SlideShare a Scribd company logo

Preparing for general data protection regulations (gdpr) within the hous...

Download as PPTX, PDF
Stephanie Vasey
Stephanie Vasey

ICO - preparing for GDPR

Law
1 of 16
Preparing for and complying with the GDPR Andrew Rose, Senior Policy Officer, ICO Leeds January 2017
Contents • Demonstrating compliance • Role of the DPO • Responsibilities of controllers and processors • Breach notification • Preparation and further information
Chapter I: Key definitions and scope of Act. Chapter II: Contains the data protection principles, covers the bases (equivalent of DPA conditions) for processing and outlines the special categories of data. Chapter VI: – Sets out the powers and duties of supervisory authorities. Chapter IV: – Outlines the responsibilities of data controllers and processors (including security), for example around breach notification and employing Data Protection Officers. Chapter III: Sets out the Rights of the Data Subject (similar to part II of DPA). Chapter VIII: – Outlines the right to Judicial remedy and conditions for imposing penalties. Chapter VII: Covers co-operation and consistency between different supervisory authorities. Chapter V: International transfers. Chapter IX: Sets out provisions relating to specific processing situations. Chapter X: Delegated acts and implementing acts. Chapter XI: Final provisions. GDPR contents
Demonstrating compliance • The controller shall be responsible for, and be able to demonstrate compliance with the Principles (Art 5(2)) • The requirement to appoint a data protection officer • Data protection by design and default • Codes of conduct • Certification schemes • The requirement to implement appropriate technical and organisational measures • Maintaining records on processing activities • Data protection impact assessments
To maintain relevant records on processing (Art 30). To implement appropriate technical and organisational measures (Art 24). Demonstrating compliance
Role of the DPO (Arts 35-37) •Inform and advise the organisation about its obligations to comply with the GDPR •Monitor compliance with the GDPR, including managing internal data protection activities •Provide training to staff, advise on data protection impact assessments and conduct internal audits •First point of contact for supervisory authority Responsibilities •Directly report to the highest management level of the controller or processor •Not be given instructions on how to carry out duties and can’t be dismissed for carrying out duties •Can combine duties if no conflict of interest •Be contactable by data subjects •Be provided with necessary resources Position
Role of the DPO Appointed on the basis of professional qualities :- • Expert knowledge of DP • Ability to fulfil tasks Can be a staff member or contracted May be designated to act for several authorities depending on size and structure
Demonstrating compliance Lawfulness of processing (Art 6). Processing special categories of personal data (Art 9).
Responsibilities of controllers and processors Security responsibilities Arts (32-34) Pseudonymisation and encryption – specifically mentioned as security measures. You must be able to ensure the confidentiality, integrity, availability and resilience of your systems. The ability to restore the availability of and access to data in a timely manner. Have a process to test, assess and evaluate the effectiveness of the measures you have in place.
Responsibilities of controllers and processors Joint controllers (Art 26) Transparently determine respective responsibilities • Compliance with regulations • Exercising rights of data subjects • Provide information required for Arts 13&14 DS can exercise rights against each controller
Responsibilities of controllers and processors Processors (Art 28) Processors must provide sufficient guarantees that processing will: • Meet the requirements of the regulation • Ensure the protection of the rights of the data subject No sub-processors without specific agreement of controller Processing subject to contract
Responsibilities of controllers and processors Contracts (Art 28 (3)) Binding contract to cover: • Process data only on instructions of controller • People authorised to access data are subject to confidentiality • Ensure security of processing • Assist the controller in complying with data subjects rights (where possible) • Assist the controller with regard to security measures, breach reporting and DPIAs
Mandatory to report to ICO where likely to result in a risk to the rights and freedoms of the individual. Without undue delay and no later than 72 hours of discovery (can add detail later). Risks include: - • Loss of control of personal data • Discrimination • Identity theft • Financial loss • Damage to reputation • Loss of confidentiality Breach reporting (Arts 33-34)
What can you do to prepare? • Published guidance • 12 steps • Overview of the GDPR • Privacy notices code of practice • A29 guidance • Right to data portability • DPOs • Identifying a lead supervisory authority https://ico.org.uk/for-organisations/data-protection-reform/
What’s the ICO doing? • Working with DCMS and A29 • Further guidance • Internal change programme
!? How the ICO can help • Guidance: www.ico.org.uk • Helpline: 0303 123 1113

Recommended

GDPR in a nutshell
GDPR in a nutshellGDPR in a nutshell
GDPR in a nutshellInitio
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findwise
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 

Recommended

GDPR in a nutshell
GDPR in a nutshellGDPR in a nutshell
GDPR in a nutshellInitio
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findwise
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for TechiesLilian Edwards
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)Huub de Jong
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key ChangesCraig Clark ITIL, CIS LI,EU GDPR P
 
GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matterExove
 
Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131Stephanie Vasey
 

More Related Content

What's hot

Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection RegulationSabrina Kirrane
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)Huub de Jong
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017isc2-hellenic
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpJason Lackey
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 

What's hot (20)

GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
 
MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)MindMap AVG Louwers Advocaten V 4.0 (EN)
MindMap AVG Louwers Advocaten V 4.0 (EN)
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017GDPR Cyber Insurance 11/1/2017
GDPR Cyber Insurance 11/1/2017
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR Overview
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
GDPRR: The Key Changes
GDPRR: The Key ChangesGDPRR: The Key Changes
GDPRR: The Key Changes
 

Viewers also liked

GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matterExove
 
Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131Stephanie Vasey
 
The Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection RegulationThe Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection RegulationGhostery, Inc.
 
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...Google
 
Preparing to the GDPR - the next steps
Preparing to the GDPR - the next stepsPreparing to the GDPR - the next steps
Preparing to the GDPR - the next stepsExove
 
UIA Madrid Seminar (17-04-15)
UIA Madrid Seminar (17-04-15)UIA Madrid Seminar (17-04-15)
UIA Madrid Seminar (17-04-15)Victor Rosello
 
DMA — Data Protection 2017
DMA — Data Protection 2017 DMA — Data Protection 2017
DMA — Data Protection 2017 dgenhq
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationWatchful Software
 
delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1Jes Breslaw
 
Impact Assessment for social enterprises and nonprofits
Impact Assessment for social enterprises and nonprofitsImpact Assessment for social enterprises and nonprofits
Impact Assessment for social enterprises and nonprofitsNiketa Malhotra
 
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_Istanbul
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_IstanbulGDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_Istanbul
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_IstanbulIgor
 

Viewers also liked (14)

GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matter
 
Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131Housing sector forum pia slides - 20170131
Housing sector forum pia slides - 20170131
 
The Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection RegulationThe Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection Regulation
 
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...
Leveraging Best Practice Methods in an Age of Digital Transformation Belfast ...
 
Preparing to the GDPR - the next steps
Preparing to the GDPR - the next stepsPreparing to the GDPR - the next steps
Preparing to the GDPR - the next steps
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
UIA Madrid Seminar (17-04-15)
UIA Madrid Seminar (17-04-15)UIA Madrid Seminar (17-04-15)
UIA Madrid Seminar (17-04-15)
 
DMA — Data Protection 2017
DMA — Data Protection 2017 DMA — Data Protection 2017
DMA — Data Protection 2017
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data Classification
 
delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1delphix-ebook-using-data-effectively-compliance-banking-1
delphix-ebook-using-data-effectively-compliance-banking-1
 
Impact Assessment for social enterprises and nonprofits
Impact Assessment for social enterprises and nonprofitsImpact Assessment for social enterprises and nonprofits
Impact Assessment for social enterprises and nonprofits
 
Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011Adam w. mosher - geo tagging - atlseccon2011
Adam w. mosher - geo tagging - atlseccon2011
 
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_Istanbul
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_IstanbulGDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_Istanbul
GDPR Implementation Basics_Igor Mate_2016 CEE GC Summit_Istanbul
 

Similar to Preparing for general data protection regulations (gdpr) within the hous...

Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
GDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowGDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowRachel Roach
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farPECB
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantSymantec
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceMongoDB
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Kimberly Simon MBA
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) ControlCase
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Brian Miller, Solicitor
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR ComplianceGabor Farkas
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsExove
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 

Similar to Preparing for general data protection regulations (gdpr) within the hous... (20)

Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowGDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to Know
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so far
 
GDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators WantGDPR Breach Notification Demystifying What the Regulators Want
GDPR Breach Notification Demystifying What the Regulators Want
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
GDPR and Security.pdf
GDPR and Security.pdfGDPR and Security.pdf
GDPR and Security.pdf
 
What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...What is the new data protection regulation GDPR and why should you care? Jesp...
What is the new data protection regulation GDPR and why should you care? Jesp...
 
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
Data Protection and the Cloud (Part 2) by Brian Miller Solicitor and Vicki Bo...
 
5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance5 key steps for SMBs for reaching GDPR Compliance
5 key steps for SMBs for reaching GDPR Compliance
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 

Recently uploaded

Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.2020000445musaib
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeBlayneRush1
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointMohdYousuf40
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSRoshniSingh312153
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act2020000445musaib
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxAnto Jebin
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiBlayneRush1
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesChesley Lawyer
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,18822020000445musaib
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Centerejlfernandez22
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxjennysansano2
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklosbeduinpower135
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicableSaraSantiago44
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsAbdul-Hakim Shabazz
 

Recently uploaded (20)

Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.Analysis on Law of Domicile under Private International laws.
Analysis on Law of Domicile under Private International laws.
 
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis LeeAlexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
Alexis O'Connell lexileeyogi Bond revocation for drug arrest Alexis Lee
 
Presentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal pointPresentation1.pptx on sedition is a good legal point
Presentation1.pptx on sedition is a good legal point
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTSTHE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
THE INDIAN CONTRACT ACT 1872 NOTES FOR STUDENTS
 
Attestation presentation under Transfer of property Act
Attestation presentation under Transfer of property ActAttestation presentation under Transfer of property Act
Attestation presentation under Transfer of property Act
 
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptxSarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
Sarvesh Raj IPS - A Journey of Dedication and Leadership.pptx
 
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogiAlexis O'Connell Arrest Records Houston Texas lexileeyogi
Alexis O'Connell Arrest Records Houston Texas lexileeyogi
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los AngelesAre There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
Are There Any Alternatives To Jail Time For Sex Crime Convictions in Los Angeles
 
Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882Conditions Restricting Transfer Under TPA,1882
Conditions Restricting Transfer Under TPA,1882
 
PPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training CenterPPT Template - Federal Law Enforcement Training Center
PPT Template - Federal Law Enforcement Training Center
 
Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
Guide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docxGuide for Drug Education and Vice Control.docx
Guide for Drug Education and Vice Control.docx
 
Hungarian legislation made by Robert Miklos
Hungarian legislation made by Robert MiklosHungarian legislation made by Robert Miklos
Hungarian legislation made by Robert Miklos
 
citizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicablecitizenship in the Philippines as to the laws applicable
citizenship in the Philippines as to the laws applicable
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 ShopsVanderburgh County Sheriff says he will Not Raid Delta 8 Shops
Vanderburgh County Sheriff says he will Not Raid Delta 8 Shops
 

Preparing for general data protection regulations (gdpr) within the hous...

  • 1. Preparing for and complying with the GDPR Andrew Rose, Senior Policy Officer, ICO Leeds January 2017
  • 2. Contents • Demonstrating compliance • Role of the DPO • Responsibilities of controllers and processors • Breach notification • Preparation and further information
  • 3. Chapter I: Key definitions and scope of Act. Chapter II: Contains the data protection principles, covers the bases (equivalent of DPA conditions) for processing and outlines the special categories of data. Chapter VI: – Sets out the powers and duties of supervisory authorities. Chapter IV: – Outlines the responsibilities of data controllers and processors (including security), for example around breach notification and employing Data Protection Officers. Chapter III: Sets out the Rights of the Data Subject (similar to part II of DPA). Chapter VIII: – Outlines the right to Judicial remedy and conditions for imposing penalties. Chapter VII: Covers co-operation and consistency between different supervisory authorities. Chapter V: International transfers. Chapter IX: Sets out provisions relating to specific processing situations. Chapter X: Delegated acts and implementing acts. Chapter XI: Final provisions. GDPR contents
  • 4. Demonstrating compliance • The controller shall be responsible for, and be able to demonstrate compliance with the Principles (Art 5(2)) • The requirement to appoint a data protection officer • Data protection by design and default • Codes of conduct • Certification schemes • The requirement to implement appropriate technical and organisational measures • Maintaining records on processing activities • Data protection impact assessments
  • 5. To maintain relevant records on processing (Art 30). To implement appropriate technical and organisational measures (Art 24). Demonstrating compliance
  • 6. Role of the DPO (Arts 35-37) •Inform and advise the organisation about its obligations to comply with the GDPR •Monitor compliance with the GDPR, including managing internal data protection activities •Provide training to staff, advise on data protection impact assessments and conduct internal audits •First point of contact for supervisory authority Responsibilities •Directly report to the highest management level of the controller or processor •Not be given instructions on how to carry out duties and can’t be dismissed for carrying out duties •Can combine duties if no conflict of interest •Be contactable by data subjects •Be provided with necessary resources Position
  • 7. Role of the DPO Appointed on the basis of professional qualities :- • Expert knowledge of DP • Ability to fulfil tasks Can be a staff member or contracted May be designated to act for several authorities depending on size and structure
  • 8. Demonstrating compliance Lawfulness of processing (Art 6). Processing special categories of personal data (Art 9).
  • 9. Responsibilities of controllers and processors Security responsibilities Arts (32-34) Pseudonymisation and encryption – specifically mentioned as security measures. You must be able to ensure the confidentiality, integrity, availability and resilience of your systems. The ability to restore the availability of and access to data in a timely manner. Have a process to test, assess and evaluate the effectiveness of the measures you have in place.
  • 10. Responsibilities of controllers and processors Joint controllers (Art 26) Transparently determine respective responsibilities • Compliance with regulations • Exercising rights of data subjects • Provide information required for Arts 13&14 DS can exercise rights against each controller
  • 11. Responsibilities of controllers and processors Processors (Art 28) Processors must provide sufficient guarantees that processing will: • Meet the requirements of the regulation • Ensure the protection of the rights of the data subject No sub-processors without specific agreement of controller Processing subject to contract
  • 12. Responsibilities of controllers and processors Contracts (Art 28 (3)) Binding contract to cover: • Process data only on instructions of controller • People authorised to access data are subject to confidentiality • Ensure security of processing • Assist the controller in complying with data subjects rights (where possible) • Assist the controller with regard to security measures, breach reporting and DPIAs
  • 13. Mandatory to report to ICO where likely to result in a risk to the rights and freedoms of the individual. Without undue delay and no later than 72 hours of discovery (can add detail later). Risks include: - • Loss of control of personal data • Discrimination • Identity theft • Financial loss • Damage to reputation • Loss of confidentiality Breach reporting (Arts 33-34)
  • 14. What can you do to prepare? • Published guidance • 12 steps • Overview of the GDPR • Privacy notices code of practice • A29 guidance • Right to data portability • DPOs • Identifying a lead supervisory authority https://ico.org.uk/for-organisations/data-protection-reform/
  • 15. What’s the ICO doing? • Working with DCMS and A29 • Further guidance • Internal change programme
  • 16. !? How the ICO can help • Guidance: www.ico.org.uk • Helpline: 0303 123 1113