What does GDPR stand for?
General Data Protection Regulation
What is GDPR?
- A new data protection law which came into force on 25th May 2018, replacing the Data Protection Directive.
- Changes to existing data protection law across the EU and include significantly greater fines for data breaches.
- Gives people more control over their data & to know what info. is held about them.
- To secure personal information online & ensure personal info. is handled properly.
How does the Act work?
The Act works in 2 ways:
i. Stating that anyone who processes personal data must comply with 8 principles, which makes sure personal info. is:
1. Fairly & lawfully processed
2. Processed for limited purposes only
3. Adequate, relevant and not excessive
4. Accurate & up to date
5. Not kept longer than necessary
6. Processed within your rights
7. Secure
8. Not transferred to other countries without adequate protection
ii. Provides individuals with rights.
Who deals with complaints?
ICO
What are the rights of the individual?
- Data access – right to validate lawful processing of their personal data
- Date rectification – can request that access to their personal data is suspended or restricted in some cases
- Data portability – right to request their personal data is provided in a structured and readable format
- Right to erasure – the right for the data subject to request that their data is deleted
- Right to object –can object to the processing of their data
FoI Act 2000 key principles
6 key principles
1. Maximum disclosure
2. Publish key information
3. Promote open government
4. Exceptions narrowly drawn
5. Processed rapidly and fairly
6. Minimum cost
What is the level of fines?
£20 million or 4% of annual turnover
What are the key principles of GDPR?
- Fairness & transparency
- Data minimisation
- Purpose & storage limitation
- Accuracy
- Security
Aim of the FoI Act
- Improve accountability
- Promote transparency
- Make data open
Requirements for an FoI request
- be submitted in writing
- State full name of the applicant
- Provide suitable address for correspondence
TfL may refuse request if?
Estimated cost exceeds £450, based on 18 man hours
Deadline for response is?
20 working days
What do you have to do if there is a breach of GDPR?
72 hours to report to the ICO
What is ISO9001?
an international standard that sets out the requirements for a quality management system.
7 Principles of ISO9001?
- Engagement of people
- Customer focus
- Leadership
- Process approach
- Improvement.
- Evidence-based decision making.
- Relationship management
ISO27001 is….?
an international standard to manage information security
