GDPR an Introduction

Are You ready?

GDPR monetary penalties

GDPR an Introduction

Are You ready?

Paul Hamill - Assurance Team Manager Sarah Carr - Assurance Lead Auditor

Transparency Control Accountability

Q1 – Under GDPR , what type of information is now included in the definition of personal data?

a)IP address

b)Banking history

c)Spent convictions

Q2 – Which of the following is a “special category” of personal data in the GDPR?

a)credit scores

b)genetic and biometric data

c)educational records

Q3 – At what age can a child give their own consent to the processing of their personal data under GDPR?

a)13

b)16

c)18

It is not back to the starting line

GDPR

Individual’s Rights

Q4 –Do you provide privacy notices to your customers?

a)Yes

b)No

Communicating Privacy Information

Q5 – How many of your organisations use an “opt in” for consent?

a) Yesb) No

Clear and Affirmative Action

Right to withdraw

Easy to Distinguish

“Freely given, specific, informed and an unambiguous indication of the individual’s wishes”

Q6 – Under GDPR what is the timescale for responding to a Subject Access Request

a)1 month

b)40 days

c)3 months

Subject Access requests!

Accountability and Governance

“The controller shall be responsible for, and be able to demonstrate, compliance with the principles.”

GDPR Article 5 (2)

Q7 – How many of you think you will need to appoint a Data Protection Officer?

a)Yes

b)No

When must you appoint a DPO?

Public Authority

Systematic monitoring

Large scale processing

Q8 – Have you ever had to report a Breach to the ICO?

a)Yes

b)No

Q9– How quickly did you do so after becoming aware of the breach ?

a)Within 72 Hours

b)Within a week

c)Within a month

d)Longer

Breach Notification

72 Hours

Q10– What is the maximum possible fine that can be imposed under GDPR?

a)500K euros

b)1m euros

c)5m euros and 2% of Global turnover

d)20m euros or 4% of global turnover

GDPR monetary penalties

ico.org.uk/dpreformTwitter: @iconews

Transparency Control Accountability