Scribd
Upload
116 views

GDPR - Skillcast Presentation Template

This document provides an overview of the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines personal data and special categories of personal data. It outlines the key rights of individuals including rights to access and rectify their data. It discusses lawful processing of personal data and the obligations around data breaches including notification requirements. Fines for non-compliance under GDPR can be up to 4% of global annual turnover or 20 million euros, whichever is greater.

Uploaded by

nipunda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
116 views

GDPR - Skillcast Presentation Template

This document provides an overview of the General Data Protection Regulation (GDPR) which takes effect in May 2018. It defines personal data and special categories of personal data. It outlines the key rights of individuals including rights to access and rectify their data. It discusses lawful processing of personal data and the obligations around data breaches including notification requirements. Fines for non-compliance under GDPR can be up to 4% of global annual turnover or 20 million euros, whichever is greater.

Uploaded by

nipunda
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PPTX, PDF, TXT or read online on Scribd
You are on page 1/ 23

General Data Protection

Regulation (GDPR)
[Name] • [Date]
Learning Objectives

What is personal data?


What are the consequences?
Data protection principles and rights
Our company’s data protection policy

2 General Data Protection Regulation (GDPR)


What’s changing?

Data Protection Act

General Data Protection


Regulation (GDPR)

GDPR applies from 25 May 2018 – are you ready?

3 General Data Protection Regulation (GDPR)


What is personal data?

• “... information relating to a living individual who can be


identified from that data...”
• “…it may include expressions of opinion…”
• “…held in manual or electronic systems…”
• ICO guidance

4 General Data Protection Regulation (GDPR)


What constitutes personal data?

Our company’s Your medical


Your salary details
annual report information
NO YES YES

Your anonymous Your photo or


Your name and date
response to a survey image on a CCTV
of birth
YES question NO camera YES

5 General Data Protection Regulation (GDPR)


What is personal data under GDPR?

“...IP addresses...”

“…automated personal data and data held in manual systems…”

“…key-coded (pseudonymised) personal data…”

Sensitive personal data Special categories of


personal data (Article 9)

6 General Data Protection Regulation (GDPR)


Special categories of personal data

Your name and date Racial or ethnic


Genetic data
of birth origin
NO YES YES

Data concerning
Religious or political
sex life or sexual Biometric data
beliefs
YES orientation YES YES

7 General Data Protection Regulation (GDPR)


Lawful processing
1. Explicit consent of the data subject

2. Necessary for the performance of a contract

3. Necessary for legal or judicial reasons

4. Necessary to protect the data subject’s


best interests

5. Necessary to perform a task carried out in the


public interest

6. Necessary for legitimate interests

8 General Data Protection Regulation (GDPR)


What rights do data subjects have?

I don’t want to I want to be able to Did I agree to that? I didn’t


receive your take my data and see a privacy notice on
marketing letters reuse it on other your website when I typed
and promotions platforms in my details

Does the right to I want to find out what


I want to have any
be forgotten data you have about me
errors corrected
apply to me? and how you’re using it

Please stop using my data until you’ve


checked there is a legitimate purpose

9 General Data Protection Regulation (GDPR)


Rights of individuals
under GDPR:

1. The right to be informed


2. The right of access
3. The right to rectification
4. The right to erasure (“right to be forgotten”)
5. The right to restrict processing
6. The right to data portability
7. The right to object
8. Rights on automated decision making
and profiling

10 General Data Protection Regulation (GDPR)


When it goes wrong

Shop owner fined


TalkTalk fined £400k 1b customer
for using instore
by ICO for cyber accounts hacked,
CCTV without
attack admits Yahoo
registering

Insurance firm
Social worker drives Loan company
fined £150k for
off with family court fined £70k for
losing 60,000
data on roof spam texts
customers’ data

11 General Data Protection Regulation (GDPR)


You make the call:
Is it a breach?

“She asked me to remove her information from our systems –


but it’s required for regulatory reasons so I refused”

Breach
No Breach 

12 General Data Protection Regulation (GDPR)


You make the call:
Is it a breach?

“At first, he gave us his consent to use his data but then he
changed his mind – I told him that it wasn’t allowed”

Breach 
No Breach

13 General Data Protection Regulation (GDPR)


You make the call:
Is it a breach?

“We assumed she gave us her consent because she placed an


order with us and friended us on social media”

Breach 
No Breach

14 General Data Protection Regulation (GDPR)


Data breach notifications

A data breach only occurs No. It can occur if data is accessed inappropriately
when data is lost due to a lack of internal controls

Breaches are only serious if No. Unauthorised access, disclosures, loss,


data is actually taken destruction, and alteration are also serious

Look at Yahoo – isn’t it best No. Under GDPR, you have just 72 hours to notify
to keep quiet? of data breaches

15 General Data Protection Regulation (GDPR)


Fines under GDPR
• Infringements of rights, basic principles and rules on
international transfers:
 4% of worldwide turnover or €20 million

• Failure to notify of data breaches:


 2% of worldwide turnover or €10 million

16 General Data Protection Regulation (GDPR)


Scenario 1
What do you think?
a) Great – it looks like Jayne is on top of GDPR already
b) Not bad – but Jayne can get consent verbally from
customers too

There’s a pre-checked
c) Poor – Jayne must ensure that consent is active 
d) Poor – consent is only required for children under 13 years
box when customers
place their order. It gives
us consent for future
marketing.

17 General Data Protection Regulation (GDPR)


Scenario 2
What do you think?
a) Excellent – it looks like Peter really knows his stuff
b) Great – there are no restrictions on transfers outside the EU
c) Not bad – but Peter must ensure there are adequate safeguards
for EU data 
We’ve got a US firm
helping us process d) Poor – Peter must get consent from the supervisory authority first
customer data. It’s all big-
data analytics wizardry.

18 General Data Protection Regulation (GDPR)


Our Data Protection Policy

1. What personal data we use and how

2. Our rules and procedures – creating, storing, sharing and disposing of personal data safely

3. Identifying our Data Protection Officer and how to contact them

4. Requiring everyone to read and implement our Data Protection Policy

19 General Data Protection Regulation (GDPR)


Do

 Read our Company's Data Protection Policy – make sure you understand the rules and why
they're important

 Follow our policies and rules whenever you use personal data – taking particular care to
prevent unauthorised access, loss, theft or alteration

 Speak out promptly if you accidentally lose, delete or transfer personal data to someone
else – our firm has just 72 hours to report it

 Talk to your manager or our Data Protection Officer if you have any questions or concerns

20 General Data Protection Regulation (GDPR)


Don’t

x Keep using customers’ personal data for marketing if they ask you to stop

x Transfer personal data outside the EU without ensuring there are adequate
protections in place

x Leave personal data lying around on a desk or unattended onscreen

x Collect or use children’s personal data without getting parental consent first

21 General Data Protection Regulation (GDPR)


Any Questions?

22 General Data Protection Regulation (GDPR)


Next steps

Call _______ on _______ if you need information or guidance

Call _______ on _______ if you need to raise concerns

Access self-study courses on our e-learning portal for further


training [or optionally – Complete your mandatory training on our
corporate e-learning portal]

23 General Data Protection Regulation (GDPR)

You might also like