1 / 14

Data Protection and the GRA

Data Protection and the GRA. Presentation Overview. Commentary on Data Protection The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices Information Notices Codes of Practice Authorised Officers. Data Protection -More than just Confidentiality.

masao
Download Presentation

Data Protection and the GRA

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Data Protection and the GRA

  2. Presentation Overview Commentary on Data Protection The GRA’s Role The Register Investigations, Mediation and Compensation Enforcement Notices Information Notices Codes of Practice Authorised Officers

  3. Data Protection -More than just Confidentiality • Widespread misconception that DP exists only to ensure confidentiality • In fact, confidentiality, although a key issue is only one of the reasons for DP legislation • Advent of data-hungry systems and ability for instant transfer of large amounts of data make DP legislation more relevant now than many years ago • Legislation exists to ensure personal data is processed in a manner which does not harm the individuals concerned • Correct application of the principles will ensure this

  4. The GRA’s Role

  5. Data Protection Ordinance 2004Part IV Supervisory Authority Supervisory Authority 21.(1) There shall be a Data Protection Commissioner (“the Commissioner”) who shall be independent in the exercise of his functions under this Ordinance. (2) The Data Protection Commissioner shall be the Gibraltar Regulatory Authority who shall perform the functions conferred by this Ordinance and any regulations enacted under it.

  6. 1- The Register 22.(1) The Commissioner shall establish and maintain a register (“the Register”) of processing operations and shall make, as appropriate, an entry in the register in respect of each application for registration accepted by the Commissioner. “processing of personal data” (“processing”) means any operation or set of operations which is performed on personal data, whether or not by automatic means, including collecting, storing, recording, organising, consulting, adaptation or alteration, retrieval, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, blocking, erasure or destruction;

  7. The Register cont’d Section 22(2) Members of the public may– (a) inspect the Register free of charge at all reasonable times and may take copies of, or of extracts from, any entry in the Register;(b) on payment to the Commissioner of any reasonable fee prescribed, obtain from the Commissioner a copy (certified by him or by a member of his staff to be a true copy) of, or of an extract from, any entry in the Register.

  8. Application for Registration Form DP1A (Notification of Data Controller) ALL processing operations must be registered online (preferable) or manually DC’s need not wait for confirmation from GRA to continue with processing of data In Gibraltar, all DC’s have an OBLIGATION to register (apart from some exceptions written into the Ordinance)

  9. 2 - Investigations, Mediation and Compensation • Powers granted by virtue of s25 DPO • Commissioner may choose to investigate or may cause an investigation following a complaint from an individual • Commissioner is to act as mediator in determining whether an individual has suffered damages due to DC acting in contravention of the DPO • Aggrieved individuals are due compensation and the amount determined by the Commissioner • Appeal on compensation to the Supreme Court

  10. 3 - Enforcement Notices • Powers granted by virtue of s26 DPO • Commissioner may issue Enforcement Notice if he believes a person has contravened the DPO • May ask person involved to block, rectify, erase or destroy any of the data concerned • “Urgent” Enforcement Notices are provided for and may be enforced by Commissioner if he deems fit

  11. 4 - Information Notices • Powers granted by virtue of s27 DPO • Commissioner may issue Information Notice in order to obtain information required to perform his function under the DPO • “Urgent” Information Notices are provided for and may be enforced by Commissioner if he deems fit

  12. 5 - Codes of Practice • Powers granted by virtue of s28 DPO • Commissioner may promote the following of good practices in order that the DPO is complied with • The Commissioner shall arrange for the effective dissemination of Community findings, decisions of the European Commission or any other relevant information as regards transfer of personal data to non EEA states • The Commissioner shall encourage trade associations to devise codes of practice • The Commissioner’s advice may be sought by bodies who prepare codes of practice

  13. Codes of Practice (cont.) • The Commissioner will encourage approved Codes of Conduct to be disseminated to data controllers concerned • However, Commissioner may disapprove a Code in which case his decision will be communicated to parties involved • Codes of practice written by or approved by, the Commissioner will be taken into consideration in any court proceedings

  14. 6 - Authorised Officers • Powers granted by virtue of s29 DPO • The Commissioner may, in writing, authorise persons to exercise the powers conferred to him under s25-29 of the DPO

More Related