Data Protection Regulation 2018 PDF
Document Details
Uploaded by ThrilledGyrolite
Educating Éire
2018
Tags
Summary
This document explains the General Data Protection Regulation (GDPR) 2018. It outlines the rights of data subjects and the responsibilities of data controllers. The document also covers the business implications of GDPR, including fines and compensation for data breaches.
Full Transcript
General Data Protection Regulation 2018 (GDPR 2018) -EU regulation that came into effect in May 2018 -replaced existing Data Protection Acts 1988-2003 -gives people greater control over their personal data by setting out clearly defined rights for data subjects -GDPR requires that any organisat...
General Data Protection Regulation 2018 (GDPR 2018) -EU regulation that came into effect in May 2018 -replaced existing Data Protection Acts 1988-2003 -gives people greater control over their personal data by setting out clearly defined rights for data subjects -GDPR requires that any organisation storing information about a data subject on a computer or manual files must ensure that the information is accurate and kept up to date -GDPR outlines the responsibilities of data controllers -personal data is any information that can identify an individual including a name, ID number, location data, postal address, online browsing history, images and anything related to the physical/psychological/genetic/mental/cultural or social identity of a person -data subject is the individual of whom personal data is kept -data controller is the person responsible for the storage of data and must give approval to others to access it -data processor is someone who has been granted approval of access to data by the data controller and can process the information only but not control its use or function Data Controller Responsibilities -under the General Data Protection Regulation 2018 data controllers must -use data for its intended purpose only (data should only be used for the purpose it was obtained eg can’t use emails obtained for essential contact only for marketing purposes) -limit access to relevant data processors necessary for the specified purpose -keep data secure (eg computers should be password protected) 32 -obtain and process data fairly -keep data accurate, complete and up-to-date -supply a copy of data stored to data subjects within 30 days of receiving a written request from the data subject, if the data controller holds a lot of data the data controller can request the data subject to specify the exact information required -retain information for no longer than the necessary specified purpose and period, data should be deleted then (information should never be kept ‘just in case’) Data Subject Rights -under the General Data Protection Regulation 2018 data subjects have the right to -question the use of their data (data subject has the right to obtain details about how their data is used by an organisation) -request a copy of personal data held (data subject has the right to obtain copies of ay personal data within 30 days of requesting, if the data controller holds a lot of data the data subject may need to specify the exact information required) -rectify any personal data (data subject has the right to correct any untrue, incorrect or incomplete personal data held about them) -request deletion of data (data subject has the right to request their personal data be erased eg if the reason for keeping the data has finished) -request data portability (data subject has the right to request their data from an organisation in a certain format that will be easily used and easily transferable) Data Protection Commission (DPC) -the national independent authority responsible for upholding fundamental right of EU citizens to have their personal data protected -Irish supervisory authority for the General Data Protection Regulation 2018 -it has many functions such as -investigates any complaints he receives from individuals who feel that personal data about them is not being treated according to the rules of the General Data Protection Regulation 2018 -issues fines for breaches of the General Data Protection Regulation 2018 -conducts enquires/investigations regarding data protection infringements under the General Data Protection Regulation 2018 33 -promotes awareness of the rights of data subjects under the General Data Protection Regulation 2018 through its website and media campaigns -drives awareness and compliance of the General Data Protection Regulation 2018through publication of high quality guidance and engagement with public and private sector guidance Business Implication of GDPR 2018 1. Higher Standards (businesses acquiring personal data must now meet very high standards with stringent procedures and rules on businesses collect use and store data) 2. Transparency and Communication (businesses must be fully transparent to data subjects about how their data is used and must effectively communicate this in an understandable clear, concise and simple manner) 3. Data Breach Fines (the Data Protection Commission can issue fines of up to €20 million or 4% of the company’s total global turnover (whichever is greater) for business breaches of GDPR) 4. Data Subject Compensation Costs (data subjects can seek compensation through the courts f from businesses or breaches of their rights under GDPR even where no material damage or financial loss has occurred)
