1 / 9

GDPR Overview: Important Changes in Data Protection Rules

An overview of the General Data Protection Regulation (GDPR), which will become effective on May 25th, 2018. Provides information on major changes, potential fines, breach reporting obligations, and the importance of justifying data collection and use. Includes guidelines on consent, notifications, handling sensitive information, and implementing proper procedures.

mattiew
Download Presentation

GDPR Overview: Important Changes in Data Protection Rules

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. General Data Protection Regulation

  2. Overview • Major overhaul of data protection rules • Comes into effect 25th May 2018 • Very big fines! • Obligation to report breaches • Only hold what you need • Explain why you need it • Rejustify if need changes

  3. Clean out Your Files

  4. Justifications Vital interest Public task Legal Obligation Contractual Legitimate Interests Consent

  5. Consent • Opt in • No pre-completed boxes • Proposed use – specific and granular • Maintain record of consents • Can change mind – right to withdraw • review regularly – process for doing so

  6. Notifications • Privacy notices • Terms and conditions – separate and prominent – not a condition of service • Client letters Describe lawful basis and use Keep records and review if purpose changes

  7. Sensitive Information • “Special Category” data and Criminal Offence data • ethnic origin, politics, religion, TU membership, genetics, biometrics for ID, health, sex life, sexual orientation • must fit lawful bases AND one of special justifications for that category

  8. Procedures • Limit collection of data only to what is necessary • Restrict data access to those who need it – by design • Ensure any change in use is preceded by re-consideration of justification • Keep record of justification and consents • Updating process • Sensitive data • Transfers to third parties and abroad • Disposal policy • Subject request handling policy – information or objection • Policy requests for erasure or restriction

  9. Patricia Barclaypatricia@bonaccord.eu www.bonaccord.eu +44 131 202 6527

More Related