23/05/2018 GDPR Training Event – Manchester 22 nd May 2018 GDPR Resources and Toolkit 1
23/05/2018 Targeted & Bespoke Guidance • Targeted Guidance Phase 1 • Model Templates Phase 2 • Model Policies & Procedures Phase 3 • Training Phase 4 What is Personal Data? “‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person” 2
23/05/2018 What is Personal Data? � Name � Address � Email Address � Telephone Number � Photographs � Bank Details � Credit Card Details � Forms of ID and Numbers � MAC / IP Address � Opinions What is Personal Data? 3
23/05/2018 The Data Protection Principles 1. Data must be processed lawfully, fairly and in a transparent manner ; 2. Data must be collected for specified, explicit and legitimate purposes ( Purpose Limitation ); 3. Data must be Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed ( Data Minimisation ); 4. Data must be Accurate and where necessary kept up to date ( Accuracy ); 5. Data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed ( Limited Retention ); 6. Data must be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage , using appropriate technical and organisational measures – ( Security ). What's on the TMCP Website? www.tmcp.org.uk � GDPR at a Glance � GDPR Changes at a Glance � GDPR Guidance Note � 9 Steps to take now � 9 Steps Checklist � Template Data Mapping Form � Template Consent Form (updated) � Guidelines on Lawful Basis for Processing Personal Data � Data Protection Responsibilities in a Nutshell � Who are the Data Controllers and where to get help � Data Protection Do’s and Don'ts � Information on Church Directories � GDPR Myth-Buster � FAQ’s 4
23/05/2018 9 Steps to Take Now Step 1: Step 3: Step 2: Awareness Data Mapping. Privacy Policy Step 9: 9 Steps for Managing • Step 4: Trustees to Take Assessment Lawful Basis Step 8: Data Breaches . Step 5: Step 6: Rights Step 7: Consent Children A Toolkit for Managing Trustees 5
23/05/2018 What’s in the Toolkit? Data Protection Responsibilities in a Nutshell Data Protection Responsibilities in a Nutshell 6
23/05/2018 What’s in the Toolkit? Data Protection Responsibilities in a Nutshell Overarching Data Protection Policy Data Protection Policy 7
23/05/2018 Data Protection Policy “We’re not looking for perfection, we’re going to be looking for commitment.” (Elizabeth Denham, 20 th April 2018 in an interview with the BBC) Data Protection Policy � Compliance � Training � Record keeping � Security and retention � Breach � Rights � Risk-based approach to Processing 8
23/05/2018 Data Protection Policy Specifics to the Methodist Church: � Consent; � Privacy by Design; � Fundraising; � Sharing Personal Data; What’s in the Toolkit? Data Protection Specific Policies Responsibilities in a Nutshell Overarching Data Protection Policy 9
23/05/2018 Specific Policies � Guidelines on Lawful Basis for Processing Personal Data � Privacy Notice � Data Security Policy � IT Policy � Data Subject Access Request Policy � Data Retention Policy � Data Breach Policy What’s in the Toolkit? Data Protection Specific Policies Responsibilities in a Nutshell Overarching Data Key Template Protection Policy Documents 10
23/05/2018 key Template Documents � Privacy Notice � Breach Register � Legal Basis Register � Website Privacy Notice � Data Mapping Form (already on website) � Consent Form (already on website) Privacy Notice Transparency: • What information do you collect? • Why do you collect that information? 11
23/05/2018 Privacy Notice Remember the Principles? 1. Data must be processed lawfully, fairly and in a transparent manner ; 2. Data must be collected for specified, explicit and legitimate purposes ( Purpose Limitation ); Privacy Notice 1. IMPORTANT INFORMATION AND WHO WE ARE 2. THE DATA WE COLLECT ABOUT YOU 3. HOW IS YOUR PERSONAL DATA COLLECTED 4. HOW WE USE YOUR PERSONAL DATA 5. DISCLOSURES OF YOUR PERSONAL DATA 6. INTERNATIONAL TRANSFERS 7. DATA SECURITY 8. DATA RETENTION 9. YOUR LEGAL RIGHTS 10. GLOSSARY 12
23/05/2018 Questions? 13
Recommend
More recommend