SlideShare a Scribd company logo

FCE Briefing GDPR and Equal Opportunities Monitoring MAY18

Fife Centre for Equalities
Fife Centre for Equalities

The document discusses how the General Data Protection Regulation (GDPR) affects organizations collecting equal opportunities monitoring data. It states that GDPR allows organizations to continue collecting protected characteristics data for equal opportunities monitoring as it is a legal basis for processing. However, GDPR introduces stricter controls on sensitive personal data to protect privacy and safety. Organizations must establish lawful basis to process equal opportunities data and allow individuals to opt out of having their data processed. Completely anonymized equal opportunities data is not subject to GDPR.

Government & Nonprofit
1 of 7
Download to read offline
Fife Centre for Equalities Equality Briefing: GDPR and Equal Opportunities Monitoring – May 2018
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Key points • GDPR introduces several controls on sensitive data that safeguard the privacy and safety of individual’s personal data. • Information collected on the protected characteristics of service users, staff or volunteers is considered sensitive or ‘special category’ data. • Organisations legitimately can and should continue to monitor protected characteristics data under the GDPR, as Equal Opportunities Monitoring is a legal basis for processing information that is required for compliance with legislation or funding requirements. • Equal Opportunities data collection that is completely anonymised is not subject to GDPR and is recommended as the least resource-intensive practice for meeting monitoring compliance. What is GDPR (briefly)? The GDPR is the General Data Protection Regulation, a European-wide law that replaces the Data Protection Act 1998, which was based on the 1995 European Data Protection Directive and is part of the EU’s body of privacy and human rights law. This comes in place on 25 May 2018. Who does it concern and apply to? GDPR concerns any organisation that collects or processes personal data and requires that records must be maintained when processing, sharing data and also when retaining this data in the longer term. This is what the ICO defines as ‘documentation’ of data processing. It applies to organisations operating within the EU and also organisations outside the EU that offer goods or services to individuals in the EU (e.g. a social media platform providing mail for a Scottish charity). After the UK exits the EU, the GDPR will be enshrined in EU law through the UK’s government Data Protection Bill. In the UK, GDPR is overseen by the Information Commissioner’s Office (ICO) and will have the powers to defend consumer interests and issue fines up to €20 million or 4% of annual global turnover (whichever is higher). There are specific regulations depending on organisation size: • Organisations with 250 or more employees must document all their data processing activities. • Small and medium-sized organisations (i.e. fewer than 250 people) need only document: processing activities that: o are not occasional (e.g. a one-off engagement survey does not need to be recorded, unless it becomes a regular event) Equality Briefing: GDPR and Equal Opportunities Monitoring
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. o could result in a risk to the rights and freedoms of individuals (e.g. profiling of service users for workplace health insurance or public liability insurance quotes): ▪ GDPR L 119/14 (71): “‘profiling’ to analyse or predict aspects concerning the data subject's performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her” o involve special category data or criminal conviction and offence data, i.e Equal Opportunities Monitoring data: ▪ GDPR L 119/14 (71): “the controller should implement … technical and organisational measures that prevents discriminatory effects on natural persons on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such an effect” Equal Opportunities Monitoring: Employees, Job Candidates and Volunteers1 Under the General Data Protection Regulation (GDPR), employers are legally authorised to gather and analyse information about employees for equality monitoring purposes, provided that they have established their legal basis for processing the data. This involves obtaining employees' and job candidates' consent either by a statement or through clear, affirmative action to signify agreement to personal data being processed to monitor Equal Opportunities within the organisation. Note that an employee or job applicant is in their rights to ask an employer to stop processing this data for that purpose by giving written notice. Equal Opportunities Data Monitoring: Service Users Provided that there is no possible way of identifying an individual to whom data relates, the GDPR would not apply. It is therefore recommended as the least resource-intensive practice for meeting basic compliance in equality monitoring. As this is not always possible for services where it is necessary to track individuals, for example casework, or ongoing monitoring of data on promotions or resignations with reference to protected characteristics. Where identification of services users can be carried out directly using the data itself or by combining it with other information. This can be for instance a list of service users with user ID numbers rather than names, along with a separate list of the ID numbers which give the corresponding names to identify the service users in the first 1 More details at XPERTHR trough this link. Equality Briefing: GDPR and Equal Opportunities Monitoring
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. list – in those cases first list also is considered as containing personal data. In those situations, GDPR regulations and principles would apply. New GDPR Terms / Jargon-busting: • ‘controllers’ determine the purposes and means of processing personal data – e.g. as well as large organisations, a charity or a community group can be data controllers • ‘processors’ are responsible for processing personal data on behalf of a controller – e.g. a direct mail company, a third-party fundraiser or a data destruction company, HMRC, FVA Payroll (this also means that staff, volunteers, contractors and temporary staff are not classified as data processors) • ‘personal data’ means any data or information relating to a person who can be identified (directly or indirectly) – for example name, NIN, location data, online identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc. • ‘sensitive personal data’ covers: o racial or ethnic origin; o political opinions; o religious beliefs or beliefs; o membership of a trade union; o physical or mental health condition; o sexual life or orientation; o commission or alleged commission of an offence o biometric or genetic data (e.g. fingerprint payment systems) • ‘data breach’ is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data (i.e. a breach is more than just loss of personal data) Equality Briefing: GDPR and Equal Opportunities Monitoring
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Key GDPR Principles (Article 5): Personal data, for example a person’s name, National Insurance Number, location data, online identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc, needs to be: 1. processed lawfully, fairly and in a transparent manner in relation to individuals; 2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; 3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; 5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; 6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Equality Briefing: GDPR and Equal Opportunities Monitoring
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. References • General Data Protection Regulation (ICO UK) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/ • Frequently Asked Questions about the incoming GDPR (EU GDPR guide) https://www.eugdpr.org/gdpr-faqs.html • GDPR Regulation (EU law) http://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT&from=EN • Freedom of Information Act (UK law) http://www.legislation.gov.uk/ukpga/2000/36/schedule/1 • European handbook on equality data (in depth) http://ec.europa.eu/newsroom/just/document.cfm?action=display&doc_id=432 05 Key Resources • Preparing for the law enforcement requirements (part 3) of the Data Protection Bill: 12 steps to take now https://ico.org.uk/media/for-organisations/documents/2014918/dp-bill-12- steps-infographic.pdf • GDPR Self-assessment (for organisations) (ICO UK) https://ico.org.uk/for-organisations/resources-and-support/data-protection-self- assessment/ • GDPR Lawful basis self-assessment tool (ICO UK) https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for- the-gdpr-resources/lawful-basis-interactive-guidance-tool/ • GDPR FAQs for Charities (ICO UK) https://ico.org.uk/for-organisations/charity/charities-faqs/ o Phone helpline for small businesses and charities: 0303 123 1113 • GDPR A Guide for Charities (CFG) http://thirdsectordumgal.org.uk/wp-content/uploads/2018/02/General-Data- Protection-Regulation-A-guide-for-charities.pdf • GDPR for marketers: The essentials (DMA / DPN /ISBA) https://dma.org.uk/uploads/misc/5a8eea20f3566-gdpr-essentials-for- marketers----an-introduction-to-the-gdpr-amendment-v1_5a8eea20f34aa.pdf Equality Briefing: GDPR and Equal Opportunities Monitoring
Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Contact us: Fife Centre for Equalities New Volunteer House, 16 East Fergus Place, Kirkcaldy, KY1 1XT Telephone: 01592 645 310 Email: info@centreforequalities.org.uk Opening Hours: Monday-Friday, 09:00 – 17:00 Tell us about your community concern online at: https://centreforequalities.org.uk/support-and-advice/community-concerns/ Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) The license is also available in the following languages: Bahasa Indonesia , Deutsch , français , hrvatski , italiano, Nederlands, norsk , polski, suomeksi, svenska, te reo Māori, Türkçe, українська, ‫,اﻟﻌرﺑﯾﺔ‬ 日本語. www.centreforequalities.org.uk Fife Centre for Equalities is a Company Limited by Guarantee, registered in Scotland No. 536028 and registered Scottish Charity No. SC046683. Equality Briefing: GDPR and Equal Opportunities Monitoring

Recommended

Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
Olivier Vandeputte
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?
VILT
 
General data protection regulation GDPR
General data protection regulation GDPRGeneral data protection regulation GDPR
General data protection regulation GDPR
AfraAlZadjali
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
GreenRope
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 

Recommended

Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
Olivier Vandeputte
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?
VILT
 
General data protection regulation GDPR
General data protection regulation GDPRGeneral data protection regulation GDPR
General data protection regulation GDPR
AfraAlZadjali
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
GreenRope
 
Data protection ppt
Data protection pptData protection ppt
Data protection ppt
grahamwell
 
Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
Fahad Ameen
 
Is Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on PrivacyIs Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on Privacy
Giovanni Maria Riccio
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
Krowdthink
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth Boardman
Krowdthink
 
GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright Law
Giovanni Maria Riccio
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popiWerksmans Attorneys
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
Cognizant
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
IBB Law
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
Faidepro
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
m-hance
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
Chris White
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINALImraan Kharwa
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
Richard Goddard
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
MediaPost
 

More Related Content

What's hot

Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Werksmans Attorneys
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
Fahad Ameen
 
Is Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on PrivacyIs Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on Privacy
Giovanni Maria Riccio
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
Krowdthink
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth Boardman
Krowdthink
 
GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright Law
Giovanni Maria Riccio
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
Robert MacLean
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentationOvationsGroup
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
Marketing Team at Crown Worldwide Group
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
Cognizant
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
IBB Law
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
Faidepro
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
m-hance
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
Chris White
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection ActYizi
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
Christo W. Meyer
 

What's hot (20)

Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...Put your left leg in, put your left leg out: the exclusions and exemptions of...
Put your left leg in, put your left leg out: the exclusions and exemptions of...
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
Is Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on PrivacyIs Pandemia a Good Reason to Give Up on Privacy
Is Pandemia a Good Reason to Give Up on Privacy
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
 
The Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech WiewiorowskiThe Privacy Advantage 2016 - Wojciech Wiewiorowski
The Privacy Advantage 2016 - Wojciech Wiewiorowski
 
The Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth BoardmanThe Privacy Advantage 2016 - Ruth Boardman
The Privacy Advantage 2016 - Ruth Boardman
 
GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright Law
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
 
Werksmans presentations on popi
Werksmans presentations on popiWerksmans presentations on popi
Werksmans presentations on popi
 
GDPR infographic
GDPR infographicGDPR infographic
GDPR infographic
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
POPI Seminar FINAL
POPI Seminar FINALPOPI Seminar FINAL
POPI Seminar FINAL
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
Uchi data local presentation 2020
Uchi data local presentation 2020Uchi data local presentation 2020
Uchi data local presentation 2020
 

Similar to FCE Briefing GDPR and Equal Opportunities Monitoring MAY18

GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
Richard Goddard
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
MediaPost
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
MediaPost
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
CILIP Ireland
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
Happiest Minds Technologies
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
WSO2
 
GDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptxGDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptx
pixvilx
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
Ray ABOU
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Rotary International
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
NetworkIQ
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
Len Murphy
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
Harrison Clark Rickerbys
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
RAKESH S
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To Prepare
Winston & Strawn LLP
 
ACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS PresentationACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS Presentation
Stephen H. Baird
 

Similar to FCE Briefing GDPR and Equal Opportunities Monitoring MAY18 (20)

GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
General Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity ArchitectsGeneral Data Protection Regulation (GDPR) for Identity Architects
General Data Protection Regulation (GDPR) for Identity Architects
 
GDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptxGDPRpresentationFeb-Apr2018.pptx
GDPRpresentationFeb-Apr2018.pptx
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPRData Privacy and Data Protection: Rotary’s Compliance with GDPR
Data Privacy and Data Protection: Rotary’s Compliance with GDPR
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
Example Association Internal GDPR Policy
Example Association Internal GDPR PolicyExample Association Internal GDPR Policy
Example Association Internal GDPR Policy
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
 
GDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To PrepareGDPR is Coming, Five Things You Can Do Now To Prepare
GDPR is Coming, Five Things You Can Do Now To Prepare
 
ACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS PresentationACI Europe - GDPR CUPPS Presentation
ACI Europe - GDPR CUPPS Presentation
 

More from Fife Centre for Equalities

Equality in Fife - December 2018
Equality in Fife - December 2018Equality in Fife - December 2018
Equality in Fife - December 2018
Fife Centre for Equalities
 
Equality in Fife - Summer 2018 - Interim report
Equality in Fife - Summer 2018 - Interim reportEquality in Fife - Summer 2018 - Interim report
Equality in Fife - Summer 2018 - Interim report
Fife Centre for Equalities
 
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
Fife Centre for Equalities
 
FCE Brexit Report - September 2017
FCE Brexit Report - September 2017FCE Brexit Report - September 2017
FCE Brexit Report - September 2017
Fife Centre for Equalities
 
FCE Position on Time for Change
FCE Position on Time for ChangeFCE Position on Time for Change
FCE Position on Time for Change
Fife Centre for Equalities
 
Equality in Fife - January 2018
Equality in Fife - January 2018Equality in Fife - January 2018
Equality in Fife - January 2018
Fife Centre for Equalities
 

More from Fife Centre for Equalities (6)

Equality in Fife - December 2018
Equality in Fife - December 2018Equality in Fife - December 2018
Equality in Fife - December 2018
 
Equality in Fife - Summer 2018 - Interim report
Equality in Fife - Summer 2018 - Interim reportEquality in Fife - Summer 2018 - Interim report
Equality in Fife - Summer 2018 - Interim report
 
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
Gender Pay Gap: Reporting, Enforcement and Emerging - Equality Briefing FEB18
 
FCE Brexit Report - September 2017
FCE Brexit Report - September 2017FCE Brexit Report - September 2017
FCE Brexit Report - September 2017
 
FCE Position on Time for Change
FCE Position on Time for ChangeFCE Position on Time for Change
FCE Position on Time for Change
 
Equality in Fife - January 2018
Equality in Fife - January 2018Equality in Fife - January 2018
Equality in Fife - January 2018
 

Recently uploaded

一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
ehbuaw
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
Saeed Al Dhaheri
 
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
ehbuaw
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
Get Government Grants
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
RIDPRO11
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
ukyewh
 
The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
oklahomajudicialproc1
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
850fcj96
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Congressional Budget Office
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
ahcitycouncil
 
Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200
GrantManagementInsti
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
Antti Rautiainen
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
ehbuaw
 
Canadian Immigration Tracker March 2024 - Key Slides
Canadian Immigration Tracker March 2024 - Key SlidesCanadian Immigration Tracker March 2024 - Key Slides
Canadian Immigration Tracker March 2024 - Key Slides
Andrew Griffith
 
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
850fcj96
 
PPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services AgmtPPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services Agmt
ahcitycouncil
 
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) AmendmentPPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
ahcitycouncil
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
SERUDS INDIA
 
Counting Class for Micro Observers 2024.pptx
Counting Class for Micro Observers 2024.pptxCounting Class for Micro Observers 2024.pptx
Counting Class for Micro Observers 2024.pptx
Revenue Department Kerala State
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
ahcitycouncil
 

Recently uploaded (20)

一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
一比一原版(Adelaide毕业证)阿德莱德大学毕业证成绩单
 
ZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdfZGB - The Role of Generative AI in Government transformation.pdf
ZGB - The Role of Generative AI in Government transformation.pdf
 
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
一比一原版(UQ毕业证)昆士兰大学毕业证成绩单
 
Get Government Grants and Assistance Program
Get Government Grants and Assistance ProgramGet Government Grants and Assistance Program
Get Government Grants and Assistance Program
 
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptxPD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
PD-1602-as-amended-by-RA-9287-Anti-Illegal-Gambling-Law.pptx
 
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
一比一原版(QUT毕业证)昆士兰科技大学毕业证成绩单
 
The Role of a Process Server in real estate
The Role of a Process Server in real estateThe Role of a Process Server in real estate
The Role of a Process Server in real estate
 
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
快速制作(ocad毕业证书)加拿大安大略艺术设计学院毕业证本科学历雅思成绩单原版一模一样
 
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
Effects of Extreme Temperatures From Climate Change on the Medicare Populatio...
 
PPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way StopPPT Item # 8 - Tuxedo Columbine 3way Stop
PPT Item # 8 - Tuxedo Columbine 3way Stop
 
Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200Uniform Guidance 3.0 - The New 2 CFR 200
Uniform Guidance 3.0 - The New 2 CFR 200
 
Russian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale warRussian anarchist and anti-war movement in the third year of full-scale war
Russian anarchist and anti-war movement in the third year of full-scale war
 
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
一比一原版(ANU毕业证)澳大利亚国立大学毕业证成绩单
 
Canadian Immigration Tracker March 2024 - Key Slides
Canadian Immigration Tracker March 2024 - Key SlidesCanadian Immigration Tracker March 2024 - Key Slides
Canadian Immigration Tracker March 2024 - Key Slides
 
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
如何办理(uoit毕业证书)加拿大安大略理工大学毕业证文凭证书录取通知原版一模一样
 
PPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services AgmtPPT Item # 7 - BB Inspection Services Agmt
PPT Item # 7 - BB Inspection Services Agmt
 
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) AmendmentPPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
PPT Item # 9 - 2024 Street Maintenance Program(SMP) Amendment
 
Many ways to support street children.pptx
Many ways to support street children.pptxMany ways to support street children.pptx
Many ways to support street children.pptx
 
Counting Class for Micro Observers 2024.pptx
Counting Class for Micro Observers 2024.pptxCounting Class for Micro Observers 2024.pptx
Counting Class for Micro Observers 2024.pptx
 
PPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933FPPT Item # 6 - 7001 Broadway ARB Case # 933F
PPT Item # 6 - 7001 Broadway ARB Case # 933F
 

FCE Briefing GDPR and Equal Opportunities Monitoring MAY18

  • 1. Fife Centre for Equalities Equality Briefing: GDPR and Equal Opportunities Monitoring – May 2018
  • 2. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Key points • GDPR introduces several controls on sensitive data that safeguard the privacy and safety of individual’s personal data. • Information collected on the protected characteristics of service users, staff or volunteers is considered sensitive or ‘special category’ data. • Organisations legitimately can and should continue to monitor protected characteristics data under the GDPR, as Equal Opportunities Monitoring is a legal basis for processing information that is required for compliance with legislation or funding requirements. • Equal Opportunities data collection that is completely anonymised is not subject to GDPR and is recommended as the least resource-intensive practice for meeting monitoring compliance. What is GDPR (briefly)? The GDPR is the General Data Protection Regulation, a European-wide law that replaces the Data Protection Act 1998, which was based on the 1995 European Data Protection Directive and is part of the EU’s body of privacy and human rights law. This comes in place on 25 May 2018. Who does it concern and apply to? GDPR concerns any organisation that collects or processes personal data and requires that records must be maintained when processing, sharing data and also when retaining this data in the longer term. This is what the ICO defines as ‘documentation’ of data processing. It applies to organisations operating within the EU and also organisations outside the EU that offer goods or services to individuals in the EU (e.g. a social media platform providing mail for a Scottish charity). After the UK exits the EU, the GDPR will be enshrined in EU law through the UK’s government Data Protection Bill. In the UK, GDPR is overseen by the Information Commissioner’s Office (ICO) and will have the powers to defend consumer interests and issue fines up to €20 million or 4% of annual global turnover (whichever is higher). There are specific regulations depending on organisation size: • Organisations with 250 or more employees must document all their data processing activities. • Small and medium-sized organisations (i.e. fewer than 250 people) need only document: processing activities that: o are not occasional (e.g. a one-off engagement survey does not need to be recorded, unless it becomes a regular event) Equality Briefing: GDPR and Equal Opportunities Monitoring
  • 3. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. o could result in a risk to the rights and freedoms of individuals (e.g. profiling of service users for workplace health insurance or public liability insurance quotes): ▪ GDPR L 119/14 (71): “‘profiling’ to analyse or predict aspects concerning the data subject's performance at work, economic situation, health, personal preferences or interests, reliability or behaviour, location or movements, where it produces legal effects concerning him or her or similarly significantly affects him or her” o involve special category data or criminal conviction and offence data, i.e Equal Opportunities Monitoring data: ▪ GDPR L 119/14 (71): “the controller should implement … technical and organisational measures that prevents discriminatory effects on natural persons on the basis of racial or ethnic origin, political opinion, religion or beliefs, trade union membership, genetic or health status or sexual orientation, or that result in measures having such an effect” Equal Opportunities Monitoring: Employees, Job Candidates and Volunteers1 Under the General Data Protection Regulation (GDPR), employers are legally authorised to gather and analyse information about employees for equality monitoring purposes, provided that they have established their legal basis for processing the data. This involves obtaining employees' and job candidates' consent either by a statement or through clear, affirmative action to signify agreement to personal data being processed to monitor Equal Opportunities within the organisation. Note that an employee or job applicant is in their rights to ask an employer to stop processing this data for that purpose by giving written notice. Equal Opportunities Data Monitoring: Service Users Provided that there is no possible way of identifying an individual to whom data relates, the GDPR would not apply. It is therefore recommended as the least resource-intensive practice for meeting basic compliance in equality monitoring. As this is not always possible for services where it is necessary to track individuals, for example casework, or ongoing monitoring of data on promotions or resignations with reference to protected characteristics. Where identification of services users can be carried out directly using the data itself or by combining it with other information. This can be for instance a list of service users with user ID numbers rather than names, along with a separate list of the ID numbers which give the corresponding names to identify the service users in the first 1 More details at XPERTHR trough this link. Equality Briefing: GDPR and Equal Opportunities Monitoring
  • 4. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. list – in those cases first list also is considered as containing personal data. In those situations, GDPR regulations and principles would apply. New GDPR Terms / Jargon-busting: • ‘controllers’ determine the purposes and means of processing personal data – e.g. as well as large organisations, a charity or a community group can be data controllers • ‘processors’ are responsible for processing personal data on behalf of a controller – e.g. a direct mail company, a third-party fundraiser or a data destruction company, HMRC, FVA Payroll (this also means that staff, volunteers, contractors and temporary staff are not classified as data processors) • ‘personal data’ means any data or information relating to a person who can be identified (directly or indirectly) – for example name, NIN, location data, online identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc. • ‘sensitive personal data’ covers: o racial or ethnic origin; o political opinions; o religious beliefs or beliefs; o membership of a trade union; o physical or mental health condition; o sexual life or orientation; o commission or alleged commission of an offence o biometric or genetic data (e.g. fingerprint payment systems) • ‘data breach’ is a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data (i.e. a breach is more than just loss of personal data) Equality Briefing: GDPR and Equal Opportunities Monitoring
  • 5. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Key GDPR Principles (Article 5): Personal data, for example a person’s name, National Insurance Number, location data, online identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc, needs to be: 1. processed lawfully, fairly and in a transparent manner in relation to individuals; 2. collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes; further processing for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes shall not be considered to be incompatible with the initial purposes; 3. adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; 4. accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay; 5. kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed; personal data may be stored for longer periods insofar as the personal data will be processed solely for archiving purposes in the public interest, scientific or historical research purposes or statistical purposes subject to implementation of the appropriate technical and organisational measures required by the GDPR in order to safeguard the rights and freedoms of individuals; 6. processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Equality Briefing: GDPR and Equal Opportunities Monitoring
  • 6. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. References • General Data Protection Regulation (ICO UK) https://ico.org.uk/for-organisations/guide-to-the-general-data-protection- regulation-gdpr/ • Frequently Asked Questions about the incoming GDPR (EU GDPR guide) https://www.eugdpr.org/gdpr-faqs.html • GDPR Regulation (EU law) http://eur-lex.europa.eu/legal- content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT&from=EN • Freedom of Information Act (UK law) http://www.legislation.gov.uk/ukpga/2000/36/schedule/1 • European handbook on equality data (in depth) http://ec.europa.eu/newsroom/just/document.cfm?action=display&doc_id=432 05 Key Resources • Preparing for the law enforcement requirements (part 3) of the Data Protection Bill: 12 steps to take now https://ico.org.uk/media/for-organisations/documents/2014918/dp-bill-12- steps-infographic.pdf • GDPR Self-assessment (for organisations) (ICO UK) https://ico.org.uk/for-organisations/resources-and-support/data-protection-self- assessment/ • GDPR Lawful basis self-assessment tool (ICO UK) https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for- the-gdpr-resources/lawful-basis-interactive-guidance-tool/ • GDPR FAQs for Charities (ICO UK) https://ico.org.uk/for-organisations/charity/charities-faqs/ o Phone helpline for small businesses and charities: 0303 123 1113 • GDPR A Guide for Charities (CFG) http://thirdsectordumgal.org.uk/wp-content/uploads/2018/02/General-Data- Protection-Regulation-A-guide-for-charities.pdf • GDPR for marketers: The essentials (DMA / DPN /ISBA) https://dma.org.uk/uploads/misc/5a8eea20f3566-gdpr-essentials-for- marketers----an-introduction-to-the-gdpr-amendment-v1_5a8eea20f34aa.pdf Equality Briefing: GDPR and Equal Opportunities Monitoring
  • 7. Working with Partners and Comunities to make Fife a fair, equal and inclusive place to live, work and study. Contact us: Fife Centre for Equalities New Volunteer House, 16 East Fergus Place, Kirkcaldy, KY1 1XT Telephone: 01592 645 310 Email: info@centreforequalities.org.uk Opening Hours: Monday-Friday, 09:00 – 17:00 Tell us about your community concern online at: https://centreforequalities.org.uk/support-and-advice/community-concerns/ Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) The license is also available in the following languages: Bahasa Indonesia , Deutsch , français , hrvatski , italiano, Nederlands, norsk , polski, suomeksi, svenska, te reo Māori, Türkçe, українська, ‫,اﻟﻌرﺑﯾﺔ‬ 日本語. www.centreforequalities.org.uk Fife Centre for Equalities is a Company Limited by Guarantee, registered in Scotland No. 536028 and registered Scottish Charity No. SC046683. Equality Briefing: GDPR and Equal Opportunities Monitoring