Understanding GDPR and Data Handling in Student Clubs and Societies
Learn about the General Data Protection Regulation (GDPR) and proper data handling practices in student clubs and societies. Discover the importance of protecting personal data, individual rights under the GDPR, and the principles that govern data processing.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. Download presentation by click this link. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
E N D
Presentation Transcript
GDPR & Data Handling GDPR & Data Handling Student Clubs & Societies Training by Liam Wilkinson YSJ Information Governance Assistant
Data Protection Data Protection Data Protection Act 2018 General Data Protection Regulation (GDPR) 2018 UK GDPR (upon exit from EU)
GDPR GDPR European Commission GDPR Documentation https://ec.europa.eu/commission/pri orities/justice-and-fundamental- rights/data-protection/2018-reform- eu-data-protection-rules_en ICO Guide to the GDPR https://ico.org.uk/for-organisations/uk- gdpr-guidance-and-resources/
Data Handling Data Handling Student clubs and societies need: To ensure that they processpersonal data about their members (and any other people) in line with the data protection principles. To be able to recognise and respond to requests from members and others exercising their individual rights under the GDPR.
Personal Data Personal Data Name Home address Email address Identification numbers Location data Internet Protocol (IP) address Internet cookies Advertising identifier Physical factors
Personal Data Personal Data Information about a particular living individual Not always private information Doesn t cover truly anonymous information Relates to paper and digital records
Process Process collecting recording storing using analysing combining disclosing deleting
Data Protection Principals Data Protection Principals Lawfulness, fairness and transparency - you must process personal data lawfully, fairly and in a transparent manner in relation to the data subject. Purpose limitation - you must only collect personal data for a specific, explicit and legitimate purpose. You must clearly state what this purpose is, and only collect data for as long as necessary to complete that purpose. Data minimisation - you must ensure that personal data you process is adequate, relevant and limited to what is necessary in relation to your processing purpose. Accuracy - you must take every reasonable step to update or remove data that is inaccurate or incomplete. Individuals have the right to request that you erase or rectify erroneous data that relates to them, and you must do so within a month. Storage limitation - You must delete personal data when you no longer need it. The timescales in most cases aren't set. They will depend on your business circumstances and the reasons why you collect this data. Integrity and confidentiality - You must keep personal data safe and protected against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures.
Subject Access Rights Subject Access Rights SU will look after this! SU will look after this! The right to be informed The right to access The right to correction The right to erasure The right to restriction The right to portability The right to objection The right to be informed of automated decisions
Lawful Basis for Processing Lawful Basis for Processing SU will do this SU will do this on your behalf on your behalf The lawful bases for processing are set out in Article 6 of the GDPR. At least one of these must apply whenever you process personal data: Consent Contract Legal obligation Vital interests Public task Legitimate interests
Data Breaches Data Breaches what we have to do what we have to do Record breaches Report any high risk breach to the ICO Inform affected parties Introduce measures to avoid repeat
Dos and donts Do s and don ts NEVER store data in places where others can access it! Think about how you gain information about new members. Never share information with others. The SU will store member information for you you should not need to store this info separately If you need to connect with members, use methods where they can opt in: Whatsapp/Facebook etc. If you are contacting them via email, you will need their permission. Never hold sensitive information such as health, ask the SU for advice about this. If in doubt ask!
YSJSU YSJSU www.ysjsu.com/documents ICO ICO www.ico.org.uk Students Union DPO Students Union DPO SU Chief Executive Liam Wilkinson Liam Wilkinson YSJ IGA l.wilkinson2@yorksj.ac.uk YSJ IGA
