From 25 May 2018 all public bodies must have a Data Protection Officer (DPO). The DPO must have ‘expert’ knowledge of both data protection law and practice. This session is directed at individuals within public sector organisations who will be acting as DPO, their deputies and those advising them.
Visit our website for more useful resources - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
This presentation outlines the General Data Protection Regulation ("GDPR") and the key changes that will be brought about as of 25th May 2018 - ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
GDPR clinic - A strategic approach for compliance with the European General Data Protection regulation
Paolo Balboni Ph.D. - Founding Partner at ICT Legal Consulting & President of the European Privacy Association
Nicola Franchetto LL.M. - Associate at ICT Legal Consulting &
Fellow of the European Privacy Association
Our administrative and public law seminar covered:
- a review of the last 12 months in FOIA and a case law update
- scope of prerogative powers - what are they and what is the scope of them; the topic is very much in the news at the moment due to Brexit
- non EU treaty obligations of relevance to administrative law
- procurement in 2016 and beyond - current trends, updates and the impact of Brexit
- case law update on various areas of public law, including judicial review.
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
This presentation outlines the issue of Direct Marketing, including the use of cookies, the opt-out register and the e-Privacy Directive (and Regulation). The focus is around the Gibraltar Data Protection Act 2004, and how this will change under the General Data Protection Regulation ("GDPR") as of 25th May 2018 and the upcoming e-Privacy Regulation
ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
An introduction to the General Data Protection Regulation (GDPR) and its implications for research data management. Presentation given by Tim Rodgers of Imperial College London at the London Area Research Data meeting, held at the London School of Hygiene & Tropical Medicine on 17th Nov 2017.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
This slide deck explores best practices when applying GDPR into your product experience and user journey with the examples such as user onboarding, privacy by design and managing user consent.
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
Overview of the EU General Data Protection Regulation (GDPR) by Simon Marks, Head of Hi-Tech practice, Epstein Rosenblum Maoz (ERM). Includes:
- One Law to rule them all
- Key Principles
- Data Subjects’ Rights
- Increased Obligations
- Legal Basis Requirement for Processing
- Data Subjects’ Consent
- Processing Special Categories of Data
- Health-related data
- Privacy by Design and by Default
- Data Protection Officer
- Data Breach Notification
- Sanctions and fines
-
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
The Personal Data Protection Bill 2018 is to be presented before the Parliament shortly with necessary amendments .This is bill applicable to India in lines of GDPR of the European uinion
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
To help you become GDPR compliant, WSO2’s product stack now comes with enhanced capabilities specifically targeted towards compliance. This slide deck explores how WSO2 Identity Server helps deliver GDPR compliance through its capabilities.
API gateways can be perfectly positioned to address GDPR because it protects both data and user access at the point at which it enters and leaves the systems. This slide deck discusses how GDPR affects an API management solution and the role of API management in a GDPR compliant solution.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
Data Protection Seminar 2_Marketing & GDPR_ISOLAS LLP_26-07-17Michael Adamberry
This presentation outlines the issue of Direct Marketing, including the use of cookies, the opt-out register and the e-Privacy Directive (and Regulation). The focus is around the Gibraltar Data Protection Act 2004, and how this will change under the General Data Protection Regulation ("GDPR") as of 25th May 2018 and the upcoming e-Privacy Regulation
ISOLAS is pleased to offer assistance in conducting data audits and ensuring you are compliant before the deadline - the clock is ticking!
An introduction to the General Data Protection Regulation (GDPR) and its implications for research data management. Presentation given by Tim Rodgers of Imperial College London at the London Area Research Data meeting, held at the London School of Hygiene & Tropical Medicine on 17th Nov 2017.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
This slide deck explores best practices when applying GDPR into your product experience and user journey with the examples such as user onboarding, privacy by design and managing user consent.
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
Overview of the EU General Data Protection Regulation (GDPR) by Simon Marks, Head of Hi-Tech practice, Epstein Rosenblum Maoz (ERM). Includes:
- One Law to rule them all
- Key Principles
- Data Subjects’ Rights
- Increased Obligations
- Legal Basis Requirement for Processing
- Data Subjects’ Consent
- Processing Special Categories of Data
- Health-related data
- Privacy by Design and by Default
- Data Protection Officer
- Data Breach Notification
- Sanctions and fines
-
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
Presentation at the COCIR annual meeting on 17 March 2016 regarding the top 7 operational impacts of the new EU General Data Protection Regulation for health IT companies.
The Personal Data Protection Bill 2018 is to be presented before the Parliament shortly with necessary amendments .This is bill applicable to India in lines of GDPR of the European uinion
California Consumer Privacy Act (CCPA): Countdown to ComplianceTinuiti
What is CCPA? The California Consumer Privacy Act increases the transparency of the collection and selling of physical and digital data, while providing California residents with more control over what happens to their personal information that companies collect. CCPA is approaching with a compliance deadline of January 2020. With the countdown to compliance less than 6 months away it’s critical to know how this can potentially impact your business in order to avoid violation fines. Join our webinar as we unpack the key requirements and considerations to keep in mind in order to stay compliant. See how CCPA impacts all advertisers, not just Californians.
To help you become GDPR compliant, WSO2’s product stack now comes with enhanced capabilities specifically targeted towards compliance. This slide deck explores how WSO2 Identity Server helps deliver GDPR compliance through its capabilities.
API gateways can be perfectly positioned to address GDPR because it protects both data and user access at the point at which it enters and leaves the systems. This slide deck discusses how GDPR affects an API management solution and the role of API management in a GDPR compliant solution.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
Slideshow from GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Directors, IT Directors & Ops Directors, on 7th March 2018 at Hilton Puckrup Hall
How to implement GDPR for the health sector, February 2018Browne Jacobson LLP
The General Data Protection Regulation (GDPR) comes into force on 25 May 2018. This will represent the biggest change in data protection law for 20 years. Healthcare organisations including those within the NHS store huge amounts of sensitive personal data and operate very much under the close scrutiny of the public eye. Data protection is therefore clearly a key concern and by 25 May this year not only must you be compliant, but be in a position to demonstrate compliance. Failure to do so risks substantial penalties.
In this webinar our panel of information law and health sector experts held a live Q&A session to explore the impact of the GDPR on the health sector. We considered matters such as:
- what is actually new under the GDPR for healthcare organisations
- lawful bases for processing and if and when it may be appropriate to rely upon consent
- transparency, the enhanced rights of data subjects and the operational impact this will have on healthcare organisations
- new contractual requirements between commissioners and providers and the steps to be taken now
- the impact of the Data Protection Bill.
This breakfast club focused on the new Data Protection regime covering what the new regime will entail and what to be thinking about now in order to be ready for the new regulations.
https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
EU General Data Protection Regulation top 8 operational impacts in personal c...Erik Vollebregt
Presentation to the Personal Connected Health Alliance about the top 8 operational impacts of the EU General Data Protection Regulation on companies in the personal connected health field.
General Data Protection Regulation or GDPRNupur Samaddar
General Data Protection Regulation or GDPR,he way companies across the world will handle their customers' personal information and creating strengthened and unified data protection for all individuals within the EU.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
MyComplianceOffice presents our Oct 26th webinar, “ Prepare Your Firm for GDPR", co-hosted by MCO and Emily Mahoney a Technology Lawyer at Mason Hayes & Curran
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
Similar to DPOs in the public sector, May 2018, Birmingham (20)
Employment law update - Browne Jacobson Exeter - 06 February 2020Browne Jacobson LLP
These seminars are aimed at anyone who deals with employment law on a day to day basis, including HR Managers and HR Directors.
At these events we will present an overview of what we consider to be the most significant developments in 2019, and what they teach us about managing your workforce – together with our practical tips.
You will also hear about what is coming up in 2020, and how you can get ready for what will be another busy year in employment law.
Earlier this year Edward Timpson’s review on school exclusions raised the profile of the practice of exclusions, managed moves and alternative provision. Head teachers and governors are now under increasing scrutiny to conduct the end-to-end process in a fair and consistent manner (and in line with the statutory guidance) to ensure that the best possible outcome for the school, its staff, its pupils and the parents is achieved.
In this webinar, Senior Associate Hayley O’Sullivan, explores the current exclusions landscape, looks at prospective changes to policy and practice and share examples of best practice to help you avoid common pit-falls when it comes to managing exclusions.
Hayley also provides an overview to the existing statutory guidance, proposed developments in relation to managed moves and alternative provision and share her thoughts on the anticipated changes in regulation as a result of the review.
Local authority acquisition and disposal of land - July 2019Browne Jacobson LLP
Ongoing austerity requires authorities to “sweat their assets” and land holdings are a significant focus for the generation of revenue and capital. These slides cover commercial and public law considerations in relation to:
- Powers to acquire land
- Powers to invest through land acquisition including investment purchases
- Potential barriers to disposal
- Powers to appropriate land
- Planning permission
- Powers to dispose of land
- Pre-conditions relating to disposal of land
- A capital receipt or a revenue stream
- Development vehicles and options
- Who do you need to be able to satisfy as to the legality of land transactions
Your employees, their future employers, and your intellectual property - July...Browne Jacobson LLP
Innovation and creativity is driven by your people. How do you as a business encourage innovation, capture the relevant IP assets and reward your innovators? What happens when a key individual leaves the business – how do you ensure that your R&D crown jewels remain legitimately protected? In a market of ever increasing competitive collaboration, setting up the right strategy to ensure the appropriate safeguards are in place and are communicated to your employees is important.
At this Public Sector Planning Club we reviewed:
- Recent developments in planning law, including cases and guidance
- Consideration of the use of planning conditions, including the appropriate use of pre-commencement conditions
- The powers available for stopping up and diverting highways, when these may be used, and points to consider
Browne Jacobson, Deloitte and DoctorLink are pleased to invite you to our first joint health tech seminar with leading industry thought leaders. This will be a practical session, sharing experience from across the NHS and beyond to inform options on how to improve services, break down silos and focus on population health outcomes.
This event is exclusively for Commissioners, GPs, and Policymakers keen to understand how new integrated care systems and models of care can meet the needs of their local population and can be implemented pragmatically and affordably to drive improvement goals and achieve better health, better care and better value.
Education Law Conference Manchester - Monday 10 June 2019Browne Jacobson LLP
Designed to inform, challenge and enliven your perspectives, our packed agenda was designed to provide innovative ideas and fresh perspectives. With a headline session on the management of transgender children needs within a school setting, we aim to provide you with the advice and guidance that the sector currently lacks.
Other topics included:
learning from child death inquests
good governance – so much more than compliance
managing difficult parents and their complaints.
Designed to inform, challenge and enliven your perspectives, our packed agenda was designed to provide innovative ideas and fresh perspectives. With a headline session on the management of transgender children needs within a school setting, we aim to provide you with the advice and guidance that the sector currently lacks.
Other topics included:
learning from child death inquests
good governance – so much more than compliance
managing difficult parents and their complaints.
The IICSA has a number of investigative streams, and one of its areas of focus is Accountability and Reparations. It has already recommended that the Government sets up a Payment Scheme for former Child Migrants, and the Government has acted upon it.
Is a redress scheme the way forward for abuse claims? How might it impact your organisation? We are helping more and more organisations explore the pros and cons of redress schemes so that they can decide whether a scheme is right for them and what the longer term impacts might be.
Our Birmingham Claims Club event will cover the following:
- Civil Liability Act 2018
- Freedom of Information Act requests - including 'Information Law, why is it relevant?'
- Brexit and local government
Our London Claims Club event will cover the following:
- Civil Liability Act 2018
- Freedom of Information Act requests - including 'Information Law, why is it relevant?'
- Brexit and local government
Our Admin and Public Law seminar, chaired by Sir Robert Devereux, former Permanent Secretary for the Department for Work and Pensions was held on Thursday 4 April, covering the following topics:
- 'wearing two hats' - managing the legal risks of conflicts of interest and allegations of pre-determination/bias
- information law update session - freedom of information (FOI) cases, General Data Protection Regulation (GDPR)
- case law update
- judicial review - tactics for dealing with judicial review and case law
In this webinar recording, Selina Hinchliffe, Alex Kynoch, Nick Smee and Helen Jones hold a panel discussion covering some of the key state aid concepts and how this impacts ownership and licensing of intellectual property, both from a commercial partner, public body and university perspective.
Whilst you’ve been distracted with Brexit and what that means for your business, you’ve probably missed some significant changes in the law. In our March forum we covered:
- contract changes (what they mean to your supply chain, customers and suppliers)
- data protection (the challenges of becoming a 'third country')
- legal privilege and internal investigations (practical tips following SFO V ENRC)
- employment law (changes to employment law you need to be aware of)
- banking - your banking covenants (what to be aware of - particularly in the event of a downturn ahead)
- property (end of lease issues for business owners).
For further training and resources visit our webpage - https://www.brownejacobson.com/sectors-and-services/sectors/in-house-legal
Every business, and every in house lawyer, will at some point be involved with an enquiry, an investigation, or potential litigation. During litigation, documents – including emails, attendance notes and reports – which are relevant to the litigation may have to be disclosed if they are not privileged.
So businesses need to know how it can assess litigation risk or conduct an enquiry without creating documents that it then has to produce and which may be detrimental to its position. The law on this issue has recently been considered by the Court of Appeal in two key cases: WH Holding Ltd v E20 Stadium LLP and SFO v Eurasian Natural Resources Corp Ltd.
In this webinar recording, our experts Mark Daniels and Helen Simm provide you with the key information you need to identify these issues when they arise and to know how you can best protect your position.
We are all waiting with bated breath for the Supreme Court decision in CN & GN, a case which will have a huge practical impact on service providers. Previously the Court of Appeal was dismayed about the damages claims, that had been litigated with little regard to, or understanding of, the law and reality of social care practice. Some of the team involved in the case discus what might happen next, and analyse the practical effect for you of the Supreme Court judgment.
Whilst that judgment has been awaited many claims have been on ice, but to fill that gap we are seeing many of our clients being affected by:
- pressure to consider Redress Schemes
- the Independent Inquiry into Child Sexual Abuse
- claims being brought directly against them as fostering agencies
- claims under the Human Rights Act
- issues following the implementation of GDPR.
For further information and training visit our webpage - https://www.brownejacobson.com/insurance
In this practical session we explored the legal duties of directors and the difficulties which they may face. The session focussed on individuals who are directors for public sector companies, including their role, obligations and competing interests which may arise.
At our February planning club we covered the following topics:
- planning performance agreements
- expert evidence in planning inquiries
- certificates of lawful use.
For further information and training visit our webpage - https://www.brownejacobson.com/sectors-and-services/sectors/public-sector
Mental health, capacity and deprivation of liberty case law update, February ...Browne Jacobson LLP
Rebecca Fitzpatrick looks at some of the most recent leading cases in relation to the Mental Health Act and Deprivation of Liberty, including the Supreme Court’s important decisions of 'MM' and 'PJ' which consider the interaction between the Mental Health Act and deprivation of liberty in the community. Rebecca also covered the subsequent case of 'AB' which focuses on the role of the High Court’s inherent jurisdiction in these types of cases, and the recent final report from the Mental Health Act independent review chaired by Professor Sir Simon Wessely.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
Introducing New Government Regulation on Toll Road.pdfAHRP Law Firm
For nearly two decades, Government Regulation Number 15 of 2005 on Toll Roads ("GR No. 15/2005") has served as the cornerstone of toll road legislation. However, with the emergence of various new developments and legal requirements, the Government has enacted Government Regulation Number 23 of 2024 on Toll Roads to replace GR No. 15/2005. This new regulation introduces several provisions impacting toll business entities and toll road users. Find out more out insights about this topic in our Legal Brief publication.
Military Commissions details LtCol Thomas Jasper as Detailed Defense CounselThomas (Tom) Jasper
Military Commissions Trial Judiciary, Guantanamo Bay, Cuba. Notice of the Chief Defense Counsel's detailing of LtCol Thomas F. Jasper, Jr. USMC, as Detailed Defense Counsel for Abd Al Hadi Al-Iraqi on 6 August 2014 in the case of United States v. Hadi al Iraqi (10026)
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
A "File Trademark" is a legal term referring to the registration of a unique symbol, logo, or name used to identify and distinguish products or services. This process provides legal protection, granting exclusive rights to the trademark owner, and helps prevent unauthorized use by competitors.
Visit Now: https://www.tumblr.com/trademark-quick/751620857551634432/ensure-legal-protection-file-your-trademark-with?source=share
4. Key points
• Comes into effect on 25 May 2018 across Europe
• Data Protection Bill issued to supplement GDPR in UK
• Main concepts and principles remain the same, but new
elements of GDPR enhance the provisions under the
DPA
• Some hefty fines…
7. Who has to comply?
• Data controller or data processor established in one
or more Member State(s)
• Data controller or data processor established
outside the EU and either it
– offers goods and services to data subjects in the EU or
– monitors the behaviour of data subjects in the EU
8. Key issues
• Principles and accountability
• Data protection by design and by default
• Lawful basis for processing
• Transparency
• Responsibilities of controllers and processors
• International transfers
• Rights of data subjects
• Breach notification
• Enforcement and compensation
9. Personal Data
“means any information relating to an identified or identifiable
natural person (‘data subject’)
An identifiable natural person is one who can be identified, directly or indirectly, in
particular by reference to an identifier such as a name, an identification number,
location data, an online identifier or to one or more factors specific to the physical,
physiological, genetic, mental, economic, cultural or social identity of that natural
person;”
This means that an IP address or roll number
can amount to personal data
10. Special Categories
Article 9 now refers to “Special Categories of Personal Data”
rather than Sensitive Personal Data. This category includes
personal data revealing :
• racial or ethnic origin,
• political opinions,
• religious or philosophical beliefs, or
• trade union membership, and
• the processing of genetic data, biometric data for the purpose of uniquely
identifying a natural person,
• data concerning health or
• data concerning a natural person's sex life or sexual orientation
11. Processing
• Will mean:
“any operation or set of operations which is
performed on personal data … whether or not
by automated means, such as collection,
recording, organisation, structuring, storage,
adaptation or alteration, retrieval,
consultation, use, disclosure by transmission,
dissemination or otherwise making available,
alignment or combination, restriction, erasure
or destruction;”
12. Principles
The GDPR requires:
a) Data to be processed lawfully, fairly and in a transparent
manner;
b) Data to be collected for specified, explicit and legitimate
purposes and not further processed in a manner that is
incompatible with those purposes;
c) Processing of data should be adequate, relevant and limited
to what is necessary in relation to the purposes for which
they are processed;
d) Data to be accurate and, where necessary, kept up to date;
inaccurate data should be erased or rectified without delay;
13. Principles (cont.)
e) Data to be kept in a form which permits identification
of data subjects for no longer than is necessary for the
purposes for which the personal data are processed;
f) Data to be processed in a manner that ensures
appropriate security of the personal data, including
protection against unauthorised or unlawful processing
and against accidental loss, destruction or damage,
using appropriate technical or organisational
measures.
The data controller will be responsible for, and must be
able to demonstrate, compliance with these principles as
well as accountability.
14. Accountability is the key
• Registration abolished – but see Digital Economy Act
2006 in relation to a new fee mechanism
• Implement compliant policies and procedures
• Privacy by design and by default
• Privacy impact assessments
• Data Protection Officer mandatory for public bodies
15. Lawful basis for processing
In order for Personal Data to be processed lawfully you must be able to satisfy one of
the processing conditions below:
• 6(1)(a) – Consent of the data subject (must be clear affirmation)
• 6(1)(b) – Processing is necessary for the performance of a contract with the data
subject or to take steps to enter into a contract
• 6(1)(c) – Processing is necessary for compliance with a legal obligation
• 6(1)(d) – Processing is necessary to protect the vital interests of a data subject or
another person
• 6(1)(e) – Processing is necessary for the performance of a task carried out in the
public interest or in the exercise of official authority vested in the controller
• 6(1)(f) – Necessary for the purposes of legitimate interests pursued by the
controller or a third party, except where such interests are overridden by the
interests, rights or freedoms of the data subject (this last one does not apply to
public authorities)
16. Lawful basis for processing special
categories
In order for special categories of data to be processed lawfully you must be
able to satisfy one of the following conditions below:
• 9(2)(a) – Explicit consent of the data subject, unless reliance on consent is
prohibited by EU or Member State law
• 9(2)(b) – Processing is necessary for carrying out obligations under
employment, social security or social protection law, or a collective
agreement
• 9(2)(c) – Processing is necessary to protect the vital interests of a data
subject or another individual where the data subject is physically or
legally incapable of giving consent
17. Lawful basis for processing special
categories
• 9(2)(d) – Processing carried out by a not-for-profit body with a
political, philosophical, religious or trade union aim provided the
processing relates only to members or former members (or those
who have regular contact with it in connection with those
purposes) and provided there is no disclosure to a third party
without consent
• 9(2)(e) – Processing relates to personal data manifestly made
public by the data subject
• 9(2)(f) – Processing is necessary for the establishment, exercise or
defence of legal claims or where courts are acting in their judicial
capacity
18. Lawful basis for processing special
categories
9(2)(g) – Processing is necessary for reasons of substantial public
interest on the basis of Union or Member State law which is
proportionate to the aim pursued and which contains appropriate
safeguards
9(2)(h) – Processing is necessary for the purposes of preventative or
occupational medicine, for assessing the working capacity of the
employee, medical diagnosis, the provision of health or social care or
treatment or management of health or social care systems and
services on the basis of Union or Member State law or a contract with
a health professional
19. Lawful basis for processing special
categories
9(2)(i) – -relates to public interest in the area of public health
9(2)(j) – Processing is necessary for archiving purposes in the
public interest, or scientific and historical research purposes or
statistical purposes in accordance with Article 89(1)
20. Consent and explicit consent
• Consent:
“Any freely given, specific, informed and unambiguous indication of
the data subject’s wishes by which he or she, by a statement or by a
clear affirmative action, signifies agreement to the processing of
personal data relating to him or her”
• Explicit consent
• Re-papering consents - recital 171
• Article 29 WP guidance
21. Consent
• As the consent must be freely given it cannot be bundled in with
other consents
• Withdrawal of consent should be as easy as grant of consent
• Purpose limited
• Demonstrate - Burden on authority to show consent freely given
Action - Review how you seek, obtain and record consent and whether
you need to make changes
22. Consent and Public Authorities
• Article 29 WP Guidance provides that public
authorities will find reliance on consent difficult
• Imbalance of power between the parties – lack of
freely given consent
• “No realistic alternatives to accepting the
processing”
• Potentially misleading where other lawful bases
exist
• Alternative lawful bases should be sought
24. Individuals’ rights (1)
1. Right to information (Articles 13 and 14)
• Fair processing notice
2. Subject access rights (Article 15)
• Free
• One month to comply (unless complex)
3. Right to rectification (Article 16)
• Data accuracy
25. Individuals’ rights (2)
4. Right to erasure (right to be forgotten) (Art 17)
• Right to erasure in certain circumstances
5. Right to restrict processing (Art 18)
6. Right to data portability (Art 20)
• Ability to move data
• Machine readable format
7. Right to object (Art 21)
8. Rights in relation to automated decision making and profiling (Art
22)
26. Right to Information
Must provide the following to data subjects on request:
• Identity and contact details of data controller and DPO
• Intended purpose of processing and period it will be stored
• Existence of rights: access, rectification, object and erasure
• Right to complain internally and to a supervisory authority
• Categories of recipients to whom data will be disclosed
• Information must be concise, transparent, intelligible and
easily accessible
27. Right to have inaccuracies
corrected
• Individuals can request records be rectified if inaccurate or
incomplete.
• This will include where you have shared incorrect personal data
with another organisations, as you will need to inform that other
organisation so that it can correct its records.
• Requests to be complied within 1 month (unless complex where it
can be extended by 2 months).
• If refusing to act on the request you must explain why to the data
subject.
28. Right to be forgotten
Request can be made in limited situations
• Where the personal data is no longer necessary in relation to the
purpose for which it was originally collected/processed.
• When the individual withdraws consent.
• When the individual objects to the processing and there is no
overriding legitimate interest for continuing the processing.
• The personal data was unlawfully processed (i.e. otherwise in breach
of the GDPR).
• The personal data has to be erased in order to comply with a legal
obligation.
• The personal data is processed in relation to the offer of information
society services to a child.
29. Right to be forgotten - continued
• If you made the personal data public and you are required to erase
it, taking account of the available technology and cost of
implementation – you need to take reasonable steps to inform
other controllers about the request for erasure.
• Rectification or erasure should also be communicated to anyone
else to whom the data was initially disclosed unless this proves
impossible or involves disproportionate effort.
• If the data subject asks for details of recipients, these should be
shared.
30. Right to be forgotten - continued
A request concerning the erasure of data does not need to be
complied with where the processing is necessary for:
• Exercising the right of freedom of expression and information
• Compliance with legal obligations or for performing tasks
carried out in the public interest or in the exercise of the
controllers official authority
• Reasons of public interest in the area of public health
• Archiving purposes in the public interest, scientific, or
historical research purposes or statistical purposes
• The establishment, exercise or defence of legal claims
31. Subject Access
• Currently 40 day time limit
– Reduced to one month under GDPR
– Review processes for handling requests
• No fee
• Supplemental information
• Manifestly unfounded or unreasonable requests
33. What does the Bill do? (1)
• Addresses data processing in law enforcement and the
intelligence services – Law Enforcement Directive
• Addresses permitted derogations from the GDPR
• Attempts to ensure that on leaving the EU the UK has
“adequate” data protection regime in respect of EU
requirements
• Formally repeals Data Protection Act 1998
• Addresses necessary amendments to other legislation
34. What does the Bill do? (2)
• Provides exemptions from some of the GDPR’s
requirements
• Complex drafting – requires careful consideration
• Largely reflects current position under the Data
Protection Act 1998 in substance
• Incorporates current subject access modification
orders relating to education, health and social care
data
35. What does the Bill do? (3)
• Provides additional detail as to the bases of processing of special
categories of personal data
• Processing for the performance of a task carried out in the public
interest or in the exercise of official authority includes processing
necessary for the exercise of a function conferred on a person by
an enactment or rule of law
• Employment, health and research conditions – Schedule 1, Part 1
• Substantial public interest conditions – Schedule 1, Part 2
• Appropriate policy documents and safeguards – Schedule 1, Part 4
37. 1. The role of a DPO
2. Monitoring, Compliance and DPIA’s
3. Working with Senior Leadership
4. Considering conflicts and referrals
5. Dealing with data breaches
38. The need for a DPO (Article 37)
• All public authorities/bodies must appoint a DPO
• The details of the DPO must be published and
communicated to any supervisory body.
• The DPO must have “expert knowledge of data
protection law and practices” and the ability to
fulfil the role outlined in Article 39
39. DPO as key point of contact
(Article 38)
• The DPO should be involved properly and in a timely manner with
all data protection issues
• They should be well supported, independent and cannot be
penalised for carrying out their role in accordance with the GDPR
• They are to be the key point of contact for data subjects and their
details should be shared at the point of collection and for the
purposes of raising complaints/exercising rights of the data subject
• DPO’s should be named on all processing records
• DPO’s should be the first point of contact for the ICO
40. The role of the DPO (Article 39)
• DPO is responsible for:
• Data protection compliance
• Informing and advising the public authority about GDPR obligations
and other DP laws
• Informing and advising employees who carry out processing of their
obligations
• Monitoring the implementation and application of the GDPR and the
data protection policies of the public authority
• Advising on privacy impact assessments and breaches
• Internal Audits
• Acting as point of contact with the ICO, and cooperating with the ICO
• DPO’s will not be personally responsible for non-compliance with the
GDPR as this is the responsibility of the controller or processor.
41. Monitoring Compliance
•The DPO should assist the organisation to monitor
internal compliance with the GDPR. This may involve
the DPO:
• Collecting information to identify processing
activities
• Analysing and checking the compliance of
processing activities
• Informing, advising, and issuing recommendations
to the controller or the processor
42. Monitoring Compliance – review
of policy
• One of the first jobs of the DPO is likely to be to review the
policies in place in relation to the GDPR
• Are they:
• Up to date?
• Relevant – consider definitions?
• Secure?
• Reviewed regularly?
• Have they been disseminated to all staff by way of training?
• Is there a record of compliance training?
• Are policies easily accessible? For example, a desktop link as
opposed to hidden in a hard to find part of an intranet site?
43. Monitoring Compliance – review
of contracts
• May need to seek legal advice
• Consider relationships with third parties
• Do all of your contracts impose equivalent obligations
as those set out in the GDPR?
• Do you have a record of all your processing agreements
/ do you have data sharing agreements in place?
•We’ll return to this in more detail later in the
presentation.
44. Monitoring Compliance – review
of processes
• Likely will require discussion with IT departments /
consultants
• Do your processes make it easy to comply with
GDPR? For example, consider:
• Do you have access to redaction software?
• Is data stored in a way where any member of staff can
access it or are there limitations so that only authorised
persons can access relevant data?
• Do you have processes in place for mandatory breach
reporting and compliance with individuals rights?
45. Monitoring Compliance – DPIA’s
• Should be undertaken before any processing of a
high risk nature, taking into account the nature,
scope, context and purpose of the processing.
• Whenever a controller carries out a DPIA there is a
requirement on the DPO to advise and support
• Consider –
• Do your policies refer to DPIA’s?
• Are your staff aware of the need to consider DPIA’s at an
early stage? Do they know who to contact?
46. Monitoring Compliance – DPIA’s
cont.
The DPO should be able to advise on the following in respect to the
Data Protection Impact Assessments:
• whether or not to carry out a DPIA;
• what methodology to follow when carrying out a DPIA;
• whether to carry out the DPIA in-house or whether to outsource it;
• what safeguards (including technical and organisational measures) to
apply to mitigate any risks to the rights and interests of the data
subjects;
• whether or not the DPIA has been correctly carried out and whether its
conclusions (whether or not to go ahead with the processing and what
safeguard(s) to apply) are in compliance with the GDPR
47. Working with Senior Leadership
•Need to ensure that the DPO:
• Performs duties and tasks in an independent manner
• Does not receive any instructions regarding the exercise of their
task
• Is given the opportunity to make any dissenting opinion clear to
the highest management level and to those making the
decisions.
• Is able to act as a facilitator with the Information Commissioner
48. Working with Senior Leadership
• Need to ensure working is supported without being
decisive of the actions of the DPO
• Suggest organisation of regular meetings to discuss
DPO strategy and identify whether wider
consultation is required on particular initiatives
• Getting senior staff on board with policy change is
going to be the first step in ensuring a compliance
culture
50. Managing a data breach
• Must have procedures in place to detect, report and
investigate a actual or potential personal data breach
• Breach must be reported unless breach is unlikely to result
in a risk to the rights and freedoms of natural persons
• 72 hours from the discovery of the breach to report to ICO
• Notify the affected data subjects
51. What must you tell the ICO?
1. Nature of the breach and where possible
a. Categories and number of data subjects concerned
b. Categories and number of personal data records concerned
2. Name and contacts details of your DPO
3. Describe likely consequences of the data breach
52. What must you tell the ICO cont.?
4. Describe measures taken/to be taken to address
the breach and mitigate possible adverse affects
• You can provide this information in stages, but
without undue delay
• What does this look like in practice?
53. Managing a data breach in
practice
• Taking steps to contain the breach as soon as possible, making this
a priority over any other tasks
• Follow your data breach procedures, including in relation to
reporting to the ICO
• Seek external legal support as appropriate, as well as any
appropriate technical support
• Business critical priority to manage quickly and effectively
54. Sanctions for non-compliance
• Supervisory Authorities
– Investigative powers
– Corrective powers
• Penalties
– 2% global turnover or €10m
– 4% global turnover or €20m
• Compensation
55. Crisis management
recommendations
• Ensure your staff know the importance of reporting
a data breach immediately
• Have a “crisis team” designated so that when a
breach comes in they know how to react, and the
steps that need to be taken
• Speak to the ICO as soon as you become aware
even if you haven’t got all the information yet
57. Third party relationships
1. Assess third party relationships
2. Data sharing agreements
3. Controlling the risk
58. Article 28 GDPR
Processing by a processor must be governed by a
contract that is binding on the processor with
regard to the controller and that sets out the
subject-matter and duration of the processing, the
nature and purpose of the processing, the type of
personal data, categories of individuals whose data
is being processed and the obligations and rights of
the controller.
59. Assess third party relationships
• Assess the status of third parties – are they a data processor or data
controller?
• Data Controller
• Third party data controllers are subject to the same GDPR obligations as the
public authority
• Best practice to have data sharing agreements / protocol / memorandum of
understanding
• Consider – do you have a lawful basis for sharing the information?
• Data processor
• Data sharing agreement must be in place under the GDPR
• That agreement must be compliant with specific provisions
60. Sub-processors
• A data processor can only appoint a sub-processor
with the permission of the data controller
• Data controllers should request details from any
current data processor as to whether they share
any personal data with a sub-processor
• If so they should be required to provide details as
to how that sub-processor ensures equivalent
security of data as the processor, as well as
securing appropriate indemnities
61. Data sharing agreements – Article
28
• The below are legally required to be included as part of
any data sharing agreement under Article 28:
• a. Subject matter and duration of processing;
• b. Nature and purpose of processing;
• c. Type of personal data;
• d. Categories of data subjects; and
e. Obligations and rights of the controller.
62. Data sharing agreements cont.
• Article 28 also specifies provisions which must be included in a
data sharing agreement:
• Processing must be in line with the instructions of the data
controller;
• Commitment to confidentiality;
• Requirement to meet all measures under Article 32 (security) (see
below);
• Assists the controller where possible, including with investigation
of breaches and audits; and
• Securely destroy or return personal data to the controller at the
end of the agreement.
63. Data sharing agreements cont.
• Consider – are your data sharing agreements compliant?
• If not, contact the data processor and query how they
intend to make the agreement GDPR compliant?
• Seek advice on proposed changes
64. Clauses
•Indemnities
• Consider the new level of fines and the level of
indemnity
•Definitions
• GDPR terminology differs from previous data
protection law and it is likely that amendments will
be required
65. Controlling risk – Article 32
• Article 32 of the GDPR relates to the security of
personal data.
• Taking into account the state of the art, cost of implementation and the
nature, scope context and purposes of processing as well as the risk of
varying likelihood and severity of any breach, data controllers must
implement appropriate technical and organisational measures to ensure a
level of security appropriate to the risk.
• In determining whether a controller has suitable processes in place the
controller should undertake appropriate due diligence of third party
processors to ensure they are satisfied with the third party’s security
measures.
• This may require input from IT managers, consultants and legal advisors.
66. Minimise and pseudonimise
• Specific duty to minimise the processing of personal
data. This may require a full review of the amount of
data currently transferred to processors.
• Pseudonymisation may be preferable when the amount
of data transferred cannot be minimised to ensure that
the data cannot be attributed to a specific data subject
without use of additional information.
68. Expert knowledge
•The EU Article 29 WP Guidance on the DPO provides that
the necessary skills and expertise include:
• expertise in national and European data protection laws and
practices including an in-depth understanding of the GDPR
• understanding of the processing operations carried out
• understanding of information technologies and data security
• knowledge of the business sector and the organisation
• ability to promote a data protection culture within the
organisation
69. DPO Training
• Keeping up to date throughout the role will be
important
• Email updates, webinars, conferences, etc – sign up
to these to show steps in keeping up to date
• Annual refresher training will be required – secure
budget
70. Ongoing Training
General Data Protection Regulation (‘GDPR’)
From 25 May 2018 all public bodies must have a Data Protection Officer (‘DPO’).
The DPO must have ‘expert knowledge’ of both data protection law and practice.
September 2018 – two days – two exams – ongoing updates - £2,500 + VAT
72. Key Steps (1)
1. Information audit – develop Article 30 record of
processing activities, and keep this under review
2. Update policies and privacy notices
3. Ensure processes are in place to comply with data
subjects rights
4. Ensure processes are in place to secure
confidentiality of communications
5. Consider level of resource required – keep this
under regular review
73. Key Steps (2)
•6. Consider whether any DPIAs are required and take steps to
complete these
• 7. Ensure processes are in place to be involved properly and in a
timely manner in data processing activities
• 8. Consider the issue of any conflicts as and when they arise and
whether this requires amendment to your existing role
• 9. Publicise yourself and your role to the organisation
• 10. Notify the ICO of your appointment and contact details
• 11. Keep a regular eye on the development of matters relating to
the GDPR, particularly in the period following implementation
74. Talk to us
Dmitrije Sirovica
T: 0115 976 6238
Dmitrije.sirovica@brownejacobson.com