Understanding Data Protection Regulations

decoding the dpa 2018 n.w
1 / 112
Embed
Share

Explore the key aspects of the Data Protection Act 2018 and its relationship with the GDPR, including amendments, special category data rules, ICO powers, criminal offenses, and more. Learn about the basics of GDPR, how legislation is structured, data protection principles, legal bases for personal data processing, and more.

  • Data Protection
  • GDPR
  • Regulations
  • Compliance
  • Data Security
rayaanacharya
sanpedro_m Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. DECODING THE DPA 2018 Tim Turner 7thMarch 2019

  2. WHO AM I? + WHAT WILL WE LOOK AT TODAY?

  3. INTRODUCTIONS + WHAT DO YOU WANT TO GET OUT OF THE DAY?

  4. What we will cover today What the DPA is for and how it relates to the GDPR Basic amendments and clarifications Special Categories data Rules for criminal records data Exemptions from normal GDPR practice ICO Powers Criminal offences Law enforcement

  5. What we wont cover today Part 4: Intelligence Services provisions Schedules: International cooperation arrangements for the ICO and other European supervisory authorities Schedules: Amendments to other legislation

  6. BASICS

  7. HOW LEGISLATION IS SET OUT GDPR is divided up into Articles & Recitals Articles set out what the law is Recitals are explanatory notes UK legislation (DPA 2018) is divided up Sections equivalent to Articles

  8. What am I? A1 What do I cover? Where do I cover? A2 How GDPR is put together A3

  9. A5 A9 Principles Rights A12 A22 Obligations How GDPR is put together A23 A39

  10. Data Protection Principles 1 2 3 Purpose limitation Lawful, fair, transparent Data minimisation 4 5 6 Storage limitation Integrity and confidentiality Accuracy Accountability

  11. Article 6: Legal basis for personal data Necessary for contract Necessary for a legal obligation Consent Necessary for exercise of official authority / public interest task Necessary to protect vital interests Necessary for legitimate interest

  12. Article 9: Special categories Religious / philosophical beliefs Racial / ethnic origin Political opinions Biometric & genetic data Trade union Health Sex life / sexual orientation

  13. Article 9: Special categories conditions Employment law Vital interests no consent Special category group use Explicit consent Establish / defend legal claims Made public by subject Substantial public interest Health / social care Archiving / research with safeguards Public health

  14. NOW GDPR The Data Protection Legislation DPA

  15. No deal UK GDPR The Data Protection Legislation DPA

  16. Common definitions Common definitions across each element (i.e. applied GDPR, law enforcement, intelligence services) Personal data Processing Data Subject Controller and Processor Look at S2(1)(a): seems to highlight consent

  17. S3(3) Personal data any information relating to an identified or identifiable living individual identifiable living individual = one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, an online identifier or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity

  18. THE DATA PROTECTION ACT 2018

  19. GDPR is UK DP law (DPA confirms) DPA 2018 contains exemptions, safeguards, legal authorisations + other UK-based choices DPA implements Law Enforcement Directive for police and others DPA creates DP regime for intelligence services because of Convention 108 DPA (possibly) paves the way for Brexit

  20. Why is it so long? For example: Part 3 + Schedules 7 & 8: self-contained DP system for law enforcement Part 4 + Schedules 10 & 11: self-contained DP system for intelligence services Pages 225 318: amendments to existing legislation mentioning Data Protection Act 1998

  21. Part 1: basics GDPR applies as normal Part 2: Applied GDPR Applies GDPR to matters outside EU competence Part 3: Law Enforcement Implements directive Applies GDPR- style standards to intelligence Part 4: Intelligence services Part 5 & 6: IC powers, enforcement, offences Giving ICO GDPR powers Exemptions, safeguards, special categories Schedules

  22. Why people hate the DPA Part 2, Section 5 Terms used in Chapter 2 of this Part and in the GDPR have the same meaning in Chapter 2 as they have in the GDPR. In subsection (1), the reference to a term s meaning in the GDPR is to its meaning in the GDPR read with any provision of Chapter 2 which modifies the term s meaning for the purposes of the GDPR. Subsection (1) is subject to any provision in Chapter 2 which provides expressly for the term to have a different meaning and to section 204. Terms used in Chapter 3 of this Part and in the applied GDPR have the same meaning in Chapter 3 as they have in the applied GDPR. In subsection (4), the reference to a term s meaning in the applied GDPR is to its meaning in the GDPR read with any provision of Chapter 2 (as applied by Chapter 3) or Chapter 3 which modifies the term s meaning for the purposes of the applied GDPR. Subsection (4) is subject to any provision in Chapter 2 (as applied by Chapter 3) or Chapter 3 which provides expressly for the term to have a different meaning. A reference in Chapter 2 or Chapter 3 of this Part to the processing of personal data is to processing to which the Chapter applies. Sections 3 and 205 include definitions of other expressions used in this Part.

  23. Data Protection Principles 1 2 3 Purpose limitation Lawful, fair, transparent Data minimisation 4 5 6 Storage limitation Integrity and confidentiality Accuracy Accountability

  24. Article 6: Legal basis for personal data Necessary for contract Necessary for a legal obligation Consent Necessary for exercise of official authority / public interest task Necessary to protect vital interests Necessary for legitimate interest

  25. S8: Task carried out in public interest (a) the administration of justice, (b) the exercise of a function of either House of Parliament, (c) the exercise of a function conferred on a person by an enactment or rule of law, (d) the exercise of a function of the Crown, a Minister of the Crown or a government department, or (e) an activity that supports or promotes democratic engagement. NON EXHAUSTIVE ( see explanatory notes)

  26. S9: Child consent ONLY FOR INFORMATION SOCIETY SERVICES 13 or above young person consents 12 or below - parent consents

  27. INFORMATION SOCIETY SERVICES (from explanatory notes) Any service provided by electronic means at the request of individual Normally provided for remuneration Remuneration includes receipt of revenues from advertising. Most websites would meet this definition, ranging from online banking to search engines and social media

  28. Age of Consent in Scotland To exercise rights or give consent: Child can do so if they appear to have a general understanding of what it means to do so Assume a child of 12 is old enough unless evidence to the contrary

  29. SUBJECT RIGHTS

  30. Rights limitations S12: Secretary of State can introduce regulations to limit the amount that can be charged for rights requests for unfounded or excessive requests or charges for copies S14: Significant automated decisions authorised by law Must tell person that decision has been made Give them opportunity to challenge Must reconsider decision or take new non-automated decision

  31. Manual unstructured records S21: Records NOT Processed automatically Held in filing system BUT held by FOI public authority NOT personnel data S24 removes nearly all of the GDPR provisions apart from: Accuracy Right of access

  32. Request for unstructured data FOI rules apply; not subject access Controller not obliged to comply with right of access if request does not contain a description of the personal data or controller estimates that the cost of complying with the request would exceed FOI cost limit

  33. CERTIFICATION

  34. S17: Certification Two organisations can approve a certification body Information Commissioner National Accreditation Body = UK Accreditation Service REMEMBER: certification body certifies data processing not people or products

  35. SPECIAL CATEGORIES

  36. Article 9: Special categories Religious / philosophical beliefs Racial / ethnic origin Political opinions Biometric & genetic data Trade union Health Sex life / sexual orientation

  37. SPECIAL CATEGORIES PROCESSING IS FORBIDDEN UNLESS: To process data, you need lawful basis from GDPR A6 Exemption in A9 GDPR applies

  38. Article 9: Special categories conditions b) Employment, social protection, social security law c) Vital interests no consent d) Special category group use a) Explicit consent e) Made public by subject f) Establish / defend legal claims g) Substantial public interest h) Health / social care j) Archiving / research with safeguards i) Public health

  39. SAFEGUARDS d Employment, social protection, social security law 9) b Substantial public interest 9) g Health and social care 9) h Public health 9) i Archiving in the public interest, research, statistical use 9) j

  40. S19: Research GDPR relaxes some rules for research if measures are taken to protect data (see A89 for more) DPA says: Cannot use A89 if research is likely to cause substantial damage or distress to subjects Cannot use A89 if research is directed towards actions affecting specific person (unless approved medical research)

  41. S 11: Health / social care exemption For A9(h) For processing for health or social care purposes, processing is only considered to be confidential when carried out: by or under the responsibility of a health professional or a social work professional, or by another person who in the circumstances owes a duty of confidentiality under an enactment or rule of law Similar provisions for 9(i)

  42. SAFEGUARDS d Employment, social protection, social security law 9) b Substantial public interest 9) g Health and social care 9) h Public health 9) i Archiving in the public interest, research, statistical use 9) j

  43. Policy document (Sch 1, Pt 4) Employment law / Substantial PI Must have appropriate policy document in place for employment law / substantial public interest Process for complying with GDPR principles Process for retention & erasure Must be retained, reviewed and updated Made available to ICO Added to Article 30 records published under GDPR

  44. Substantial public interest AND 9: Preventing or detecting unlawful acts 6 / 7: Government / legal 8: Equality of treatment 10: Protecting public against dishonesty 16: Support for disabled / medical conditions 11: protective *functions* 13: Disclosure for journalism 14 / 15: Fraud / terror financing 20: Insurance (mainly third parties) 17: Counselling 18 / 19: Safeguarding 21: Pensions 23 / 24: Elected representatives 22: Political parties

  45. 6 + 7: Parliamentary, statutory & government purposes (6) Substantial public interest AND exercise of a function conferred on a person by an enactment or rule of law the exercise of a function of the Crown, a Minister of the Crown or a government department. (7) Substantial public interest AND Necessary for the administration of justice, or Necessary for exercise of functions of either House of Parliament

  46. 8: Equality of opportunity or treatment Equality of opportunity or treatment over racial / ethnic origin, religious / philosophical belief, health, sexual orientation NOT: Directed towards an individual without consent If likely to cause substantial damage or distress Person can object to the processing

  47. 10: Prevent or detect unlawful acts Necessary for the purposes of the prevention or detection of an unlawful act getting consent would prejudice those purposes and SUBSTANTIAL PUBLIC INTEREST

  48. 11: Protecting public against dishonesty Condition met if: necessary for the purposes of protective function getting consent would prejudice those purposes and is necessary for reasons of substantial public interest Functions to protect public from: dishonesty, malpractice or other seriously improper conduct unfitness or incompetence mismanagement in the administration of a body or association, or failures in services provided by a body or association

  49. 13: Disclosure for journalism Commission of unlawful acts Dishonestly, malpractice, serious improper conduct Unfitness or incompetence Mismanagement Failure in service Disclosure of personal data for special purposes Linked to specified purposes Substantial public interest Aimed at publication Controller believes it was in public interest

  50. 16: Support for individuals with a particular disability or medical condition Not for profits supporting people with specific disability or condition (condition includes their carers) Data is racial or ethnic origin, genetic data or biometric data, health or sex life or sexual orientation Purpose is raising awareness of disability or condition, or providing support to individuals or enabling such individuals to provide support to each other If reasonable to do without consent

Related


SAR : Decoding for PEVs

SAR : Decoding for PEVs

kellan
SAR Decoding for PEVs by Dr. R. V. Ranganath at BMS College of Engineering, Bangalore

SAR Decoding for PEVs by Dr. R. V. Ranganath at BMS College of Engineering, Bangalore

orla
Decoding SAR for PEVs by Dr. R. V. Ranganath - BMS College of Engineering

Decoding SAR for PEVs by Dr. R. V. Ranganath - BMS College of Engineering

leonora
Seminar on Machine Intelligence: Brain Decoding and Collaborative Discussions

Seminar on Machine Intelligence: Brain Decoding and Collaborative Discussions

asia
Decoding and NLG Examples in CSE 490U Section Week 10

Decoding and NLG Examples in CSE 490U Section Week 10

laszlo
Working Capital and Current Ratio in Accounting

Working Capital and Current Ratio in Accounting

jayden
EEG Conformer: Convolutional Transformer for EEG Decoding and Visualization

EEG Conformer: Convolutional Transformer for EEG Decoding and Visualization

oaklee
Enhancing HARQ Framing for IEEE 802.11 Standards

Enhancing HARQ Framing for IEEE 802.11 Standards

leora
Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0

Attacks on Fully Random 64QAM Sounding Signal in IEEE 802.11-20/0964r0

kaylen
Innovative Applications of Associative Memory in Modern Electronic Devices

Innovative Applications of Associative Memory in Modern Electronic Devices

andr_215
Decoding English Words: From Syllables to Morphemes

Decoding English Words: From Syllables to Morphemes

rebholz_a
Biological Modeling of Neuronal Networks: Insights from Neural Dynamics

Biological Modeling of Neuronal Networks: Insights from Neural Dynamics

jellison_w
Decoding Uncertainty in Communication: Exploring Prior Distributions and Coding Schemes

Decoding Uncertainty in Communication: Exploring Prior Distributions and Coding Schemes

wedemeyer_k
Predictability and Utilisation Trade-off in Video Stream Decoding Management

Predictability and Utilisation Trade-off in Video Stream Decoding Management

ben_wal
Reasoning Ability Test - Analogy, Classification, Coding-Decoding Examples

Reasoning Ability Test - Analogy, Classification, Coding-Decoding Examples

cli_les
Strategies to Improve Word Decoding Skills in Struggling Readers at PS104

Strategies to Improve Word Decoding Skills in Struggling Readers at PS104

raja_ble
Supporting Children's Comprehension Skills in Year 6 Reading

Supporting Children's Comprehension Skills in Year 6 Reading

shae_314
Encoding and Decoding Data Principles

Encoding and Decoding Data Principles

enad
Memory Address Decoding in 8085 Microprocessor

Memory Address Decoding in 8085 Microprocessor

kyer525
Combined Classification and Channel Basis Selection with L1-L2 Regularization for P300 Speller System

Combined Classification and Channel Basis Selection with L1-L2 Regularization for P300 Speller System

bhieb
Medical Terminology: Word Parts and Decoding

Medical Terminology: Word Parts and Decoding

con_wil
Insights into the Rowhammering.BIKE Cryptosystem and Decoding Strategies

Insights into the Rowhammering.BIKE Cryptosystem and Decoding Strategies

jshah

More Related Content