www.actnow.org.uk ten things you should know about data protection paul simpkins director, act now...
TRANSCRIPT
![Page 1: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/1.jpg)
www.actnow.org.uk
Ten things you should know
about Data Protection
Paul Simpkins
Director, Act Now Training Ltd
![Page 2: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/2.jpg)
www.actnow.org.uk
1. Learning the lingo
![Page 3: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/3.jpg)
www.actnow.org.uk
Definitions
Personal Data
Data Controller
Data Processor
Data Subject
Notification
Subject Access Request
![Page 4: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/4.jpg)
www.actnow.org.uk
Notification
One notification per organisation
£35 Tier 1 or £500 Tier 2
250 FTE
Criminal Offences
Viewable online
![Page 5: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/5.jpg)
www.actnow.org.uk
2. Five types of data
![Page 6: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/6.jpg)
www.actnow.org.uk
Category (a)
On Computer
CCTV & video
DIP
Audio
Swipe cards & Oysters
![Page 7: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/7.jpg)
www.actnow.org.uk
Category (b)
Intended to be automated
![Page 8: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/8.jpg)
www.actnow.org.uk
Category (c)
Paper or Card
Relevant Filing System
Structured by reference to individuals
Readily Accessible
Durant Guidance
![Page 9: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/9.jpg)
www.actnow.org.uk
Category (d)
Medical Records
Social work records
Housing Records
Education Records
![Page 10: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/10.jpg)
www.actnow.org.uk
Unstructured Data
Category (e) data
From 2005
Only Public Bodies
Some exemptions
2 access regimes to data
![Page 11: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/11.jpg)
www.actnow.org.uk
3. Fair, honest & open
![Page 12: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/12.jpg)
www.actnow.org.uk
Principle 1
Personal data shall be
processed fairly and lawfully
![Page 13: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/13.jpg)
www.actnow.org.uk
Principle 1
The data controller should ensure that the data subject is provided with at least
• the identity of the data controller
• the purpose for which data is processed
• any further information necessary
![Page 14: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/14.jpg)
www.actnow.org.uk
CCTV signs
Clearly visible and Legible
Size matters
Information
Identity of controller
Purpose of scheme
Details of contact
![Page 15: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/15.jpg)
www.actnow.org.uk
4. Can I share data with…?
![Page 16: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/16.jpg)
www.actnow.org.uk
Partnership Working
Central Govt desire for joint working
ICO data sharing code of practice
Fair Obtaining & Processing – Principle 1
Lawful Gateways
Data Sharing Protocols
![Page 17: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/17.jpg)
www.actnow.org.uk
Lawful Gateways
Crime & Disorder Act 1998 Section 115Anti-terrorism, Crime & Security Act 2001National Health Services Act 1977Education Act 1966 s 520 (school nurses)Children Act 2004 s10, 11, 12 (databases)Local Government Act 1972 & 2003Localism Act 2011
![Page 18: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/18.jpg)
www.actnow.org.uk
Data Sharing Protocols
Purpose
Powers to share
Partners
Processes
Public Document
![Page 19: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/19.jpg)
www.actnow.org.uk
5. Good Records
![Page 20: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/20.jpg)
www.actnow.org.uk
Principle 3
Personal data shall be adequate,
relevant and not excessive
![Page 21: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/21.jpg)
www.actnow.org.uk
Principle 4
Personal data shall be accurate and, where necessary, kept up to date.
![Page 22: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/22.jpg)
www.actnow.org.uk
Principle 5
Personal data processed for any purpose or purposes shall not be kept for longer than is necessary for that purpose or those purposes.
![Page 23: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/23.jpg)
www.actnow.org.uk
6. Read me my rights
![Page 24: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/24.jpg)
www.actnow.org.uk
Principle 6
1. Subject Access
2. Prevent Processing
3. Direct Marketing
4. Automated Decisions
5. Compensation/Rectification
6. To request an assessment
![Page 25: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/25.jpg)
www.actnow.org.uk
Subject Access
A valid request is
Application in writing
Proof of identity
Fee
Some direction
![Page 26: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/26.jpg)
www.actnow.org.uk
Subject Access
Controller must respond promptly
In any event within 40 days
Starting on the relevant day
![Page 27: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/27.jpg)
www.actnow.org.uk
Direct Marketing
Communication (by whatever means) of any advertising or marketing material which is
directed to a particular individual
![Page 28: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/28.jpg)
www.actnow.org.uk
Computer says no…
People can object to an automated decision
Some exemptions
Once you know…
…you can object in writing
Controller has 21 days.
![Page 29: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/29.jpg)
www.actnow.org.uk
7. Keep your data safe
![Page 30: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/30.jpg)
www.actnow.org.uk
Principle 7
Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data
![Page 31: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/31.jpg)
www.actnow.org.uk
Principle 7
Training
Policies & Procedures
Data security breach policy
Civil Monetary Penalties
Passwords
![Page 32: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/32.jpg)
www.actnow.org.uk
Principle 7
Contracts With Data Processors
Made or evidenced in writing
Processor to act only on Controller’s instructions
Controller should check Processor’s Security and Employees
![Page 33: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/33.jpg)
www.actnow.org.uk
8. Who’s the daddy?
![Page 34: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/34.jpg)
www.actnow.org.uk
Enforcement
Request for assessment
Information Notice
Enforcement Notice
Prosecution
Tribunal
Supreme court
![Page 35: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/35.jpg)
www.actnow.org.uk
Offences
Failure to notify or to notify changes
Failure to comply with written request
Failure to comply with a Notice
Unauthorised obtaining/disclosing
Procuring a disclosure to another person
Unlawful selling
Enforced Subject Access
![Page 36: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/36.jpg)
www.actnow.org.uk
Penalties
Undertakings
Notices from ICO
Prosecution
£500K Fines & Jail time
Inspect public sector without notice
PR disasters
![Page 37: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/37.jpg)
www.actnow.org.uk
9. Exemptions
![Page 38: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/38.jpg)
www.actnow.org.uk
Exemptions
S. 28 - National security
S. 29 - Crime and taxation
S. 30 - Health, education & social work
S. 31 - Regulatory activity
S. 32 - Journalism, literature & art
![Page 39: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/39.jpg)
www.actnow.org.uk
Exemptions
S. 33 - Research, history & statistics
S. 34 - Publicly available by any enactment
S. 35 - Required by law/proceedings
S. 36 - Domestic purposes
![Page 40: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/40.jpg)
www.actnow.org.uk
10. Social Media
![Page 41: Www.actnow.org.uk Ten things you should know about Data Protection Paul Simpkins Director, Act Now Training Ltd](https://reader036.vdocuments.net/reader036/viewer/2022070308/551bc5e2550346b9588b4d8f/html5/thumbnails/41.jpg)
www.actnow.org.uk
Policy or Prosecution?
Social Media Policy
Disciplinary offence
Bringing the organisation into disrepute
Preece v Wetherspoons
Defamation