data protection overview n.
Skip this Video
Loading SlideShow in 5 Seconds..
Data Protection Overview PowerPoint Presentation
Download Presentation
Data Protection Overview

Loading in 2 Seconds...

play fullscreen
1 / 30

Data Protection Overview - PowerPoint PPT Presentation

  • Uploaded on

Data Protection Overview. Data Protection & Information Security Officer. Outline. Reasons for/History of Data Protection Definitions Data Protection Principles Rights of Data Subjects Data Subject Access Request. Data Protection? Why?.

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

Data Protection Overview

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
data protection overview
Data Protection Overview

Data Protection & Information Security Officer

  • Reasons for/History of Data Protection
  • Definitions
  • Data Protection Principles
  • Rights of Data Subjects
  • Data Subject Access Request
data protection why
Data Protection? Why?
  • Ensure data relating to individuals are managed properly.
  • Assure individuals that their data are managed properly.
data protection history
Data Protection History

Data Protection Act 1984

  • only applied to data processed “by equipment operating automatically”

Data Protection Act 1998

  • applies to data processed both by computer and manually.
the information commissioner
The Information Commissioner

Initially the Data Protection Registrar

Subsequently the Data Protection Commissioner

Now the Information Commissioner

  • Registration Role
  • Enforcement Role
the council
The Council
  • Data Controller - determines the purposes for which and the manner in which any personal data are, or are to be, processed.
  • Data Processor - processes data on behalf of other data controllers.
data subject
Data Subject
  • An individual who is the subject of Personal Data.
  • Only natural persons, not companies.
  • Must be a living individual.
personal data
Personal Data

Data which relate to a living individual who can be identified:

  • from those data; OR
  • from those data and other information which is in the possession of, or is likely to come into the possession of, the Council
  • AND includes any expression of opinion about the individual and any indication of the intentions of the Council or any other person in respect of the individual.
personal data1
Personal Data

Information which

  • is being processed by means of equipment operating automatically in response to instructions given for that purpose OR
  • is recorded with the intention that it should be processed automatically OR
personal data2
Personal Data

Information which

  • is recorded as part of a relevant filing system or with the intention that it should form part of a relevant filing system OR
  • does not fall within the above but forms part of an accessible record (Health, Education or “accessible public records”)
personal data3
Personal Data

“Inpractice, virtually any reference to an identifiable living individual may constitute personal data”.

8 categories of sensitive personal data
8 categories of Sensitive Personal Data
  • The racial or ethnic origin of the data subject;
  • His political opinions;
  • His religious beliefs or other beliefs of a similar nature;
  • Whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992);
  • His physical or mental health or condition;
8 categories of sensitive personal data1
8 categories of Sensitive Personal Data
  • His sexual life;
  • The commission or alleged commission by him of any offence; or
  • Any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
eight data protection principles
Eight Data Protection Principles
  • Personal data shall be processed fairly and lawfully and, in particular, shall not be processed unless:
      • at least one of the conditions in Schedule 2 of the DPA is met, and
      • in the case of sensitive personal data, at least one of the conditions in Schedule 3 of the DPA is also met.
eight data protection principles1
Eight Data Protection Principles
  • Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes.
  • Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.
eight data protection principles2
Eight Data Protection Principles
  • Personal data shall be accurate and, where necessary, kept up to date.
  • Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
  • Personal data shall be processed in accordance with the rights of data subjects under the DPA.
eight data protection principles3
Eight Data Protection Principles
  • Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.
eight data protection principles4
Eight Data Protection Principles
  • Personal data shall not be transferred to a country or territory outside the European Economic Area, unless that country or territory ensures an adequate level of protection for the rights and freedoms of data subjects in relation to the processing of personal data.
rights of data subjects
Rights of Data Subjects
  • To be informed whether any personal data are being processed by the Council and, if so, what they are, the purposes and to whom data may be disclosed;
  • To be informed of any potential decision based solely on automatic processing;
  • To be provided with the data (in an intelligible form) and details of where they were sourced from.
data subject access request
Data Subject Access Request

Any request by a data subject for access to information must:

  • be in writing;
  • be accompanied, where applicable, by the required fee.
data subject access request1
Data Subject Access Request

Must be responded to within 40 days - BUT

  • No right to see third party data.
  • Exemptions from requirement to provide information.
third party data
Third Party Data
  • File on data subject could contain information on others.
  • Potential conflict between data subject’s right of access and third party’s right to privacy.
third party data1
Third Party Data
  • Can third party information be removed?
  • Will third party consent to disclosure?
  • If no consent is it still reasonable to disclose?
  • Is there a duty of confidentiality to the third party?
  • Some statutory exemptions.
exemptions from disclosure
Exemptions from Disclosure
  • Prevention/detection of crime.
  • Apprehension/prosecution of offenders.
  • Assessment/collection of tax/duty.
  • Processing for the discharge of statutory functions.
  • Assessment of risk in relation to the tax/duty & crime exemptions above.
exemptions from disclosure1
Exemptions from Disclosure
  • Data relating to Health, Education & Social Work where the Secretary of State has made orders.
  • Discharge of regulatory functions.
  • References given (but not those received).
  • Management forecasting/planning.
exemptions from disclosure2
Exemptions from Disclosure
  • Records of the Council’s intentions in relation to negotiations with the data subject.
  • Information recorded by exam candidates.
  • Legal professional privilege.
further data subject rights
Further Data Subject Rights
  • To have inaccurate data corrected or deleted;
  • To prevent processing likely to cause damage or distress;
  • To prevent processing for purposes of direct marketing;
  • To prevent automated decision taking.
remedies compensation
Remedies & Compensation
  • Data subject may be able to claim compensation for damage or distress.
  • Data subject may apply to court for an order for rectification, blocking, erasure or destruction.
  • Data subject may apply to Information Commissioner for an enforcement notice.
  • Obtain data properly in the first place.
  • Ensure data subjects know what & why.
  • Record and process data properly.
  • Keep data only as long as necessary - and dispose of properly.
  • Ensure data are accessible to respond to access requests promptly.
further information
Further Information

Information Commissioner’s web site or

The Council’s Data Protection & Information Security Manual