Essential GDPR Principles for Building Services Engineering Students
Explore the key principles of General Data Protection Regulation (GDPR) in the context of T-Level Technical Qualification in Building Services Engineering for Construction. Learn about data management, confidentiality, GDPR implementation, and the importance of maintaining integrity and confidentiality in handling personal data.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) PowerPoint n 8.3 Data management and confidentiality 8. Construction information and data principles PowerPoint 9: GDPR and data loss # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) General Data Protection Regulation (GDPR) The Data Protection Act 2018 relates to the implementation of the General Data Protection Regulation (GDPR). Everyone responsible for using personal data has to follow strict rules called data protection principles. They must make sure the information is used: fairly lawfully transparently. https://youtu.be/YJInlE99vSs # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) GDPR The GDPR sets out seven key principles: Lawfulness, fairness and transparency: to build trust it is essential to explain to people why you hold their data, what you ll do with it, and how long you ll keep it before disposing of it. You should also record this information in a document describing your approach to data protection. This is known as a privacy notice. You have to have a privacy notice before you collect any information from anyone. Purpose limitation: information must be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) GDPR Data minimisation: information must be adequate, relevant and limited to what is necessary in relation to the purposes of collection. Accuracy: information held should be accurate and, where necessary, kept up to date. Storage limitation: data must be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) GDPR Integrity and confidentiality (security:) security measures should be commensurate with the sensitivity of the data held. The higher the risk or sensitivity the stronger the measures must be. Measures include everything from locking filing cabinets to using strong passwords on devices. Accountability: if personal data is lost such as in a cyber-attack, flood, fire or theft this may represent a data breach. If it is likely to result in a risk to the people affected, the loss must be reported to the Information Commissioner's Office (ICO). These principles should lie at the heart of your approach to processing personal data. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Controlling personal data: rights There are eight individual rights in relation to personal data, all of which must be respected and adhered to. People have: 1. The right of access to the data you have on them. This is also known as a subject access request (SAR) you have one month to deal with any such request. The right to object to specific processing of personal data. The right to be informed of what you re are doing with data. The right to rectification if data isn t accurate. 2. 3. 4. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Rights 5. 6. The right to erasure (when someone asks you to delete their data). The right to restrict processing you must stop processing someone s data if they ask you to do so. You can store their data but not use it. The right to data portability, whichgives people more control over their data where it s held electronically. Any data you hold about them has to be made easily accessible and transferable. Also, if requested, you have to provide it to them or to another organisation on their behalf. Rights related to automated decision-making, including profiling. 7. 8. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Preparing against data loss Always being prepared for a data disaster is the best way to avoid one. Examples of data disasters include: device failure outdated formats natural disasters electrical surge damage electromagnetic damage human loss. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) How to avoid a disaster Always have more than one copy of data, in more than one place, accessible by more than one person. Regularly move information to current storage formats. Store information on more than one type of device. Prepare for the worst. Scan all original photographs and documents. Recover immediately. If a storage device fails, or is damaged, transfer the data to a safe location and replace the device. Learn from mistakes and tragedies. If a digital data catastrophe occurs, don t allow the same mistake to happen again. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) What companies can do Companies can protect against data loss by: creating a backup of all company data and choosing a firewall and antivirus solution as a critical first step in protecting sensitive data protecting data from power surges (eg using an uninterruptible power supply) Developing a disaster recovery plan to ensure employees know what to do when a particular threat emerges keeping computer systems dust-free and dry specifying access levels consulting IT security experts for advice and guidance. While you can implement many of these strategies on your own, they will be executed more efficiently and effectively by a team of experts. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Hardware-based encryption Uses a dedicated processor, physically located on the encrypted drive The processor contains a random number generator to generate an encryption key, which the user s password will unlock. Performance is enhanced by offloading encryption from the host system. Safeguard keys and critical security parameters are within crypto- hardware. Authentication takes place on the hardware. Encryption is cost-effective in medium and larger application environments. Encryption is tied to a specific device, so is always on . # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Hardware-based encryption Hardware-based encryption protects against the most common attacks, such as: cold boot attacks (a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer s RAM) malicious code (code inserted in a software system or web script intended to cause undesired effects, security breaches or damage to a system) brute force attacks,which consist of an attacker submitting many passwords or phrases with the hope of eventually guessing a combination correctly. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Software-based encryption Shares computers resources to encrypt data with other programs on the computer. Therefore, such encryption is only as safe as your computer. Uses the user s password as the encryption key that scrambles data. Can require software updates. Susceptible to brute force attacks. Cost-effective in small application environments. Can be implemented on all types of media. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Firmware and updates Firmware carries out the integral functions of hardware. Firmware updates are necessary to enable the corresponding devices to operate efficiently and fix bugs for better security. To update a device s firmware, an update will need to be installed. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Advantages of updating firmware Some of the upsides of updating to the most recent firmware are: a firmware update will upgrade a device with advanced operational instructions without needing any upgrading of hardware you will be able to explore new features that are added to the device and also have an enhanced user experience while interacting with the device it will optimise performance regular firmware updates reduce the need for expensive repairs or bug fixes and slow down obsolescence. # of 22
T Level Technical Qualification in Building Services Engineering for Construction (Level 3) Any questions? # of 22
