The document discusses how the General Data Protection Regulation (GDPR) affects organizations collecting equal opportunities monitoring data. It states that GDPR allows organizations to continue collecting protected characteristics data for equal opportunities monitoring as it is a legal basis for processing. However, GDPR introduces stricter controls on sensitive personal data to protect privacy and safety. Organizations must establish lawful basis to process equal opportunities data and allow individuals to opt out of having their data processed. Completely anonymized equal opportunities data is not subject to GDPR.
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
The General Data Protection Regulation (GDPR) is a regulation scheduled to be enacted on May 25, 2018. It is designed to protect the privacy and rights of EU citizens, no matter where they are in the world. These slides cover the basics of these regulations and how you can make sure you are EU compliant.
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
Protection of Personal Information Bill (POPI)Robert MacLean
A short presentation that focuses on the proposed POPI law, how it impacts businesses, technology, IT depts & the cloud. It was based on a draft so some aspects may have changed.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
This study provides guidance on some of the most important aspects of the GDPR for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also offers some key practical advice on steps that can ensure compliance with the GDPR.
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward.
PRESENTER
Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
Protection of Personal Information Bill (POPI)Robert MacLean
A short presentation that focuses on the proposed POPI law, how it impacts businesses, technology, IT depts & the cloud. It was based on a draft so some aspects may have changed.
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
Data theft rules and regulations things you should know (pt.1)Faidepro
The IT Act appears to be adequate in regards to data theft, it is insufficient in addressing the minute technical intricacies involved in such a crime, leaving gaps in the law and allowing the perpetrators to get away with it. Since this problem affects more than one country and has international implications, we have briefed the countries that have such law and how it works; Which will be covered in two parts.
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
The General Data Protection Regulation (GDPR) is a regulation by which the European Parliament, The European Council and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU). EU members have until May 2018 to ensure that they are fully compliant with the new regulation. Regardless of Brexit, organisations in the UK that collect and use personal data will need to comply. In this slide deck Iain gives an overview of GDPR, what the requirements mean for charities and what charities need to consider to be compliant
This study provides guidance on some of the most important aspects of the GDPR for companies outside the EU and describes some of its key implications with regards to organisational IT and governance. It also offers some key practical advice on steps that can ensure compliance with the GDPR.
“Data localisation or data residency laws require data about a nations' citizens or residents be collected, processed, and/or stored inside the country, often before being transferred internationally, and usually transferred only after meeting local privacy or data protection laws, such as giving the user notice of how the information will be used and obtaining their consent.” - Wikipedia
On 25 May 2018, the EU’s General Data Protection Regulation
(GDPR) came into effect and applies to all businesses – regardless of size - operating in the U.K., as well as all businesses outside the EU that collect or process the data of EU citizens and residents.
The purpose of this document is threefold:
1: Introduce the GDPR and highlight key pieces of the legislation
that should be front-of-mind for business owners
2: Lay out a path for businesses to follow to ensure compliance
by May 2018
3: Address questions put forward by businesses that completed
our GDPR survey
The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward.
PRESENTER
Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel
GDPR Is Coming – Are Search Marketers Ready?MediaPost
The EU’s General Data Protection Regulation (GDPR) is the most significant change to consumer privacy laws in decades and the enforcement date is approximately 1 month away. The standards for data collection and use in the EU will significantly differ from those in the United States. This session will breakdown the differences and discuss methods for compliance going forward.
PRESENTER
Gary Kibel, Partner, Davis & Gilbert LLP @GaryKibel
European government in 2016 adopted General Data Protection Regulation (GDPR) and was
put into effect on May 25, 2018, replacing the 1995’s Data Protection Directive to protect the
personal information of EU citizens. GDPR aims to govern personal data processing and ensure
processing is fair and lawful. It is also designed to emphasize the fundamental right to privacy.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
As stewards of personal data for more than 1.2 million Rotarians and friends of Rotary worldwide, Rotary takes data privacy and protection seriously. To ensure compliance with the European Union's new privacy law, the General Data Protection Regulation (GDPR), we will apply these standards globally. Find out more about these efforts and how they affect data privacy and protection for Rotary.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
Example Association Internal GDPR PolicyLen Murphy
Example Association Internal GDPR Policy. This example policy contains citations to the Articles and Recitals in the European Union's General Data Protection Regulation. The example contains references to other resources that will help drafters design their own policies while being able to examine the precise wording of the law and helpful reference sources.
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
A proposal for a common standard approach to GDPR compliance by airports. Presented to the Airports Council International (ACI) - Europe, Malta Conference, October 2018
Similar to FCE Briefing GDPR and Equal Opportunities Monitoring MAY18 (20)
This document is designed to assist organisations of any sector in their commitment to promoting equality of opportunity and more importantly to fulfil their responsibilities under the Equality Act 2010, which passed into law on 1 October 2010.
The Act brings together over 116 separate pieces of legislation into one single Act that provides a consistent legal framework to protect the rights of individuals and advance equality of opportunity for all.
Public, private or voluntary organisations receiving public funding and/or carrying out public functions1 are further subject to the general equality duty and must have due regard to the need to:
• Eliminate unlawful discrimination, harassment and victimisation and other conduct prohibited by the Act.
• Advance equality of opportunity between people who share a protected characteristic and those who do not.
• Foster good relations between people who share a protected characteristic and those who do not.
‘Due regard’ involves a range of actions such as:
• Removing or minimising disadvantages suffered by people due to their protected characteristics.
• Taking steps to meet the needs of people from protected groups where these are different from the needs of other people.
• Encouraging people from protected groups to participate in public life or in other activities where their participation is disproportionately low.
This document is designed to assist organisations of any sector in their commitment to promoting equality of opportunity and more importantly to fulfil their responsibilities under the Equality Act 2010, which passed into law on 1 October 2010.
The following report outlines the process and findings Fife Centre for Equalities took to collect concerns that Brexit may have on communities on behalf of Fife Council.
It was agreed we would seek the opinions of 60 residents of Fife through who were concerned or wishing to share their views about Brexit. The conversations began in June 2017 and were themed around:
• Education
• Employment/business
• Welfare/Benefits
• Right to remain
• Hate crime
• Any other concerns
This summary report contains an overview of the detailed consultation data provided and identification of key themes and concerns. We identified the concerns below to be recurring and shared across interviewees:
Education: the lessening of educational and career outcomes and opportunities for future generations.
Economy: the negative impacts of losing low-paid EU workers staff and the European financial assistance to farming communities.
Welfare: No direct links were drawn between Brexit and financial risk, those were instead associated with the wider Welfare Reform agenda that is seen to impact both UK as well as EU nationals.
Hate crime / Hate incidents: concerns about hate / racist speech content becoming more prevalent (i.e. everyday conversations, as well as media/news stories), mainly as islamophobia rather than anti-EU / Brexit related; but otherwise no changes in perception in hate crimes
Fife Centre for Equalities position on Social Mobility and the Time for Change consultation. This is in parallel with on-going work on the inclusion of the socio-economic duty in the Equality Act 2010.
This document is designed to assist organisations of any sector in their commitment to promoting equality of opportunity and more importantly to fulfil their responsibilities under the Equality Act 2010, which passed into law on 1 October 2010. This Act brings together over 116 separate pieces of legislation into one single Act that provides a consistent legal framework to protect the rights of individuals and advance equality of opportunity for all.
ZGB - The Role of Generative AI in Government transformation.pdfSaeed Al Dhaheri
This keynote was presented during the the 7th edition of the UAE Hackathon 2024. It highlights the role of AI and Generative AI in addressing government transformation to achieve zero government bureaucracy
A process server is a authorized person for delivering legal documents, such as summons, complaints, subpoenas, and other court papers, to peoples involved in legal proceedings.
Presentation by Jared Jageler, David Adler, Noelia Duchovny, and Evan Herrnstadt, analysts in CBO’s Microeconomic Studies and Health Analysis Divisions, at the Association of Environmental and Resource Economists Summer Conference.
This session provides a comprehensive overview of the latest updates to the Uniform Administrative Requirements, Cost Principles, and Audit Requirements for Federal Awards (commonly known as the Uniform Guidance) outlined in the 2 CFR 200.
With a focus on the 2024 revisions issued by the Office of Management and Budget (OMB), participants will gain insight into the key changes affecting federal grant recipients. The session will delve into critical regulatory updates, providing attendees with the knowledge and tools necessary to navigate and comply with the evolving landscape of federal grant management.
Learning Objectives:
- Understand the rationale behind the 2024 updates to the Uniform Guidance outlined in 2 CFR 200, and their implications for federal grant recipients.
- Identify the key changes and revisions introduced by the Office of Management and Budget (OMB) in the 2024 edition of 2 CFR 200.
- Gain proficiency in applying the updated regulations to ensure compliance with federal grant requirements and avoid potential audit findings.
- Develop strategies for effectively implementing the new guidelines within the grant management processes of their respective organizations, fostering efficiency and accountability in federal grant administration.
Russian anarchist and anti-war movement in the third year of full-scale warAntti Rautiainen
Anarchist group ANA Regensburg hosted my online-presentation on 16th of May 2024, in which I discussed tactics of anti-war activism in Russia, and reasons why the anti-war movement has not been able to make an impact to change the course of events yet. Cases of anarchists repressed for anti-war activities are presented, as well as strategies of support for political prisoners, and modest successes in supporting their struggles.
Thumbnail picture is by MediaZona, you may read their report on anti-war arson attacks in Russia here: https://en.zona.media/article/2022/10/13/burn-map
Links:
Autonomous Action
http://Avtonom.org
Anarchist Black Cross Moscow
http://Avtonom.org/abc
Solidarity Zone
https://t.me/solidarity_zone
Memorial
https://memopzk.org/, https://t.me/pzk_memorial
OVD-Info
https://en.ovdinfo.org/antiwar-ovd-info-guide
RosUznik
https://rosuznik.org/
Uznik Online
http://uznikonline.tilda.ws/
Russian Reader
https://therussianreader.com/
ABC Irkutsk
https://abc38.noblogs.org/
Send mail to prisoners from abroad:
http://Prisonmail.online
YouTube: https://youtu.be/c5nSOdU48O8
Spotify: https://podcasters.spotify.com/pod/show/libertarianlifecoach/episodes/Russian-anarchist-and-anti-war-movement-in-the-third-year-of-full-scale-war-e2k8ai4
Canadian Immigration Tracker March 2024 - Key SlidesAndrew Griffith
Highlights
Permanent Residents decrease along with percentage of TR2PR decline to 52 percent of all Permanent Residents.
March asylum claim data not issued as of May 27 (unusually late). Irregular arrivals remain very small.
Study permit applications experiencing sharp decrease as a result of announced caps over 50 percent compared to February.
Citizenship numbers remain stable.
Slide 3 has the overall numbers and change.
Many ways to support street children.pptxSERUDS INDIA
By raising awareness, providing support, advocating for change, and offering assistance to children in need, individuals can play a crucial role in improving the lives of street children and helping them realize their full potential
Donate Us
https://serudsindia.org/how-individuals-can-support-street-children-in-india/
#donatefororphan, #donateforhomelesschildren, #childeducation, #ngochildeducation, #donateforeducation, #donationforchildeducation, #sponsorforpoorchild, #sponsororphanage #sponsororphanchild, #donation, #education, #charity, #educationforchild, #seruds, #kurnool, #joyhome
FCE Briefing GDPR and Equal Opportunities Monitoring MAY18
1. Fife Centre for Equalities
Equality Briefing:
GDPR and Equal Opportunities Monitoring – May 2018
2. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
Key points
• GDPR introduces several controls on sensitive data that safeguard the privacy
and safety of individual’s personal data.
• Information collected on the protected characteristics of service users, staff or
volunteers is considered sensitive or ‘special category’ data.
• Organisations legitimately can and should continue to monitor protected
characteristics data under the GDPR, as Equal Opportunities Monitoring is a
legal basis for processing information that is required for compliance with
legislation or funding requirements.
• Equal Opportunities data collection that is completely anonymised is not subject
to GDPR and is recommended as the least resource-intensive practice for
meeting monitoring compliance.
What is GDPR (briefly)?
The GDPR is the General Data Protection Regulation, a European-wide law that
replaces the Data Protection Act 1998, which was based on the 1995 European Data
Protection Directive and is part of the EU’s body of privacy and human rights
law. This comes in place on 25 May 2018.
Who does it concern and apply to?
GDPR concerns any organisation that collects or processes personal data and
requires that records must be maintained when processing, sharing data and also
when retaining this data in the longer term. This is what the ICO defines as
‘documentation’ of data processing.
It applies to organisations operating within the EU and also organisations outside
the EU that offer goods or services to individuals in the EU (e.g. a social media
platform providing mail for a Scottish charity). After the UK exits the EU, the GDPR
will be enshrined in EU law through the UK’s government Data Protection Bill.
In the UK, GDPR is overseen by the Information Commissioner’s Office (ICO) and
will have the powers to defend consumer interests and issue fines up to €20 million
or 4% of annual global turnover (whichever is higher). There are specific regulations
depending on organisation size:
• Organisations with 250 or more employees must document all their data
processing activities.
• Small and medium-sized organisations (i.e. fewer than 250 people) need only
document: processing activities that:
o are not occasional (e.g. a one-off engagement survey does not need to be
recorded, unless it becomes a regular event)
Equality Briefing: GDPR and Equal Opportunities Monitoring
3. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
o could result in a risk to the rights and freedoms of individuals (e.g. profiling of
service users for workplace health insurance or public liability insurance
quotes):
▪ GDPR L 119/14 (71): “‘profiling’ to analyse or predict aspects
concerning the data subject's performance at work, economic
situation, health, personal preferences or interests, reliability or
behaviour, location or movements, where it produces legal effects
concerning him or her or similarly significantly affects him or her”
o involve special category data or criminal conviction and offence data, i.e
Equal Opportunities Monitoring data:
▪ GDPR L 119/14 (71): “the controller should implement … technical and
organisational measures that prevents discriminatory effects on natural
persons on the basis of racial or ethnic origin, political opinion, religion
or beliefs, trade union membership, genetic or health status or sexual
orientation, or that result in measures having such an effect”
Equal Opportunities Monitoring: Employees, Job Candidates and Volunteers1
Under the General Data Protection Regulation (GDPR), employers are legally
authorised to gather and analyse information about employees for equality
monitoring purposes, provided that they have established their legal basis for
processing the data.
This involves obtaining employees' and job candidates' consent either by a
statement or through clear, affirmative action to signify agreement to personal data
being processed to monitor Equal Opportunities within the organisation.
Note that an employee or job applicant is in their rights to ask an employer to stop
processing this data for that purpose by giving written notice.
Equal Opportunities Data Monitoring: Service Users
Provided that there is no possible way of identifying an individual to whom data
relates, the GDPR would not apply. It is therefore recommended as the least
resource-intensive practice for meeting basic compliance in equality monitoring.
As this is not always possible for services where it is necessary to track individuals,
for example casework, or ongoing monitoring of data on promotions or resignations
with reference to protected characteristics.
Where identification of services users can be carried out directly using the data itself
or by combining it with other information. This can be for instance a list of service
users with user ID numbers rather than names, along with a separate list of the ID
numbers which give the corresponding names to identify the service users in the first
1 More details at XPERTHR trough this link.
Equality Briefing: GDPR and Equal Opportunities Monitoring
4. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
list – in those cases first list also is considered as containing personal data. In those
situations, GDPR regulations and principles would apply.
New GDPR Terms / Jargon-busting:
• ‘controllers’ determine the purposes and means of processing personal data –
e.g. as well as large organisations, a charity or a community group can be data
controllers
• ‘processors’ are responsible for processing personal data on behalf of a
controller – e.g. a direct mail company, a third-party fundraiser or a data
destruction company, HMRC, FVA Payroll (this also means that staff, volunteers,
contractors and temporary staff are not classified as data processors)
• ‘personal data’ means any data or information relating to a person who can be
identified (directly or indirectly) – for example name, NIN, location data, online
identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc.
• ‘sensitive personal data’ covers:
o racial or ethnic origin;
o political opinions;
o religious beliefs or beliefs;
o membership of a trade union;
o physical or mental health condition;
o sexual life or orientation;
o commission or alleged commission of an offence
o biometric or genetic data (e.g. fingerprint payment systems)
• ‘data breach’ is a breach of security leading to the destruction, loss, alteration,
unauthorised disclosure of, or access to, personal data (i.e. a breach is more
than just loss of personal data)
Equality Briefing: GDPR and Equal Opportunities Monitoring
5. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
Key GDPR Principles (Article 5):
Personal data, for example a person’s name, National Insurance Number, location
data, online identifier, IP addresses (e.g. Mailchimp), Facebook tracking etc, needs
to be:
1. processed lawfully, fairly and in a transparent manner in relation to
individuals;
2. collected for specified, explicit and legitimate purposes and not further
processed in a manner that is incompatible with those purposes; further
processing for archiving purposes in the public interest, scientific or historical
research purposes or statistical purposes shall not be considered to be
incompatible with the initial purposes;
3. adequate, relevant and limited to what is necessary in relation to the
purposes for which they are processed;
4. accurate and, where necessary, kept up to date; every reasonable step must
be taken to ensure that personal data that are inaccurate, having regard to
the purposes for which they are processed, are erased or rectified without
delay;
5. kept in a form which permits identification of data subjects for no longer than
is necessary for the purposes for which the personal data are processed;
personal data may be stored for longer periods insofar as the personal data
will be processed solely for archiving purposes in the public interest, scientific
or historical research purposes or statistical purposes subject to
implementation of the appropriate technical and organisational measures
required by the GDPR in order to safeguard the rights and freedoms of
individuals;
6. processed in a manner that ensures appropriate security of the personal
data, including protection against unauthorised or unlawful processing and
against accidental loss, destruction or damage, using appropriate technical or
organisational measures.
Equality Briefing: GDPR and Equal Opportunities Monitoring
6. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
References
• General Data Protection Regulation (ICO UK)
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-
regulation-gdpr/
• Frequently Asked Questions about the incoming GDPR (EU GDPR guide)
https://www.eugdpr.org/gdpr-faqs.html
• GDPR Regulation (EU law)
http://eur-lex.europa.eu/legal-
content/EN/TXT/PDF/?uri=CONSIL:ST_5419_2016_INIT&from=EN
• Freedom of Information Act (UK law)
http://www.legislation.gov.uk/ukpga/2000/36/schedule/1
• European handbook on equality data (in depth)
http://ec.europa.eu/newsroom/just/document.cfm?action=display&doc_id=432
05
Key Resources
• Preparing for the law enforcement requirements (part 3) of the Data
Protection Bill: 12 steps to take now
https://ico.org.uk/media/for-organisations/documents/2014918/dp-bill-12-
steps-infographic.pdf
• GDPR Self-assessment (for organisations) (ICO UK)
https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-
assessment/
• GDPR Lawful basis self-assessment tool (ICO UK)
https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-
the-gdpr-resources/lawful-basis-interactive-guidance-tool/
• GDPR FAQs for Charities (ICO UK)
https://ico.org.uk/for-organisations/charity/charities-faqs/
o Phone helpline for small businesses and charities: 0303 123 1113
• GDPR A Guide for Charities (CFG)
http://thirdsectordumgal.org.uk/wp-content/uploads/2018/02/General-Data-
Protection-Regulation-A-guide-for-charities.pdf
• GDPR for marketers: The essentials (DMA / DPN /ISBA)
https://dma.org.uk/uploads/misc/5a8eea20f3566-gdpr-essentials-for-
marketers----an-introduction-to-the-gdpr-amendment-v1_5a8eea20f34aa.pdf
Equality Briefing: GDPR and Equal Opportunities Monitoring
7. Working with Partners and Comunities to make Fife a fair,
equal and inclusive place to live, work and study.
Contact us:
Fife Centre for Equalities
New Volunteer House, 16 East Fergus Place, Kirkcaldy, KY1 1XT
Telephone: 01592 645 310
Email: info@centreforequalities.org.uk
Opening Hours:
Monday-Friday, 09:00 – 17:00
Tell us about your community concern online at:
https://centreforequalities.org.uk/support-and-advice/community-concerns/
Attribution-NonCommercial 4.0 International (CC BY-NC 4.0)
The license is also available in the following languages:
Bahasa Indonesia , Deutsch , français , hrvatski , italiano, Nederlands, norsk , polski,
suomeksi, svenska, te reo Māori, Türkçe, українська, ,اﻟﻌرﺑﯾﺔ 日本語.
www.centreforequalities.org.uk
Fife Centre for Equalities is a Company Limited by Guarantee, registered in Scotland
No. 536028 and registered Scottish Charity No. SC046683.
Equality Briefing: GDPR and Equal Opportunities Monitoring