More Related Content
Similar to Gdpr workshop module_1
Gdpr workshop module_1
- 1.
- 2. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." Table of Contents Overview of GDPR DPA vs GDPR People of Interest Definitions The Rights of Data Subjects Privacy by Design The 6 + 1 principles Compliance Summary
- 3. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." Context This workshop aims to give you background information and practical help to get you started with a focussed plan and pointers for further learning which will identify additional actions We can’t cover all the detail and nuances in this session! There are still shades of grey - understand what it is that GDPR trying to achieve and protect. Consider additional sources of knowledge: free resources, courses, consultants, insurers, legal advice etc.
- 4. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." Context It doesn’t have to be hard – embed privacy by design and everything else should come naturally The work doesn’t stop on the 25th May – it’s about building privacy into our culture and future way of working Having a starting point and a project team is great way of progressing. GDPR applies across your whole organisation – it will never be the job of one individual
- 5. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." PRIVACY Privacy is currently governed in UK mainly by: Data Protection Act 1998 (the “DPA”) – Data Protection. Privacy and the Electronic Communications Regulations 2003 (the “PECR”) – Direct Marketing, use of cookies, use of security of services, traffic data, location data (etc). Notification of personal data breaches within 24 hours by service providers (Telco's & ISPs) Current Legal Framework
- 6. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." What is GDPR? Cornerstone of the vision for a digital economy In effect now. In force May 25th 2018 Reducing barriers to business through facilitating free movement of data throughout the EU Protect rights, privacy and freedoms of natural persons in the EU New EU-wide regulation
- 7. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." GDPR Data Protection Model EU Data Protection Board standardises across the EU Information Commissioner’s Office (ICO) is the UK supervisory authority Written contracts between controllers and processors is now a general requirement Data Controllers have obligations: To ensure that information processed securely and in accordance with GDPR and the rights of data subjects Must only appoint processors who can provide “sufficient guarantees” Processors must: Act only on the documented instructions of a controller Meet the direct responsibilities of GDPR https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulationgdpr/accountability-and-governance/contracts/
- 8. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." What are the geographical boundaries of GDPR Worldwide Organisations providing services into the EU Organisations established in the EU EU Citizens EU
- 9. “Enabling passionate people.Igniting the entrepreneurial spirit. Enjoying the ride." Scope of Compliance GDPR applies to any information that could directly, or indirectly, be personal data and which could identify a data subject (a natural living person) It applies to any information stored, or intended to be stored in a structured filing system – electronic or otherwise There are special considerations for sensitive data Organisations with fewer than 250 employees may be exempt from certain conditions (records of processing), but it may be difficult to identify those organisations!