html5-img
1 / 18

GDPR

GDPR. How does it apply to me?. What is GDPR?. It is the LAW!. GDPR – ADINJC 2018. What is GDPR?. The General Data Protection Regulation. Comes into force on May 25 th. GDPR – ADINJC 2018. Replaces the current 1995 Data Protection Directive a nd Data Protection Act (1998).

finian
Download Presentation

GDPR

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GDPR How does it apply to me?

  2. What is GDPR? It is the LAW! GDPR – ADINJC 2018

  3. What is GDPR? The General Data Protection Regulation Comes into force on May 25th GDPR – ADINJC 2018

  4. Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). GDPR – ADINJC 2018

  5. What is GDPR? The EU's GDPR website says the legislation is designed to "harmonise" data privacy laws across Europe as well as give greater protection and rights to individuals. Brexit? Source: ICO GDPR GDPR – ADINJC 2018

  6. What is GDPR? In a ‘nut-shell’: General Public - Greater control of their own ‘personal data’ Businesses - More obligations to the handling of this data UK Regulated by the ICO – Fines for non-compliance and non-registration GDPR – ADINJC 2018

  7. In reality… Why is Data Protection important? Identity theft - as business owners and human beings! Responsibility to our customers Source: ICO GDPR GDPR – ADINJC 2018

  8. What about ADIs? Do we have to adhere to GDPR? 1) “GDPR will apply to any business that ‘processes’ ‘personal data’.” 2) Are you a ‘business’? 3) Do you ‘Process’ ‘Personal Data’? Source: ICO GDPR GDPR – ADINJC 2018

  9. Some definitions: Process “any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc” Personal Data The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Source: ICO GDPR GDPR – ADINJC 2018

  10. What about ADIs? How many ‘types’ of ADI are there? Sole Trader? Part Timer? Small School? Multi Car School? Large School? ‘Hobbyist? GDPR – ADINJC 2018

  11. Some definitions: Data Processor A processor is responsible for processing personal data on behalf of a controller. Are you a processor? Source: ICO GDPR – ADINJC 2018

  12. Some definitions: Data Controller A controller determines the purposes and means of processing personal data. Are you a controller? Source: ICO GDPR – ADINJC 2018

  13. Some definitions: Data Subject A natural person whose personal data is processed by a controller or processor. Source: ICO GDPR GDPR – ADINJC 2018

  14. Data Subject’s rights 1) The right to be informed. 2) The right of access 3) The right to rectification 4) The right to erase 5) The right to restrict processing 6) The right to data portability 7) The right to object 8) Rights in relation to automated decision making and profiling GDPR – ADINJC 2018

  15. GDPR’s 6 Principals 1) Lawfulness, fairness and transparency. 2) Purpose limitations 3) Data minimisation 4) Accuracy 5) Storage limitations 6) Integrity and confidentiality GDPR – ADINJC 2018

  16. What should I do next? 1) Assess Awareness. 2) Review Data 3) Individual’s Rights 4) Privacy Polices 5) Subject Access Requests 6) Lawful Basis for Processing 7) Consent 8) Data Breaches GDPR – ADINJC 2018

  17. ICO Should I register? “A ‘data controller’ who is processing personal information to register with the ICO unless they are exempt. ‘A data controller can be a company, partnership, sole trader or other organisation.’ A business that fails to register will be guilty of a criminal offence; in the case of companies, sanctions can also be imposed on the directors personally. GDPR – ADINJC 2018

  18. GDPR – ADINJC 2018

More Related