GDPR News Center News for 04-29-2018

UK data protection laws to be overhauled

Citizens will be able to ask for personal data, or information posted when they were children, to be deleted. The proposals are part of an overhaul of UK data protection laws drafted under Digital Minister, Matt Hancock. Firms that flout the law will face bigger fines, levied by the UK’s data protection watchdog. The bill will transfer the European Union’s General Data Protection Regulation into UK law. “The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world,” said Mr Hancock in a statement. “It will give people more control over their data, require more consent for its use, and prepare Britain for Brexit,” he added. Make it simpler for people to withdraw consent for their personal data to be used. Require firms to obtain “Explicit” consent when they process sensitive personal data expand personal data to include IP addresses, DNA and small text files known as cookies. Make re-identifying people from anonymised or pseudonymised data a criminal offence. Should you wish for any firm that holds your personal data – from your name to your DNA – you will be able to ask them to delete it. There are arguments that those holding the data can put forward to refuse such requests, such as freedom of expression and matters that are of scientific or historical importance. In the UK firms that suffer a serious data breach could be fined up to £17m or 4% of global turnover. The current maximum fine firms can suffer for breaking data protection laws is £500,000. Elizabeth Denham, the information commissioner, said: “We are pleased the government recognises the importance of data protection, its central role in increasing trust and confidence in the digital economy and the benefits the enhanced protections will bring to the public.” As for members of the public, many find it “Almost impossible” to understand the complex ways in which firms handle their data, according to computer security researcher Steven Murdoch at University College London.

Keywords: [“data”,”protection”,”firm”]
Source: http://www.bbc.co.uk/news/technology-40826062

How Will Privacy Notices Change Under the GDPR? – NDC News

At the moment, when your organisation collects people’s personal data your privacy notice needs to tell them who you are and how you plan to use their data. You need to communicate your legal basis for processing data, your data retention periods and you must inform people that they have a right to complain to the Information Commissioner’s Office if they are unhappy with the way you are handling their data. You can’t be fair if you are not being honest and open about who you are and what you are going to do with the personal data you collect. How do you share your privacy notice with the data subject when you didn’t obtain personal data from them directly? Under the GDPR you are required to provide these people with privacy information just as you would if you had collected the data directly. What information is being collected? Why is it being collected? How will it be used? Who will it be shared with? What effect will your data processing and sharing activities have on the data subject? Is the intended use likely to raise complaints? Jane Jones Industries Ltd will be the controller of the personal data you provide. We only collect personal data that is necessary to provide you with our service. We need your basic personal data so that we can provide you with our charity updates. We never collect any data that we don’t need to provide this service. No third parties have access to your personal data unless the law states otherwise. We have a data protection system in place to manage the effective and secure processing of your personal data. We only keep your personal data for as long as you wish to receive charity updates from us. You have a right to see the personal data we hold about you and to have it corrected or deleted. You can meet the GDPR’s requirement to make this information accessible to your data subjects by ‘layering’. That way, the data subject hasn’t been overwhelmed by the information in your privacy notice but has been given the opportunity to delve into more detail.

Keywords: [“data”,”privacy”,”personal”]
Source: https://ndcmanagementcouk.wordpress.com/2017/12/01/how-will…

Gearing Up For The GDPR: Efficient Data Management

GEARING UP FOR THE GDPR: EFFICIENT DATA MANAGEMENT. The General Data Protection Regulation has come at a time when data protection is at the forefront of businesses minds. With attacks becoming far more prevalent and widespread, the need for an update to the outdated regulations from 1998 has never been more important. Several huge organisations, both in the UK and across the world have fallen prey to disastrous breaches which have both irreparably damaged the company’s reputation and encroached upon the invaluable personal information of individuals. Personal data has undoubtedly become an extremely valuable commodity so it comes as no surprise that these new rules have been drawn up to assist in governing its ownership and management. The GDPR is viewed by most businesses as tremendously onerous, with the level of fines attached to breaches seen as excessive and having the ability to potentially bankrupt business. The responsibility for this is seen by most as lying predominantly with IT professionals, despite the fact security is an issue that affects every department in the company. All of this, combined with the inevitable bureaucracy and inconvenience involved ensures that when it comes to data, businesses must now put the rights of their customers above all else. How do businesses prepare for the GDPR? What data management strategies are the most effective when ensuring compliance? How do you educate your staff in the best security measures? Which data can you safely shed to exclude liability? These and many more questions will be answered at our latest IT Leaders Forum, free to attend for qualified IT professionals. >> REGISTER YOUR FREE PLACE TODAY. This Computing IT Leaders’ Forum is a complimentary half-day conference for senior IT professionals from end-user, private sector organisations. We are not able to accept registrations from employees of software vendors as well as sales, marketing, recruitment or consultancy professionals.

Keywords: [“DATA”,”professionals”,”businesses”]
Source: http://events.computing.co.uk/gdpr-5-dec

Leave a Reply

Your email address will not be published. Required fields are marked *