GDPR: The new legal framework governing data protection
Angela Oakley, GDPR / Data Protection Consultant
Enhanced definition of Personal Data & Consent
- The responsibilities of Data Controllers & Data Processors
- Data Breach notification
- The role, position & responsibilities of Data Protection Officers
- Increased individual rights
8 GDPR Principles
GDPR – Personal data
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual
GDPR – Sensitive Personal Data
Definition under the DPA: personal data consisting of information as to:
(a) the racial or ethnic origin of the data subject;
(b) his political opinions;
(c) his religious beliefs or other beliefs of a similar nature;
(d) whether he is a member of a trade union;
(e) his physical or mental health or condition;
(f) his sexual life;
(g) the commission or alleged commission by him of any offence; or
(h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings.
Definition under the GDPR: data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person’s sex life or sexual orientation
GDPR – Consent
NB: – Implied consent is consent which is not expressly granted by a person, but rather implicitly granted by a person’s actions and the facts and circumstances of a particular situation (or in some cases, by a person’s silence or inaction).
***No longer allowed!***
New Data Processor obligations under GDPR
GDPR data breach notification to ICO
To data subject
Tasks of the data protection officer
Data protection impact assessments under the GDPR (DPIA)
Increased individual rights