140 likes | 167 Views
Explore the Data Protection Ordinance 2004, duties of data controllers, key rights of data subjects, offenses, and more in this insightful seminar for the Business & Finance sectors.
E N D
Data Protection in Gibraltar Government of Gibraltar Seminar for Business & Finance Sectors 24 January 2006
Seminar Overview • What’s it all about? • DPO – The jargon • DPO – The main issues • Information sources • Sean Sweeney • Question time
What’s it all about? • “Surely it should be obvious to the dimmest executive that trust, that most valuable of economic assets, is easily destroyed and hugely expensive to restore – and that few things are more likely to destroy trust than a company letting sensitive personal data get into the wrong hands.” • The Economist Magazine, 25 June 2005“ • “The ability to guard customer data is the key to market value, which the board is responsible for on behalf of shareholders.” • Haim Mendelson, Stanford University Business School
What’s it all about? • “My credit card number is 078999489 and my credit limit is £3,000 – and, by the way, my PIN number is 3981.” • “Last year the doctor prescribed me antidepressants.” • “Ten years ago I was fined £50 for being drunk and disorderly.” • “I owe the income tax department £50,000.”
Key jargon (s2) • Personal data • Data subject • Data controller • Data processor • Processing
What is covered by the DPO? (s3) • Applies to processing of personal data by automatic or manual means. • Does not apply to data kept only for personal purposes – eg a personal address book. • Applies to data held in Gibraltar by a company based outside of Gibraltar.
Duties of Data Controllers • To gather, store and use personal data in accordance with the data protection principles. • To process personal data only in accordance with the Ordinance • To ensure that data subjects can exercise the rights set out in the Ordinance in accordance with the time limits set out in the ordinance. • To cooperate with the Data Protection Commissioner
Key Rights of Data Subjects • Right to have data kept & used only in accordance with the DPO • Right of access • Right to rectification of data • Right to object to processing of data • Rights in relation to direct marketing • Right to not have decisions made solely on the basis automatic processing of data
Offences, Regulation & the Courts • The Data Protection Commissioner (s21) • Enforcement (ss25-27) • The Data Protection Register (ss22 -24)
E-mail • “For the purposes of this Ordinance any communication or notification which may be done in writing may be done by electronic means.” • - section 4 DPO
Sources of Information • The Data Protection Ordinance 2004 • http://www.gibraltarlaws.gov.gi • GoG Data Protection brochures • http://www.gibraltar.gov.gi • The Gibraltar Data Protection Commissioner • http://www.gra.gi • The EU data protection website • http://europa.eu.int/comm/justice_home/fsj/privacy/ • The Irish data protection website • http://www.dataprotection.ie