Introducing 

Prezi AI.

Your new presentation assistant.

Refine, enhance, and tailor your content, source relevant images, and edit visuals quicker than ever before.

Loading…
Transcript

GDPR

An Overview

ABOUT

Full end-to-end digital service

ABOUT US

Web Design & Development

Digital Marketing

Technical Support

Consultancy

Established in 2005, we now have a team of 35 working extensively in both Private and Public Sectors, with large and small businesses and organisations across the UK and overseas. We also work in the Charitable Sector on a World Health Initiative developing technology to fight infectious diseases.

We design and build websites, applications, intranets and mobile apps, and also manage and maintain hosting environments, supporting 200+ business websites and web environments for the NHS and Councils.

Established in 2005, we now have a team of 35 working extensively in bo...

KEY

DEFINITIONS

Data Controllers

KEY DEFINITIONS

Special Categories of Data

Data Processors

Consent

Processing

Data Concerning Health

Personal Data

DATA CONTROLLERS

DATA CONTROLLERS

A natural or legal person which determines the purposes and means of processing personal data.

DATA PROCESSORS

DATA PROCESSORS

A natural or legal person that processes data on behalf of a controller.

PROCESSING

PROCESSING

Any operation on personal data made by any means.

PERSONAL DATA

PERSONAL DATA

Any information that may be used to identify a natural person, directly or indirectly.

SPECIAL CATEGORIES OF DATA

SPECIAL CATEGORIES OF DATA

Includes racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data (where used to identify a natural person), data concerning health, sexual orientation, sex-life information.

CONSENT

CONSENT

Freely given, informed, specific, unambiguous indication of the data subjects wishes in an affirmative action or statement.

DATA CONCERNING HEALTH

DATA CONCERNING HEALTH

Personal data relating to mental or physical health of a natural person including health care service provision where this reveals health status.

SPECIAL CATEGORIES OF DATA; IMPLICATIONS

WHAT IS GDPR?

SPECIAL CATEGORIES OF DATA

SPECIAL CATEGORIES OF DATA; IMPLICATION

Processing of this data is prohibited unless:

  • Explicit consent has been obtained.
  • Data has been obtained for the purposes of employment, social security or social protection law where permitted by legislation.
  • It is necessary to protect vital interests of data subject.
  • Data has been manifestly made public by the data subject.
  • Substantial public interest
  • Preventative or occupational medical purpose.
  • Establishment of legal defence
  • Public health

WHAT IT IS

WHAT IT IS...

  • Legally enforced by May 2018
  • Subject to change according to national legislative programmes
  • A framework for the formation of national and EU governing bodies
  • A set of requirements for data processors and controllers
  • A definition of the rights of data subjects regarding their personal data (with some specific exemptions) and other terms.

WHAT IT IS NOT

WHAT IT IS NOT...

  • The subject of any existing case law
  • An accreditation or certification (… yet)
  • An instruction manual for data protection.
  • A concern for any organisation that is neither a processor or controller.

7 CORE PRINCIPLES

CORE PRINCIPLES

1. Lawfulness, fairness & transparency

2. Purpose limitation

3. Data minimisation

4. Accuracy

5. Storage limitation

6. Integrity & confidentiality

7. Accountability

CORE PRINCIPLES

LAWFULNESS, FAIRNESS & TRANSPARENCY

To be lawful data must be collected on the basis of consent, contractual necessity, legal obligation, to protect the vital interests of the data subject, to carry out a task in the public interest or to pursue the legitimate interests of the data controller, unless over-ridden by fundamental rights.

The data must be collected in a transparent fashion where the data subject explicitly agrees to the collection of data on an active (and not passive) basis.

PURPOSE LIMITATION

Data must be collected for lawful, legitimate purposes and must not be processed in a manner that is incompatible with the originally stated purpose.

DATA MINIMISATION

Only the data specified according to the consent or other lawful collection should be processed. No other data should be processed and the organisation should have mechanisms for ensuring this is the case.

ACCURACY

Any data held must be accurate.

The organisation should have routines for ensuring that data is accurate at the point of collection and remains accurate during storage. Where inaccuracies are found, data must be corrected or removed where necessary.

STORAGE LIMITATION

The data should only be held in an identifiable form for as long as it is required to fulfil the purposes of collection or the period agreed in the declaration of consent.

Organisations should have mechanisms for purging data that is not necessary.

INTEGRITY & CONFIDENTIALITY

Data should be held in a manner that ensures appropriate security of the data including protection against unauthorised alteration, destruction, unlawful processing, loss or damage using appropriate technical and organisational measures.

ACCOUNTABILITY

Organisations are required to be able to demonstrate compliance with the regulations. The onus is entirely on processors and controllers in this regard.

WHO IS AFFECTED?

WHO IS AFFECTED?

WHO?

All companies (undertakings, or groups of undertakings) collecting data on EU data subjects.

All companies (undertakings, or groups of undertakings) established in the EU.

Hosted service providers such as Amazon and Rackspace (they are seen as processors).

The likes of Facebook, Google, Twitter, and so on, that collect and monetize data on natural people.

Learn more about creating dynamic, engaging presentations with Prezi