SlideShare una empresa de Scribd logo

Dataprotectionactnew13 12-11-111213033116-phpapp02

Descargar como PPT, PDF
T
tinkusing
TecnologíaEmpresariales
1 de 31
Data Protection ActData Protection Act
ObjectivesObjectives By the end of this topic you will be able to:By the end of this topic you will be able to:  Identify the provisions of the 1998 DataIdentify the provisions of the 1998 Data Protection ActProtection Act  Identify the responsibilities of data usersIdentify the responsibilities of data users  Identify the rights of data subjectsIdentify the rights of data subjects  Identify the full and partial exemptions to theIdentify the full and partial exemptions to the actact
ObjectivesObjectives By the end of this Lesson you will be ableBy the end of this Lesson you will be able to:to:  Identify the provisions of the 1998 DataIdentify the provisions of the 1998 Data Protection ActProtection Act ALL – Will know why and when it was introducedALL – Will know why and when it was introduced MOST – Will define 4 of the principles and explainMOST – Will define 4 of the principles and explain SOME – Will define 8 of the principles and explainSOME – Will define 8 of the principles and explain
The Data Protection ActThe Data Protection Act WHY was it introduced?WHY was it introduced? The Data Protection Act grew out of publicThe Data Protection Act grew out of public concern about personal privacy in the face ofconcern about personal privacy in the face of rapidly developing computer technology.rapidly developing computer technology. It works in two ways, giving individuals certainIt works in two ways, giving individuals certain rights whilst requiring those who record and userights whilst requiring those who record and use personal information on computer to be openpersonal information on computer to be open about that use.about that use.
The Data Protection ActThe Data Protection Act WHEN was it introduced?WHEN was it introduced? The Data Protection Act became law onThe Data Protection Act became law on 1212thth July 1984 and was updated in 1998July 1984 and was updated in 1998 It states that anyone processingIt states that anyone processing ‘personal‘personal data’data’ must comply with themust comply with the 88 enforceableenforceable principles of good practice.principles of good practice. Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address
The Data Protection PrinciplesThe Data Protection Principles Data must be:Data must be: 1.1. Fairy and lawfully processedFairy and lawfully processed 2.2. Processed for specified purposesProcessed for specified purposes 3.3. Adequate, relevant and not excessiveAdequate, relevant and not excessive 4.4. Accurate and, where necessary, up to dateAccurate and, where necessary, up to date Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. So this must be done fairly, which means telling the subject why the data is being collected and not obtaining it from third parties You must notify the Data Protection Commissioner of all intended uses of data and any processing must match one of those uses Adequate – meeting the requirements of a task. If someone asks for “Extra” information (for example “Are you married” when booking in to a hotel), just quote Principle 3 when declining If details about individuals change then the data kept must be updated so as to be accurate
Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) Why was the data protection actWhy was the data protection act introduced?introduced? AnswerAnswer Because the public were concerned aboutBecause the public were concerned about personal privacy in the face of rapidlypersonal privacy in the face of rapidly developing computer technologydeveloping computer technology
Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) When was the data protection actWhen was the data protection act introduced? And when was it updated?introduced? And when was it updated? AnswerAnswer Introduced - 12Introduced - 12thth July 1984July 1984 Updated - 1998Updated - 1998
Quick CheckQuick Check QuestionQuestion What is meant by personal data?What is meant by personal data? AnswerAnswer Information about living identifiableInformation about living identifiable individualsindividuals
Quick CheckQuick Check QuestionQuestion (objective - MOST)(objective - MOST) Tell me the first 4 principles of the DataTell me the first 4 principles of the Data Protection Act?Protection Act? AnswerAnswer  Data must be:Data must be: 1.1. FFairy and lawfully processedairy and lawfully processed 2.2. PProcessed for specified purposesrocessed for specified purposes 3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive 4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date
The Data Protection PrinciplesThe Data Protection Principles Data must be:Data must be: 5.5. Not kept longer than necessaryNot kept longer than necessary 6.6. Processed in accordance with the dataProcessed in accordance with the data subject’s rightssubject’s rights 7.7. SecureSecure 8.8. Not transferred to countries withoutNot transferred to countries without adequate protectionadequate protection With regard to retaining data, ask yourself why it needs to be kept beyond a certain date Data Subjects – the individuals to whom the personal data relate Dead persons are not regarded as data subjects Data subjects can notably ask for copies of data held about them . The data controller has a maximum of 40 days in which to respond. But the data subject is also entitled to compensation if (s)he can prove "substantial damage or substantial distress" as a result of improper use of data, or the failure to stop processing when that has been requested. Security is crucial – organisations must enforce ‘Appropriate’ technical and organisational measures against unauthorised or unlawful processing of personal data "Appropriate" means that it must be adequate for the nature of the data in question - but also that it must take account of technological advances (for example, forms of encryption). This has a specific meaning in that it relates to transfers to particular countries, but it also applies nicely to the Web. You can object to having your picture or phone number shown on the web. Without your consent it is illegal.
DefinitionsDefinitions Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address Data Subjects – The individuals to whom the personal data relate.
DefinitionsDefinitions Data Controller – Those who control the contents and use of a collection of personal data.  They can be any type of company or organisation  A data controller does not necessarily own a computer
Quick CheckQuick Check QuestionQuestion (objective - Most)(objective - Most) Tell me the last 4 principles of the DataTell me the last 4 principles of the Data Protection Act?Protection Act? AnswerAnswer  Data must be:Data must be: 5.5. NNot kept longer than necessaryot kept longer than necessary 6.6. PProcessed in accordance with the data subject’srocessed in accordance with the data subject’s rightsrights 7.7. SSecureecure 8.8. NNot transferred to countries without adequateot transferred to countries without adequate protectionprotection
Quick CheckQuick Check QuestionQuestion Define Data Subjects?Define Data Subjects? AnswerAnswer The individuals to whom the personal data relate
Quick CheckQuick Check QuestionQuestion Define Data Controller?Define Data Controller? AnswerAnswer Those who control the contents and use of a collection of personal data
Data ControllersData Controllers With few exceptions, all data users have toWith few exceptions, all data users have to register with the ICO.register with the ICO. They must give their name and address togetherThey must give their name and address together with broad descriptions of:with broad descriptions of:  The items of data heldThe items of data held  The purpose for which the data are heldThe purpose for which the data are held  Who will have access to the dataWho will have access to the data  The types of organisations to whom the informationThe types of organisations to whom the information may be disclosed i.e. shown or passed on tomay be disclosed i.e. shown or passed on to  Any overseas countries or territories to which the dataAny overseas countries or territories to which the data may be transferred.may be transferred. Information Commissioner’s Office – Maintains a register of data users, which are publicly available. They also have other duties, like, considering complaints about breaches and prosecuting offenders.
Information Commissioner’s OfficeInformation Commissioner’s Office The information Commissioner’s Office enforces and oversees theThe information Commissioner’s Office enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000.Data Protection Act 1998 and the Freedom of information Act 2000. The Commissioner Office reports annually to Parliament.The Commissioner Office reports annually to Parliament. They promote good information handling and provide guidelines.They promote good information handling and provide guidelines. They investigate complaints (act as Ombudsman) and provide helpThey investigate complaints (act as Ombudsman) and provide help Their mission is to:Their mission is to: ““uphold information rights in the public interest, promoting openness byuphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We rule on eligiblepublic bodies and data privacy for individuals. We rule on eligible complaints, give guidance to individuals and organisations, and takecomplaints, give guidance to individuals and organisations, and take appropriate action when the law is broken”appropriate action when the law is broken” http://www.ico.gov.uk/about_us.aspxhttp://www.ico.gov.uk/about_us.aspx
http://www.bbc.co.uk/news/10544520http://www.bbc.co.uk/news/10544520
The Rights of Data SubjectsThe Rights of Data Subjects Apart from the right to complain to the registrar,Apart from the right to complain to the registrar, data subjects also have a range of rights, thesedata subjects also have a range of rights, these are:are:  Right to compensation for unauthorised disclosure ofRight to compensation for unauthorised disclosure of datadata  Right to compensation for inaccurate dataRight to compensation for inaccurate data  Right to access to data and to reply for rectification orRight to access to data and to reply for rectification or erasure where data are inaccurateerasure where data are inaccurate  Right to compensation for unauthorised access, lossRight to compensation for unauthorised access, loss or destruction of dataor destruction of data
Exemptions from the ActExemptions from the Act The act does not apply to payroll, pensions andThe act does not apply to payroll, pensions and accounts data;accounts data; Registration may not be necessary when theRegistration may not be necessary when the data are for personal, family, household ordata are for personal, family, household or recreational use;recreational use; Subjects do not have a right to access data if theSubjects do not have a right to access data if the sole aim of collecting it is for statistical orsole aim of collecting it is for statistical or research purposes;research purposes;
Exemptions from the ActExemptions from the Act Data can be disclosed to the data subjectsData can be disclosed to the data subjects agent (e.g. lawyer or accountant);agent (e.g. lawyer or accountant); Additionally, there are exemptions forAdditionally, there are exemptions for special categories, including data held:special categories, including data held:  In connection with national securityIn connection with national security  For prevention of crimeFor prevention of crime  For the collection of tax or dutyFor the collection of tax or duty
TRUE or FALSETRUE or FALSE You only have to register with the DataYou only have to register with the Data Protection Registrar if you keep sensitiveProtection Registrar if you keep sensitive information on computer?information on computer? FALSEFALSE The act does not differentiate between sensitive and nonThe act does not differentiate between sensitive and non sensitive information. Even a simple name and addresssensitive information. Even a simple name and address might be sensitive in certain circumstancesmight be sensitive in certain circumstances
TRUE or FALSETRUE or FALSE Information can be stored on computer andInformation can be stored on computer and passed on without my permission?passed on without my permission? TRUETRUE Your consent is not required before information is storedYour consent is not required before information is stored or passed on about you. However, the act requires thator passed on about you. However, the act requires that the source of the data (usually you) is properly notifiedthe source of the data (usually you) is properly notified about what is happening to the information when it isabout what is happening to the information when it is given.given.
TRUE or FALSETRUE or FALSE You have to have a computer to be a dataYou have to have a computer to be a data user?user? FALSEFALSE The act defines a data user as the person inThe act defines a data user as the person in control of the contents and use of thecontrol of the contents and use of the information being processed, this could meaninformation being processed, this could mean manual records too.manual records too.
TRUE or FALSETRUE or FALSE ANYONE who holds and processesANYONE who holds and processes personal data must comply with the Act?personal data must comply with the Act? FALSEFALSE There are exceptions (e.g. payroll, pensions andThere are exceptions (e.g. payroll, pensions and accounts data)accounts data)
Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) Why was the data protection actWhy was the data protection act introduced?introduced? AnswerAnswer Because the public were concerned aboutBecause the public were concerned about personal privacy in the face of rapidlypersonal privacy in the face of rapidly developing computer technologydeveloping computer technology
Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) When was the data protection actWhen was the data protection act introduced? And when was it updated?introduced? And when was it updated? AnswerAnswer Introduced - 12Introduced - 12thth July 1984July 1984 Updated - 1998Updated - 1998
Quick CheckQuick Check QuestionQuestion (objective - SOME)(objective - SOME) Tell me the 8 principles of the Data Protection Act?Tell me the 8 principles of the Data Protection Act? AnswerAnswer  Data must be:Data must be: 1.1. FFairy and lawfully processedairy and lawfully processed 2.2. PProcessed for specified purposesrocessed for specified purposes 3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive 4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date 5.5. NNot kept longer than necessaryot kept longer than necessary 6.6. PProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rights 7.7. SSecureecure 8.8. NNot transferred to countries without adequate protectionot transferred to countries without adequate protection
Activity/HomeworkActivity/Homework Come up with a way of remembering the 8Come up with a way of remembering the 8 principles of the Data Protection act (notprinciples of the Data Protection act (not an acronym)an acronym) FF PP AA AA NN PP SS NN
FFourour PPeopleeople AAndnd AA NNoisyoisy PPotatoeotatoe SSatat NNearear FFairy and lawfully processedairy and lawfully processed PProcessed for specified purposesrocessed for specified purposes AAdequate, relevant and not excessivedequate, relevant and not excessive AAccurate and, where necessary, up to dateccurate and, where necessary, up to date NNot kept longer than necessaryot kept longer than necessary PProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rights SSecureecure NNot transferred to countries without adequate protectionot transferred to countries without adequate protection

Recomendados

The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
panagenda
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
Mohammed J. Khan
 
Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)
Harrison Leavey
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Prep your app for gdpr compliance
Prep your app for gdpr compliancePrep your app for gdpr compliance
Prep your app for gdpr compliance
Asanka Nissanka
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 

Recomendados

The principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - ukThe principles of the Data Protection Act in detail - uk
The principles of the Data Protection Act in detail - uk
- Mark - Fullbright
 
Webinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPRWebinar: An EU regulation affecting companies worldwide - GDPR
Webinar: An EU regulation affecting companies worldwide - GDPR
panagenda
 
ISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP AlignmentISACA Journal Data Protection Act (UK) and GAPP Alignment
ISACA Journal Data Protection Act (UK) and GAPP Alignment
Mohammed J. Khan
 
Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)Remember Data Protection Act (DPA)
Remember Data Protection Act (DPA)
Harrison Leavey
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Michael Adamberry
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
Prep your app for gdpr compliance
Prep your app for gdpr compliancePrep your app for gdpr compliance
Prep your app for gdpr compliance
Asanka Nissanka
 
EU GDPR (training)
EU GDPR (training) EU GDPR (training)
EU GDPR (training)
Elizabeth Baker, JD, CRCMP
 
European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
David Erdos
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
Aurora Computer Studies
 
Using Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentUsing Cloud in an Enterprise Environment
Using Cloud in an Enterprise Environment
Mike Crabb
 
Information Quality And Data Protection
Information Quality And Data ProtectionInformation Quality And Data Protection
Information Quality And Data Protection
Castlebridge Associates
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
Amiit Keshav Naik
 
DPIA template
DPIA templateDPIA template
DPIA template
Tommy Vandepitte
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?
NICSA
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
Erik R. Ranschaert, MD, PhD
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
Infodec Communications
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
CILIP Ireland
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
Praveenkumar Hosangadi
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Travis Greene
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
OpenAIRE
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
Alan Teh
 
An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014
Rachel Aldighieri
 
Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
Christine Honeygosky
 
Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
Christine Honeygosky
 
Leaflet of the Comenius Project - Croatia
Leaflet of the Comenius Project - CroatiaLeaflet of the Comenius Project - Croatia
Leaflet of the Comenius Project - Croatia
Letsmeetunderthespots
 
Leaflet of the Comenius Project - Romania
Leaflet of the Comenius Project - RomaniaLeaflet of the Comenius Project - Romania
Leaflet of the Comenius Project - Romania
Letsmeetunderthespots
 

Más contenido relacionado

La actualidad más candente

Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
joshquarrie
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
kevintsmith
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
Ulf Mattsson
 
An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014
Rachel Aldighieri
 

La actualidad más candente (18)

European Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search EnginesEuropean Data Protection, the Right to be Forgotten and Search Engines
European Data Protection, the Right to be Forgotten and Search Engines
 
Privacy in simple
Privacy in simplePrivacy in simple
Privacy in simple
 
Using Cloud in an Enterprise Environment
Using Cloud in an Enterprise EnvironmentUsing Cloud in an Enterprise Environment
Using Cloud in an Enterprise Environment
 
Information Quality And Data Protection
Information Quality And Data ProtectionInformation Quality And Data Protection
Information Quality And Data Protection
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
DPIA template
DPIA templateDPIA template
DPIA template
 
Are You GDPR Ready?
Are You GDPR Ready?Are You GDPR Ready?
Are You GDPR Ready?
 
Protection of patient data in EU vs. US
Protection of patient data in EU vs. USProtection of patient data in EU vs. US
Protection of patient data in EU vs. US
 
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
Big Data Security and Privacy - Presentation to AFCEA Cyber Symposium 2014
 
MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014MDCC: Privacy and trade practices - 29 October 2014
MDCC: Privacy and trade practices - 29 October 2014
 
GDPR Presentation
GDPR PresentationGDPR Presentation
GDPR Presentation
 
Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!Big data contains valuable information - Protect It!
Big data contains valuable information - Protect It!
 
Big data security the perfect storm
Big data security the perfect stormBig data security the perfect storm
Big data security the perfect storm
 
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral ResearchersAdjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
Adjusting to the GDPR: The Impact on Data Scientists and Behavioral Researchers
 
Legal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research dataLegal and ethical considerations for sharing research data
Legal and ethical considerations for sharing research data
 
Pdpa presentation
Pdpa presentationPdpa presentation
Pdpa presentation
 
An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014An introduction to data protection - 26 March 2014
An introduction to data protection - 26 March 2014
 

Destacado

Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
Christine Honeygosky
 
Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
Christine Honeygosky
 

Destacado (6)

Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
 
Are you the tourist?
Are you the tourist?Are you the tourist?
Are you the tourist?
 
Leaflet of the Comenius Project - Croatia
Leaflet of the Comenius Project - CroatiaLeaflet of the Comenius Project - Croatia
Leaflet of the Comenius Project - Croatia
 
Leaflet of the Comenius Project - Romania
Leaflet of the Comenius Project - RomaniaLeaflet of the Comenius Project - Romania
Leaflet of the Comenius Project - Romania
 
Leaflet of the Comenius Project - Turkey
Leaflet of the Comenius Project - TurkeyLeaflet of the Comenius Project - Turkey
Leaflet of the Comenius Project - Turkey
 
Leaflet of the Comenius Project - Greece
Leaflet of the Comenius Project - GreeceLeaflet of the Comenius Project - Greece
Leaflet of the Comenius Project - Greece
 

Similar a Dataprotectionactnew13 12-11-111213033116-phpapp02

Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
mrmwood
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
mrmwood
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
Sagar Rahurkar
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Financial Poise
 
CHASE 2014 data protection presentation Paul Ticher
CHASE 2014 data protection presentation Paul TicherCHASE 2014 data protection presentation Paul Ticher
CHASE 2014 data protection presentation Paul Ticher
amy_hatton
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
brentcarey
 

Similar a Dataprotectionactnew13 12-11-111213033116-phpapp02 (20)

Data protection act new 13 12-11
Data protection act new 13 12-11Data protection act new 13 12-11
Data protection act new 13 12-11
 
Data Protection Act
Data Protection ActData Protection Act
Data Protection Act
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulations
 
GDPR Benefits and a Technical Overview
GDPR Benefits and a Technical OverviewGDPR Benefits and a Technical Overview
GDPR Benefits and a Technical Overview
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
How GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect EveryoneHow GDPR will change Personal Data Control and Affect Everyone
How GDPR will change Personal Data Control and Affect Everyone
 
Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0Associates quick guide to gdpr v 1.0
Associates quick guide to gdpr v 1.0
 
Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000Compliance audit under the Information Technology Act, 2000
Compliance audit under the Information Technology Act, 2000
 
Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...Introduction to EU General Data Protection Regulation: Planning, Implementati...
Introduction to EU General Data Protection Regulation: Planning, Implementati...
 
CHASE 2014 data protection presentation Paul Ticher
CHASE 2014 data protection presentation Paul TicherCHASE 2014 data protection presentation Paul Ticher
CHASE 2014 data protection presentation Paul Ticher
 
Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat... Introduction to EU General Data Protection Regulation: Planning, Implementat...
Introduction to EU General Data Protection Regulation: Planning, Implementat...
 
Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)Protection of Personal Information Bill (POPI)
Protection of Personal Information Bill (POPI)
 
Information Privacy?! (GDPR)
Information Privacy?! (GDPR)Information Privacy?! (GDPR)
Information Privacy?! (GDPR)
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
Frankston
FrankstonFrankston
Frankston
 
Management Information System (Privacy Law)
Management Information System (Privacy Law)Management Information System (Privacy Law)
Management Information System (Privacy Law)
 
Privacy introduction
Privacy introduction Privacy introduction
Privacy introduction
 
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloudLasa European NFP Technology Conference 2010 - Data protection and the cloud
Lasa European NFP Technology Conference 2010 - Data protection and the cloud
 
2017 PlaceConf: Location & Privacy - What Marketers Must Know (Future of Priv...
2017 PlaceConf: Location & Privacy - What Marketers Must Know (Future of Priv...2017 PlaceConf: Location & Privacy - What Marketers Must Know (Future of Priv...
2017 PlaceConf: Location & Privacy - What Marketers Must Know (Future of Priv...
 

Último

Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
Overkill Security
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 

Último (20)

AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
Cyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdfCyberprint. Dark Pink Apt Group [EN].pdf
Cyberprint. Dark Pink Apt Group [EN].pdf
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUKSpring Boot vs Quarkus the ultimate battle - DevoxxUK
Spring Boot vs Quarkus the ultimate battle - DevoxxUK
 
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with MilvusExploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
 
Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...Apidays New York 2024 - The value of a flexible API Management solution for O...
Apidays New York 2024 - The value of a flexible API Management solution for O...
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Corporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptxCorporate and higher education May webinar.pptx
Corporate and higher education May webinar.pptx
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
CNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In PakistanCNIC Information System with Pakdata Cf In Pakistan
CNIC Information System with Pakdata Cf In Pakistan
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 

Dataprotectionactnew13 12-11-111213033116-phpapp02

  • 1. Data Protection ActData Protection Act
  • 2. ObjectivesObjectives By the end of this topic you will be able to:By the end of this topic you will be able to:  Identify the provisions of the 1998 DataIdentify the provisions of the 1998 Data Protection ActProtection Act  Identify the responsibilities of data usersIdentify the responsibilities of data users  Identify the rights of data subjectsIdentify the rights of data subjects  Identify the full and partial exemptions to theIdentify the full and partial exemptions to the actact
  • 3. ObjectivesObjectives By the end of this Lesson you will be ableBy the end of this Lesson you will be able to:to:  Identify the provisions of the 1998 DataIdentify the provisions of the 1998 Data Protection ActProtection Act ALL – Will know why and when it was introducedALL – Will know why and when it was introduced MOST – Will define 4 of the principles and explainMOST – Will define 4 of the principles and explain SOME – Will define 8 of the principles and explainSOME – Will define 8 of the principles and explain
  • 4. The Data Protection ActThe Data Protection Act WHY was it introduced?WHY was it introduced? The Data Protection Act grew out of publicThe Data Protection Act grew out of public concern about personal privacy in the face ofconcern about personal privacy in the face of rapidly developing computer technology.rapidly developing computer technology. It works in two ways, giving individuals certainIt works in two ways, giving individuals certain rights whilst requiring those who record and userights whilst requiring those who record and use personal information on computer to be openpersonal information on computer to be open about that use.about that use.
  • 5. The Data Protection ActThe Data Protection Act WHEN was it introduced?WHEN was it introduced? The Data Protection Act became law onThe Data Protection Act became law on 1212thth July 1984 and was updated in 1998July 1984 and was updated in 1998 It states that anyone processingIt states that anyone processing ‘personal‘personal data’data’ must comply with themust comply with the 88 enforceableenforceable principles of good practice.principles of good practice. Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address
  • 6. The Data Protection PrinciplesThe Data Protection Principles Data must be:Data must be: 1.1. Fairy and lawfully processedFairy and lawfully processed 2.2. Processed for specified purposesProcessed for specified purposes 3.3. Adequate, relevant and not excessiveAdequate, relevant and not excessive 4.4. Accurate and, where necessary, up to dateAccurate and, where necessary, up to date Processing personal data includes collecting, storing, accessing, changing and destroying any information about you. So this must be done fairly, which means telling the subject why the data is being collected and not obtaining it from third parties You must notify the Data Protection Commissioner of all intended uses of data and any processing must match one of those uses Adequate – meeting the requirements of a task. If someone asks for “Extra” information (for example “Are you married” when booking in to a hotel), just quote Principle 3 when declining If details about individuals change then the data kept must be updated so as to be accurate
  • 7. Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) Why was the data protection actWhy was the data protection act introduced?introduced? AnswerAnswer Because the public were concerned aboutBecause the public were concerned about personal privacy in the face of rapidlypersonal privacy in the face of rapidly developing computer technologydeveloping computer technology
  • 8. Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) When was the data protection actWhen was the data protection act introduced? And when was it updated?introduced? And when was it updated? AnswerAnswer Introduced - 12Introduced - 12thth July 1984July 1984 Updated - 1998Updated - 1998
  • 9. Quick CheckQuick Check QuestionQuestion What is meant by personal data?What is meant by personal data? AnswerAnswer Information about living identifiableInformation about living identifiable individualsindividuals
  • 10. Quick CheckQuick Check QuestionQuestion (objective - MOST)(objective - MOST) Tell me the first 4 principles of the DataTell me the first 4 principles of the Data Protection Act?Protection Act? AnswerAnswer  Data must be:Data must be: 1.1. FFairy and lawfully processedairy and lawfully processed 2.2. PProcessed for specified purposesrocessed for specified purposes 3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive 4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date
  • 11. The Data Protection PrinciplesThe Data Protection Principles Data must be:Data must be: 5.5. Not kept longer than necessaryNot kept longer than necessary 6.6. Processed in accordance with the dataProcessed in accordance with the data subject’s rightssubject’s rights 7.7. SecureSecure 8.8. Not transferred to countries withoutNot transferred to countries without adequate protectionadequate protection With regard to retaining data, ask yourself why it needs to be kept beyond a certain date Data Subjects – the individuals to whom the personal data relate Dead persons are not regarded as data subjects Data subjects can notably ask for copies of data held about them . The data controller has a maximum of 40 days in which to respond. But the data subject is also entitled to compensation if (s)he can prove "substantial damage or substantial distress" as a result of improper use of data, or the failure to stop processing when that has been requested. Security is crucial – organisations must enforce ‘Appropriate’ technical and organisational measures against unauthorised or unlawful processing of personal data "Appropriate" means that it must be adequate for the nature of the data in question - but also that it must take account of technological advances (for example, forms of encryption). This has a specific meaning in that it relates to transfers to particular countries, but it also applies nicely to the Web. You can object to having your picture or phone number shown on the web. Without your consent it is illegal.
  • 12. DefinitionsDefinitions Personal Data – Information about living, identifiable individuals. Personal data do not have to be particularly sensitive information, and can be as little as a name and address Data Subjects – The individuals to whom the personal data relate.
  • 13. DefinitionsDefinitions Data Controller – Those who control the contents and use of a collection of personal data.  They can be any type of company or organisation  A data controller does not necessarily own a computer
  • 14. Quick CheckQuick Check QuestionQuestion (objective - Most)(objective - Most) Tell me the last 4 principles of the DataTell me the last 4 principles of the Data Protection Act?Protection Act? AnswerAnswer  Data must be:Data must be: 5.5. NNot kept longer than necessaryot kept longer than necessary 6.6. PProcessed in accordance with the data subject’srocessed in accordance with the data subject’s rightsrights 7.7. SSecureecure 8.8. NNot transferred to countries without adequateot transferred to countries without adequate protectionprotection
  • 15. Quick CheckQuick Check QuestionQuestion Define Data Subjects?Define Data Subjects? AnswerAnswer The individuals to whom the personal data relate
  • 16. Quick CheckQuick Check QuestionQuestion Define Data Controller?Define Data Controller? AnswerAnswer Those who control the contents and use of a collection of personal data
  • 17. Data ControllersData Controllers With few exceptions, all data users have toWith few exceptions, all data users have to register with the ICO.register with the ICO. They must give their name and address togetherThey must give their name and address together with broad descriptions of:with broad descriptions of:  The items of data heldThe items of data held  The purpose for which the data are heldThe purpose for which the data are held  Who will have access to the dataWho will have access to the data  The types of organisations to whom the informationThe types of organisations to whom the information may be disclosed i.e. shown or passed on tomay be disclosed i.e. shown or passed on to  Any overseas countries or territories to which the dataAny overseas countries or territories to which the data may be transferred.may be transferred. Information Commissioner’s Office – Maintains a register of data users, which are publicly available. They also have other duties, like, considering complaints about breaches and prosecuting offenders.
  • 18. Information Commissioner’s OfficeInformation Commissioner’s Office The information Commissioner’s Office enforces and oversees theThe information Commissioner’s Office enforces and oversees the Data Protection Act 1998 and the Freedom of information Act 2000.Data Protection Act 1998 and the Freedom of information Act 2000. The Commissioner Office reports annually to Parliament.The Commissioner Office reports annually to Parliament. They promote good information handling and provide guidelines.They promote good information handling and provide guidelines. They investigate complaints (act as Ombudsman) and provide helpThey investigate complaints (act as Ombudsman) and provide help Their mission is to:Their mission is to: ““uphold information rights in the public interest, promoting openness byuphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. We rule on eligiblepublic bodies and data privacy for individuals. We rule on eligible complaints, give guidance to individuals and organisations, and takecomplaints, give guidance to individuals and organisations, and take appropriate action when the law is broken”appropriate action when the law is broken” http://www.ico.gov.uk/about_us.aspxhttp://www.ico.gov.uk/about_us.aspx
  • 20. The Rights of Data SubjectsThe Rights of Data Subjects Apart from the right to complain to the registrar,Apart from the right to complain to the registrar, data subjects also have a range of rights, thesedata subjects also have a range of rights, these are:are:  Right to compensation for unauthorised disclosure ofRight to compensation for unauthorised disclosure of datadata  Right to compensation for inaccurate dataRight to compensation for inaccurate data  Right to access to data and to reply for rectification orRight to access to data and to reply for rectification or erasure where data are inaccurateerasure where data are inaccurate  Right to compensation for unauthorised access, lossRight to compensation for unauthorised access, loss or destruction of dataor destruction of data
  • 21. Exemptions from the ActExemptions from the Act The act does not apply to payroll, pensions andThe act does not apply to payroll, pensions and accounts data;accounts data; Registration may not be necessary when theRegistration may not be necessary when the data are for personal, family, household ordata are for personal, family, household or recreational use;recreational use; Subjects do not have a right to access data if theSubjects do not have a right to access data if the sole aim of collecting it is for statistical orsole aim of collecting it is for statistical or research purposes;research purposes;
  • 22. Exemptions from the ActExemptions from the Act Data can be disclosed to the data subjectsData can be disclosed to the data subjects agent (e.g. lawyer or accountant);agent (e.g. lawyer or accountant); Additionally, there are exemptions forAdditionally, there are exemptions for special categories, including data held:special categories, including data held:  In connection with national securityIn connection with national security  For prevention of crimeFor prevention of crime  For the collection of tax or dutyFor the collection of tax or duty
  • 23. TRUE or FALSETRUE or FALSE You only have to register with the DataYou only have to register with the Data Protection Registrar if you keep sensitiveProtection Registrar if you keep sensitive information on computer?information on computer? FALSEFALSE The act does not differentiate between sensitive and nonThe act does not differentiate between sensitive and non sensitive information. Even a simple name and addresssensitive information. Even a simple name and address might be sensitive in certain circumstancesmight be sensitive in certain circumstances
  • 24. TRUE or FALSETRUE or FALSE Information can be stored on computer andInformation can be stored on computer and passed on without my permission?passed on without my permission? TRUETRUE Your consent is not required before information is storedYour consent is not required before information is stored or passed on about you. However, the act requires thator passed on about you. However, the act requires that the source of the data (usually you) is properly notifiedthe source of the data (usually you) is properly notified about what is happening to the information when it isabout what is happening to the information when it is given.given.
  • 25. TRUE or FALSETRUE or FALSE You have to have a computer to be a dataYou have to have a computer to be a data user?user? FALSEFALSE The act defines a data user as the person inThe act defines a data user as the person in control of the contents and use of thecontrol of the contents and use of the information being processed, this could meaninformation being processed, this could mean manual records too.manual records too.
  • 26. TRUE or FALSETRUE or FALSE ANYONE who holds and processesANYONE who holds and processes personal data must comply with the Act?personal data must comply with the Act? FALSEFALSE There are exceptions (e.g. payroll, pensions andThere are exceptions (e.g. payroll, pensions and accounts data)accounts data)
  • 27. Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) Why was the data protection actWhy was the data protection act introduced?introduced? AnswerAnswer Because the public were concerned aboutBecause the public were concerned about personal privacy in the face of rapidlypersonal privacy in the face of rapidly developing computer technologydeveloping computer technology
  • 28. Quick CheckQuick Check QuestionQuestion (objective - ALL)(objective - ALL) When was the data protection actWhen was the data protection act introduced? And when was it updated?introduced? And when was it updated? AnswerAnswer Introduced - 12Introduced - 12thth July 1984July 1984 Updated - 1998Updated - 1998
  • 29. Quick CheckQuick Check QuestionQuestion (objective - SOME)(objective - SOME) Tell me the 8 principles of the Data Protection Act?Tell me the 8 principles of the Data Protection Act? AnswerAnswer  Data must be:Data must be: 1.1. FFairy and lawfully processedairy and lawfully processed 2.2. PProcessed for specified purposesrocessed for specified purposes 3.3. AAdequate, relevant and not excessivedequate, relevant and not excessive 4.4. AAccurate and, where necessary, up to dateccurate and, where necessary, up to date 5.5. NNot kept longer than necessaryot kept longer than necessary 6.6. PProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rights 7.7. SSecureecure 8.8. NNot transferred to countries without adequate protectionot transferred to countries without adequate protection
  • 30. Activity/HomeworkActivity/Homework Come up with a way of remembering the 8Come up with a way of remembering the 8 principles of the Data Protection act (notprinciples of the Data Protection act (not an acronym)an acronym) FF PP AA AA NN PP SS NN
  • 31. FFourour PPeopleeople AAndnd AA NNoisyoisy PPotatoeotatoe SSatat NNearear FFairy and lawfully processedairy and lawfully processed PProcessed for specified purposesrocessed for specified purposes AAdequate, relevant and not excessivedequate, relevant and not excessive AAccurate and, where necessary, up to dateccurate and, where necessary, up to date NNot kept longer than necessaryot kept longer than necessary PProcessed in accordance with the data subject’s rightsrocessed in accordance with the data subject’s rights SSecureecure NNot transferred to countries without adequate protectionot transferred to countries without adequate protection