2. GDPR
______
Comes into force May 2018
Impacts everyone who
stores data on people in a
professional capacity
GDPR = Data Protection Act
+ transparency + more
rights of access for the
individual + a massive fine
3. GDPR – Key Principles
______
Article 5(2) requires that
“the controller shall be
responsible for, and be able
to demonstrate, compliance
with the principles.”
So it is no longer possible to
simply say “yes we are data
protection compliant”. It is
assumed you deal with
personal data and you now
need to SHOW how you
collect it, store it, keep it up
to date and keep it safe.
4. GDPR – Key Principles
______
(a) processed lawfully, fairly
and in a transparent
manner in relation to
individuals
Lawfulness of processing
conditions
6(1)(a) – Consent of the
data subject
6(1)(f ) – Necessary for the
purposes of legitimate
interests pursued by the
controller…
Conditions for special
categories of data
9(2)(e) – Processing relates
to personal data manifestly
made public by the data
subject
5. GDPR – Key Principles
______
(b) collected for specified,
explicit and legitimate
purposes and not further
processed in a manner that
is incompatible with those
purposes;
(c) adequate, relevant and
limited to what is necessary
in relation to the purposes
for which they are
processed;
6. GDPR – Key Principles
______
(d) accurate and, where
necessary, kept up to date;
every reasonable step must
be taken to ensure that
personal data that are
inaccurate, having regard to
the purposes for which they
are processed, are erased or
rectified without delay;
(e) kept in a form which
permits identification of
data subjects for no longer
than is necessary for the
purposes for which the
personal data are
processed;
7. GDPR – Key Principles
______
(f) processed in a manner
that ensures appropriate
security of the personal
data, including protection
against unauthorised or
unlawful processing and
against accidental loss,
destruction or damage,
using appropriate technical
or organisational measures.
8. GDPR – Next Steps
______
It’s all about raising
standards not fining people.
The ICO helpline is free and
actually helpful. As is their
website
You may want to consider
an Privacy Impact
Assessment which involves
looking at the personal data
you hold on your systems
and seeing if you can show
how you comply with the
previous principles. Once
documented, this can be a
powerful tool.
9. PRgloo & GDPR
______
We can’t make you compliant but we
can help you with the following:
1. Showing how you use people’s
data to communicate in
legitimate and lawful ways
2. Showing the origin of the data
(e.g. a phone call to request
more information or an interview
request)
3. Making it easy to fulfil a subject
access request and requests for
deletion or rectification
4. Keeping the data up to date and
relevant
5. Keeping the data highly secure