1 / 42

Ten things you should know about Data Protection

Ten things you should know about Data Protection. Paul Simpkins Director, Act Now Training Ltd. www.actnow.org.uk. 1. Learning the lingo. www.actnow.org.uk. Definitions. Personal Data Data Controller Data Processor Data Subject Notification Subject Access Request. www.actnow.org.uk.

jemima-schneider
Télécharger la présentation

Ten things you should know about Data Protection

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd www.actnow.org.uk

  2. 1. Learning the lingo www.actnow.org.uk

  3. Definitions Personal Data Data Controller Data Processor Data Subject Notification Subject Access Request www.actnow.org.uk

  4. Notification One notification per organisation £35 Tier 1 or £500 Tier 2 250 FTE Criminal Offences Viewable online www.actnow.org.uk

  5. 2. Five types of data www.actnow.org.uk

  6. Category (a) On Computer CCTV & video DIP Audio Swipe cards & Oysters www.actnow.org.uk

  7. Category (b) Intended to be automated www.actnow.org.uk

  8. Category (c) • Paper or Card • Relevant Filing System • Structured by reference to individuals • Readily Accessible • Durant Guidance www.actnow.org.uk

  9. Category (d) Medical Records Social work records Housing Records Education Records www.actnow.org.uk

  10. Unstructured Data Category (e) data From 2005 Only Public Bodies Some exemptions 2 access regimes to data www.actnow.org.uk

  11. 3. Fair, honest & open www.actnow.org.uk

  12. Principle 1 Personal data shall be processed fairly and lawfully www.actnow.org.uk

  13. Principle 1 • The data controller should ensure that the data subject is provided with at least • the identity of the data controller • the purpose for which data is processed • any further information necessary www.actnow.org.uk

  14. CCTV signs Clearly visible and Legible Size matters Information Identity of controller Purpose of scheme Details of contact www.actnow.org.uk

  15. 4. Can I share data with…? www.actnow.org.uk

  16. Partnership Working Central Govt desire for joint working ICO data sharing code of practice Fair Obtaining & Processing – Principle 1 Lawful Gateways Data Sharing Protocols www.actnow.org.uk

  17. Lawful Gateways Crime & Disorder Act 1998 Section 115 Anti-terrorism, Crime & Security Act 2001 National Health Services Act 1977 Education Act 1966 s 520 (school nurses) Children Act 2004 s10, 11, 12 (databases) Local Government Act 1972 & 2003 Localism Act 2011 www.actnow.org.uk

  18. Data Sharing Protocols Purpose Powers to share Partners Processes Public Document www.actnow.org.uk

  19. 5. Good Records www.actnow.org.uk

  20. Principle 3 Personal data shall be adequate, relevant and not excessive www.actnow.org.uk

  21. Principle 4 Personal data shall be accurate and, where necessary, kept up to date. www.actnow.org.uk

  22. Principle 5 Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes. www.actnow.org.uk

  23. 6. Read me my rights www.actnow.org.uk

  24. Principle 6 • Subject Access • Prevent Processing • Direct Marketing • Automated Decisions • Compensation/Rectification • To request an assessment www.actnow.org.uk

  25. Subject Access A valid request is Application in writing Proof of identity Fee Some direction www.actnow.org.uk

  26. Subject Access Controller must respond promptly In any event within 40 days Starting on the relevant day www.actnow.org.uk

  27. Direct Marketing Communication (by whatever means) of any advertising or marketing material which is directed to a particular individual www.actnow.org.uk

  28. Computer says no… People can object to an automated decision Some exemptions Once you know… …you can object in writing Controller has 21 days. www.actnow.org.uk

  29. 7. Keep your data safe www.actnow.org.uk

  30. Principle 7 Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data www.actnow.org.uk

  31. Principle 7 Training Policies & Procedures Data security breach policy Civil Monetary Penalties Passwords www.actnow.org.uk

  32. Principle 7 Contracts With Data Processors Made or evidenced in writing Processor to act only on Controller’s instructions Controller should check Processor’s Security and Employees www.actnow.org.uk

  33. 8. Who’s the daddy? www.actnow.org.uk

  34. Enforcement Request for assessment Information Notice Enforcement Notice Prosecution Tribunal Supreme court www.actnow.org.uk

  35. Offences Failure to notify or to notify changes Failure to comply with written request Failure to comply with a Notice Unauthorised obtaining/disclosing Procuring a disclosure to another person Unlawful selling Enforced Subject Access www.actnow.org.uk

  36. Penalties Undertakings Notices from ICO Prosecution £500K Fines & Jail time Inspect public sector without notice PR disasters www.actnow.org.uk

  37. 9. Exemptions www.actnow.org.uk

  38. Exemptions S. 28 - National security S. 29 - Crime and taxation S. 30 - Health, education & social work S. 31 - Regulatory activity S. 32 - Journalism, literature & art www.actnow.org.uk

  39. Exemptions S. 33 - Research, history & statistics S. 34 - Publicly available by any enactment S. 35 - Required by law/proceedings S. 36 - Domestic purposes www.actnow.org.uk

  40. 10. Social Media www.actnow.org.uk

  41. Policy or Prosecution? Social Media Policy Disciplinary offence Bringing the organisation into disrepute Preece v Wetherspoons Defamation www.actnow.org.uk

  42. Thank you www.actnow.org.uk paul@actnow.org.uk www.actnow.org.uk

More Related