gdpr
play

GDPR Rights and Consent Part 2 of our series on GDPR and its impact - PowerPoint PPT Presentation

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific


  1. GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  2. Who are we?  Dillistone Group Plc, a public company listed on the AIM market of the London stock exchange  Includes the brands Voyager Software Ltd, ISV Software Ltd, FCP internet Ltd, and Dillistone Systems  Thousands of clients in over 70 countries both Recruitment and Corporate with some of the largest clients in those fields This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  3. DISCLAIMER  This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter  If you have specific questions on how this may affect your organisation you should consult a legal professional  Guidance and member state regulator interpretation is ongoing – GDPR is dealing with a highly complex scenario and one size does not fit all  This is the second part of a series of webinars and is therefore not designed to cover everything in one sitting! This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  4. A quick recap General Data Protection Regulation (Regulation (EU) 2016/679)  Compliance to be achieved by 25 May 2018  Brexit does not mean you can ignore it  To standardise data legislation across the EU in common law.  To replace the outdated legislation prevalent across EU members.  To provide a robust level of protection to EU data subjects with individuals having 8 core rights  under GDPR. To remove a stumbling block when trading and transferring data to other member states.  To define “data breach” and provide rules governing what happens in the event of one.  To provide a stringent framework of penalties to aid compliance – These to be “effective,  proportionate, and dissuasive” To work with other legislation such as PECR and the forthcoming ePrivacy Directive  Yes the slides will be distributed after this webinar  This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  5. Today  We’ll look at:  Draft guidance from the ICO on the subject of consent  The rights of data subjects (Natural Persons)  Data Protection Officer and do you need one?  Data Privacy Impact Assessments  Privacy by design  What should you be doing/thinking about now? This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  6. Update on Consent from ICO draft guidance (could change)  Key changes to make in practice  Unbundled – Consent requests must be separate from other terms and conditions  Conditional – Consent should not be a precondition of signing up for a service unless it is necessary for that service  Active opt in – pre-ticked opt-in boxes are invalid. Use unticked boxes or similar methods  Granular – give granular options to consent separately to different types of processing wherever appropriate  Named – Name your organisation and any 3 rd parties who will be relying on consent*  Documented – keep records to demonstrate what the individual has consented to, including what they were told and when and how they consented This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  7. Update on Consent from ICO draft guidance (could change)  Can we carry on using existing DPA consents?  Recital 171 of the GDPR makes clear you can continue to rely on any existing consent that was given in line with the GDPR requirements , and there’s no need to seek fresh consent. However, you will need to be confident that your consent requests already met the GDPR standard and that consents are properly documented. You will also need to put in place compliant mechanisms for individuals to withdraw their consent easily.  On the other hand, if existing DPA consents don’t meet the GDPR’s high standards or are poorly documented, you will need to seek fresh GDPR- compliant consent, identify a different lawful basis for your processing (and ensure continued processing is fair), or stop the processing. This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  8. Update on Consent from ICO draft guidance (could change)  Unambiguous indication (by statement or clear affirmative action)  An individual drops their business card into a prize draw box in a coffee shop. This is an affirmative act that clearly indicates they agree to their name and contact number being processed for the purposes of the prize draw. However, this consent would not extend to using those details for marketing or any other purpose. This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  9. Update on Consent from ICO draft guidance (could change)  Recital 32 also makes clear that electronic consent requests must not be unnecessarily disruptive to users. You will need to give some thought to how best to tailor your consent requests and methods to ensure clear and comprehensive information without confusing people or disrupting the user experience – for example, by developing user-friendly layered information and just-in-time consents.  You will need to keep your consents under review and refresh them if your purposes or activities evolve beyond what you originally specified. Consent will not be specific enough if details change – there is no such thing as ‘evolving’ consent. This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  10. Update on Consent from ICO draft guidance (could change)  How long does consent last?  The GDPR does not set a specific time limit for consent. Consent is likely to degrade over time, but how long it lasts will depend on the context. You will need to consider the scope of the original consent and the individual’s expectations.  A gym runs a promotion that gives members the opportunity to opt in to receiving emails with tips about healthy eating and how to get in shape for their summer holiday that year.  As the consent request specifies a particular timescale and end point – their summer holiday – the expectation will be that these emails will cease once the summer is over. The consent will therefore expire.  If your processing operations or purposes evolve, your original consents may no longer be specific or informed enough – and you cannot infer broader consent from a simple failure to object. If this happens, you will need to seek fresh consent or identify another lawful basis. This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  11. Rights of Natural Persons  GDPR provides the following rights for individuals: The right to be informed 1. The right of access 2. The right to rectification 3. The right to erasure 4. The right to restrict processing 5. The right to data portability 6. The right to object 7. Rights in relation to automated decision making and profiling 8. This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

  12. Right to be informed  This is the right that covers things like Transparency and encompasses your obligation to provide “fair processing information”  The information you supply is determined by whether or not you obtained the personal data directly from individuals.  The information you supply about the processing of personal data must be:  concise, transparent, intelligible and easily accessible;  written in clear and plain language, particularly if addressed to a child; and  free of charge This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific questions on how this may affect your organisation you should consult a legal professional.

Recommend


More recommend