SlideShare a Scribd company logo

Associates quick guide to gdpr v 1.0

A
Aaron Banham

A simple explanation of the basic principles surrounding GDPR that are applicable for our Associates.

1 of 16
A quick guide to GDPR for Associates 1April 2018
A quick guide to GDPR Like everybody else, over the last few months we have been trying to read, understand, digest and interpret the new GDPR regulations. This is our take on it and hope it acts as a helpful guide. NB - we strongly advise that each associate take their own steps including thinking about legal advise if you are unsure of how these regulations affect you directly to ensure you are fully compliant. Remember these regulations will take time to settle and test cases are likely in the coming months. 2April 2018
Areas in need of focus 1. The Headlines 2. ICO expectations 3. The 6 principles and Accountability 4. Data controllers vs. Data processors - which one are you? 5. Enhanced Data subjects’ rights 6. Dealing with Subject Access Requests (SARs) 7. Privacy statements 8. Keeping data safe 9. In the event of a breach 3April 2018
The headlines GDPR went live on the 25th May 2018 • GDPR is new European-wide law that applies to every business in the UK and EEA - big or small, sole trader or big corporate - that collects personal data, even if you only undertake a few cases a year. • The previous legislation was the Data protection Act of 1998….. 20 years on, the world is a very different place due the explosion of technology and social media. This regulation reflects the changes now needed to keep data safe. • The key focus is giving data subjects back their/our privacy and reflecting the way they/we live our lives now. • There are enhanced rights for data subjects. 4April 2018
The headlines • Despite Brexit and even though Article 50 has been triggered, it will take two years for our exit from the EU to be agreed therefore the UK Government have made it clear GDPR became fully enforceable on 25th May 2018. • The fines for breaches & non compliance are bigger- up to 4% of global turnover or up to £20 Million……….never mind the reputational damage! Tip - Make sure you have registered with the ICO- see link below for details on how and costs - https://ico.org.uk/media/for-organisations/documents/2258205/dp-fee-guide-for-controllers- 20180221.pdf TIP - Think about it as a cultural shift not just a tick box exercise. 5April 2018
ICO expectations • That every business, big or small is taking it seriously – compliance is mandatory • That you are on route to GDPR compliance and can evidence what you are doing. You are not expected to have everything in place by the 25th May 2018 • That there is evidence of what you have done and intend to do and that your journey to GDPR compliance has begun The 3 big issues that ICO are likely to zoom in on are: 1. Handling a SAR 2. Managing and communicating a data breach 3. A Cyber attack 6April 2018
The 6 Principles 1. Lawfulness, fairness and transparency - Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject 2. Purpose limitation - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes 3. Data minimisation - Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed 4. Accuracy - personal data shall be accurate and, where necessary, kept up to date. 5. Storage limitation - Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed 6. Integrity and confidentiality - Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures 7April 2018
And Accountability…….. • The accountability principle in Article 5 (2) means that controllers are responsible for and should be able to demonstrate their compliance with the GDPR data processing principles listed in Article 5 (1) 8April 2018
Controller or processor? • “data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are to be processed. • “data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. • “processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including: a) organisation, adaptation or alteration of the information or data, b) retrieval, consultation or use of the information or data, c) disclosure of the information or data by transmission, dissemination or otherwise making available, or d) alignment, combination, blocking, erasure or destruction of the information or data • TIP – Familiarise yourself with the below: https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-processors-dp- guidance.pdf Page 9 points 25-27 are important 9April 2018
Enhanced Data subjects’ rights Data subjects have enhanced rights compared to the Data protection act 1998: 1. Right to be informed - can ask what information you are holding on them 2. Right to access - allows them to see what information you have on them 3. Right to rectification - allows them to have incorrect information corrected 4. Right to erasure/right to be forgotten (new**) - as it says, to have their information removed completely 5. Right to restriction - as it says, data subjects can request restrictions around what you share 6. Right to data portability (new**) - can request their information be transferred to another place/company 7. Right to object - to direct marketing, scientific research etc. TIP - Make sure you know what the new rights are so that you can respond quickly and effectively to any requests that come through. TIP - Ensure you know the new 6 principles and in particular the responsibilities within ‘accountability’ 10April 2018
Dealing with a Subject Access Request (SAR) Requests can now be made via the phone as well as email or post but you should take reasonable steps to verify who they are first. 1. You must respond to their request should they wish their information to be removed, rectified or deleted – it is their right! 2. You must provide the info within 30 days of the request 3. You can not apply any charge to the request – For information see link below re medical records TIP - write yourself a simple process about how you would deal with this, documenting it is important TIP - Remember it is their right, don’t make it difficult for them to get hold of their information http://www.firstpracticemanagement.co.uk/blog/posts/charging-for-information- requests-to-end-under-gdpr/ 11April 2018
Privacy policy A privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. It fulfils a legal requirement to protect a customer or client's privacy. Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy policy. The document must state clearly: 1. Who you are 2. What you are going to do with their information 3. Who it will be shared with 4. Whether you share information with third parties 5. How they contact you if they have concerns TIP - Write a simple, plain English document that says what information you receive, what you do with it and how they can contact you if they need to? 12April 2018
Keeping data safe It’s your responsibility to take all reasonable steps to ensure any personal data you have access to is safe and secure - that applies to physical documents as well as electronic 13April 2018
Keeping data safe Physical • Wherever you work in your home/office it should be lockable and so should any cupboards housing any physical personal data. • Be careful if you carry paper documents around with you /in your car on the train - are they safe? • Have a good filing system in place so you can find documents quickly. • Do you destroy paper documents securely? • TIP - Think about conducting a mini risk assessment and documenting things to show what you have been thinking about and are planning to do. Below is an interesting article on LinkedIn about a small business and their approach GDPR- a small business case study (mine) https://www.linkedin.com/pulse/gdpr-small-business-case- study-mine-janine-coombes Online • Don’t keep sensitive data/photos on your mobile. Transfer them to your PC asap • Have you got sufficient anti-virus and firewalls in place? Free versions are sometimes deemed un-safe • Are you password protecting documents when you transfer? 14April 2018
In the event of breach It is your responsibility to inform the ICO of a breach as quickly as possible. 1. Call the ICO within 72 hours and advise them of what has occurred. 2. Be prepared with as much detail as possible i.e. what and how did the breach occur? 3. What measures you have taken to address the issue - be open and honest - The ICO do not take kindly to those who try and hide or are obstructive. 4. Be prepared to inform the data subject(s) who have been affected and provide them with the same info as you provide the ICO - remember their enhanced rights. TIP - Write an easy guide on how you will deal with a breach should one occur and include the contact telephone/email for the ICO, so you have it to hand easily. TIP - Be honest and transparent with the ICO, they don’t take kindly to obstructions . TIP - Don’t panic! 15April 2018
Still got questions? • Check the ICO website https://ico.org.uk/for- organisations/guide-to-the-general-data-protection- regulation-gdpr/ • https://www.youtube.com/watch?v=tTeTm7hHC0U • Free webinars area available through http://www.virtual-administration.com/gdpr- webinar/webinar-dates/ 16April 2018

Recommended

Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
Vertex Holdings
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 

Recommended

Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
Vertex Holdings
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
Chris Gilmour
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
Spotler
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 

More Related Content

What's hot

GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
Zymplify
 
Data protection
Data protectionData protection
Data protection
Lewis Silkin
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
Chris Gilmour
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
Spotler
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
Martin Hawksey
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 

What's hot (20)

GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify Guide
 
Data protection
Data protectionData protection
Data protection
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
What about GDPR?
What about GDPR?What about GDPR?
What about GDPR?
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 

Similar to Associates quick guide to gdpr v 1.0

New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
Pete S
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
Symantec
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
Symantec
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
James '​-- Mckinlay
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
Rohana K Amarakoon
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
dan hyde
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
mrmwood
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
Thomas Goubau
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
Webkul Software Pvt. Ltd.
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
Agile PR
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
Dr. Donald Macfarlane
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Dr. Donald Macfarlane
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
Clive Rich
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
Ray ABOU
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
Tech Trust
 

Similar to Associates quick guide to gdpr v 1.0 (20)

New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
General data protection regulation - European union
General data protection regulation - European unionGeneral data protection regulation - European union
General data protection regulation - European union
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
 
Data protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-finalData protection & security breakfast briefing master slides 28 june-final
Data protection & security breakfast briefing master slides 28 june-final
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 

Recently uploaded

1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
5sj7jxf7
 
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdfchatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
marynayjun112024
 
Sexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity disorderspptxSexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity disorderspptx
Pupayumnam1
 
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
gjsma0ep
 
Vicarious movements or trick movements_AB.pdf
Vicarious movements or trick movements_AB.pdfVicarious movements or trick movements_AB.pdf
Vicarious movements or trick movements_AB.pdf
Arunima620542
 
Innovative Minds France's Most Impactful Healthcare Leaders.pdf
Innovative Minds France's Most Impactful Healthcare Leaders.pdfInnovative Minds France's Most Impactful Healthcare Leaders.pdf
Innovative Minds France's Most Impactful Healthcare Leaders.pdf
eurohealthleaders
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
40fortunate
 
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
DrDevTaneja1
 
Friendly Massage in Ajman - Malayali Kerala Spa Ajman
Friendly Massage in Ajman - Malayali Kerala Spa AjmanFriendly Massage in Ajman - Malayali Kerala Spa Ajman
Friendly Massage in Ajman - Malayali Kerala Spa Ajman
Malayali Kerala Spa Ajman
 
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COMHUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
priyabhojwani1200
 
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and EngagementPrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx Program
 
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdfU Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
Jokerwigs arts and craft
 
FACIAL NERVE
FACIAL NERVEFACIAL NERVE
FACIAL NERVE
aditigupta1117
 
R3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
R3 Stem Cell Therapy: A New Hope for Women with Ovarian FailureR3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
R3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
R3 Stem Cell
 
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSONNEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
SHAMIN EABENSON
 
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdfVEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
Vedanta A
 
National Rural Health Mission(NRHM).pptx
National Rural Health Mission(NRHM).pptxNational Rural Health Mission(NRHM).pptx
National Rural Health Mission(NRHM).pptx
Jyoti Chand
 
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdfCHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
Sachin Sharma
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
rightmanforbloodline
 
Emotional and Behavioural Problems in Children - Counselling and Family Thera...
Emotional and Behavioural Problems in Children - Counselling and Family Thera...Emotional and Behavioural Problems in Children - Counselling and Family Thera...
Emotional and Behavioural Problems in Children - Counselling and Family Thera...
PsychoTech Services
 

Recently uploaded (20)

1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
1比1制作(uofm毕业证书)美国密歇根大学毕业证学位证书原版一模一样
 
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdfchatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
chatgptfornlp-230314021506-2f03f614.pdf. 21506-2f03f614.pdf
 
Sexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity disorderspptxSexual Disorders.gender identity disorderspptx
Sexual Disorders.gender identity disorderspptx
 
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
一比一原版(EUR毕业证)鹿特丹伊拉斯姆斯大学毕业证如何办理
 
Vicarious movements or trick movements_AB.pdf
Vicarious movements or trick movements_AB.pdfVicarious movements or trick movements_AB.pdf
Vicarious movements or trick movements_AB.pdf
 
Innovative Minds France's Most Impactful Healthcare Leaders.pdf
Innovative Minds France's Most Impactful Healthcare Leaders.pdfInnovative Minds France's Most Impactful Healthcare Leaders.pdf
Innovative Minds France's Most Impactful Healthcare Leaders.pdf
 
一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理一比一原版(USF毕业证)旧金山大学毕业证如何办理
一比一原版(USF毕业证)旧金山大学毕业证如何办理
 
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
Digital Health in India_Health Informatics Trained Manpower _DrDevTaneja_15.0...
 
Friendly Massage in Ajman - Malayali Kerala Spa Ajman
Friendly Massage in Ajman - Malayali Kerala Spa AjmanFriendly Massage in Ajman - Malayali Kerala Spa Ajman
Friendly Massage in Ajman - Malayali Kerala Spa Ajman
 
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COMHUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
HUMAN BRAIN.pptx.PRIYA BHOJWANI@GAMIL.COM
 
PrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and EngagementPrudentRx: A Resource for Patient Education and Engagement
PrudentRx: A Resource for Patient Education and Engagement
 
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdfU Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
U Part Wigs_ A Natural Look with Minimal Effort Jokerwigs.in.pdf
 
FACIAL NERVE
FACIAL NERVEFACIAL NERVE
FACIAL NERVE
 
R3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
R3 Stem Cell Therapy: A New Hope for Women with Ovarian FailureR3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
R3 Stem Cell Therapy: A New Hope for Women with Ovarian Failure
 
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSONNEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
NEEDLE STICK INJURY - JOURNAL CLUB PRESENTATION - DR SHAMIN EABENSON
 
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdfVEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
VEDANTA AIR AMBULANCE SERVICES IN REWA AT A COST-EFFECTIVE PRICE.pdf
 
National Rural Health Mission(NRHM).pptx
National Rural Health Mission(NRHM).pptxNational Rural Health Mission(NRHM).pptx
National Rural Health Mission(NRHM).pptx
 
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdfCHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
CHAPTER 1 SEMESTER V COMMUNICATION TECHNIQUES FOR CHILDREN.pdf
 
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
TEST BANK FOR Health Assessment in Nursing 7th Edition by Weber Chapters 1 - ...
 
Emotional and Behavioural Problems in Children - Counselling and Family Thera...
Emotional and Behavioural Problems in Children - Counselling and Family Thera...Emotional and Behavioural Problems in Children - Counselling and Family Thera...
Emotional and Behavioural Problems in Children - Counselling and Family Thera...
 

Associates quick guide to gdpr v 1.0

  • 1. A quick guide to GDPR for Associates 1April 2018
  • 2. A quick guide to GDPR Like everybody else, over the last few months we have been trying to read, understand, digest and interpret the new GDPR regulations. This is our take on it and hope it acts as a helpful guide. NB - we strongly advise that each associate take their own steps including thinking about legal advise if you are unsure of how these regulations affect you directly to ensure you are fully compliant. Remember these regulations will take time to settle and test cases are likely in the coming months. 2April 2018
  • 3. Areas in need of focus 1. The Headlines 2. ICO expectations 3. The 6 principles and Accountability 4. Data controllers vs. Data processors - which one are you? 5. Enhanced Data subjects’ rights 6. Dealing with Subject Access Requests (SARs) 7. Privacy statements 8. Keeping data safe 9. In the event of a breach 3April 2018
  • 4. The headlines GDPR went live on the 25th May 2018 • GDPR is new European-wide law that applies to every business in the UK and EEA - big or small, sole trader or big corporate - that collects personal data, even if you only undertake a few cases a year. • The previous legislation was the Data protection Act of 1998….. 20 years on, the world is a very different place due the explosion of technology and social media. This regulation reflects the changes now needed to keep data safe. • The key focus is giving data subjects back their/our privacy and reflecting the way they/we live our lives now. • There are enhanced rights for data subjects. 4April 2018
  • 5. The headlines • Despite Brexit and even though Article 50 has been triggered, it will take two years for our exit from the EU to be agreed therefore the UK Government have made it clear GDPR became fully enforceable on 25th May 2018. • The fines for breaches & non compliance are bigger- up to 4% of global turnover or up to £20 Million……….never mind the reputational damage! Tip - Make sure you have registered with the ICO- see link below for details on how and costs - https://ico.org.uk/media/for-organisations/documents/2258205/dp-fee-guide-for-controllers- 20180221.pdf TIP - Think about it as a cultural shift not just a tick box exercise. 5April 2018
  • 6. ICO expectations • That every business, big or small is taking it seriously – compliance is mandatory • That you are on route to GDPR compliance and can evidence what you are doing. You are not expected to have everything in place by the 25th May 2018 • That there is evidence of what you have done and intend to do and that your journey to GDPR compliance has begun The 3 big issues that ICO are likely to zoom in on are: 1. Handling a SAR 2. Managing and communicating a data breach 3. A Cyber attack 6April 2018
  • 7. The 6 Principles 1. Lawfulness, fairness and transparency - Personal data shall be processed lawfully, fairly and in a transparent manner in relation to the data subject 2. Purpose limitation - Personal data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes 3. Data minimisation - Personal data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which it is processed 4. Accuracy - personal data shall be accurate and, where necessary, kept up to date. 5. Storage limitation - Personal data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed 6. Integrity and confidentiality - Personal data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures 7April 2018
  • 8. And Accountability…….. • The accountability principle in Article 5 (2) means that controllers are responsible for and should be able to demonstrate their compliance with the GDPR data processing principles listed in Article 5 (1) 8April 2018
  • 9. Controller or processor? • “data controller” means a person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal data are to be processed. • “data processor”, in relation to personal data, means any person (other than an employee of the data controller) who processes the data on behalf of the data controller. • “processing”, in relation to information or data means obtaining, recording or holding the information or data or carrying out any operation or set of operations on the information or data, including: a) organisation, adaptation or alteration of the information or data, b) retrieval, consultation or use of the information or data, c) disclosure of the information or data by transmission, dissemination or otherwise making available, or d) alignment, combination, blocking, erasure or destruction of the information or data • TIP – Familiarise yourself with the below: https://ico.org.uk/media/for-organisations/documents/1546/data-controllers-and-data-processors-dp- guidance.pdf Page 9 points 25-27 are important 9April 2018
  • 10. Enhanced Data subjects’ rights Data subjects have enhanced rights compared to the Data protection act 1998: 1. Right to be informed - can ask what information you are holding on them 2. Right to access - allows them to see what information you have on them 3. Right to rectification - allows them to have incorrect information corrected 4. Right to erasure/right to be forgotten (new**) - as it says, to have their information removed completely 5. Right to restriction - as it says, data subjects can request restrictions around what you share 6. Right to data portability (new**) - can request their information be transferred to another place/company 7. Right to object - to direct marketing, scientific research etc. TIP - Make sure you know what the new rights are so that you can respond quickly and effectively to any requests that come through. TIP - Ensure you know the new 6 principles and in particular the responsibilities within ‘accountability’ 10April 2018
  • 11. Dealing with a Subject Access Request (SAR) Requests can now be made via the phone as well as email or post but you should take reasonable steps to verify who they are first. 1. You must respond to their request should they wish their information to be removed, rectified or deleted – it is their right! 2. You must provide the info within 30 days of the request 3. You can not apply any charge to the request – For information see link below re medical records TIP - write yourself a simple process about how you would deal with this, documenting it is important TIP - Remember it is their right, don’t make it difficult for them to get hold of their information http://www.firstpracticemanagement.co.uk/blog/posts/charging-for-information- requests-to-end-under-gdpr/ 11April 2018
  • 12. Privacy policy A privacy policy is a statement or a legal document that discloses some or all of the ways a party gathers, uses, discloses, and manages a customer or client's data. It fulfils a legal requirement to protect a customer or client's privacy. Being transparent and providing accessible information to individuals about how you will use their personal data is a key element of the Data Protection Act 1998 (DPA) and the EU General Data Protection Regulation (GDPR). The most common way to provide this information is in a privacy policy. The document must state clearly: 1. Who you are 2. What you are going to do with their information 3. Who it will be shared with 4. Whether you share information with third parties 5. How they contact you if they have concerns TIP - Write a simple, plain English document that says what information you receive, what you do with it and how they can contact you if they need to? 12April 2018
  • 13. Keeping data safe It’s your responsibility to take all reasonable steps to ensure any personal data you have access to is safe and secure - that applies to physical documents as well as electronic 13April 2018
  • 14. Keeping data safe Physical • Wherever you work in your home/office it should be lockable and so should any cupboards housing any physical personal data. • Be careful if you carry paper documents around with you /in your car on the train - are they safe? • Have a good filing system in place so you can find documents quickly. • Do you destroy paper documents securely? • TIP - Think about conducting a mini risk assessment and documenting things to show what you have been thinking about and are planning to do. Below is an interesting article on LinkedIn about a small business and their approach GDPR- a small business case study (mine) https://www.linkedin.com/pulse/gdpr-small-business-case- study-mine-janine-coombes Online • Don’t keep sensitive data/photos on your mobile. Transfer them to your PC asap • Have you got sufficient anti-virus and firewalls in place? Free versions are sometimes deemed un-safe • Are you password protecting documents when you transfer? 14April 2018
  • 15. In the event of breach It is your responsibility to inform the ICO of a breach as quickly as possible. 1. Call the ICO within 72 hours and advise them of what has occurred. 2. Be prepared with as much detail as possible i.e. what and how did the breach occur? 3. What measures you have taken to address the issue - be open and honest - The ICO do not take kindly to those who try and hide or are obstructive. 4. Be prepared to inform the data subject(s) who have been affected and provide them with the same info as you provide the ICO - remember their enhanced rights. TIP - Write an easy guide on how you will deal with a breach should one occur and include the contact telephone/email for the ICO, so you have it to hand easily. TIP - Be honest and transparent with the ICO, they don’t take kindly to obstructions . TIP - Don’t panic! 15April 2018
  • 16. Still got questions? • Check the ICO website https://ico.org.uk/for- organisations/guide-to-the-general-data-protection- regulation-gdpr/ • https://www.youtube.com/watch?v=tTeTm7hHC0U • Free webinars area available through http://www.virtual-administration.com/gdpr- webinar/webinar-dates/ 16April 2018