SlideShare a Scribd company logo

Data protection

Download as PPTX, PDF
R
RaviPrashant5

Data protection

Education
1 of 53
Data Protection
Introduction to Data Protection and the GDPR
The topics covered in this section are:  What is Data protection?  Key Definitions  GDPR - What is it? What's changed? And Brexit.  The Data Protection Act 2018  Case study
What is Data Protection It covers any information that you collect, store or use in the workplace whether it's data that's collected automatically online held electronically on a computer system or kept as a manual record in a filing cabinet. The term ‘data’ refers to both electronic and physical files. For example, information collate an online feedback form digital images CCTV files print and handwritten forms which can identify someone are all classified personal data and so must be kept secure. Everyone in your workplace is responsible for handling personal data carefully and ensuring remains safe and secure at all times Data protection is about keeping people's personal information safe and secure.
What is Data Protection Data protection law exists to ensure that everyone in every workplace is working towards the same principles and practices. In the UK the law ensures that:  Businesses keep people's personal information safe and secure and take steps to prevent it being misused.  Businesses avoid holding and using inaccurate information about people, whether that information relates to business or personal lives>.  People have control over the use of their personal data.  People have the confidence to know that their personal information is being used and stored safely.  People have the right to check the information that businesses hold about them. Not complying with the law is enforceable by the Information Commissioner and the call courts and can amount to a criminal offence .It can result in severe penalties and adverse publicity for your business.
The following definitions are essential for you to understanding of data protection law and will help you to get the most out of this course. Personal Data and Personal information  These terms refer to any information relating to a living person who can be identified by that information For example, peoples name, addresses, contact details or photographs can easily direct you towards a particular person.  The terms also refer to any information that can be used indirectly to identity a person. For example. Identification numbers location data internet series and salary information don't name a person directly. but they can still be used to identify an individual.  Personal data further includes opinions about an individual physical descriptions of a person and video clips where people are recognizable (such as from CCTV or appraisals).  It's important to remember that information in manual filing systems which is accessible according to specific criteria such as chronological order also falls within the data protection regulations Information that has seemingly been pseudonymised counts as personal data it can be attributed to a particular person. Key Definitions
Sensitive personal data and information  Sensitive information is now referred to as special category data. It refers to personal information that is considered much more private than other personal information.  This includes information regarding racial or ethnic origin political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation health or biometrics and criminal proceedings or convictions.  Whilst you should handle all personal data with the same level of care and attention sensitive personal data requires extra security. For example, employee sickness records. Key Definitions
Processing of Personal Data  Processing refers to anything that you do with someone's personal information. This includes activities such as:. Collecting the information. Organising the information in a system. Altering or combining the information. Disclosing the information to a third party. Using the information for a purpose. Holding the information for future use. Deleting the information.  As soon as the personal information is given to you anything you do with it from that point onward is regarded as processing. Key Definitions
The following definitions relate to the people involved in the data collection and handling processes: Data subject - The data subject is the living person whom the personal information is about. This may be a customer or a client but it can also be an employee, a business partner or someone that you trade with. Data controller - This is the person or organisation that determines why the personal information is needed and how it will be used. The data controller is responsible for identifying the purpose for which the data will be used and is normally a company, rather than an individual unless the business is a sole trader). Data processor - This is a person or organisation who processes the personal data on behalf of the controller and under the instruction of the controller such as an outsourced payroll company. cloud provider or market research company. The term does hot refer to the employees of the controller. Key Definitions
The main aim of the regulation is to give EU citizens more control over the use of their personal information, wherever in the world that information is processed. Therefore, the GDPR applies to both businesses within the EU and businesses outside of the EU that handle data about EU citizens. For example, organisations based in America and Australia that offer goods or services to people in the EU must comply with the GDPR in the same way that businesses based in the UK or Germany must. The GDPR Is broadly based on the existing data protection law but gives people more rights in terms of how their personal data is used and places more responsibility on data controllers and processors. GDPR – What it Is? The EU General Data Protection Regulation ( GDPR) came into force across Europe in May 2018.
GDPR – What’s Changed Whilst the GDPR is based on existing data protection law, it has brought with it a range of updates. Some of the main changes and rules apply to:  Obtaining and revoking consent.  Deleting data that isn't being used for its original purpose.  Defining and disclosing the legitimate purpose for which the data will be used.  Notifying the regulators if there's a security breach.  Appointing a data protection officer.  Data subject rights.  Fines and penalties for non-compliance.  Accountability of data controllers and
GDPR - Brexit It's important to note that regardless of the UK'S membership in the EU, data protection law in the UK must take into account the GDPR in order for UK businesses to continue to offer goods and services to people within the EU. For this reason, the UK's data protection law has been amended to include the updates contained in the GDPR and remains as relevant as ever. It's also likely that the Information Commissioner's Office ICO) will retain similar powers after Brexit. The ICOs the UKs supervisory authority and was created to uphold information rights in the public interest. The ICO, amongst various responsibilities, is responsible for registering data controllers handling concerns and taking action to protect people's data protection rights
Data Protection Act 2018 The Data Protection Act 2018 incorporates GDPR provisions into UK law .Therefore your organisation's data protection policies procedures and notices must be up-to-date with what this most recent version of the law requires
Case Study The following case study shows us why adhering to data protection law is so important.  In 2017, it was reported that the car share company Uber had concealed a security breach that affected 2.7 million customers in the UK and 57 million people worldwide. The breach had compromised people's names email addresses and phone numbers, as well as details of some of the drivers.  The security breach occurred in 2016 when hackers gained access to Uber's cloud computer system where the personal information was stored. However, instead of reporting the breach and notifying customers who were affected. Uber paid the hackers $100,000 to delete the data and keep the breach quiet.  If this was to happen again, this sort of situation could attract severe monetary penalties under the GDPR especially as so many EU citizens were affected. For Uber a company with such a large annual turnover. this could translate to a fine of around 20 million
Summary Ø Data protection is about keeping people's personal information safe and secure and applies to both electronic and physical files. Ø Everyone in your workplace is responsible for handling personal data carefully and ensuring it remains safe and secure at all times. Ø Personal data refers to any information relating to a living person who can be identified by that information, such as names addresses, usernames and ID Numbers. Ø The EU General Das Protection Regulation (GDPR) aims to give citizens more control over the use of their personal Information. Ø The main changes under the GDPR related to consent, deleting data, notifying regulators appointing a data protection officer, data subject rights and accountability. Ø Regardless of Brexit, UK data protection law must take into account GDPR in order for UK businesses to continue to offer port and services to people within the EU.
The Principles of Data Protection
These principles apply to everyone, whether you are a data controller or a data processor, so it's important that you have a good understanding of what they mean. In this part of the course, we'll look at each of the principles in more detail and outline how you can put them into practice to ensure that your data collection and processing activities are legally compliant. The principles of data protection set out the main responsibilities for organisations in terms of complying with the law.
The topics covered in this section are: Fair, lawful and transparent processing Purpose limitations Data minimization Accuracy Data retention and storage Data security Accountability
Fair, Law and Transparent Processing If you are going to process someone's personal information, then you must do so fairly, transparently and in accordance with the law. This means that you must have a legal ground for processing the information. The six legal grounds for processing personal data are: 1. Consent. 2. Contract 3. Legal requirement. 4. Vital interest. 5. Public interest of a public authority. 6. Legitimate interests.
Fair, Law and Transparent Processing To process data fairly and transparently, you must take various measures, including telling the data subject about your data protection and privacy arrangements. Telling people about your data protection arrangements should include, for example:  How and why, you are using their information.  Who the data controller is.  Where the data is stored, i.e., in the UK or abroad.  What security is in place.  Whether or not you use others to process data on your behalf.  Their data subject rights. This can be done in a data privacy notice. The notice must be in a concise, transparent, intelligible and easily accessible form and use clear and plain language (particularly for any information addressed specifically to a child).
Purpose Limitation The person must understand your reason for processing before you can begin to use their personal data. For example, if you want someone's name and address in order to send them a catalogue, the person must be told why you need their details and consent to you performing this action. Once collected, the personal information generally cannot be used for any other reason. For example, you cannot then use the person's name and address to send them promotional marketing material unless they had agreed to this in the first place. Note that data collected for a contract may be kept on record, but purely to enable the organisation holding the data to defend itself against potential future litigation or for example, where there is a continuing legitimate interest to do so. This refers to the fact that you can only process someone's personal information for the legal basis and specific reason that you collected it for.
Data Minimisation  This means that you can only collect the personal information you need, and no more.  The personal information you collect must be adequate, relevant and limited to what is necessary in order to fulfil the intended purpose.  For example, to post a catalogue, you only need to collect the person's name and address. Collecting their date of birth, ethnicity and gender would be irrelevant to the intended purpose.  Once the data has been used for its intended purpose and is no longer needed, it should be deleted from your system. This is a requirement under the GDPR. Businesses cannot collect personal information ‘just in case’ it becomes useful in the future.
Accuracy  You must take reasonable steps to ensure that the personal information you hold about people is accurate and, where necessary, kept up to date.  This is primarily the data controller's responsibility and, where outsourced processing takes place (such as an external payroll company the controller must easily be able to correct the information that the processor holds.  The information you collect must be correct both at the time of collection and at the time of use.  Once the data has been used for its intended purpose, there is no longer a need to keep it up to date and instead, the data must be deleted and destroyed.
Data Retention and Storage  It's important that personal data isn't kept longer than is necessary. However, the definition of how long is meant by this is down to each individual business to decide.  Sometimes it may be the law that defines the retention period. For example, bookkeeping records must be kept for a minimum of six years after the accounting period to which they relate.  Businesses can also retain personal data if they may need the data to establish a legal defence in the future.  Under the GDPR, it's essential that personal information is retained for no longer than required for its original purpose and is securely deleted or destroyed. Remember, you cannot keep the data on a ‘just in case’ basis.
Data Retention and Storage  All businesses with more than 250 employees, which process special category data (often found in HR records) or which process information about criminal records, must keep internal records of their data processing activities, including their data processing, sharing and retention arrangements.  Both data controllers and data processors must keep records in writing, either as a hard copy or electronic copy, and this documentation must be made available to the ICO on request. The aim of record keeping is to improve your company's data governance, including data security, availability and usability, so that you are able to prove that what you do with people's data is in line with the law.
Data Retention and Storage As a data controller, you must record the following information:  The name and contact details of the controller and, where applicable the joint controller, representative and data protection officer.  The purposes of the processing.  A description of the categories of data subjects and personal data.  The categories of recipients to whom the personal data has been or will be disclosed, including those in third countries or international organisations.  Where applicable transfers of personal data to a third Country or an international organisation, the name of who or where it is transferred and information on the data protection safeguards, they have in place if applicable.  Where possible, the envisaged time limits for erasure of the different categories of data.  Where possible a general description of the technical and organisational security measures
Data Security  Data security refers to both internal and external threats such as hackers or badly trained staff. The level of security that your business has should reflect the potential harm that may be caused if the personal information is lost stolen or misused.  Security of both electronic and physical records is required, and you must ensure that any third parties that your company uses to process data on your behalf also keep the information secure.  In terms of the law, the GDPR states that personal information must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss destruction or damage using appropriate technical or organisational measures.  If personal data breach does occur, then your company must notify the regulator within 72 hours. The data controller (normally the company that you work for) has overall responsibility for ensuring the personal data you collect is kept secure.
Data Security Lack of staff training, and ignorance of cyber security threats often play a big part in personal data breaches. For example, computer systems can rapidly be compromised if workers dick on unsafe links in phishing emails. Your business can help to avoid security breaches by: Ensuring computer software is up to date. Installing security software, such as firewalls and antivirus software. Enforcing security policies and procedures. Educating staff on the dangers to look out for and how to keep information secure. Ensuring that personal information is only seen by those who need to process it. Compromises to data security are often as a result of human error
Accountability  You must be able to demonstrate that your business is complying with the law.  Keeping accurate records processing activities and updating policies, including relevant policies, are a good way to do this.  Your business will also need to check the contract terms and privacy policies of any external processors that are used.  For example, if you use an external payroll company or social media manager tool then you'll need to ensure that these companies are also compliant with the GDPR and can prove this.  There needs to be a formal data processing contract in place between data controllers and those who process data for them. Whilst the data controller has the overall responsibility for ensuring compliance with the principles of data protection law, data processors are also accountable under the GDPR.
Summary If you are going to process someone's personal information, then you must do so fairly, transparently and in accordance with the law. You can only process someone's personal Information for the lawful basis and specific reason that you collected it for. You should only collect the personal information that you need, and no more, and this information should be accurate and kept up to date. It's important that personal data isn't kept longer than is necessary and, for businesses with over 250 employees, internal records are essential. Both data controllers and processors are accountable under the GDPR and you must be able to demonstrate that your business is complying with me law. Data security refers to both internal and external threats and security of both electronic and physical records is required
Legal Grounds for Processing and Obtaining Consent
Introduction  The GDPR has made significant changes to the way that you can obtain personal information for processing. The biggest change is the need to obtain people's consent.  This part of the course will explain what your responsibilities are in regard to collecting personal data and outlines the lawful grounds for processing.  The module also demonstrates how to obtain consent in a legally compliant way.
The topics covered in this section are:  Collecting data  Performance of a contract.  Legal compliance.  Vital interests and public Interest.  Obtaining consent.  Methods for obtaining consent.  Withdrawing consent  Existing consent
Collecting Data Data processing is only lawful if the information is needed for: ü A contract, such as a contract to supply goods or an employment contract. ü Legal compliance, such as retaining information relating to pre- employment checks, such as the right to work in the UK. ü Protection of vital interests. ü A task in the public interest carried out by a public authority. such as a school or local council ü Legitimate interests. Before using this ground, you should undertake an assessment that balances business interest against the rights and expectations of the data subject. Collecting someone's personal information for processing is only legal if you have one of the lawful grounds set out by the regulations.
Performance of a Contract  Contracts are entered into in all types of business and do not need to be legally drafted or formal written documents.  As well as on paper, contracts can be formed orally or in much more common and less obvious ways. In simple terms, a contract is in place when four steps occur: invitation, offer, acceptance and consideration. For example, if you see a pair of shoes on sale in a shop, this is the invitation. If you take the shoes to the checkout you are offering to pay for them and the cashier will accept your offer. The contract is in place as soon as you have paid for the shoes this is known as consideration. If you apply this thinking to all business then you will find that there are many situations where data is retained by a business because a contract is in place. Therefore, performance of a contract is often the most appropriate ground to use for processing personal information, such as customer information.
Performance of a Contract To fulfil a contract, you are likely to need to process people's data when:  Processing address details for the delivery of purchased goods.  Taking payment for purchases.  Providing an insurance quotation or advise or to arrange a policy.  Delivering financial advice and arranging investments. GDPR also allows you to use performance of a contract as the lawful basis for processing personal information in pre contract situations, such as when quoting for work
Legal Compliance Legal compliance is the most appropriate basis for processing data where there is a legal requirement for you to process or retain the data, For example, this applies to financial information contained in Invoices that you would be required, by HMRC, to retain for six years after the relevant accounting period. There are also legal requirements to retain certain pre-employment check information, such as checks on the person's right to work in the UK.
Vital and Public Interest  Vital interests is an appropriate basis for processing data in very limited circumstances. It is usually the ground required where for example, there is a danger to life if the personal information is not retained.  Public interest can only be used as the grounds for processing by a body acting as a public authority. For example, a school would hold education data in order to deliver education to a child.
Obtaining Consent  Sometimes, you cannot offer this choice, and so consent is not appropriate. In these cases, you would need to either not process the personal information or process the information under a different ground (If one exists).  For example, under the GDPR, employers can no longer assert that an employee consents for their information to be processed, such as in HR records. This is because there is an imbalance of power between employers and employees: so consent cannot be regarded as being valid.  However, in order to employ someone, the employer needs to process the employee's personal information to fulfil their contract of employment and the employer must retain information such as a date of birth or nationality Because this Information is needed to perform the contract then the correct ground to process the data would be contractual requirement. Obtaining consent is only appropriate in situations where you can offer people real choice and control over how their information is used.
Obtaining Consent When obtaining consent from someone:  There must be no element of compulsion or pressure. The consent must be voluntarily and freely given.  The person must actively opt in. You cannot use pre- ticked boxes or another method of default consent.  You must clearly explain why their personal information is needed and what they are agreeing to. You must be specific in your reasons and cannot use open-ended blanket or catch-all wording.  The consent request must be kept separate from your other terms and conditions.  You should keep a record of the consent including who the person is what they agreed to when this happened and what you told them.  The consent should be kept under review and reobtained if anything changes.  The person should be told that they can withdraw consent at any time and there will be no repercussions if they refuse consent.  The wording and language that you use must be clear and precise
Method for Obtaining Consent There is no requirement to use a particular method to obtain consent, as long as the method is appropriate.  Acceptable methods include:  Ticking a box online.  Choosing settings.  Responding to an email requesting consent.  Signing a data protection authorisation.  Verbally agreeing.  Completing a physical form.  Unacceptable methods for obtaining consent include:  Pre-ticket options  Unsubscribe options  Opt out statements.  Silence.  Any other passive reaction
Withdrawing Consent  The GDPR states that it must be easy to withdraw consent. This means that the data subject must be able to withdraw their consent easily and by the same mechanism as consent was granted.  Your business should have a system in place to enable people to revoke their consent and individuals should be told how they can do so.  However, this is not a retrospective right meaning that consent cannot be withdrawn for processing that hat already occurred. only that people co d aw the content to any future processing.
Existing Consent  If you have obtained consent from people before the GDPR became law, then you will need to check whether that consent is in line with the current requirements.  If it's not, then consent needs to be reapplied for. This is most likely to affect marketing companies or businesses that have relied on opt out clauses in the past. Remember that there are also other bases for processing personal data. For most businesses, holding people's personal information in order to perform a contract is the most appropriate ground for processing If this is the case, then you do not need to reapply for consent.
Data Subject Rights
Introduction  This module outlines the main rights of data subjects and will help you to understand how to respond to an access request. the right to be forgotten or a request for information to be updated.  The module will also take a look at data portability and automated processing and what your responsibilities are towards data subjects in regard to these. Individuals have various rights and freedoms under data protection law and it's important that you have an understanding of what they are
The topics covered in this section are: Data subject rights. Access Rights. The right to be forgotten. The right to restriction, rectification and objection.
Data Subject Rights The person that you collect information from the data subject - has various rights under data protection law. People have the right to: Be informed and be given their information in a clear and concise manner. Access their personal information. Have their information corrected if it's incorrect. Object to the processing of their information. Restrict the processing of their information. Have their information deleted (the right to be forgotten). Prevent or query automated processing. Data portability
Access Rights All data subjects have the legal right to access and review the information you hold about . it's your responsibility to provide them with this information. someone their personal Information then you must tell them that you are processing their data and provide it to them as soon as possible within a month of the request at the latest. You can extend this period of compliance by another two months the request is complex or there are various requests in which case you must tell the person why an extension is needed
Access Rights People have the right to ask you: For confirmation of how and where their personal information is being processed .For a copy of their information. Where their information was collected from. Why their information is being processed. What type of information is being processed. What types of recipients their information may be shared with. How long their information will be stored. What their rights are in terms of rectification restriction, objection and deletion. How to complain to the relevant data protection authority About the logic behind any automated processing.
The Right to be Forgotten The right to have personal information deleted or removed is known as the right to be forgotten. People can have their personal information deleted from your system if  The information is no longer needed for the purpose that it was originally collected for.  The person withdraws their consent.  The person objects to further processing and, on your side, there is no overriding or legal reason to continue.  The Information was unlawfully processed.  The information needs to be deleted in order to comply with a legal obligation.  The information has been processed to offer information society services to a child.
The Right to Restriction People have the right to restrict what you do with their personal information. This means you can still hold their information, but you are unable to process it further. You must restrict the processing of someone's information if: A person contests the accuracy of the information In this case, should be restricted until the information is verified. A person objects to the processing In this case, you must restrict processing until you have established whether there is a legitimate ground to continue processing. The processing is unlawful In some cases, the person may ask for restriction rather than deletion. The processor no longer need the information for its original purpose, but they are required by the data subject to establish, exercise or defend a legal case
The Right to Rectification  If someone's personal information is inaccurate or incomplete, then they have the right to have the information rectified.  When someone requests that their information is rectified, whether verbally or in writing you must respond to the request without delay and within one months.  If their request is manifestly unfounded or excessive then you can refuse the request or charge a reasonable fee, providing that you justify your decision in writing. You should also inform the person of their right to complain to the supervisory authority or to seek judicial remedy.  If you have disclosed the person's information to a third party at any point then you must also contact the third party and inform them of the rectification unless this is impossible or involves disproportionate effort.
The Right to Objection  Under data protection law, people have the right to object to: Processing based on legitimate interests, the performance of a task in the public interest or exercise of official authority. Direct marketing. Processing for scientific or historical research and statistical purposes. If someone objects to the processing of their personal information, then you must stop the processing immediately unless you can demonstrate a compelling. legitimate reason to override the individual or the processing is needed for the establishment, exercise or defence of legal claims. In terms of marketing you must stop processing someone's personal information for direct marketing purposes as soon as you receive the objection. There are no exemptions or grounds to refuse.,

Recommended

Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 

Recommended

Privacy and Data Protection
Privacy and Data ProtectionPrivacy and Data Protection
Privacy and Data ProtectionDirectorate of Information Security | Ditjen Aptika
 
Data protection ppt
Data protection pptData protection ppt
Data protection pptgrahamwell
 
Privacy and Data Security
Privacy and Data SecurityPrivacy and Data Security
Privacy and Data SecurityWilmerHale
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protectionsp_krishna
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographicMarketing Team at Crown Worldwide Group
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy IntroductionG Prachi
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)Extentia Information Technology
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRPriyab Satoshi
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
GDPR
GDPRGDPR
GDPRGopi PD
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdfAndrey Prozorov, CISM, CIPP/E, CDPSE. LA 27001
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldArab Federation for Digital Economy
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection PresentationIBM Business Insight
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentationSudarsan Reddy
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 

More Related Content

What's hot

Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityJisc Scotland
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection ActSaimaRafiq
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)Kimberly Simon MBA
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
 

What's hot (20)

Introduction to Data Protection and Information Security
Introduction to Data Protection and Information SecurityIntroduction to Data Protection and Information Security
Introduction to Data Protection and Information Security
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPR
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
GDPR
GDPRGDPR
GDPR
 
Data protection
Data protectionData protection
Data protection
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
Privacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital WorldPrivacy & Data Protection in the Digital World
Privacy & Data Protection in the Digital World
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
The Data Protection Act
The Data Protection ActThe Data Protection Act
The Data Protection Act
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)EU's General Data Protection Regulation (GDPR)
EU's General Data Protection Regulation (GDPR)
 
Unit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hrUnit 6 Privacy and Data Protection 8 hr
Unit 6 Privacy and Data Protection 8 hr
 

Similar to Data protection

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
What does GDPR laws mean for Australian businesses
What does GDPR laws mean for Australian businessesWhat does GDPR laws mean for Australian businesses
What does GDPR laws mean for Australian businessesiFactory Digital
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmChris White
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderSymantec
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingJes Breslaw
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulationFahad Ameen
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookPlr-Printables
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneThomas Goubau
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 

Similar to Data protection (20)

The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
What does GDPR laws mean for Australian businesses
What does GDPR laws mean for Australian businessesWhat does GDPR laws mean for Australian businesses
What does GDPR laws mean for Australian businesses
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
How to Protect Your Data
How to Protect Your DataHow to Protect Your Data
How to Protect Your Data
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
delphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-maskingdelphix-wp-gdpr-for-data-masking
delphix-wp-gdpr-for-data-masking
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018[REPORT PREVIEW] GDPR Beyond May 25, 2018
[REPORT PREVIEW] GDPR Beyond May 25, 2018
 

More from RaviPrashant5

Equality and diversity
Equality and diversityEquality and diversity
Equality and diversityRaviPrashant5
 
Health and safety in the workplace
Health and safety in the workplaceHealth and safety in the workplace
Health and safety in the workplaceRaviPrashant5
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security RaviPrashant5
 
Business and corporate taxation
Business and corporate taxationBusiness and corporate taxation
Business and corporate taxationRaviPrashant5
 
Anti money laundering (aml) and financial crime
Anti money laundering (aml) and financial crimeAnti money laundering (aml) and financial crime
Anti money laundering (aml) and financial crimeRaviPrashant5
 

More from RaviPrashant5 (10)

Whistle blowing
Whistle blowingWhistle blowing
Whistle blowing
 
Equality and diversity
Equality and diversityEquality and diversity
Equality and diversity
 
Health and safety in the workplace
Health and safety in the workplaceHealth and safety in the workplace
Health and safety in the workplace
 
Risk Assessment
Risk AssessmentRisk Assessment
Risk Assessment
 
Employment Law
Employment LawEmployment Law
Employment Law
 
Customer Service
Customer ServiceCustomer Service
Customer Service
 
Introduction to cyber security
Introduction to cyber security Introduction to cyber security
Introduction to cyber security
 
Business and corporate taxation
Business and corporate taxationBusiness and corporate taxation
Business and corporate taxation
 
Anti money laundering (aml) and financial crime
Anti money laundering (aml) and financial crimeAnti money laundering (aml) and financial crime
Anti money laundering (aml) and financial crime
 
Anti bribery
Anti briberyAnti bribery
Anti bribery
 

Recently uploaded

ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationAadityaSharma884161
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxiammrhaywood
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxNirmalaLoungPoorunde1
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPCeline George
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...JhezDiaz1
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Educationpboyjonauth
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️9953056974 Low Rate Call Girls In Saket, Delhi NCR
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxRaymartEstabillo3
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfphamnguyenenglishnb
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxSherlyMaeNeri
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersSabitha Banu
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon AUnboundStockton
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...Nguyen Thanh Tu Collection
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementmkooblal
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxEyham Joco
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Celine George
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersSabitha Banu
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTiammrhaywood
 

Recently uploaded (20)

ROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint PresentationROOT CAUSE ANALYSIS PowerPoint Presentation
ROOT CAUSE ANALYSIS PowerPoint Presentation
 
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptxECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
ECONOMIC CONTEXT - PAPER 1 Q3: NEWSPAPERS.pptx
 
Employee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptxEmployee wellbeing at the workplace.pptx
Employee wellbeing at the workplace.pptx
 
What is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERPWhat is Model Inheritance in Odoo 17 ERP
What is Model Inheritance in Odoo 17 ERP
 
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
Model Call Girl in Tilak Nagar Delhi reach out to us at 🔝9953056974🔝
 
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
ENGLISH 7_Q4_LESSON 2_ Employing a Variety of Strategies for Effective Interp...
 
Introduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher EducationIntroduction to ArtificiaI Intelligence in Higher Education
Introduction to ArtificiaI Intelligence in Higher Education
 
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
call girls in Kamla Market (DELHI) 🔝 >༒9953330565🔝 genuine Escort Service 🔝✔️✔️
 
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptxEPANDING THE CONTENT OF AN OUTLINE using notes.pptx
EPANDING THE CONTENT OF AN OUTLINE using notes.pptx
 
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdfAMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
AMERICAN LANGUAGE HUB_Level2_Student'sBook_Answerkey.pdf
 
Judging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptxJudging the Relevance and worth of ideas part 2.pptx
Judging the Relevance and worth of ideas part 2.pptx
 
DATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginnersDATA STRUCTURE AND ALGORITHM for beginners
DATA STRUCTURE AND ALGORITHM for beginners
 
Crayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon ACrayon Activity Handout For the Crayon A
Crayon Activity Handout For the Crayon A
 
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
HỌC TỐT TIẾNG ANH 11 THEO CHƯƠNG TRÌNH GLOBAL SUCCESS ĐÁP ÁN CHI TIẾT - CẢ NĂ...
 
Hierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of managementHierarchy of management that covers different levels of management
Hierarchy of management that covers different levels of management
 
Types of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptxTypes of Journalistic Writing Grade 8.pptx
Types of Journalistic Writing Grade 8.pptx
 
Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17Field Attribute Index Feature in Odoo 17
Field Attribute Index Feature in Odoo 17
 
Full Stack Web Development Course for Beginners
Full Stack Web Development Course for BeginnersFull Stack Web Development Course for Beginners
Full Stack Web Development Course for Beginners
 
9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR9953330565 Low Rate Call Girls In Rohini Delhi NCR
9953330565 Low Rate Call Girls In Rohini Delhi NCR
 
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPTECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
ECONOMIC CONTEXT - LONG FORM TV DRAMA - PPT
 

Data protection

  • 2. Introduction to Data Protection and the GDPR
  • 3. The topics covered in this section are:  What is Data protection?  Key Definitions  GDPR - What is it? What's changed? And Brexit.  The Data Protection Act 2018  Case study
  • 4. What is Data Protection It covers any information that you collect, store or use in the workplace whether it's data that's collected automatically online held electronically on a computer system or kept as a manual record in a filing cabinet. The term ‘data’ refers to both electronic and physical files. For example, information collate an online feedback form digital images CCTV files print and handwritten forms which can identify someone are all classified personal data and so must be kept secure. Everyone in your workplace is responsible for handling personal data carefully and ensuring remains safe and secure at all times Data protection is about keeping people's personal information safe and secure.
  • 5. What is Data Protection Data protection law exists to ensure that everyone in every workplace is working towards the same principles and practices. In the UK the law ensures that:  Businesses keep people's personal information safe and secure and take steps to prevent it being misused.  Businesses avoid holding and using inaccurate information about people, whether that information relates to business or personal lives>.  People have control over the use of their personal data.  People have the confidence to know that their personal information is being used and stored safely.  People have the right to check the information that businesses hold about them. Not complying with the law is enforceable by the Information Commissioner and the call courts and can amount to a criminal offence .It can result in severe penalties and adverse publicity for your business.
  • 6. The following definitions are essential for you to understanding of data protection law and will help you to get the most out of this course. Personal Data and Personal information  These terms refer to any information relating to a living person who can be identified by that information For example, peoples name, addresses, contact details or photographs can easily direct you towards a particular person.  The terms also refer to any information that can be used indirectly to identity a person. For example. Identification numbers location data internet series and salary information don't name a person directly. but they can still be used to identify an individual.  Personal data further includes opinions about an individual physical descriptions of a person and video clips where people are recognizable (such as from CCTV or appraisals).  It's important to remember that information in manual filing systems which is accessible according to specific criteria such as chronological order also falls within the data protection regulations Information that has seemingly been pseudonymised counts as personal data it can be attributed to a particular person. Key Definitions
  • 7. Sensitive personal data and information  Sensitive information is now referred to as special category data. It refers to personal information that is considered much more private than other personal information.  This includes information regarding racial or ethnic origin political opinions, religious or philosophical beliefs, trade union membership, sex life or sexual orientation health or biometrics and criminal proceedings or convictions.  Whilst you should handle all personal data with the same level of care and attention sensitive personal data requires extra security. For example, employee sickness records. Key Definitions
  • 8. Processing of Personal Data  Processing refers to anything that you do with someone's personal information. This includes activities such as:. Collecting the information. Organising the information in a system. Altering or combining the information. Disclosing the information to a third party. Using the information for a purpose. Holding the information for future use. Deleting the information.  As soon as the personal information is given to you anything you do with it from that point onward is regarded as processing. Key Definitions
  • 9. The following definitions relate to the people involved in the data collection and handling processes: Data subject - The data subject is the living person whom the personal information is about. This may be a customer or a client but it can also be an employee, a business partner or someone that you trade with. Data controller - This is the person or organisation that determines why the personal information is needed and how it will be used. The data controller is responsible for identifying the purpose for which the data will be used and is normally a company, rather than an individual unless the business is a sole trader). Data processor - This is a person or organisation who processes the personal data on behalf of the controller and under the instruction of the controller such as an outsourced payroll company. cloud provider or market research company. The term does hot refer to the employees of the controller. Key Definitions
  • 10. The main aim of the regulation is to give EU citizens more control over the use of their personal information, wherever in the world that information is processed. Therefore, the GDPR applies to both businesses within the EU and businesses outside of the EU that handle data about EU citizens. For example, organisations based in America and Australia that offer goods or services to people in the EU must comply with the GDPR in the same way that businesses based in the UK or Germany must. The GDPR Is broadly based on the existing data protection law but gives people more rights in terms of how their personal data is used and places more responsibility on data controllers and processors. GDPR – What it Is? The EU General Data Protection Regulation ( GDPR) came into force across Europe in May 2018.
  • 11. GDPR – What’s Changed Whilst the GDPR is based on existing data protection law, it has brought with it a range of updates. Some of the main changes and rules apply to:  Obtaining and revoking consent.  Deleting data that isn't being used for its original purpose.  Defining and disclosing the legitimate purpose for which the data will be used.  Notifying the regulators if there's a security breach.  Appointing a data protection officer.  Data subject rights.  Fines and penalties for non-compliance.  Accountability of data controllers and
  • 12. GDPR - Brexit It's important to note that regardless of the UK'S membership in the EU, data protection law in the UK must take into account the GDPR in order for UK businesses to continue to offer goods and services to people within the EU. For this reason, the UK's data protection law has been amended to include the updates contained in the GDPR and remains as relevant as ever. It's also likely that the Information Commissioner's Office ICO) will retain similar powers after Brexit. The ICOs the UKs supervisory authority and was created to uphold information rights in the public interest. The ICO, amongst various responsibilities, is responsible for registering data controllers handling concerns and taking action to protect people's data protection rights
  • 13. Data Protection Act 2018 The Data Protection Act 2018 incorporates GDPR provisions into UK law .Therefore your organisation's data protection policies procedures and notices must be up-to-date with what this most recent version of the law requires
  • 14. Case Study The following case study shows us why adhering to data protection law is so important.  In 2017, it was reported that the car share company Uber had concealed a security breach that affected 2.7 million customers in the UK and 57 million people worldwide. The breach had compromised people's names email addresses and phone numbers, as well as details of some of the drivers.  The security breach occurred in 2016 when hackers gained access to Uber's cloud computer system where the personal information was stored. However, instead of reporting the breach and notifying customers who were affected. Uber paid the hackers $100,000 to delete the data and keep the breach quiet.  If this was to happen again, this sort of situation could attract severe monetary penalties under the GDPR especially as so many EU citizens were affected. For Uber a company with such a large annual turnover. this could translate to a fine of around 20 million
  • 15. Summary Ø Data protection is about keeping people's personal information safe and secure and applies to both electronic and physical files. Ø Everyone in your workplace is responsible for handling personal data carefully and ensuring it remains safe and secure at all times. Ø Personal data refers to any information relating to a living person who can be identified by that information, such as names addresses, usernames and ID Numbers. Ø The EU General Das Protection Regulation (GDPR) aims to give citizens more control over the use of their personal Information. Ø The main changes under the GDPR related to consent, deleting data, notifying regulators appointing a data protection officer, data subject rights and accountability. Ø Regardless of Brexit, UK data protection law must take into account GDPR in order for UK businesses to continue to offer port and services to people within the EU.
  • 16. The Principles of Data Protection
  • 17. These principles apply to everyone, whether you are a data controller or a data processor, so it's important that you have a good understanding of what they mean. In this part of the course, we'll look at each of the principles in more detail and outline how you can put them into practice to ensure that your data collection and processing activities are legally compliant. The principles of data protection set out the main responsibilities for organisations in terms of complying with the law.
  • 18. The topics covered in this section are: Fair, lawful and transparent processing Purpose limitations Data minimization Accuracy Data retention and storage Data security Accountability
  • 19. Fair, Law and Transparent Processing If you are going to process someone's personal information, then you must do so fairly, transparently and in accordance with the law. This means that you must have a legal ground for processing the information. The six legal grounds for processing personal data are: 1. Consent. 2. Contract 3. Legal requirement. 4. Vital interest. 5. Public interest of a public authority. 6. Legitimate interests.
  • 20. Fair, Law and Transparent Processing To process data fairly and transparently, you must take various measures, including telling the data subject about your data protection and privacy arrangements. Telling people about your data protection arrangements should include, for example:  How and why, you are using their information.  Who the data controller is.  Where the data is stored, i.e., in the UK or abroad.  What security is in place.  Whether or not you use others to process data on your behalf.  Their data subject rights. This can be done in a data privacy notice. The notice must be in a concise, transparent, intelligible and easily accessible form and use clear and plain language (particularly for any information addressed specifically to a child).
  • 21. Purpose Limitation The person must understand your reason for processing before you can begin to use their personal data. For example, if you want someone's name and address in order to send them a catalogue, the person must be told why you need their details and consent to you performing this action. Once collected, the personal information generally cannot be used for any other reason. For example, you cannot then use the person's name and address to send them promotional marketing material unless they had agreed to this in the first place. Note that data collected for a contract may be kept on record, but purely to enable the organisation holding the data to defend itself against potential future litigation or for example, where there is a continuing legitimate interest to do so. This refers to the fact that you can only process someone's personal information for the legal basis and specific reason that you collected it for.
  • 22. Data Minimisation  This means that you can only collect the personal information you need, and no more.  The personal information you collect must be adequate, relevant and limited to what is necessary in order to fulfil the intended purpose.  For example, to post a catalogue, you only need to collect the person's name and address. Collecting their date of birth, ethnicity and gender would be irrelevant to the intended purpose.  Once the data has been used for its intended purpose and is no longer needed, it should be deleted from your system. This is a requirement under the GDPR. Businesses cannot collect personal information ‘just in case’ it becomes useful in the future.
  • 23. Accuracy  You must take reasonable steps to ensure that the personal information you hold about people is accurate and, where necessary, kept up to date.  This is primarily the data controller's responsibility and, where outsourced processing takes place (such as an external payroll company the controller must easily be able to correct the information that the processor holds.  The information you collect must be correct both at the time of collection and at the time of use.  Once the data has been used for its intended purpose, there is no longer a need to keep it up to date and instead, the data must be deleted and destroyed.
  • 24. Data Retention and Storage  It's important that personal data isn't kept longer than is necessary. However, the definition of how long is meant by this is down to each individual business to decide.  Sometimes it may be the law that defines the retention period. For example, bookkeeping records must be kept for a minimum of six years after the accounting period to which they relate.  Businesses can also retain personal data if they may need the data to establish a legal defence in the future.  Under the GDPR, it's essential that personal information is retained for no longer than required for its original purpose and is securely deleted or destroyed. Remember, you cannot keep the data on a ‘just in case’ basis.
  • 25. Data Retention and Storage  All businesses with more than 250 employees, which process special category data (often found in HR records) or which process information about criminal records, must keep internal records of their data processing activities, including their data processing, sharing and retention arrangements.  Both data controllers and data processors must keep records in writing, either as a hard copy or electronic copy, and this documentation must be made available to the ICO on request. The aim of record keeping is to improve your company's data governance, including data security, availability and usability, so that you are able to prove that what you do with people's data is in line with the law.
  • 26. Data Retention and Storage As a data controller, you must record the following information:  The name and contact details of the controller and, where applicable the joint controller, representative and data protection officer.  The purposes of the processing.  A description of the categories of data subjects and personal data.  The categories of recipients to whom the personal data has been or will be disclosed, including those in third countries or international organisations.  Where applicable transfers of personal data to a third Country or an international organisation, the name of who or where it is transferred and information on the data protection safeguards, they have in place if applicable.  Where possible, the envisaged time limits for erasure of the different categories of data.  Where possible a general description of the technical and organisational security measures
  • 27. Data Security  Data security refers to both internal and external threats such as hackers or badly trained staff. The level of security that your business has should reflect the potential harm that may be caused if the personal information is lost stolen or misused.  Security of both electronic and physical records is required, and you must ensure that any third parties that your company uses to process data on your behalf also keep the information secure.  In terms of the law, the GDPR states that personal information must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss destruction or damage using appropriate technical or organisational measures.  If personal data breach does occur, then your company must notify the regulator within 72 hours. The data controller (normally the company that you work for) has overall responsibility for ensuring the personal data you collect is kept secure.
  • 28. Data Security Lack of staff training, and ignorance of cyber security threats often play a big part in personal data breaches. For example, computer systems can rapidly be compromised if workers dick on unsafe links in phishing emails. Your business can help to avoid security breaches by: Ensuring computer software is up to date. Installing security software, such as firewalls and antivirus software. Enforcing security policies and procedures. Educating staff on the dangers to look out for and how to keep information secure. Ensuring that personal information is only seen by those who need to process it. Compromises to data security are often as a result of human error
  • 29. Accountability  You must be able to demonstrate that your business is complying with the law.  Keeping accurate records processing activities and updating policies, including relevant policies, are a good way to do this.  Your business will also need to check the contract terms and privacy policies of any external processors that are used.  For example, if you use an external payroll company or social media manager tool then you'll need to ensure that these companies are also compliant with the GDPR and can prove this.  There needs to be a formal data processing contract in place between data controllers and those who process data for them. Whilst the data controller has the overall responsibility for ensuring compliance with the principles of data protection law, data processors are also accountable under the GDPR.
  • 30. Summary If you are going to process someone's personal information, then you must do so fairly, transparently and in accordance with the law. You can only process someone's personal Information for the lawful basis and specific reason that you collected it for. You should only collect the personal information that you need, and no more, and this information should be accurate and kept up to date. It's important that personal data isn't kept longer than is necessary and, for businesses with over 250 employees, internal records are essential. Both data controllers and processors are accountable under the GDPR and you must be able to demonstrate that your business is complying with me law. Data security refers to both internal and external threats and security of both electronic and physical records is required
  • 31. Legal Grounds for Processing and Obtaining Consent
  • 32. Introduction  The GDPR has made significant changes to the way that you can obtain personal information for processing. The biggest change is the need to obtain people's consent.  This part of the course will explain what your responsibilities are in regard to collecting personal data and outlines the lawful grounds for processing.  The module also demonstrates how to obtain consent in a legally compliant way.
  • 33. The topics covered in this section are:  Collecting data  Performance of a contract.  Legal compliance.  Vital interests and public Interest.  Obtaining consent.  Methods for obtaining consent.  Withdrawing consent  Existing consent
  • 34. Collecting Data Data processing is only lawful if the information is needed for: ü A contract, such as a contract to supply goods or an employment contract. ü Legal compliance, such as retaining information relating to pre- employment checks, such as the right to work in the UK. ü Protection of vital interests. ü A task in the public interest carried out by a public authority. such as a school or local council ü Legitimate interests. Before using this ground, you should undertake an assessment that balances business interest against the rights and expectations of the data subject. Collecting someone's personal information for processing is only legal if you have one of the lawful grounds set out by the regulations.
  • 35. Performance of a Contract  Contracts are entered into in all types of business and do not need to be legally drafted or formal written documents.  As well as on paper, contracts can be formed orally or in much more common and less obvious ways. In simple terms, a contract is in place when four steps occur: invitation, offer, acceptance and consideration. For example, if you see a pair of shoes on sale in a shop, this is the invitation. If you take the shoes to the checkout you are offering to pay for them and the cashier will accept your offer. The contract is in place as soon as you have paid for the shoes this is known as consideration. If you apply this thinking to all business then you will find that there are many situations where data is retained by a business because a contract is in place. Therefore, performance of a contract is often the most appropriate ground to use for processing personal information, such as customer information.
  • 36. Performance of a Contract To fulfil a contract, you are likely to need to process people's data when:  Processing address details for the delivery of purchased goods.  Taking payment for purchases.  Providing an insurance quotation or advise or to arrange a policy.  Delivering financial advice and arranging investments. GDPR also allows you to use performance of a contract as the lawful basis for processing personal information in pre contract situations, such as when quoting for work
  • 37. Legal Compliance Legal compliance is the most appropriate basis for processing data where there is a legal requirement for you to process or retain the data, For example, this applies to financial information contained in Invoices that you would be required, by HMRC, to retain for six years after the relevant accounting period. There are also legal requirements to retain certain pre-employment check information, such as checks on the person's right to work in the UK.
  • 38. Vital and Public Interest  Vital interests is an appropriate basis for processing data in very limited circumstances. It is usually the ground required where for example, there is a danger to life if the personal information is not retained.  Public interest can only be used as the grounds for processing by a body acting as a public authority. For example, a school would hold education data in order to deliver education to a child.
  • 39. Obtaining Consent  Sometimes, you cannot offer this choice, and so consent is not appropriate. In these cases, you would need to either not process the personal information or process the information under a different ground (If one exists).  For example, under the GDPR, employers can no longer assert that an employee consents for their information to be processed, such as in HR records. This is because there is an imbalance of power between employers and employees: so consent cannot be regarded as being valid.  However, in order to employ someone, the employer needs to process the employee's personal information to fulfil their contract of employment and the employer must retain information such as a date of birth or nationality Because this Information is needed to perform the contract then the correct ground to process the data would be contractual requirement. Obtaining consent is only appropriate in situations where you can offer people real choice and control over how their information is used.
  • 40. Obtaining Consent When obtaining consent from someone:  There must be no element of compulsion or pressure. The consent must be voluntarily and freely given.  The person must actively opt in. You cannot use pre- ticked boxes or another method of default consent.  You must clearly explain why their personal information is needed and what they are agreeing to. You must be specific in your reasons and cannot use open-ended blanket or catch-all wording.  The consent request must be kept separate from your other terms and conditions.  You should keep a record of the consent including who the person is what they agreed to when this happened and what you told them.  The consent should be kept under review and reobtained if anything changes.  The person should be told that they can withdraw consent at any time and there will be no repercussions if they refuse consent.  The wording and language that you use must be clear and precise
  • 41. Method for Obtaining Consent There is no requirement to use a particular method to obtain consent, as long as the method is appropriate.  Acceptable methods include:  Ticking a box online.  Choosing settings.  Responding to an email requesting consent.  Signing a data protection authorisation.  Verbally agreeing.  Completing a physical form.  Unacceptable methods for obtaining consent include:  Pre-ticket options  Unsubscribe options  Opt out statements.  Silence.  Any other passive reaction
  • 42. Withdrawing Consent  The GDPR states that it must be easy to withdraw consent. This means that the data subject must be able to withdraw their consent easily and by the same mechanism as consent was granted.  Your business should have a system in place to enable people to revoke their consent and individuals should be told how they can do so.  However, this is not a retrospective right meaning that consent cannot be withdrawn for processing that hat already occurred. only that people co d aw the content to any future processing.
  • 43. Existing Consent  If you have obtained consent from people before the GDPR became law, then you will need to check whether that consent is in line with the current requirements.  If it's not, then consent needs to be reapplied for. This is most likely to affect marketing companies or businesses that have relied on opt out clauses in the past. Remember that there are also other bases for processing personal data. For most businesses, holding people's personal information in order to perform a contract is the most appropriate ground for processing If this is the case, then you do not need to reapply for consent.
  • 45. Introduction  This module outlines the main rights of data subjects and will help you to understand how to respond to an access request. the right to be forgotten or a request for information to be updated.  The module will also take a look at data portability and automated processing and what your responsibilities are towards data subjects in regard to these. Individuals have various rights and freedoms under data protection law and it's important that you have an understanding of what they are
  • 46. The topics covered in this section are: Data subject rights. Access Rights. The right to be forgotten. The right to restriction, rectification and objection.
  • 47. Data Subject Rights The person that you collect information from the data subject - has various rights under data protection law. People have the right to: Be informed and be given their information in a clear and concise manner. Access their personal information. Have their information corrected if it's incorrect. Object to the processing of their information. Restrict the processing of their information. Have their information deleted (the right to be forgotten). Prevent or query automated processing. Data portability
  • 48. Access Rights All data subjects have the legal right to access and review the information you hold about . it's your responsibility to provide them with this information. someone their personal Information then you must tell them that you are processing their data and provide it to them as soon as possible within a month of the request at the latest. You can extend this period of compliance by another two months the request is complex or there are various requests in which case you must tell the person why an extension is needed
  • 49. Access Rights People have the right to ask you: For confirmation of how and where their personal information is being processed .For a copy of their information. Where their information was collected from. Why their information is being processed. What type of information is being processed. What types of recipients their information may be shared with. How long their information will be stored. What their rights are in terms of rectification restriction, objection and deletion. How to complain to the relevant data protection authority About the logic behind any automated processing.
  • 50. The Right to be Forgotten The right to have personal information deleted or removed is known as the right to be forgotten. People can have their personal information deleted from your system if  The information is no longer needed for the purpose that it was originally collected for.  The person withdraws their consent.  The person objects to further processing and, on your side, there is no overriding or legal reason to continue.  The Information was unlawfully processed.  The information needs to be deleted in order to comply with a legal obligation.  The information has been processed to offer information society services to a child.
  • 51. The Right to Restriction People have the right to restrict what you do with their personal information. This means you can still hold their information, but you are unable to process it further. You must restrict the processing of someone's information if: A person contests the accuracy of the information In this case, should be restricted until the information is verified. A person objects to the processing In this case, you must restrict processing until you have established whether there is a legitimate ground to continue processing. The processing is unlawful In some cases, the person may ask for restriction rather than deletion. The processor no longer need the information for its original purpose, but they are required by the data subject to establish, exercise or defend a legal case
  • 52. The Right to Rectification  If someone's personal information is inaccurate or incomplete, then they have the right to have the information rectified.  When someone requests that their information is rectified, whether verbally or in writing you must respond to the request without delay and within one months.  If their request is manifestly unfounded or excessive then you can refuse the request or charge a reasonable fee, providing that you justify your decision in writing. You should also inform the person of their right to complain to the supervisory authority or to seek judicial remedy.  If you have disclosed the person's information to a third party at any point then you must also contact the third party and inform them of the rectification unless this is impossible or involves disproportionate effort.
  • 53. The Right to Objection  Under data protection law, people have the right to object to: Processing based on legitimate interests, the performance of a task in the public interest or exercise of official authority. Direct marketing. Processing for scientific or historical research and statistical purposes. If someone objects to the processing of their personal information, then you must stop the processing immediately unless you can demonstrate a compelling. legitimate reason to override the individual or the processing is needed for the establishment, exercise or defence of legal claims. In terms of marketing you must stop processing someone's personal information for direct marketing purposes as soon as you receive the objection. There are no exemptions or grounds to refuse.,