90 likes | 101 Views
An overview of the General Data Protection Regulation (GDPR), which will become effective on May 25th, 2018. Provides information on major changes, potential fines, breach reporting obligations, and the importance of justifying data collection and use. Includes guidelines on consent, notifications, handling sensitive information, and implementing proper procedures.
E N D
Overview • Major overhaul of data protection rules • Comes into effect 25th May 2018 • Very big fines! • Obligation to report breaches • Only hold what you need • Explain why you need it • Rejustify if need changes
Justifications Vital interest Public task Legal Obligation Contractual Legitimate Interests Consent
Consent • Opt in • No pre-completed boxes • Proposed use – specific and granular • Maintain record of consents • Can change mind – right to withdraw • review regularly – process for doing so
Notifications • Privacy notices • Terms and conditions – separate and prominent – not a condition of service • Client letters Describe lawful basis and use Keep records and review if purpose changes
Sensitive Information • “Special Category” data and Criminal Offence data • ethnic origin, politics, religion, TU membership, genetics, biometrics for ID, health, sex life, sexual orientation • must fit lawful bases AND one of special justifications for that category
Procedures • Limit collection of data only to what is necessary • Restrict data access to those who need it – by design • Ensure any change in use is preceded by re-consideration of justification • Keep record of justification and consents • Updating process • Sensitive data • Transfers to third parties and abroad • Disposal policy • Subject request handling policy – information or objection • Policy requests for erasure or restriction
Patricia Barclaypatricia@bonaccord.eu www.bonaccord.eu +44 131 202 6527