SlideShare a Scribd company logo

Managing Data Protection guide powerpoint presentation

Download as PPTX, PDF
S
silvereyez11

DATA PROTECTION

Technology
1 of 33
1 Managing Data Protection By 1. Mrs Pravina Dodah (Data Protection Officer/Senior Data Protection Officer) 2. Mrs Rushda Goburdhun(Data Protection Officer/ Senior Data Protection Officer) 5th April 2017
2 DATA PROTECTION OFFICE (DPO) The DPO, under the aegis of the Ministry of Technology, Communication and Innovation enforces the Data Protection Act. Mission of DPO Safeguard the privacy rights of all individuals with regard to the processing of their personal data.
3 DATA PROTECTION ACT (DPA) 2004 AN ACT To provide for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals.
4 THE MAIN ELEMENTS OF THE ACT The Data Protection Act contains 8 parts namely: I. Preliminary – Definitions etc II. Data Protection Office III. Powers of Commissioner IV. Obligation on Data Controllers V. The Data Protection Register VI. Rights of Data Subjects VII. Exemptions VIII. Miscellaneous
5 DEFINITIONS Personal Data means – a) data which relate to an individual who can be identified from those data; b) data or other information, including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion;
6 EXAMPLES OF PERSONAL DATA Employee Non – Employee Name Surname Residential Address Telephone Number ID Card Bank Account Number Clients  Name, Address, Contact Details, ID Card Suppliers  Address, Email, Phone Contractors Phone, Email, Contact Person
7 DEFINITIONS (cont.) Sensitive Personal Data: Sensitive Personal Data Racial / Ethnic Origin Political Opinion / Adherence Religious / Similar Belief Membership to Trade Union Physical / Mental Health Sexual Preferences / Practices Criminal Convictions
8 DEFINITIONS (cont.) Processing means any operation or set of operations which is performed on the data wholly or partly by automatic means, or otherwise than by automatic means, and includes – • collecting, organising or altering the data; retrieving, consulting, using, storing or adapting the data; • disclosing the data by transmitting, disseminating or otherwise making it available; or • aligning, combining, blocking, erasing or destroying the data;
9 DEFINITIONS (cont.) Data Controller means a person who, either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed. e.g. Mammouth Trading CO Ltd is a data controller since it processes employee and non employee data.
10 FUNCTIONS OF THE DPO • REGISTRATION OF DATA CONTROLLERS IN MAURITIUS I • INVESTIGATION OF COMPLAINTS II • CONDUCT PERIODICAL COMPLIANCE AUDITS III • SENSITISATION IV • EXERCISE CONTROL ON ALL DATA PROTECTION ISSUES V • RESEARCH ON DATA PROCESSING AND COMPUTER TECHNOLOGY VI
11 8 DATA PROTECTION PRINCIPLES  Principle 1: Fairness Personal data must be collected and used fairly and lawfully.  Principle 2: Transparency Personal data must be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.  Principle 3: Quantity Personal data must be adequate, relevant, and not excessive in relation to the purpose for which they are processed.  Principle 4: Accuracy Personal data must be accurate and, where necessary, up to date.
12 8 DATA PROTECTION PRINCIPLES  Principle 5: Time limit Personal data must not be kept for longer than necessary.  Principle 6: Individuals’ rights Personal data shall be processed in accordance with the rights of data subjects.  Principle 7: Security Appropriate security measures must be implemented to prevent personal data being accidentally or deliberately compromised.  Principle 8: International transfers Personal data shall not be transferred to another country unless that country ensures an adequate level of protection for the rights of data subjects in relation to processing of personal data.
13 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Identify a data protection lead It is good practice to identify a person or department responsible for developing, implementing and monitoring the data protection policy.
14 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Awareness of security measures Section 27(2) of DPA An organisation must take all reasonable steps to ensure that any person employed by him is aware of and complies with the relevant security measures.
15 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Registration/Renewal as Data Controller Section 33(2) & Section (34) - A data controller must register with the Data Protection Office for all personal data being processed. Section 38 - Registration should be renewed annually.
16 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Data Quality and Accuracy An organisation should regularly review information to identify when to correct inaccurate records and remove irrelevant ones.
17 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy notices To ensure that the processing of data is fair, it is a good practice to include privacy notices on an organisation’s website and any other forms that is used to collect data. These notices should clearly explain the reasons for using the data, including any disclosures. Example: All details provided on this form will remain strictly confidential and will be kept and processed only for [purpose/s] as specified by the company and in accordance with Data Protection Act 2004. Your information may be shared with [list of parties] for the following purposes [list of purposes].
18 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy notices It is good to mention here that in case an organisation wants to use personal data in a manner different to its privacy notice, then prior consent to use or disclose personal data is required from the data subject unless the exceptions listed under section 24(2) of the DPA applies where an organisation can proceed without prior consent.
19 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Exceptions from Consent Section 24(2) of DPA (2) ……. personal data may be processed without obtaining the express consent of the data subject where the processing is necessary - (a) for the performance of a contract to which the data subject is a party; (b) in order to take steps required by the data subject prior to entering into a contract; (c) in order to protect the vital interests of the data subject; (d) for compliance with any legal obligation to which the data controller is subject; (da) for the purpose of making use of a unique identification number to facilitate sharing information and avoid multiple registrations among public sector agencies; (e) for the administration of justice; or (f) in the public interest.
20 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Retention and Disposal The fifth principle of the DPA requires that personal data should not be kept for longer than necessary. It is important to note that the DPA does not set any time limit to retain data. The onus lies on the data controller to determine the time retention based on the purpose for which data is being kept and in accordance with other laws such as Employment Rights Act, Income Tax Act, Banking Act, National Archives Act etc..
21 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Access Request Rights The sixth principle of the DPA requires that  personal data is processed in accordance with individual rights.  Under section 41 of the DPA, a data subject has the right of access to information that the organisation holds about him/her. An individual can make a written request to see and obtain a copy of his/her information being held upon payment of the prescribed fee to the organisation. You should therefore have a process in place to recognise and respond to requests within statutory timescales.
22 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Exemptions from Data Access Request There are ‘exemptions’ within the DPA (S43) which may allow a data controller to refuse to comply with a data subject’s access request in certain circumstances. For example: - if there is not enough evidence to identify the individual. - if it is an offence under any other enactment to provide the personal information. - if the information is confidential and concerns the data subject’s health, education and work. - if it concerns data for another individual
23 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Security Policy The seventh principle of the DPA requires that personal data is protected by appropriate security measures. Before you can decide what level of security is right for your business, you will need to assess the risks to the personal data you hold and choose the security measures that are appropriate to your needs.
24 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Transfer of Data Abroad As per section 31(1) of the DPA, no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to another country. Organisation must fill and submit to the Data Protection Office the ‘Transfer of Personal Data Form’ available on http://dataprotection.govmu.org.
25 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy Impact Assessments Build in privacy considerations at the start of projects or initiatives that involve the processing of personal data. Thinking about privacy early on will reduce risks and avoid costly changes at a later date. DPO web application to assess your organisation's compliance status with the Data Protection Act 2004: http://dataprotection.govmu.org/English/Publications/ Pages/Privacy-Compliance-Assessment.aspx Guideline: http://dataprotection.govmu.org/English/Documents/ Publications/Guidelines/DPO_Vol6_PrivacyImpactAs sessment.pdf
26 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Disclosure of Information An organisation must ensure that personal information in its possession is not disclosed in any manner incompatible with the purposes for which such data has been collected, which is an offence under section 29 of the Data Protection Act. The principle is that the prior consent from the concerned data subject should be obtained before any disclosure is made, unless you fall under the exceptions of section 24(2) of the DPA.
27 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Data Sharing ‘Data sharing’ refers to sharing of data within an organisation or sharing of data from one or more organisation to other organisation(s) If you are sharing client data, the DPA will apply. Consent of client is required before any data sharing takes place unless you fall under the exceptions of 24(2) or 25(2) of the DPA.
28 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? CCTV at Work Data collected by the CCTV cameras is under the responsibility of the data controller and therefore the data controller is required to comply with the Data Protection Act for the collection of personal data. CCTV Images should be captured only within the premises of the company. A sign at all entrances should be displayed to specify:  the purpose/s for which the surveillance is being carried out,  the identity of the organisation,  the contact details of the organisation
29 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? CCTV at Work (cntd.) A Guide titled ‘Vol 5 –Guidelines to regulate The Processing of Personal Data by Video Surveillance Systems’ is available on the Data Protection Office website (http://dataprotection.govmu.org/English/Do cuments/Publications/Guidelines/Guidvol5v 3.pdf) under publications.
30 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Fingerprint for attendance purposes Requires consent of workers. However, under sections 24 and 25 of the DPA, consent is not required where the data controller is able to show that it falls under the exemptions of section 24(2) or 25(2). In case consent is obtained, the organisation can continue using the Fingerprint system. In case no consent is received, alternative (less intrusive)methods for recording attendance must be provided.
31 OFFENCES AND PENALTIES Subject to Section 61 of the DPA, any person who contravenes this ACT shall commit an offence. Where no specific penalty is provided for an offence, the person shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.
32 Resources The Data Protection Act 2004 http://dataprotection.govmu.org/English/L egislation/Pages/Data-Protection-Act- 2004.aspx The Data Protection website http://dataprotection.govmu.org/English/P ages/default.asp  Guidelines http://dataprotection.govmu.org/English/P ages/Guidelines/Publications--- Guidelines.aspx
33 THANK YOU!

Recommended

Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Jon Rathbone
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
Development & GDPR (v2)
Development & GDPR (v2)Development & GDPR (v2)
Development & GDPR (v2)Andrea Tino
 

Recommended

Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Gdpr powerpoint 15.01.18
Gdpr powerpoint 15.01.18Jon Rathbone
 
Digital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsDigital Personal Data Protection (DPDP) Practical Approach For CISOs
Digital Personal Data Protection (DPDP) Practical Approach For CISOsPriyanka Aash
 
UAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfUAE-Personal-Data-Protection-Law.pdf
UAE-Personal-Data-Protection-Law.pdfDaviesParker
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
PERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxPERSONAL-DATA-PROTECTION-BILL-2018.pptx
PERSONAL-DATA-PROTECTION-BILL-2018.pptxssuser36d167
 
Development & GDPR (v2)
Development & GDPR (v2)Development & GDPR (v2)
Development & GDPR (v2)Andrea Tino
 
Development & GDPR
Development & GDPRDevelopment & GDPR
Development & GDPRAndrea Tino
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.Liviu Claudiu Cismaru
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
GDPR
GDPRGDPR
GDPRGopi PD
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
GDPR and API Security
GDPR and API SecurityGDPR and API Security
GDPR and API SecurityWSO2
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfkiruthigajawahar6
 
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxnull - The Open Security Community
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

More Related Content

Similar to Managing Data Protection guide powerpoint presentation

Development & GDPR
Development & GDPRDevelopment & GDPR
Development & GDPRAndrea Tino
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_indiaAltacit Global
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018ProColombia
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxJaeKim165097
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
GDPR and API Security
GDPR and API SecurityGDPR and API Security
GDPR and API SecurityWSO2
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulationGreg Ezeilo
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfkiruthigajawahar6
 
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Vishnu Kesarwani
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologiessidra batool
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014UsmanMAmeer
 

Similar to Managing Data Protection guide powerpoint presentation (20)

Development & GDPR
Development & GDPRDevelopment & GDPR
Development & GDPR
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Data protection in_india
Data protection in_indiaData protection in_india
Data protection in_india
 
Regulatory compliance 2018
Regulatory compliance 2018Regulatory compliance 2018
Regulatory compliance 2018
 
DATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptxDATA-PRIVACY-ACT.pptx
DATA-PRIVACY-ACT.pptx
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
GDPR
GDPRGDPR
GDPR
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
GDPR and API Security
GDPR and API SecurityGDPR and API Security
GDPR and API Security
 
Data protection regulation
Data protection regulationData protection regulation
Data protection regulation
 
Part 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdfPart 3 - Data Protection Principles.pdf
Part 3 - Data Protection Principles.pdf
 
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
Notification By Data Controllers Under The Data Protection Act, 1998 (Uk)
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Personal privacy and computer technologies
Personal privacy and computer technologiesPersonal privacy and computer technologies
Personal privacy and computer technologies
 
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
OVERVIEW OF NIGERIA DATA PROTECTION ACT 2014
 

Recently uploaded

Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 

Recently uploaded (20)

E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 

Managing Data Protection guide powerpoint presentation

  • 1. 1 Managing Data Protection By 1. Mrs Pravina Dodah (Data Protection Officer/Senior Data Protection Officer) 2. Mrs Rushda Goburdhun(Data Protection Officer/ Senior Data Protection Officer) 5th April 2017
  • 2. 2 DATA PROTECTION OFFICE (DPO) The DPO, under the aegis of the Ministry of Technology, Communication and Innovation enforces the Data Protection Act. Mission of DPO Safeguard the privacy rights of all individuals with regard to the processing of their personal data.
  • 3. 3 DATA PROTECTION ACT (DPA) 2004 AN ACT To provide for the protection of the privacy rights of individuals in view of the developments in the techniques used to capture, transmit, manipulate, record or store data relating to individuals.
  • 4. 4 THE MAIN ELEMENTS OF THE ACT The Data Protection Act contains 8 parts namely: I. Preliminary – Definitions etc II. Data Protection Office III. Powers of Commissioner IV. Obligation on Data Controllers V. The Data Protection Register VI. Rights of Data Subjects VII. Exemptions VIII. Miscellaneous
  • 5. 5 DEFINITIONS Personal Data means – a) data which relate to an individual who can be identified from those data; b) data or other information, including an opinion forming part of a database, whether or not recorded in a material form, about an individual whose identity is apparent or can reasonably be ascertained from the data, information or opinion;
  • 6. 6 EXAMPLES OF PERSONAL DATA Employee Non – Employee Name Surname Residential Address Telephone Number ID Card Bank Account Number Clients  Name, Address, Contact Details, ID Card Suppliers  Address, Email, Phone Contractors Phone, Email, Contact Person
  • 7. 7 DEFINITIONS (cont.) Sensitive Personal Data: Sensitive Personal Data Racial / Ethnic Origin Political Opinion / Adherence Religious / Similar Belief Membership to Trade Union Physical / Mental Health Sexual Preferences / Practices Criminal Convictions
  • 8. 8 DEFINITIONS (cont.) Processing means any operation or set of operations which is performed on the data wholly or partly by automatic means, or otherwise than by automatic means, and includes – • collecting, organising or altering the data; retrieving, consulting, using, storing or adapting the data; • disclosing the data by transmitting, disseminating or otherwise making it available; or • aligning, combining, blocking, erasing or destroying the data;
  • 9. 9 DEFINITIONS (cont.) Data Controller means a person who, either alone or jointly with any other person, makes a decision with regard to the purposes for which and in the manner in which any personal data are, or are to be, processed. e.g. Mammouth Trading CO Ltd is a data controller since it processes employee and non employee data.
  • 10. 10 FUNCTIONS OF THE DPO • REGISTRATION OF DATA CONTROLLERS IN MAURITIUS I • INVESTIGATION OF COMPLAINTS II • CONDUCT PERIODICAL COMPLIANCE AUDITS III • SENSITISATION IV • EXERCISE CONTROL ON ALL DATA PROTECTION ISSUES V • RESEARCH ON DATA PROCESSING AND COMPUTER TECHNOLOGY VI
  • 11. 11 8 DATA PROTECTION PRINCIPLES  Principle 1: Fairness Personal data must be collected and used fairly and lawfully.  Principle 2: Transparency Personal data must be obtained only for any specified and lawful purpose, and shall not be further processed in any manner incompatible with that purpose.  Principle 3: Quantity Personal data must be adequate, relevant, and not excessive in relation to the purpose for which they are processed.  Principle 4: Accuracy Personal data must be accurate and, where necessary, up to date.
  • 12. 12 8 DATA PROTECTION PRINCIPLES  Principle 5: Time limit Personal data must not be kept for longer than necessary.  Principle 6: Individuals’ rights Personal data shall be processed in accordance with the rights of data subjects.  Principle 7: Security Appropriate security measures must be implemented to prevent personal data being accidentally or deliberately compromised.  Principle 8: International transfers Personal data shall not be transferred to another country unless that country ensures an adequate level of protection for the rights of data subjects in relation to processing of personal data.
  • 13. 13 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Identify a data protection lead It is good practice to identify a person or department responsible for developing, implementing and monitoring the data protection policy.
  • 14. 14 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Awareness of security measures Section 27(2) of DPA An organisation must take all reasonable steps to ensure that any person employed by him is aware of and complies with the relevant security measures.
  • 15. 15 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Registration/Renewal as Data Controller Section 33(2) & Section (34) - A data controller must register with the Data Protection Office for all personal data being processed. Section 38 - Registration should be renewed annually.
  • 16. 16 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Data Quality and Accuracy An organisation should regularly review information to identify when to correct inaccurate records and remove irrelevant ones.
  • 17. 17 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy notices To ensure that the processing of data is fair, it is a good practice to include privacy notices on an organisation’s website and any other forms that is used to collect data. These notices should clearly explain the reasons for using the data, including any disclosures. Example: All details provided on this form will remain strictly confidential and will be kept and processed only for [purpose/s] as specified by the company and in accordance with Data Protection Act 2004. Your information may be shared with [list of parties] for the following purposes [list of purposes].
  • 18. 18 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy notices It is good to mention here that in case an organisation wants to use personal data in a manner different to its privacy notice, then prior consent to use or disclose personal data is required from the data subject unless the exceptions listed under section 24(2) of the DPA applies where an organisation can proceed without prior consent.
  • 19. 19 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Exceptions from Consent Section 24(2) of DPA (2) ……. personal data may be processed without obtaining the express consent of the data subject where the processing is necessary - (a) for the performance of a contract to which the data subject is a party; (b) in order to take steps required by the data subject prior to entering into a contract; (c) in order to protect the vital interests of the data subject; (d) for compliance with any legal obligation to which the data controller is subject; (da) for the purpose of making use of a unique identification number to facilitate sharing information and avoid multiple registrations among public sector agencies; (e) for the administration of justice; or (f) in the public interest.
  • 20. 20 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Retention and Disposal The fifth principle of the DPA requires that personal data should not be kept for longer than necessary. It is important to note that the DPA does not set any time limit to retain data. The onus lies on the data controller to determine the time retention based on the purpose for which data is being kept and in accordance with other laws such as Employment Rights Act, Income Tax Act, Banking Act, National Archives Act etc..
  • 21. 21 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Access Request Rights The sixth principle of the DPA requires that  personal data is processed in accordance with individual rights.  Under section 41 of the DPA, a data subject has the right of access to information that the organisation holds about him/her. An individual can make a written request to see and obtain a copy of his/her information being held upon payment of the prescribed fee to the organisation. You should therefore have a process in place to recognise and respond to requests within statutory timescales.
  • 22. 22 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Exemptions from Data Access Request There are ‘exemptions’ within the DPA (S43) which may allow a data controller to refuse to comply with a data subject’s access request in certain circumstances. For example: - if there is not enough evidence to identify the individual. - if it is an offence under any other enactment to provide the personal information. - if the information is confidential and concerns the data subject’s health, education and work. - if it concerns data for another individual
  • 23. 23 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Security Policy The seventh principle of the DPA requires that personal data is protected by appropriate security measures. Before you can decide what level of security is right for your business, you will need to assess the risks to the personal data you hold and choose the security measures that are appropriate to your needs.
  • 24. 24 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Transfer of Data Abroad As per section 31(1) of the DPA, no data controller shall, except with the written authorisation of the Commissioner, transfer personal data to another country. Organisation must fill and submit to the Data Protection Office the ‘Transfer of Personal Data Form’ available on http://dataprotection.govmu.org.
  • 25. 25 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Privacy Impact Assessments Build in privacy considerations at the start of projects or initiatives that involve the processing of personal data. Thinking about privacy early on will reduce risks and avoid costly changes at a later date. DPO web application to assess your organisation's compliance status with the Data Protection Act 2004: http://dataprotection.govmu.org/English/Publications/ Pages/Privacy-Compliance-Assessment.aspx Guideline: http://dataprotection.govmu.org/English/Documents/ Publications/Guidelines/DPO_Vol6_PrivacyImpactAs sessment.pdf
  • 26. 26 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Disclosure of Information An organisation must ensure that personal information in its possession is not disclosed in any manner incompatible with the purposes for which such data has been collected, which is an offence under section 29 of the Data Protection Act. The principle is that the prior consent from the concerned data subject should be obtained before any disclosure is made, unless you fall under the exceptions of section 24(2) of the DPA.
  • 27. 27 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Data Sharing ‘Data sharing’ refers to sharing of data within an organisation or sharing of data from one or more organisation to other organisation(s) If you are sharing client data, the DPA will apply. Consent of client is required before any data sharing takes place unless you fall under the exceptions of 24(2) or 25(2) of the DPA.
  • 28. 28 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? CCTV at Work Data collected by the CCTV cameras is under the responsibility of the data controller and therefore the data controller is required to comply with the Data Protection Act for the collection of personal data. CCTV Images should be captured only within the premises of the company. A sign at all entrances should be displayed to specify:  the purpose/s for which the surveillance is being carried out,  the identity of the organisation,  the contact details of the organisation
  • 29. 29 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? CCTV at Work (cntd.) A Guide titled ‘Vol 5 –Guidelines to regulate The Processing of Personal Data by Video Surveillance Systems’ is available on the Data Protection Office website (http://dataprotection.govmu.org/English/Do cuments/Publications/Guidelines/Guidvol5v 3.pdf) under publications.
  • 30. 30 HOW CAN AN ORGANISATION MANAGE DATA PROTECTION? Fingerprint for attendance purposes Requires consent of workers. However, under sections 24 and 25 of the DPA, consent is not required where the data controller is able to show that it falls under the exemptions of section 24(2) or 25(2). In case consent is obtained, the organisation can continue using the Fingerprint system. In case no consent is received, alternative (less intrusive)methods for recording attendance must be provided.
  • 31. 31 OFFENCES AND PENALTIES Subject to Section 61 of the DPA, any person who contravenes this ACT shall commit an offence. Where no specific penalty is provided for an offence, the person shall, on conviction, be liable to a fine not exceeding 200,000 rupees and to imprisonment for a term not exceeding 5 years.
  • 32. 32 Resources The Data Protection Act 2004 http://dataprotection.govmu.org/English/L egislation/Pages/Data-Protection-Act- 2004.aspx The Data Protection website http://dataprotection.govmu.org/English/P ages/default.asp  Guidelines http://dataprotection.govmu.org/English/P ages/Guidelines/Publications--- Guidelines.aspx