Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions
-
Upload
blancco -
Category
Data & Analytics
-
view
978 -
download
0
Transcript of Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions
![Page 1: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/1.jpg)
Right to be Forgotten &EU GDPR
Data Security Day London
![Page 2: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/2.jpg)
EU GDPR: IMPORTANT MOMENTS & DECISIONS
Europe's top court supports
'right to be forgotten' in
Google privacy case
2010 MAY ‘14 JUN ‘15 DEC ‘15
![Page 3: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/3.jpg)
EU GDPR: IMPORTANT MOMENTS & DECISIONS
2010
EU Court ruled on a number of areas related to data
protection. These include the territoriality
of EU rules, the applicability of EU data
protection rules to a search engine and the “right to be forgotten.”
MAY ‘14 JUN ‘15 DEC ‘15
![Page 4: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/4.jpg)
EU GDPR: IMPORTANT MOMENTS & DECISIONS
The European Commission, the
European Parliament and the European Council all met to
negotiate the requirements of the
proposed EU General Data Protection
Regulation
JUN ‘152010 MAY ‘14 DEC ‘15
![Page 5: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/5.jpg)
EU GDPR: IMPORTANT MOMENTS & DECISIONS
2010 MAY ‘14DEC ‘15
Final version of GDPR expected
JUN ‘15
![Page 6: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/6.jpg)
The Territoriality of EU Rules
The Applicability of EU Data Protection Rules to a Search Engine
The “Right to be Forgotten”
EU COURT RULES ON THREE KEY AREAS
![Page 7: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/7.jpg)
Even if the physical server of a company processing data is located
outside Europe, EU rules apply to search engine operators if they have a
branch or a subsidiary in a Member State, which promotes the selling of
advertising space offered by the search engine.
THE TERRITORIALITY OF EU RULES
![Page 8: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/8.jpg)
Search engines are controllers of personal data. Google can therefore not escape its responsibilities before
European law when handling personal data by saying it is a search engine.
EU data protection law applies and so does the right to be forgotten.
THE APPLICABILITY OF EU DATA PROTECTION RULES TO A SEARCH
ENGINE
![Page 9: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/9.jpg)
Individuals have the right - under certain conditions - to ask search engines to remove links with personal information about them. This applies where the information is inaccurate, inadequate, irrelevant or excessive for the purposes of the data processing. At the same
time, the Court explicitly clarified that the “right to be forgotten” is not absolute but will always need to be balanced against other
fundamental rights, such as the freedom of expression and of the media. A case-by-case assessment is needed considering the type of information in question, its sensitivity for the individual’s private
life and the interest of the public in having access to that information. The role the person requesting the deletion plays in
public life might also be relevant.
THE RIGHT TO BE FORGOTTEN
![Page 10: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/10.jpg)
EU GDPR:
KEY REQUIREMENTS
![Page 11: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/11.jpg)
The GDPR’s jurisdiction will reach outside the EU, with extraterritorial jurisdiction tied to the offering of
goods or services to, or the monitoring of, data subjects in the EU. Non-EU
controllers that satisfy this jurisdictional nexus will need to
appoint an EU representative “unless the processing is occasional and
unlikely to result in a risk for the rights and freedoms of individuals.”
![Page 12: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/12.jpg)
The draft mandates breach notification to Supervisory Authorities and affected individuals;
specifically, Supervisory Authorities and affected individuals must be notified of
breaches that are likely to result in a high risk for the rights and freedoms of individuals, with notice to Supervisory Authorities due in within 72 hours, and notices to affected individuals
due “without undue delay.”
![Page 13: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/13.jpg)
The information that must be provided to data subjects regarding the processing of their
personal data remains extensive, including specifying the legitimate interests pursued by the controller or the statutory or contractual
requirements that are being relied on to justify processing (if this is the case); data subjects
must also receive an explanation of the various rights they have in relation to the data (but none of the Parliament’s icons that signpost
data use has been included).
![Page 14: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/14.jpg)
The maximum administrative fines proposed on a tiered system are up to 2-5% of annual worldwide turnover, or €100m, depending on which amount is
higher.
![Page 15: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/15.jpg)
EU GDPR:
IMPORTANT TERMS & DEFINITIONS
![Page 16: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/16.jpg)
An incident in which sensitive, protected or confidential data has
potentially been viewed, stolen or used by an individual unauthorized to do
so. Data breaches may involve personal health information (PHI), personally identifiable information (PII), trade secrets or intellectual
property*
DATA BREACH
* Tech Target
![Page 17: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/17.jpg)
Operations performed on a given set of data to extract the required
information in an appropriate form*
DATA PROCESSING
* Business Dictionary
![Page 18: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/18.jpg)
An all-encompassing term for any collection of data sets so large and complex that it
becomes difficult to process using on-hand data management tools or traditional data
processing applications
BIG DATA
* Wikipedia
![Page 19: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/19.jpg)
A tool that you can use to identify and reduce the privacy risks of your projects
A PIA can reduce the risks of harm to individuals through the misuse of their personal
information. It can also help you to design more efficient and effective processes for handling
personal data.
DATA PROTECTION IMPACT ASSESSMENT
* ICO
![Page 20: Data Security Day: Important "Right to be Forgotten" & EU GDPR Terms & Definitions](https://reader031.fdocuments.us/reader031/viewer/2022021321/589abe141a28abcf058b4a57/html5/thumbnails/20.jpg)