What is GDPR
GDPR is short for the EU General Data Protection Regulation which is legislation designed to harmonise data protection regulations across the EU and give individuals greater control over the privacy and use of their data.
What is the Data Protection Act 2018
Data Protection Act 2018 is the UK’s implementation of the EUs GDPR. Since the UK left the EU in Jan 2021, now have UK GDPR which mirrors the EU version.
Covers all aspects of general data and aspects of personal data (reflects modern data usage)
It controls how your personal information is used by organizations, businesses and the government.
Name previous act on Data Protection
Data Protection Act 1998
What is personal data
includes name, address, date of birth, CVs, appraisals, emails, texts
Name the main changes for data protection
- Fines - now max fine is higher of 20mn euros or 4% turnover
- Accountability - businesses have to clearly demonstrate compliance
- Breach Notification - breaches reported within 72 hours
- Right to be forgotten - gives individuals greater controls over the use and management of their data - deleting records rather than archiving
Who controls data protection in Uk
Information Commissioners Office (ICO)
What is the role of a data controller
Data controller decides on the purpose for which data is being collected, held or processed primary responsibility for managing and protecting the data
What is the role of a data protection officier
Data Protection Officer - primary contact, mandatory for large organisations - overseeing a company’s data protection strategy and its implementation to comply with GDPR requirements
Name the 6 core principles for data protection
- Data must be processed in a lawful and transparent manner
- Legitimate purpose - personal data must be obtained for specified, explicit and legitimate purposes only
- Data should be relevant and limited to what is necessary
- Accurate and upto date
- Limited storage
- Secure
Describe examples of a data breach
Loss of file, memory stick, laptop, phone, hacking, stolen/misused password
Must report breach within 72 hours
Name 8 rights under GDPR
- Right to be informed
- Right of access
- Right to rectification
- Right to erasure
- Right to restrict processing
- Right to data portability
- Right to object
- Rights to automated decision making and profiling.
How is CJ compliant with GDPR
- Lock computers when not at desk
- All paper documentation is filed in locked cabinets
- When onsite, prevent taking personal information on paperwork
- Prevent sharing passwords
- Don’t have paper files unless really necessary
How does CJ ensure confidentiality
– good security of electronic data (firewalls, encryption and passwords), Non Disclosure Agreements
What is a non disclosure agreement
Non disclosure Agreements are a legal contract. It sets out how you share information or ideas in confidence. They commonly last 3-5 years and ensures information is kept confidential.
What is the main purpose of teh Data Protection Act 2018
to set the guidelines for companies for the collection, processing, storage and protection of personal data and to give individuals the rights to access, and correct their personal data and prevent it from being used for marketing
Name RICS new guidance on data
New RICS Guidance – Data Handling and Prevention of Cyber Crime (currently in consultation)
What is the freedom of information act 2000
- Gives individuals the rights to access information held by public bodies.
- Public bodies (government / Local authorities) are required to issue information held on individuals within 20 days of request.
