Understanding General Data Protection Regulation (GDPR)

Slide Note
Embed
Share

GDPR is a legal framework implemented in May 2018 to enhance data protection rights and increase obligations for data controllers and processors. It requires compliance in processing personal data and imposes strict rules on handling data breaches. Key definitions, including personal data categories and processing operations, are outlined to ensure understanding and adherence.

lakaylasc
lakaylasc Follow

Uploaded on Oct 04, 2024 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

E N D

Presentation Transcript

  1. General Data Protection Regulation (GDPR) GDPR is a legal framework In force since May 2018 It enhances the data protection rights of individuals Places greater obligations on data controllers and data processors Gives greater enforcement powers to authorities Any possible data breaches: contact Data Protection Unit immediately, and we ll help data.protection@dcu.ie there is only a 72 hour window to respond to a breach Compliance with GDPR is a mandatory legal requirement not optional! Everyone processing personal data must do so in compliance with GDPR Failure to do so, may mean that the processing is unlawful

  2. Key Definitions (GDPR Article 4) Term Term Term Term Term Term Term Term Meaning Meaning Meaning Meaning Meaning Meaning Meaning Meaning Personal Data Personal Data Personal Data Personal Data Personal Data Personal Data Personal Data Any information relating to an identified or identifiable natural person Race / ethnicity Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Political opinions Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Religious or philosophical beliefs Trade union membership Genetic data / Biometric data Health data Health data Health data Health data Health data Health data Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Religious or philosophical beliefs Trade union membership Genetic data / Biometric data Health data Sexual Life / Health / Orientation Sexual Life / Health / Orientation Sexual Life / Health / Orientation Sexual Life / Health / Orientation Sexual Life / Health / Orientation Sexual Life / Health / Orientation Sexual Life / Health / Orientation Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Religious or philosophical beliefs Trade union membership Trade union membership Trade union membership Trade union membership Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Religious or philosophical beliefs Religious or philosophical beliefs Religious or philosophical beliefs Any information relating to an identified or identifiable natural person Race / ethnicity Political opinions Religious or philosophical beliefs Trade union membership Genetic data / Biometric data Genetic data / Biometric data Genetic data / Biometric data Genetic data / Biometric data Genetic data / Biometric data Special Categories of Personal Data Special Categories of Personal Data Special Categories of Personal Data Special Categories of Personal Data Special Categories of Personal Data Special Categories of Personal Data Special Categories of Personal Data Processing Processing Processing Processing Processing Processing Processing Performing any operation on personal data, whether or not by automated means automated means automated means automated means automated means automated means automated means Performing any operation on personal data, whether or not by Performing any operation on personal data, whether or not by Performing any operation on personal data, whether or not by Performing any operation on personal data, whether or not by Performing any operation on personal data, whether or not by Performing any operation on personal data, whether or not by Data Subject Data Subject Data Subject Data Subject Data Subject Data Subject Data Subject The individual to whom the personal data relates The individual to whom the personal data relates The individual to whom the personal data relates The individual to whom the personal data relates The individual to whom the personal data relates The individual to whom the personal data relates The individual to whom the personal data relates Data Controller Data Controller Data Controller Data Controller Data Controller Data Controller Data Controller Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Natural/legal person who determines purposes & means of processing Data Processor Data Processor Data Processor Data Processor Data Processor Data Processor Data Processor Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller Natural/legal person who processes personal data on behalf of Controller

  3. Principles (GDPR Article 5) Principle Principle Principle Principle Principle Principle Principle Principle Principle Explanations Explanations Explanations Explanations Explanations Explanations Explanations Explanations Explanations Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency Lawfulness, fairness & transparency e.g. At the point of collection: state who you are, for what purpose(s) personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, personal data will be used/processed, the legal bases for processing, e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) e.g. At the point of collection: state who you are, for what purpose(s) personal data will be used/processed, the legal bases for processing, with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) with whom it will be shared, etc. (Legal bases: GDPR Article 6) Purpose limitation Purpose limitation Purpose limitation Purpose limitation Purpose limitation Purpose limitation Purpose limitation Purpose limitation Only process personal data for the specified purpose(s) for which it was originally collected. originally collected. originally collected. originally collected. originally collected. originally collected. originally collected. originally collected. Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Only process personal data for the specified purpose(s) for which it was Data minimisation Data minimisation Data minimisation Data minimisation Data minimisation Data minimisation Data minimisation Data minimisation Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, Limit personal data collected and use only to what is adequate, necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. necessary and relevant to the purpose(s) for which it was collected. Accuracy Accuracy Accuracy Accuracy Accuracy Accuracy Accuracy Accuracy Personal data must be accurate, and where necessary, kept up to date. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Inaccurate personal data should be erased or rectified. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Personal data must be accurate, and where necessary, kept up to date. Storage limitation Storage limitation Storage limitation Storage limitation Storage limitation Storage limitation Storage limitation Storage limitation Personal data is not to be held for any longer than the original purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. purpose(s) for which it was collected. Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Personal data is not to be held for any longer than the original Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Integrity and confidentiality Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the Implement technical & organisational security measures to keep the personal data safe & secure. personal data safe & secure. personal data safe & secure. personal data safe & secure. personal data safe & secure. personal data safe & secure. personal data safe & secure. personal data safe & secure. Accountability Accountability Accountability Accountability Accountability Accountability Accountability Accountability Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR. Demonstrate compliance with each of your obligations under GDPR.

  4. Non-Compliance / Data Breaches Penalties A person whose data protection rights have been infringed has the right to take court proceedings this means legal costs, court costs, and potential damages. The regulator, the Data Protection Commission, has the power to carry out investigations and audits, and to impose large fines. Other considerations Non-compliance may also mean reputational damage to you and to DCU. Compliance drives good information handling practices: Improved data quality and records management

  5. Supports & DCU Data Protection Unit GDPR Advocates (School/Faculty): dcu.ie/ocoo/data-protection-policies-guides-protocols-and-templates Data Protection Unit (DPU) A Unit within the Office of the Chief Operations Officer (OCOO) DPU email address: data.protection@dcu.ie Information and resources: dcu.ie/ocoo/data-protection Staff - name and role Contact details Martin Ward DCU Data Protection Officer martin.ward@dcu.ie Joan O Connell DCU Data Protection Co-ordinator joan.m.oconnell@dcu.ie Noel Prior DCU Risk & Compliance Officer Noel.Prior@dcu.ie

Related


Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

Understanding the General Data Protection Regulation (GDPR) and Data Protection Bill

helena
Understanding GDPR: Key Points and Implications for University Communications Officers

Understanding GDPR: Key Points and Implications for University Communications Officers

alivia
Understanding the EU General Data Protection Regulation (EU GDPR)

Understanding the EU General Data Protection Regulation (EU GDPR)

armand
Understanding the EU General Data Protection Regulation (GDPR)

Understanding the EU General Data Protection Regulation (GDPR)

abdiel
Understanding the European Union General Data Protection Regulation (GDPR)

Understanding the European Union General Data Protection Regulation (GDPR)

itrel
Comprehensive Overview of GDPR and Information Law Updates

Comprehensive Overview of GDPR and Information Law Updates

drael
Understanding GDPR: A Quick Guide to Compliance

Understanding GDPR: A Quick Guide to Compliance

hetty
Understanding GDPR and Data Protection for Businesses

Understanding GDPR and Data Protection for Businesses

ful_mel
Preparing for EU General Data Protection Regulation with Revd. Mark James

Preparing for EU General Data Protection Regulation with Revd. Mark James

mercer
The Digital Personal Data Protection Act 2023

The Digital Personal Data Protection Act 2023

edelweiss
Understanding GDPR: Guidelines for Occupational Health Professionals

Understanding GDPR: Guidelines for Occupational Health Professionals

subhan
Understanding GDPR for Union Representatives

Understanding GDPR for Union Representatives

yassmi
Understanding the Role of Data Protection Officers (DPOs) in GDPR Compliance

Understanding the Role of Data Protection Officers (DPOs) in GDPR Compliance

flint
Personal Data Protection Requirements in the Health Sector: EU Twinning Project Overview

Personal Data Protection Requirements in the Health Sector: EU Twinning Project Overview

elminb
Ensuring Safe Data Practices: A Guide to Data Protection

Ensuring Safe Data Practices: A Guide to Data Protection

edison
Overview of Data Protection Regulations and Compliance Framework

Overview of Data Protection Regulations and Compliance Framework

doslu
Understanding Data Privacy Laws and Regulations in Saudi Arabia

Understanding Data Privacy Laws and Regulations in Saudi Arabia

twyla
Understanding Data Protection Impact Assessments (DPIA) at DPPC2018

Understanding Data Protection Impact Assessments (DPIA) at DPPC2018

adira
Enhancing GDPR Compliance with SIMS Reporting

Enhancing GDPR Compliance with SIMS Reporting

smoke
Enhancing Self-Regulation Skills in Children: Strategies and Tips

Enhancing Self-Regulation Skills in Children: Strategies and Tips

pkhy
Understand Children's Privacy Notice at Pathfields Medical Group

Understand Children's Privacy Notice at Pathfields Medical Group

mohamed
The Lyndhurst Surgery General Data Protection Regulation

The Lyndhurst Surgery General Data Protection Regulation

rtan
Privacy and Data Protection in the Digital Age

Privacy and Data Protection in the Digital Age

smer
Understanding Data Protection Regulations and Definitions

Understanding Data Protection Regulations and Definitions

nicholes_p

More Related Content

Update on General Data Protection Regulation and Law Enforcement Directive
Update on General Data Protection Regulation and Law Enforcement Directive
Understanding GDPR Consent and Validity for Data Processing
Understanding GDPR Consent and Validity for Data Processing
Implementing DPIA: A Comprehensive Guide from Data Protection Practitioners Conference 2018
Implementing DPIA: A Comprehensive Guide from Data Protection Practitioners Conference 2018
Understanding Incentive Regulation in Utility Management
Understanding Incentive Regulation in Utility Management
Enhancing Self-Regulation for Formative Assessment through Social and Emotional Learning
Enhancing Self-Regulation for Formative Assessment through Social and Emotional Learning
Regulation Proposal to Combat Deforestation and Forest Degradation in the European Union
Regulation Proposal to Combat Deforestation and Forest Degradation in the European Union
Understanding the Right to an Explanation in GDPR and AI Decision Making
Understanding the Right to an Explanation in GDPR and AI Decision Making
Understanding Pharmacy Revalidation and GDPR with Leyla Hannbeck
Understanding Pharmacy Revalidation and GDPR with Leyla Hannbeck
Understanding Data Protection Essentials
Understanding Data Protection Essentials
Groundskeeping Safety and Personal Protective Equipment Training
Groundskeeping Safety and Personal Protective Equipment Training
Is Data Protection a Fundamental Right Protecting the Individual?
Is Data Protection a Fundamental Right Protecting the Individual?
Understanding the Data Protection Act 2017: A Comprehensive Overview
Understanding the Data Protection Act 2017: A Comprehensive Overview
Evaluation of Anti-Doping Laws and Data Protection in EU Member States
Evaluation of Anti-Doping Laws and Data Protection in EU Member States
Regulation of Extracellular Fluid Volume: A Comprehensive Overview
Regulation of Extracellular Fluid Volume: A Comprehensive Overview
Regulation of Blood Glucose and Its Importance in Maintaining Health
Regulation of Blood Glucose and Its Importance in Maintaining Health
Understanding Carnegie Mellon's Protection and Security Concepts
Understanding Carnegie Mellon's Protection and Security Concepts
Overview of EU Timber Regulation (EUTR) 995/2010 and its Application in Italy
Overview of EU Timber Regulation (EUTR) 995/2010 and its Application in Italy
Emerging Trends in Regulation and Credentialing for Advanced Practice Nursing
Emerging Trends in Regulation and Credentialing for Advanced Practice Nursing
Regulation of Disinformation in the European Union: A Comprehensive Overview
Regulation of Disinformation in the European Union: A Comprehensive Overview
Agricultural and Veterinary Chemicals Regulation in Australia - Overview
Agricultural and Veterinary Chemicals Regulation in Australia - Overview
Traffic Regulation Orders for Public Rights of Way in Essex
Traffic Regulation Orders for Public Rights of Way in Essex
Improving Consumer Protection in Ghana: Insights from the Sixth Annual African Dialogue Consumer Protection Conference
Improving Consumer Protection in Ghana: Insights from the Sixth Annual African Dialogue Consumer Protection Conference
Regulation of Non-Personal Data and Its Scope
Regulation of Non-Personal Data and Its Scope
Regulation and Permitting of Construction and Demolition Recycling in Illinois
Regulation and Permitting of Construction and Demolition Recycling in Illinois