GDPR (The new Data Protection Act) A presentation by Lian Stibbs Access Manager Staffordshire County Council
GDPR Context – 1998 Act – established concept of citizen privacy rights in a very different technological world – 2018 Legislation - digital world, global companies, big data, complex sharing, social media – In line with e-privacy directive – Will be incorporated into UK law 25 May 2018 – BREXIT – New Data Protection Act UK
GDPR • What is personal data? - Identifies a living individual - Non business data - Social media, email address, banking details, name and address, complaint data
GDPR Why is it important to make changes? – Fundamental change in approach – from reactive compliance to being really open and putting the citizen first – Focussed on board level accountability (DPO) – Potential to disrupt business for non-compliance – Significant penalties
GDPR • High level changes - Data breach – fines of up to 20 million euros - Mandatory reporting - Requirement to have a Data Protection Officer who deals with DP, the regulator and oversees compliance - Explicit consent
GDPR • High level changes - Privacy impact assessments - Right to erasure - Right to portability - Fair processing – being really open - Notification abolished but a fee required - Document DP practice
Data Protection Officer • Educating • Ensure compliance via advice and audit • Serving as the point of contact between the council and the Information Commissioners Office • Point of contact for the public to complain • Monitor performance • Have expert knowledge in data protection law
Recommend
More recommend
