Lewis Silkin, profile picture
Uploaded byLewis Silkin
PPT, PDF3,449 views

Data protection

The document summarizes proposed changes to data protection regulations in the European Union. The key points are: 1) The proposed General Data Protection Regulation aims to standardize data protection laws across EU states through a single set of rules and increased individual rights and enforcement. 2) The regulation proposes stricter obligations for organizations around data documentation, security, privacy by design, and appointing data protection officers. It also strengthens individual rights like the "right to be forgotten." 3) Non-compliance could result in fines of up to 2% of global annual turnover. Organizations are advised to review their data processing and protection practices in preparation for the new regulations.

Embed presentation

Downloaded 30 times
Data Protection Regulations James Davies and Steve Lorber 23 April 2013
Crystal ball
Cheap data • Statistics/visual imagery about how workplace has changed over last 15 years re collection and use of data
Data Protection – a brief history Late 1960s First electronic messaging
1969 First email
The UK in October 1969
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact)
1984 First Data Protection legislation
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act
1998 Act – key principles
What has this meant over last 15 years? • Data subject requests • Data protection policies - consent • Transfer overseas especially to US • “Light touch” enforcement • Globalisation and other less light touch data protection laws
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code
Who is this? Christopher Graham, Information Commissioner
2005 ICO employment practices code
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2007 ICO Personal Data guidance
2007 ICO Personal Data Guidance
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2010 Sanctions increase to £500k 2007 ICO Personal Data guidance
2010 Increase sanction to £500k
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2010 Sanctions increase to £500k 2013 ICO BYOD guidance 2007 ICO Personal Data guidance
2013 ICO BYOD guidance
Data Protection – a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act TODAY Proposed General Data Protection Regulation 2005 Employment Practices Code 2010 Sanctions increase to £500k 2013 ICO BYOD guidance 2007 ICO Personal Data guidance
TODAY Draft Regulation
Data Protection Regulation – introduction • What’s the problem? • Commission solution • Strategy • Particular measures proposed • Practical implications for now?
Data protection – the need for change • Change in nature and extent of processing • Globalisation Different rules in different states Cloud • Employment context volume free-form data
Commission solution – a Data Protection Regulation • What is a regulation? • Aim one-stop shop greater legal certainty - and consistency throughout EU reduction of administrative burden strengthened data subject rights efficiency of supervision and enforcement • And “it will save money” – not just red tape
Strategy proposed • Strategy similar to current rules....but more stricter data protection principles more specific and granular obligations more extensive individual rights...right to be forgotten... Backed up by tougher enforcement – fines of 2% of global turnover
Policy, process...and documentation (1) • Internal documentation adopt policies implement measures to ensure compliance with policies be able to demonstrate compliance if appropriate establish an audit
Policy, process...and documentation (2) • Documentation for data subjects Extensive information including > purposes of processing > if justified by "legitimate interests" ...what those interests are > data subject rights and how to complain > who gets to see it ....recipients > If data does not come from data subject, who the source is
Policy, process...and documentation (3) • Very granular..... underscored by new data protection principle for each processing operation, controller must ensure and demonstrate compliance • Lots of paper .....but does it protect privacy?
Right to be forgotten • Right to have personal data erased if no longer necessary in relation to purposes for which collected consent withdrawn expiry of retention period processing is non- compliant
Right to be forgotten • If personal data has been made public, controller shall take all reasonable steps to tell third parties • Controller may restrict where issue over accuracy data needed for purposes of proof (evidence of business operations)
Data security (1) • Controller and processor must do risk assessment implement technical and organisations measures to ensure security • "Personal data breach" means breach of security .... leading to accidental or unlawful destruction, loss or alteration unauthorised disclosure
Data security (2) • Duty to notify • Duty to document breaches • If breach is likely to affect privacy of data subjects, controller must tell data subject of breach and what it is doing
Data protection by design • "Data protection by design" ...if developing business in ways that impinge on personal data (e.g. a new HR system) implement to ensure compliance (having regard to cost and technology) ensure that by default system > only processes data necessary for purpose > does not collect too much > does not store too long > controls
Data protection officer • Controller and processor must establish a DPO if 250 employees or more • What are the roles/functions of a DPO?
Data protection officer • Controller and processor must establish a DPO if 250 employees or more • What are the roles/functions of a DPO?
Data protection officer Monitoring data protection breaches Contact point for supervisory authority Informing controller and processor of obligations under DPR (and documenting) Monitoring implementation of policies (including audit and training) Ensuring documentation is maintained Monitoring protection by design and security Monitoring data protection impact assessment
Remedies and sanctions • Up to 2% of turnover • Enforcement by "main establishment" regulator In EU - where purposes of processing determined or, if not, where main processing takes place If not established in EU, must appoint a "representative"
Special rules on employment • Regulation allows members states to adopt special rules for employment....but upwards only Extra conditions for processing Regulatory consent? Works Council approval? • Defeats "one-stop" shop?
What to do now? • Proposals will change............ • Share your thoughts with MoJ? • Processing operations identify and record consider how you comply • Establish extent to which you use "consent" to justify processing...and find other ways
Thank you

More Related Content

PPTX
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
PDF
Privacy and Data Security
byWilmerHale
 
PPTX
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
byUsmanMAmeer
 
PPS
Introduction to Data Protection and Information Security
byJisc Scotland
 
PDF
Privacy & Data Protection in the Digital World
byArab Federation for Digital Economy
 
PPT
Personal privacy and computer technologies
bysidra batool
 
PPTX
DATA-PRIVACY-ACT.pptx
byJaeKim165097
 
PPTX
Digital Personal Data Protection Bill 2023 PPT.pptx
byRohanTyagi57
 
Data Privacy: What you need to know about privacy, from compliance to ethics
byAT Internet
 
Privacy and Data Security
byWilmerHale
 
OVERVIEW OF DATA PROTECTION AND PRIVACY.pptx
byUsmanMAmeer
 
Introduction to Data Protection and Information Security
byJisc Scotland
 
Privacy & Data Protection in the Digital World
byArab Federation for Digital Economy
 
Personal privacy and computer technologies
bysidra batool
 
DATA-PRIVACY-ACT.pptx
byJaeKim165097
 
Digital Personal Data Protection Bill 2023 PPT.pptx
byRohanTyagi57
 

What's hot

PPTX
Data protection ppt
bygrahamwell
 
PPTX
Data Privacy Introduction
byPrachi Gulihar
 
PPTX
Privacy & Data Protection
bysp_krishna
 
PDF
Data Protection and Privacy
byVertex Holdings
 
PPTX
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
PDF
Data Privacy & Security
byEryk Budi Pratama
 
PDF
Cyber security and demonstration of security tools
byVicky Fernandes
 
PPTX
Social Engineering new.pptx
bySanthosh Prabhu
 
PPTX
Cia security model
byImran Ahmed
 
PPTX
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
PDF
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
PPTX
Human resources security
byCAS
 
PDF
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
PPTX
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
PPTX
Gdpr presentation
bySudarsan Reddy
 
PPT
Integrating Physical And Logical Security
byJorge Sebastiao
 
PDF
Threat Hunting
bySplunk
 
PPTX
Information security governance
byKoen Maris
 
PPTX
Ppt
byGeetu Khanna
 
PPTX
Security Audit View
byPLN9 Security Services Pvt. Ltd.
 
Data protection ppt
bygrahamwell
 
Data Privacy Introduction
byPrachi Gulihar
 
Privacy & Data Protection
bysp_krishna
 
Data Protection and Privacy
byVertex Holdings
 
Unit 6 Privacy and Data Protection 8 hr
byTushar Rajput
 
Data Privacy & Security
byEryk Budi Pratama
 
Cyber security and demonstration of security tools
byVicky Fernandes
 
Social Engineering new.pptx
bySanthosh Prabhu
 
Cia security model
byImran Ahmed
 
Cyber Threat Intelligence.pptx
byAbimbolaFisher1
 
Data & Privacy: Striking the Right Balance - Jonny Leroy
byThoughtworks
 
Human resources security
byCAS
 
Cybersecurity Roadmap Development for Executives
byKrist Davood - Principal - CIO
 
NIST CyberSecurity Framework: An Overview
byTandhy Simanjuntak
 
Gdpr presentation
bySudarsan Reddy
 
Integrating Physical And Logical Security
byJorge Sebastiao
 
Threat Hunting
bySplunk
 
Information security governance
byKoen Maris
 
Ppt
byGeetu Khanna
 
Security Audit View
byPLN9 Security Services Pvt. Ltd.
 

Similar to Data protection

PDF
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
PPTX
Data protection
byRaviPrashant5
 
PPTX
GDPR training
byASL
 
PPTX
3A – DATA PROTECTION: ADVICE
byCFG
 
PDF
Introduction to EU General Data Protection Regulation: Planning, Implementati...
byFinancial Poise
 
PDF
Introduction to EU General Data Protection Regulation: Planning, Implementat...
byFinancial Poise
 
PPTX
GDPR: The Regulator's Perspective, Peter Brown, ICO
byBCS Data Management Specialist Group
 
PDF
GDPR 11/1/2017
byisc2-hellenic
 
PDF
DMA Legal update: autumn 2013 - Tuesday 1 October
byRachel Aldighieri
 
PPTX
Data Protection: Transitioning to the GDPR
byImogenRutherford
 
PPTX
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
byBrightPay Payroll and Auto Enrolment Software
 
PDF
Public sector breakfast club, October 2016, Exeter
byBrowne Jacobson LLP
 
PPSX
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
PPTX
Get you and your business GDPR ready
byHarrison Clark Rickerbys
 
PPT
Auditing your EU entities for data protection compliance 5661651 1
byrtjbond
 
PDF
GDPR for your Payroll Bureau
byBrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
PPTX
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
byHarrison Clark Rickerbys
 
PDF
Protection des données et de la vie privée : nouvelles obligations pour les e...
byForums financiers de Wallonie
 
PPTX
Overview of privacy and data protection considerations for DEVELOP
byTrilateral Research
 
GDPR and Security.pdf
byAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Data protection
byRaviPrashant5
 
GDPR training
byASL
 
3A – DATA PROTECTION: ADVICE
byCFG
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
byFinancial Poise
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
byFinancial Poise
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
byBCS Data Management Specialist Group
 
GDPR 11/1/2017
byisc2-hellenic
 
DMA Legal update: autumn 2013 - Tuesday 1 October
byRachel Aldighieri
 
Data Protection: Transitioning to the GDPR
byImogenRutherford
 
GDPR: 3 Months On | Guest Speaker: Data Protection Commissioners
byBrightPay Payroll and Auto Enrolment Software
 
Public sector breakfast club, October 2016, Exeter
byBrowne Jacobson LLP
 
Gdpr demystified - making sense of the regulation
byJames Mulhern
 
Get you and your business GDPR ready
byHarrison Clark Rickerbys
 
Auditing your EU entities for data protection compliance 5661651 1
byrtjbond
 
GDPR for your Payroll Bureau
byBrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing for Business Advisors
byHarrison Clark Rickerbys
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
byHarrison Clark Rickerbys
 
Protection des données et de la vie privée : nouvelles obligations pour les e...
byForums financiers de Wallonie
 
Overview of privacy and data protection considerations for DEVELOP
byTrilateral Research
 

More from Lewis Silkin

PPTX
TUPE
byLewis Silkin
 
PPTX
Whistleblowing and collective consultation changes
byLewis Silkin
 
PDF
Changes to the EU procurement rules - how will it affect you?
byLewis Silkin
 
PDF
Gender pay gap reporting
byLewis Silkin
 
PPTX
Unfair dismissal and employment tribunals
byLewis Silkin
 
PDF
Lewis Silkin Brand Academy 2011 Supplementary Document
byLewis Silkin
 
PDF
The New Data Protection Regulation and Cookie Compliance
byLewis Silkin
 
PPTX
Lewis Silkin Brand Academy 2011 Presentation
byLewis Silkin
 
PPT
Discrimination law and family friendly rights
byLewis Silkin
 
PPT
Developing branded products - A toolkit for agencies
byLewis Silkin
 
PDF
FM Forum - Termination & TUPE
byLewis Silkin
 
PDF
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
byLewis Silkin
 
PDF
The Community-Infrastructure-Levy - round table meeting
byLewis Silkin
 
PDF
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
byLewis Silkin
 
PDF
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
byLewis Silkin
 
PDF
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
byLewis Silkin
 
TUPE
byLewis Silkin
 
Whistleblowing and collective consultation changes
byLewis Silkin
 
Changes to the EU procurement rules - how will it affect you?
byLewis Silkin
 
Gender pay gap reporting
byLewis Silkin
 
Unfair dismissal and employment tribunals
byLewis Silkin
 
Lewis Silkin Brand Academy 2011 Supplementary Document
byLewis Silkin
 
The New Data Protection Regulation and Cookie Compliance
byLewis Silkin
 
Lewis Silkin Brand Academy 2011 Presentation
byLewis Silkin
 
Discrimination law and family friendly rights
byLewis Silkin
 
Developing branded products - A toolkit for agencies
byLewis Silkin
 
FM Forum - Termination & TUPE
byLewis Silkin
 
Lewis Silkin's Don't get it wrong #socialmedia Seminar Presentation
byLewis Silkin
 
The Community-Infrastructure-Levy - round table meeting
byLewis Silkin
 
Lewis silkin Brand Academy 2013 - Building valuable brands presentations
byLewis Silkin
 
Lewis Silkin Seminar - What's Trending in TUPE - 8th March 2012
byLewis Silkin
 
Lewis Silkin Seminar - Warranties and Indemnities - 8th March 2012
byLewis Silkin
 

Recently uploaded

PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
PDF
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
PPTX
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
PDF
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
PDF
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
PDF
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PDF
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
Agentic Intro and Hands-on: Build your first Coded Agent
byUiPathCommunity
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
DUBAI IT MODERNIZATION WITH AZURE MANAGED SERVICES.pdf
byLogicEra
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
Dev Dives: Build smarter agents with UiPath Agent Builder
byUiPathCommunity
 
KMWorld - KM & AI Bring Collectivity, Nostalgia, & Selectivity
byJonathan Ralton
 
Support, Monitoring, Continuous Improvement & Scaling Agentic Automation [3/3]
byUiPathCommunity
 
So You Want to Work at Google | DevFest Seattle 2025
byMargaret Maynard-Reid
 
Cheryl Hung, Vibe Coding Auth Without Melting Down! isaqb Software Architectu...
byCheryl Hung
 
[BDD 2025 - Full-Stack Development] Agentic AI Architecture: Redefining Syste...
byWintari Yasmin
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
10 Best Automation QA Testing Software Tools in 2025.pdf
byRohitBhandari66
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
[BDD 2025 - Mobile Development] Exploring Apple’s On-Device FoundationModels
byWintari Yasmin
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
In this document
Powered by AI

Introduction to data protection regulations presented by James Davies and Steve Lorber.

A timeline of data protection laws from the late 1960s to the proposed General Data Protection Regulation.

Discusses problems necessitating changes including globalisation, regulatory inconsistencies, and employment contexts.

Proposed regulation aims for consistency and efficiency, enhancing data subject rights and reducing administrative burdens.

Focus on internal compliance policies and documentation needed for data processing transparency and accountability.

Details the right to erase personal data and the obligations of controllers in case of public data exposure.

Security responsibilities for data controllers, including risk assessments, breach notifications, and data protection by design.

Defines the mandatory role and responsibilities of a Data Protection Officer (DPO) for organizations.

Outlines potential sanctions and remedies for non-compliance, including the role of member states.

Encouragement for organizations to engage with proposed changes in regulations and assess their data processing.

Data protection

  • 1.
    Data Protection Regulations JamesDavies and Steve Lorber 23 April 2013
  • 2.
  • 3.
    Cheap data • Statistics/visualimagery about how workplace has changed over last 15 years re collection and use of data
  • 4.
    Data Protection –a brief history Late 1960s First electronic messaging
  • 5.
  • 6.
    The UK inOctober 1969
  • 7.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact)
  • 8.
    1984 First DataProtection legislation
  • 9.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act
  • 10.
    1998 Act –key principles
  • 11.
    What has thismeant over last 15 years? • Data subject requests • Data protection policies - consent • Transfer overseas especially to US • “Light touch” enforcement • Globalisation and other less light touch data protection laws
  • 12.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code
  • 13.
    Who is this? ChristopherGraham, Information Commissioner
  • 14.
    2005 ICO employmentpractices code
  • 15.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2007 ICO Personal Data guidance
  • 16.
    2007 ICO PersonalData Guidance
  • 17.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2010 Sanctions increase to £500k 2007 ICO Personal Data guidance
  • 18.
  • 19.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act 2005 Employment Practices Code 2010 Sanctions increase to £500k 2013 ICO BYOD guidance 2007 ICO Personal Data guidance
  • 20.
    2013 ICO BYODguidance
  • 21.
    Data Protection –a brief history Late 1960s First electronic messaging 1984 Original Data Protection law (minimal impact) 1998 Data Protection Act TODAY Proposed General Data Protection Regulation 2005 Employment Practices Code 2010 Sanctions increase to £500k 2013 ICO BYOD guidance 2007 ICO Personal Data guidance
  • 22.
  • 23.
    Data Protection Regulation– introduction • What’s the problem? • Commission solution • Strategy • Particular measures proposed • Practical implications for now?
  • 24.
    Data protection –the need for change • Change in nature and extent of processing • Globalisation Different rules in different states Cloud • Employment context volume free-form data
  • 25.
    Commission solution –a Data Protection Regulation • What is a regulation? • Aim one-stop shop greater legal certainty - and consistency throughout EU reduction of administrative burden strengthened data subject rights efficiency of supervision and enforcement • And “it will save money” – not just red tape
  • 26.
    Strategy proposed • Strategy similarto current rules....but more stricter data protection principles more specific and granular obligations more extensive individual rights...right to be forgotten... Backed up by tougher enforcement – fines of 2% of global turnover
  • 27.
    Policy, process...and documentation(1) • Internal documentation adopt policies implement measures to ensure compliance with policies be able to demonstrate compliance if appropriate establish an audit
  • 28.
    Policy, process...and documentation(2) • Documentation for data subjects Extensive information including > purposes of processing > if justified by "legitimate interests" ...what those interests are > data subject rights and how to complain > who gets to see it ....recipients > If data does not come from data subject, who the source is
  • 29.
    Policy, process...and documentation(3) • Very granular..... underscored by new data protection principle for each processing operation, controller must ensure and demonstrate compliance • Lots of paper .....but does it protect privacy?
  • 30.
    Right to beforgotten • Right to have personal data erased if no longer necessary in relation to purposes for which collected consent withdrawn expiry of retention period processing is non- compliant
  • 31.
    Right to beforgotten • If personal data has been made public, controller shall take all reasonable steps to tell third parties • Controller may restrict where issue over accuracy data needed for purposes of proof (evidence of business operations)
  • 32.
    Data security (1) •Controller and processor must do risk assessment implement technical and organisations measures to ensure security • "Personal data breach" means breach of security .... leading to accidental or unlawful destruction, loss or alteration unauthorised disclosure
  • 33.
    Data security (2) •Duty to notify • Duty to document breaches • If breach is likely to affect privacy of data subjects, controller must tell data subject of breach and what it is doing
  • 34.
    Data protection bydesign • "Data protection by design" ...if developing business in ways that impinge on personal data (e.g. a new HR system) implement to ensure compliance (having regard to cost and technology) ensure that by default system > only processes data necessary for purpose > does not collect too much > does not store too long > controls
  • 35.
    Data protection officer •Controller and processor must establish a DPO if 250 employees or more • What are the roles/functions of a DPO?
  • 36.
    Data protection officer •Controller and processor must establish a DPO if 250 employees or more • What are the roles/functions of a DPO?
  • 37.
    Data protection officer Monitoringdata protection breaches Contact point for supervisory authority Informing controller and processor of obligations under DPR (and documenting) Monitoring implementation of policies (including audit and training) Ensuring documentation is maintained Monitoring protection by design and security Monitoring data protection impact assessment
  • 38.
    Remedies and sanctions •Up to 2% of turnover • Enforcement by "main establishment" regulator In EU - where purposes of processing determined or, if not, where main processing takes place If not established in EU, must appoint a "representative"
  • 39.
    Special rules onemployment • Regulation allows members states to adopt special rules for employment....but upwards only Extra conditions for processing Regulatory consent? Works Council approval? • Defeats "one-stop" shop?
  • 40.
    What to donow? • Proposals will change............ • Share your thoughts with MoJ? • Processing operations identify and record consider how you comply • Establish extent to which you use "consent" to justify processing...and find other ways
  • 41.