023, 65% of the world’s population will have its personal information covered under modern privacy regulations, up from 10% today, according to Gartner. There is a convergence of data privacy principles, standards and regulations on a common set of fundamental principles.
The opportunities to use data are growing exponentially, but so too are the business and financial risks as the number of data protection and privacy regulations grows internationally.
Join this webinar to learn more about:
- Trends in modern privacy regulations
- The impact on organizations to protect and use sensitive data
- Data privacy principles
- The impact of General Data Protection Regulation (GDPR) and data transfer between US and EU
- The evolving CCPA, the new PCI DSS version 4 and new international data privacy laws or regulations
- Data privacy best practices, use cases and how to control sensitive personal data throughout the data life cycle
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
The document provides an overview of the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines personal data and special categories of personal data that require strict protection. GDPR places requirements on organizations that process personal data to protect privacy rights, ensure appropriate data use, and demonstrate compliance. It describes key data protection principles like lawfulness, purpose limitation, data minimization, accuracy, storage limitation, integrity and confidentiality, and accountability. The document outlines responsibilities of data controllers versus processors and the 12 steps for organizations to comply with GDPR.
Data Privacy and Data Protection: Rotary’s Compliance with GDPR HandoutRotary International
Rotary International has taken several steps to prepare for the new European Union General Data Protection Regulation (GDPR) which strengthens data protection rules for EU residents and applies to organizations that offer services to EU residents. Rotary conducted a readiness assessment and risk analysis which identified key areas of focus including updating processes and policies around lawful data processing, data breach response, records retention, and providing more transparency around how personal data is used. Rotary is applying these new standards globally and constituents will have new rights under GDPR such as access to their data, rectifying errors, and objecting to certain uses of their data. Clubs and districts located in or serving the EU must also comply with GDPR requirements.
Similar to Advanced Data Protection training for volunteers (20)
Volunteer guide to event risk assessments: Parkinson's UK volunteer induction Parkinson's UK
This will help you to complete a risk assessment when you're planning an event.
This is part of the Parkinson's UK volunteer induction: http://www.parkinsons.org.uk/volunteerinduction
General office health and safety for volunteers: Parkinson's UK volunteer ind...Parkinson's UK
This training highlights general health and safety issues for volunteers to look out for when working in an office.
This is part of the Parkinson's UK volunteer induction: http://www.parkinsons.org.uk/volunteerinduction
DSE and manual handling for volunteers: Parkinson's UK volunteer induction Parkinson's UK
This document provides training on display screen equipment (DSE) and manual handling for volunteers. It discusses potential health hazards from DSE work like musculoskeletal problems and offers tips for proper ergonomics. Guidelines are presented for lifting, lowering, and moving loads safely to prevent injuries. The document emphasizes assessing risks related to tasks, loads, environments, and individual capabilities when performing manual handling.
'Keeping safe' health and safety induction: Parkinson's UK volunteer inductionParkinson's UK
This will give you a clearer understanding of how you can help to keep yourself, volunteers and participants in Parkinson's UK activities safe.
This is part of the Parkinson's UK volunteer induction: http://www.parkinsons.org.uk/volunteerinduction
Managing your time: Parkinson’s UK volunteer induction Module 4, Task 1 Parkinson's UK
Look at the two situations in these slides and think about how you'd plan your time as a volunteer.
This is part of the Parkinson's UK volunteer induction: http://www.parkinsons.org.uk/volunteerinduction
Being an ambassador: Parkinson's UK volunteer induction Module 3, Task 3 Parkinson's UK
Click through the slides to see how your decisions and actions as a volunteer can have a wider impact across the charity.
This is part of the Parkinson's UK volunteer induction: http://www.parkinsons.org.uk/volunteerinduction
Volunteer clues: Parkinson's UK volunteer induction Module 2, Task 3 Parkinson's UK
The document describes several types of volunteer roles at Parkinson's UK, including volunteer educators who teach nursing home staff about Parkinson's, event volunteers who help at marathons and concerts, telephone peer support volunteers who talk to others with Parkinson's, regional fundraising volunteers who raise money locally, and research support network volunteers who review grant applications and help educate others about Parkinson's research. It concludes by noting there are many ways volunteers support those with Parkinson's and new roles emerge over time.
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
AHMR is an interdisciplinary peer-reviewed online journal created to encourage and facilitate the study of all aspects (socio-economic, political, legislative and developmental) of Human Mobility in Africa. Through the publication of original research, policy discussions and evidence research papers AHMR provides a comprehensive forum devoted exclusively to the analysis of contemporaneous trends, migration patterns and some of the most important migration-related issues.
A Guide to AI for Smarter Nonprofits - Dr. Cori Faklaris, UNC CharlotteCori Faklaris
Working with data is a challenge for many organizations. Nonprofits in particular may need to collect and analyze sensitive, incomplete, and/or biased historical data about people. In this talk, Dr. Cori Faklaris of UNC Charlotte provides an overview of current AI capabilities and weaknesses to consider when integrating current AI technologies into the data workflow. The talk is organized around three takeaways: (1) For better or sometimes worse, AI provides you with “infinite interns.” (2) Give people permission & guardrails to learn what works with these “interns” and what doesn’t. (3) Create a roadmap for adding in more AI to assist nonprofit work, along with strategies for bias mitigation.
Contributi dei parlamentari del PD - Contributi L. 3/2019Partito democratico
DI SEGUITO SONO PUBBLICATI, AI SENSI DELL'ART. 11 DELLA LEGGE N. 3/2019, GLI IMPORTI RICEVUTI DALL'ENTRATA IN VIGORE DELLA SUDDETTA NORMA (31/01/2019) E FINO AL MESE SOLARE ANTECEDENTE QUELLO DELLA PUBBLICAZIONE SUL PRESENTE SITO
Jennifer Schaus and Associates hosts a complimentary webinar series on The FAR in 2024. Join the webinars on Wednesdays and Fridays at noon, eastern.
Recordings are on YouTube and the company website.
https://www.youtube.com/@jenniferschaus/videos
2. Content of this training
• What is meant by data protection?
• The risks of breaking data protection regulations.
• Guidance on how to identify different types of information.
• Practical tips on effective safe practices.
• Where to go for support and how to report a breach.
Outcomes of this training
• You will feel confident in your role and handling different types of
data.
• You will understand the boundaries on using data.
• You will be able to implement measures to ensure the security of the
data you hold.
• You will know where to get support around data protection.
4. We are living in data times
It’s almost impossible to get up in the morning without generating some kind
of data. Whether we are working or socialising – with friends, colleagues or
family – we generate data. And that is not a bad thing.
It means we’re able to benefit from better services, an improved user
experience and more suitable support, based on who we are and what we
need. However, we have a right to understand how our data is being used,
take an active role in giving consent for our information to be collected and
guarantee that anything gathered will be treated with respect and discretion.
Within the UK, rights over data protection were enforced by the Data
Protection Act 1998. But the world has changed since 1998, when the
legislation came into force. This was a world where we couldn’t book cheap
holidays by using a search engine or connect with forgotten school
friends via social media. So, we need a modern law for a modern era.
5. General Data Protection Regulation (GDPR)
What changes with GDPR?
Essentially, GDPR increases the standards organisations are held to when
collecting data. The legislation increases standards for how we confirm people’s
consent for us to collect their data, and how we make sure people understand
what we do with their information.
Will this EU regulation still be relevant post Brexit?
The GDPR has been enshrined in UK law through the Data Protection Act 2018.
This means it is not dependent on the UK’s membership of the EU and will
therefore still be relevant following the UK’s departure from the EU.
On 25 May 2018 new, stronger, data protection laws came into force across the
European Union (EU). These new laws affect any organisation operating within
the EU, or holding information on citizens of the EU.
6. What type of information is relevant?
When considering data protection, our main concern is information which
specifically identifies an individual. As soon as you start being aware of
gathering or receiving data that might identify an individual - digitally, over the
phone, or in person – you need to start considering your legal responsibilities.
Who is responsible?
Ultimately, Parkinson’s UK is responsible. However, as part of Parkinson’s UK,
we all have a role to play. We all need to act in line with Parkinson’s UK policies,
training and procedures to make sure we act fairly and legally.
When there is ‘demonstrable malice’ when using or handling data, i.e. when
someone deliberately does something against data protection law, the person
who committed the crime will be held personally responsible.
However, even in these situations, we still have important responsibilities under
the law. These are explained later in this training.
7. What are the consequences of not complying?
Within the UK, data protection is enforced by the Information Commissioner’s
Office (ICO), who support and monitor organisations to make sure they are
complying with legislation. If they decide that an organisation is not following the
law, then they can issue fines into the millions of pounds, and impose measures
to make sure improvements are made.
Any financial penalty would mean we have less money available to achieve our
mission – funding research and support for those affected by Parkinson’s.
Reputational damage to our fundraising and wider public trust could also be a
potentially serious issue.
We are committed to ensuring our practice and processes are the best they can
be, and that we all take our responsibilities seriously.
8. Assessment
1. Data protection is changing because the world is a different place, with
much more technology, since the Data Protection Act was introduced in 1998.
True or False
2. General Data Protection Regulation is legally adopted within EU member
states from:
a. 30 August 2018
b. 1 January 2019
c. 25 May 2018
d. When the organisation is ready
3. Do UK organisations have to comply with the General Data Protection
Regulation following Brexit? Yes or No
4. The purpose of the General Data Protection Regulation is to protect:
a. a company’s financial information
b. the public’s personal information
c. computers being hacked
9. Assessment
1. Data protection is changing because the world is a different place, with
much more technology, since the Data Protection Act was introduced in 1998.
2. General Data Protection Regulation is legally adopted within EU member
states from:
a. 30 August 2018
b. 1 January 2019
c. 25 May 2018
d. When the organisation is ready
3. Do UK organisations have to comply with the General Data Protection
Regulation following Brexit? Yes or No
4. The purpose of the General Data Protection Regulation is to protect:
a. a company’s financial information
b. the public’s personal information
c. computers being hacked
True
10. Assessment
1. Data protection is changing because the world is a different place, with
much more technology, since the Data Protection Act was introduced in 1998.
2. General Data Protection Regulation is legally adopted within EU member
states from:
c. 25 May 2018
3. Do UK organisations have to comply with the General Data Protection
Regulation following Brexit? Yes or No
4. The purpose of the General Data Protection Regulation is to protect:
a. a company’s financial information
b. the public’s personal information
c. computers being hacked
True
11. Assessment
1. Data protection is changing because the world is a different place, with
much more technology, since the Data Protection Act was introduced in 1998.
2. General Data Protection Regulation is legally adopted within EU member
states from:
c. 25 May 2018
3. Do UK organisations have to comply with the General Data Protection
Regulation following Brexit?
4. The purpose of the General Data Protection Regulation is to protect:
a. a company’s financial information
b. the public’s personal information
c. computers being hacked
True
Yes
12. Assessment
1. Data protection is changing because the world is a different place, with
much more technology, since the Data Protection Act was introduced in 1998.
2. General Data Protection Regulation is legally adopted within EU member
states from:
c. 25 May 2018
3. Do UK organisations have to comply with the General Data Protection
Regulation following Brexit?
4. The purpose of the General Data Protection Regulation is to protect:
True
Yes
b. the public’s personal information
13. Assessment
5. The General Data Protection Regulation:
a. is the law setting out how data must be handled
b. is a set of guidelines suggesting how data should be handled
c. doesn’t apply to charities
6. General Data Protection Regulation only applies to data held on computers.
True or False
14. Assessment
5. The General Data Protection Regulation:
a. is the law setting out how data must be handled
6. General Data Protection Regulation only applies to data held on computers.
True or False
15. Assessment
5. The General Data Protection Regulation:
a. is the law setting out how data must be handled
6. General Data Protection Regulation only applies to data held on computers.
False
16. Assessment
5. The General Data Protection Regulation:
a. is the law setting out how data must be handled
6. General Data Protection Regulation only applies to data held on computers.
False
You have completed module one of your training.
18. Types of information
Under the GDPR there are certain types of information which are considered
particularly sensitive, that need to be considered in a slightly different way.
This doesn’t mean other personal information isn’t important, but we need to
be especially mindful when collecting, managing and storing sensitive
information.
Personal information
Personal information is information which might help identify a specific person,
especially when used in conjunction with other bits of personal information you
hold.
Sensitive personal information
Sensitive personal information is information which might help someone form
a biased opinion or be used to discriminate against somebody.
19. Types of information
When working with different types of information we need to consider what can
be interpreted or inferred when we combine them.
For example, the names John or Jane Smith might not be all that sensitive in
isolation, after all there are many people in the world with that name.
However, if you receive a newsletter from your Parkinson’s UK local group and
you can see John or Jane Smith’s email address copied in you can begin to
make some assumptions, including where they might live, that they have a
close connection to Parkinson’s and you now have their email address to
contact them.
We can quickly begin to build a picture of people based on any information we
receive about them.
20. Personal information Sensitive personal information
Name Race
Address Religion
Date of birth Political opinion
Email address Trade union membership
Photographs Sexual orientation
IP address – the unique digital address
attributed to your digital devices
Sex life
Location data Gender identity
Online behaviours – traced through
'cookies'
Health information
Profiling and analytics data Biometric data
Genetic data
Defining information
Please find below the types of information that fall within each category:
21. Should different types of data be managed differently?
When deciding what information to collect…
All information is important, and while there are differences, it is best practice
to ensure you take measures to maintain the confidentiality of anything that is
shared with you.
When you are asking for information from anyone, it is worth taking a moment
and justifying why you need it. For example, someone may have connected
with you through your promotion with a local synagogue. It is unlikely that
recording that person’s faith, or where the link was made, is important when
delivering the service or support they are reaching out for.
This is particularly relevant when collecting sensitive personal information, but
is a good practice for considering your overall information needs.
if in doubt, leave it out
22. Defining data – an activity
Now, it’s time to put some of that theory into practice. On the next screen
we’ve given you a passage of text containing both personal information
and the sensitive personal information. Once you have read it, we’re
going to ask you to pick out which is which.
As a refresher please find the definitions below:
Personal information Sensitive personal information
Name Race
Address Religion
Date of birth Political opinion
Email address Trade union membership
Photographs Sexual orientation
IP Address – the unique digital address
attributed to your digital devices
Sex life
Location data Gender identity
Online behaviours – traced through 'cookies' Health information
Profiling and analytics data Biometric data
Genetic data
23. Mr Jones, of 37 Roundhay Drive, in Leeds has been recovering in Leeds
General Infirmary after successful deep brain stimulation surgery on Friday 16
March. The operation was a complete success and we are sending his family all
our good wishes.
Mr Jones has been a member of Parkinson’s UK since his diagnosis in 2001,
and has raised several thousands of pounds for his branch over the last few
years, helped by connections made through his membership of the Labour
Party. He is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact Owen, on 01234 567 891 or owen@madeupemail.com
Take a moment to look at the passage below. From this case study
please pick out the personal information that is shared.
Defining data – an activity
24. Mr Jones, of 37 Roundhay Drive in Leeds, has been recovering in Leeds
General Infirmary after successful deep brain stimulation surgery on Friday 16
March. The operation was a complete success and we are sending his family all
our good wishes.
Mr Jones has been a member of Parkinson’s UK since his diagnosis in 2001,
and has raised several thousands of pounds for his branch over the last few
years, helped by connections made through his membership of the Labour
Party. He is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact Owen, on 01234 567 891 or owen@madeupemail.com
Why do you think that the highlighted sections above have been identified
as personal information?
Take a moment to look at the passage below. From this case study
please define the personal information that is shared.
Defining data – an activity
25. Why is this considered personal information?
Mr Jones, of 37 Roundhay Drive in Leeds,
has been recovering in Leeds General Infirmary
after successful deep brain stimulation
surgery on Friday 16 March. The operation was
a complete success and we are sending his
family all our good wishes.
Mr Jones has been a member of Parkinson’s UK
since his diagnosis in 2001 and has raised
several thousands of pounds for the branch over
the last few years, helped by connections made
through his membership of the Labour Party. He
is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at LGI or you can contact Owen,
on 01234 567 891 or owen@madeupemail.com
Personal information
• Name
• Age
• Postal address
• Association with
Parkinson’s UK
• Current location
• Relationship to Owen
• Owen’s name
• Owen’s mobile number
• Owen’s email address
26. Mr Jones, of 37 Roundhay Drive in Leeds, has been recovering in Leeds
General Infirmary after successful deep brain stimulation surgery on Friday 16
March. The operation was a complete success and we are sending his family all
our good wishes.
Mr Jones has been a member of Parkinson’s UK since his diagnosis in 2001,
and has raised several thousands of pounds for the branch over the last few
years, helped by connections made through his membership of the Labour
Party. He is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact his husband, Owen, on 01234 567 891 or owen@madeupemail.com
Take a moment to look at the passage below. From this case study
please define the sensitive personal information that is shared
Defining data – an activity
27. Mr Jones, of 37 Roundhay Drive in Leeds, has been recovering in Leeds
General Infirmary after successful deep brain stimulation surgery on Friday 16
March. The operation was a complete success and we are sending his family all
our good wishes.
Mr Jones has been a member of Parkinson’s UK since his diagnosis in 2001,
and has raised several thousands of pounds for the branch over the last few
years, helped by connections made through his membership of the Labour
Party. He is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact his husband, Owen, on 01234 567 891 or owen@madeupemail.com
Why do you think that the highlighted section above have been identified
as sensitive personal information?
Take a moment to look at the passage below. From this case study
please define the sensitive personal information that is shared.
Defining data – an activity
28. Why is this considered personal sensitive
information?
Mr Jones, of 37 Roundhay Drive in Leeds,
has been recovering in Leeds General Infirmary
after successful deep brain stimulation
surgery on Friday 16 March. The operation was
a complete success and we are sending his
family all our good wishes.
Mr Jones has been a member of Parkinson’s UK
since his diagnosis in 2001, and has raised
several thousands of pounds for the branch over
the last few years, helped by connections made
through his membership of the Labour Party. He
is an active member of St Matthias, the local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact his husband, Owen, on 01234 567 891 or owen@madeupemail.com
Sensitive personal
information
• Medical details
• Diagnosis of
Parkinson’s
• Date of diagnosis
• Being in hospital
• Undergone a medical
procedure
• Political affiliations
• Religious beliefs
• Sexual orientation
29. Mr Jones, of 37 Roundhay Drive in Leeds has been recovering in Leeds General
Infirmary after successful deep brain stimulation surgery on Friday 16 March.
The operation was a complete success and we are sending his family all our
good wishes.
Mr Jones has been a member of Parkinson’s UK since his diagnosis in 2001,
and has raised several thousands of pounds for his branch over the last few
years, helped by connections made through his membership of the Labour
Party. He is an active member of St Matthias, our local church.
If you would like to wish him a speedy recovery, you can visit him on Ward C
between 11am and 1pm Tuesday to Thursday at Leeds General Infirmary or you
can contact his husband, Owen, on 01234 567 891 or owen@madeupemail.com
Within this one passage this is how much we need to be mindful of.
PLEASE NOTE, whatever type of information you are collecting you
must keep it secure and only share with those you have permission to.
And remember only collect what is absolutely necessary.
Defining data – an activity
30. Defining data – reflections on impact
Just take some time to consider what you now know about Mr Jones. You have
been put in a position of trust with his information.
What could be the consequences of this information being shared
• for Mr Jones?
• for Mr Jones’ friends and family?
• for you?
• for Parkinson’s UK?
Ultimately ask yourself “if this was your information how might I
feel if it wasn’t handled appropriately?”
You have completed the second
module of your training.
32. Storing and working with data safely
Before you work with any data it is important that you take a moment to ask
yourself: can I manage this information securely?
The second you receive information, whether digitally or on paper, you need to
be able to store it securely.
Your relationship with data needs to start before you receive anything. Taking
time early on to think about how you will process data will make your
relationship with it much easier, and your processes much more secure.
Or put it another way…
Would you be happy sharing your personal information with somebody who
wasn’t prepared to store it safely?
33. Privacy Notice
Like all organisations Parkinson’s UK has a Privacy Notice, which outlines how
we use personal data, keeps people informed about the data we hold, and
provides assurances that we work with data in a legal and ethical way.
You may get asked about our Privacy Notice and where people can see it.
All we ask is that you simply signpost enquirers to one of the following:
• www.parkinsons.org.uk/privacy
• DataProtection@parkinsons.org.uk
Whenever you collect data of any type from any individual, please make sure
you are signposting towards the Privacy Notice by quoting the weblink provided
above, for example on any form you ask someone to fill out.
34. Staying data safe
Treat data like you would a high value cash donation to the charity and you won’t
go far wrong.
• Protect – As soon as you have collected information, get it secured as soon
as possible. If you leave information in your bag and it gets stolen, for
example, that would count as a breach.
• Lock – You should be looking to ensure data can be locked away within a
secure lockable unit like a filing cabinet. If you feel you need a lockable unit in
your role speak to your staff contact about how you can get one in line with
our expenses policy. If you don’t have an appropriate unit, you should make a
digital version of the document, by photographing it or typing it up, and then
destroy the original.
• Destroy – As soon as the data is no longer needed or you have a digital
version, ensure the original is shredded or destroyed by another secure
means. You should get into a regular pattern of destroying data you hold, as
permission to hold data is not indefinite. Please speak to your staff contact for
advice on data retention.
General data protection measures
35. Staying data safe
• Passwords A simple step to secure the data you hold is to set passwords on
your computers, documents and other devices (tablets and mobile phones, for
example). You should set up a separate account on your computer for your
volunteering role with a confidential password to ensure you have complete
control over the information you hold.
• Memory sticks Memory sticks While it can be convenient to transfer, store
and collect data on a memory stick, they pose a big risk as they are so easy to
lose or steal. If you can avoid using memory sticks then it is best to do so,
however if it is unavoidable then do remember to password protect any
documents it contains and avoid carrying it around everywhere with you. If you
want to use any online data sharing tools or sites, for example DropBox then
speak to the Data Protection Officer (DPO) first to ensure we have appropriate
reassurances over the transfer of data to such facilities. You can contact the
Data Protection Officer by emailing dataprotection@parkinsons.org.uk or call
020 7963 9388.
Digital data protection measures
36. Staying data safe
• Virus protection It’s always harder to break in anywhere if it’s well protected.
So make sure your computer virus protection is up to date and is working.
• Labelled There are occasions when Parkinson’s UK as the data controller
have to provide information to individuals or official bodies, such as the
Information Commissioner’s Office. It makes it much easier to respond to
these requests if data is being held in clearly named folders with a simple path
to them.
• Email security Ensure you have a strong password for any email account you
use. Try to avoid anything too obvious, for example Parkinsons, your surname
or date of birth. A combination of letters, numbers and symbols increases the
security of any password.
Digital data protection measures
37. Staying data safe
Digital data protection measures
• Who am I speaking with? It is important for people to understand who
they are communicating with, and therefore who they are trusting with their
information. You need to have one named contact for an email address –
for example, if you are communicating with GwynethandJack@
madeupemail.com you don’t know if it is Gwyneth or Jack who is receiving
the information and therefore who is responsible.
• Email security Sharing Email is not a secure way of sharing information. It
is easy for people to pass it on to more people than you had intended, and
it can be intercepted. For some data that might be okay, but you should
think about whether it is necessary to share that data, and always
password protect any documents. Ask yourself: if this email was seen by
more people than intended, how might that information be used?
38. Staying data safe
• Email security We should apply different considerations to sensitive personal
data. If you’re not sure what counts as sensitive, please check back to the
previous section. Never share this information by email. If you really need to
share this with someone, speak to your staff contact about the best way to do
so.
• Be cautious Criminals are getting better and better at tricking people into
giving up important data, a type of fraud called Phishing. Exercise extreme
caution, for example, be careful about the links you click or documents you
download from emails.
• Use the BCC field When you receive an email you can clearly see who else
has received that email by looking in the ‘To’ field. This is great when
communicating among friends, but poses a problem when ensuring you’re
keeping people’s data safe. If you simply use the BCC (blind carbon copy) field
when sending your email no one receiving the email will be able to see who
else it was sent to, therefore keeping everyone’s data safe.
Digital data protection measures
39. Staying data safe
• Collecting data about under 18 year olds The GDPR does not represent
a fundamental change to many of the rights that children have over their
personal data. When we refer to a child we mean anyone under the age of
18. Children have the same rights as adults over their personal data so if
you receive a subject access request for example then please notify the
DPO. If you are processing any children’s personal data, please notify the
DPO and a Privacy Impact Assessment will be undertaken.
We have a growing range of ‘How to…’ guides to support you with
the things raised in this section. You can download our guides from
parkinsons.org.uk/dataprotectionresources or speak to your staff
contact.
40. Gaining consent
Under data protection regulations, it is vital that anyone sharing their data
understands for what purpose they are giving their information and how it will be
handled.
Gaining this permission is known as consent and is a cornerstone of data
protection regulations.
This means that individuals are informed about how their information is handled.
Consent also gives a clear indication of whether people wish to be
communicated with, and also what they want to know about, for example
fundraising, marketing or opportunities to hear about the work of the charity.
How you use the data is directly linked to the permission, or consent, that you
got when you originally collected it.
Data should not be shared outside of Parkinson’s UK. If you are asked to do this,
speak to your staff contact for guidance before sending or sharing any
information.
41. How we use information
Sharing of information beyond the permission you’ve been given is not always a
deliberate act. Sometimes we reveal things accidentally or by not taking appropriate
measures, for example losing a sign-in sheet or leaving a laptop on a bus.
We might also be trying to do the best by someone, for example connecting them to a
local service or support. However, even making these connections needs explicit
documented consent. Instead of you making the connection, you should encourage
that person to approach the organisation directly, and allow them to share information
with them if they want to.
However we use data, if it’s outside the consent we have gained from that individual
then it is considered a breach and will need to be investigated.
Individuals have the right to withdraw their consent from you contacting them at any
time and without needing to give a reason, for example this can be unsubscribing
from an email newsletter. If someone asks for you not to contact them anymore, then
you have to immediately remove their details from your distribution lists to stop any
further contact being made. You also need to let the Data Protection Officer know so
that other teams or areas of the charity are aware of that individual’s wishes. You can
get in touch at dataprotection@parkinsons.org.uk.
42. Breach
A data breach is when data that we have been entrusted with gets lost, destroyed,
or seen by an unauthorised third party. This can be accidental, for example leaving
information on a train or accidentally shredding the wrong piece of paper. It can
also be malicious, for example if information was stolen. We have a responsibility
to report this to the Information Commissioner’s Office (ICO) within 72 hours. You
can therefore see how crucial it is that you report the breach to the Parkinson’s UK
Data Protection team immediately, so we can make decisions and compile a full
briefing within the legal timeframe.
The DPO will consider the likelihood and severity of any risk to people’s rights and
freedoms, following the breach. When this assessment has been made, if it’s likely
there will be a risk then the DPO must notify the ICO; if it’s unlikely then the DPO
doesn’t have to report it. We do not need to report every incident to the ICO but
every incident does need to be reported to us.
Following any referral an investigation will take place, led by the Parkinson’s UK
Data Protection Officer. This will look to understand the scale of the issue, any
actions that may need to be taken, and to inform those who might be affected.
43. Breach
In brief, when reporting a breach:
Be quick
Be open
Be vigilant
If you are ever aware of, or concerned
about, a data breach
please email dataprotection@parkinsons.org.uk
or call 020 7963 9388 immediately.
The priority is to raise the alarm!
44. We need your help in the following two areas to ensure we can meet our legislative
responsibility about how we handle individuals’ data.
Subject access requests
A subject access request is a way of asking an organisation what information they have
about you. When a subject access request is made the organisation needs to share all
data held on that person within a fixed timescale, including that held at a local level and by
volunteers.
Right to be forgotten
The right to be forgotten, also known as the ‘right to erasure’, lets individuals ask
organisations to delete any data they hold on them. We have already covered how you
have the right to withdraw your consent from being contacted by an organisation in any
way. But even if an organisation stops contacting you they may still hold data on you. If an
individual exercises their right to be forgotten the organisation must delete any data they
hold on that person.
If you receive a subject access request or a right to be forgotten request, please notify
the Data Protection Officer by emailing dataprotection@parkinsons.org.uk or calling
020 7963 9388 immediately for further guidance.
Subject access requests and right to be forgotten
45. Assessment
1. I can ask for any type data from people because I might find it useful in the
future.
True or False
2. People must give a reason to unsubscribe from a mailing list?
True or False
3. Why is it not suitable to use a shared email address such as
PearlandStewart@madeupemail.com?
a. Some people might not like Stewart and it could put them off emailing
for support
b. People need to know specifically who they are contacting and the
person they are sharing their information with
c. You don’t think that their password is strong enough
4. How long should you take to action a request to unsubscribe from a mailing list?
a. Immediately upon receipt of the request
b. Within 24 hours of receipt of request
c. As soon as you get round to it
d. You need to seek approval from your staff contact first
46. Assessment
1. I can ask for any type data from people because I might find it useful in the
future.
2. People must give a reason to unsubscribe from a mailing list?
True or False
3. Why is it not suitable to use a shared email address such as
PearlandStewart@madeupemail.com?
a. Some people might not like Stewart and it could put them off emailing
for support
b. People need to know specifically who they are contacting and the
person they are sharing their information with
c. You don’t think that their password is strong enough
4. How long should you take to action a request to unsubscribe from a mailing list?
a. Immediately upon receipt of the request
b. Within 24 hours of receipt of request
c. As soon as you get round to it
d. You need to seek approval from your staff contact first
False
47. Assessment
1. I can ask for any type data from people because I might find it useful in the
future.
2. People must give a reason to unsubscribe from a mailing list?
3. Why is it not suitable to use a shared email address such as
PearlandStewart@madeupemail.com?
a. Some people might not like Stewart and it could put them off emailing
for support
b. People need to know specifically who they are contacting and the
person they are sharing their information with
c. You don’t think that their password is strong enough
4. How long should you take to action a request to unsubscribe from a mailing list?
a. Immediately upon receipt of the request
b. Within 24 hours of receipt of request
c. As soon as you get round to it
d. You need to seek approval from your staff contact first
False
False
48. Assessment
1. I can ask for any type data from people because I might find it useful in the
future.
2. People must give a reason to unsubscribe from a mailing list?
3. Why is it not suitable to use a shared email address such as
PearlandStewart@madeupemail.com?
b. People need to know specifically who they are contacting and the
person they are sharing their information with
4. How long should you take to action a request to unsubscribe from a mailing list?
a. Immediately upon receipt of the request
b. Within 24 hours of receipt of request
c. As soon as you get round to it
d. You need to seek approval from your staff contact first
False
False
49. Assessment
1. I can ask for any type data from people because I might find it useful in the
future.
2. People must give a reason to unsubscribe from a mailing list?
3. Why is it not suitable to use a shared email address such as
PearlandStewart@madeupemail.com?
b. People need to know specifically who they are contacting and the
person they are sharing their information with
4. How long should you take to action a request to unsubscribe from a mailing list?
a. Immediately upon receipt of the request
False
False
50. Assessment
5. Who should you notify first if you think there might have been a data breach?
a. Your staff contact
b. The Information Commissioner’s Office
c. The Data Protection Officer for Parkinson’s UK
d. The person/people affected
e. No one and just hope it goes away
51. Assessment
5. Who should you notify first if you think there might have been a data breach?
c. The Data Protection Officer for Parkinson’s UK
52. Assessment
5. Who should you notify first if you think there might have been a data breach?
c. The Data Protection Officer for Parkinson’s UK
Congratulations
You have almost completed your Data Protection training.
Please click through for the final few pointers
and one last important action.
53. Support and guidance
This training has been designed to support you in your crucial role helping
those affected by Parkinson’s, but our support doesn’t end there…
We are here for you and we will continue to roll out further resources, support and
tools so you can spend more of your time doing what you do best - changing the
lives of people affected by Parkinson’s.
If you have any questions about data protection or want further support to
implement some of what you have learnt in this booklet speak to your staff
contact.
If you have any concerns relating to data protection please email:
dataprotection@parkinsons.org.uk or call 020 7963 9388.
ACTION:
Please tell your Parkinson’s UK staff contact
you have completed your data protection training.