Post on 03-Sep-2020
GDPR an Introduction
Are You ready?
GDPR monetary penalties
GDPR an Introduction
Are You ready?
Paul Hamill - Assurance Team Manager Sarah Carr - Assurance Lead Auditor
Transparency Control Accountability
Q1 – Under GDPR , what type of information is now included in the definition of personal data?
a)IP address
b)Banking history
c)Spent convictions
Q2 – Which of the following is a “special category” of personal data in the GDPR?
a)credit scores
b)genetic and biometric data
c)educational records
Q3 – At what age can a child give their own consent to the processing of their personal data under GDPR?
a)13
b)16
c)18
It is not back to the starting line
GDPR
Individual’s Rights
Q4 –Do you provide privacy notices to your customers?
a)Yes
b)No
Communicating Privacy Information
Q5 – How many of your organisations use an “opt in” for consent?
a) Yesb) No
Clear and Affirmative Action
Right to withdraw
Easy to Distinguish
“Freely given, specific, informed and an unambiguous indication of the individual’s wishes”
Q6 – Under GDPR what is the timescale for responding to a Subject Access Request
a)1 month
b)40 days
c)3 months
Subject Access requests!
Accountability and Governance
“The controller shall be responsible for, and be able to demonstrate, compliance with the principles.”
GDPR Article 5 (2)
Q7 – How many of you think you will need to appoint a Data Protection Officer?
a)Yes
b)No
When must you appoint a DPO?
Public Authority
Systematic monitoring
Large scale processing
Q8 – Have you ever had to report a Breach to the ICO?
a)Yes
b)No
Q9– How quickly did you do so after becoming aware of the breach ?
a)Within 72 Hours
b)Within a week
c)Within a month
d)Longer
Breach Notification
72 Hours
Q10– What is the maximum possible fine that can be imposed under GDPR?
a)500K euros
b)1m euros
c)5m euros and 2% of Global turnover
d)20m euros or 4% of global turnover
GDPR monetary penalties
ico.org.uk/dpreformTwitter: @iconews
Transparency Control Accountability