Laurens Vehmeijer Daniela Dandes
|
|
- Erin Armstrong
- 5 years ago
- Views:
Transcription
1 GDPR and Student Recruitment Laurens Vehmeijer Daniela Dandes
2 Laurens Vehmeijer Who are we anyway? Analytics Consultant & Interim Data Protection Officer Background in Life Sciences Since 2015 data analytics & consulting in Higher Education (HE) Since late 2017 involved with GDPR Daniela Dandes Lead Intelligence writer Background in digital marketing and branding Since 2012 active in digital marketing Since early 2018 involved with GDPR
3 About Studyportals Our company Our role in student recruitment Agenda GDPR basics Background and introduction Core principles Definitions and roles Rights and obligations Our Goal? An introduction to Getting compliant Advised first steps Record of processing activities and risk assessment Consequences of non-compliance GDPR and what we think it means for In closing Advised first steps Key Takeaways student recruitment
4 About Studyportals
5
6 Studyportals at a Glance Introduction 8 Portals 28+ million unique 370,000 international 3, ,000 courses 195+ employees / users student enrolments (2017) participating in 120 countries 35 nationalities (2017) institutions Office Locations: Boston Bucharest Eindhoven (HQ) Manchester Melbourne Monterrey
7 Our place in funnel
8 GDPR basics
9 Goes into effect the 25 th of May 2018 Privacy protection regulations adopted in April 2016, replacing the GDPR General 1995 European privacy law Up until now has been a grace period Organisations should be compliant before that date Data Exact regulations appear strict but open to interpretation Lots of emphasis on compliance-minded culture and privacy by design Protection Applies to organisations that process EU personal data Located in the EU Activities in the EU Regulation Data Subjects located in the EU only organisations that do nothing in the EU and have no Data Subjects in the EU are exempt i.e. nobody
10 GDPR General Intention is to strengthen and harmonise EU data protection Data Universal (new) rights for natural persons Expanded and unified territorial application Expanded data governance obligations Protection The goal of GDPR is to curb bad actors Bullying SMEs or Higher Education Institutions (HEIs) is not the goal But, strictly speaking, serious violations could ruin any organisation Making a serious effort for compliance is taken into consideration! Regulation
11 Core principles Core Commandments of GDPR (Article 5) Personal data shall be: Used lawfully, fairly and transparently to Data Subject Exclusively for specific, explicit and legitimate purposes Adequate, relevant and minimised Kept accurate and up-to-date (where necessary) Retained no longer than necessary Protected with appropriate security measures
12 In layman s terms Nutshell Basically: People own data about themselves. Organisations don t own personal data They just borrow it for specific purposes, agreed upon with Subject Onus on them to inform, get consent, protect it and let Subjects exert control
13 Data Subject(s) Natural person to whom personal data relates Roles Students Employees Other contacts (prospective, current, alumni) (applicants, current, past) (agents, partners, vendors, etc.) Data Controller Determine(s) the purposes and the manners in which personal data is processed. The primary party responsible for compliance. Data Processors Process(es) data on behalf of the Data Controller. Processing is anything done to or with personal data, whether automated or not. Collect, use, record Retrieve, consult, disclose Anonymise, pseudonymise, delete
14 Personal data Personal data Any data that can be directly or indirectly related to a natural person (Data Subject) Identifiable personal data can connect personal data to a Data Subject Phone number Online pseudonym Account number Name Place & date of birth Gender Nationality Device ID IP address Address Citizen ID Browsing Cookie Passport number Behavioral data behavior Interests Career details
15 Sensitive Personal Data Effectively, the type of data that could be used to persecute someone Stricter rules apply to data that has been ruled sensitive Best to just avoid collecting/storing/using this data if it s not necessary Sexual life or orientation Health data Special personal data Religious or philosophical beliefs Political opinions Racial or ethnic origin Trade union membership Genetic data Criminal convictions or offences Anonymous Personal Data Data from which a Data Subject cannot be (reasonably) identified (i.e. no identifiers) GDPR does not apply Be careful enough personal data, even without identifiers, can identify a Data Subject Pseudonymous Personal Data Data from which a Data Subject is harder to identify without a key Can be anything from an Student number to secure encryption GDPR does apply but requirements are lower Pseudonymisation is encouraged by GDPR and is important part of privacy by design
16 Data Subject rights Data Subjects have the following rights Right to access personal data Right to edit personal data Right to move personal data between organisations Right to be forgotten upon request Right to restrict or to object (direct marketing) Right to transparency and refusal of automated decision making
17 Consent Consent is effectively a contract with Data Subject on the use of their personal data Unambiguous - clear affirmative action (opt-in) Freely given - must have genuine free choice Specific - for specific processing activities Informed - understood what processing they are agreeing to Withdrawable - at any point as easily withdrawn as given Explicit - for sensitive data, profiling or cross-border transfers
18 Which are you? Controller or Processor? (in which context) Data Controller Determines purpose and means of the collection and processing of data Examples: customers/clients and employers Joint Data Control is also possible Instructs Processor through Data Processing Agreement Bears the main responsibility and liability for compliance Including that of the Processor, unless covered in the Data Processing Agreement Data Processor Acts on behalf of the Controller Examples: cloud storage, IT providers, agents, payroll companies Instructed by Controller through Data Processing Agreement Less responsibility and liability under GDPR if they adhere to agreement HEIs in the context of student recruitment?
19 Appropriate measures for GDPR compliance Data Controller obligations Data Controllers Demonstrate compliance with documentation Allow Data Subjects to exercise rights within 30 days have the following Compliancy of Data Processors Written Data Processing Agreements Make Record of Processing Activities obligations Data Protection Impact Assessment if processing is high risk Cooperation with supervisory authorities Prior consultation of DPIA shows risk Breach notification in 72h Take appropriate data security measures Data Protection Officer if necessary
20 What is a Data Protection Officer? A DPO ensures awareness and compliance with GDPR Data Protection Officer Advises management & often a GDPR team leader A DPO is required for certain organisations Public authorities Larger than SME Core activities involve large-scale, regular and systematic monitoring Core activities involve sensitive personal data Organisations can also voluntarily appoint a DPO Same requirements for mandatory and voluntary DPOs If no DPO, document reasoning behind it Even if not mandatory, an informal DPO is advisable
21 DPO requirements DPO requirements DPO requirements: Expert knowledge of data protection law and practice No duties with conflicting interest Does not have to be an employee can also be outsourced or shared if easily accessible to all parties Formal DPOs must be registered to the Data Protection Authorities Everybody wants a DPO now, get an interim one
22 Getting compliant
23 The initial steps we advise First steps 1. Appoint & train a team I. Data Protection Officer II. Data ambassadors III. Management member IV. Legal advice 2. Data audit I. Record of Processing Activities II. Gap analysis & risk assessment III. Prioritise action items 3. Fix priorities I. Privacy statement(s) & consent II. Vendor contracts III. Protocols IV. Data Protection Impact Assessment if high risk V. Consolidate processing activities However, every HEI s situation is unique
24 Record of Processing Activities Data Controllers must make and maintain a record of all processing activities What data are you using? Of whom? For what purpose? Is that purpose legitimate? Who has access, internally and externally? Where is it transferred? Who is responsible, internally and externally? How is it protected? How long is it retained? Etc RPA The first and crucial step to become GDPR compliant Mandatory for compliancy Serves as a data map and basis for gap analysis Steps to be taken often follow logically Common conclusions include Update existing documentation: contracts, privacy statement, policies etc.. Consolidate data processing activities Draft internal policies on protection, retention, minimisation, data breach, Data Subject rights Culture change privacy by design and more oversight
25 Activity Website analytics Student recruitment through agencies Department(s) IT Student Recruitment GDPR ambassador (internal) Amy Bob Data Subject category Website visitors Prospective students Any Data Subjects under 16? Likely some No Personal data category IP address, device info, browsing behaviour Name, contact info, resume, academic record, agent notes Source of personal data Browser Voluntarily submitted by Data Subject to agency and to us by proxy Sensitive personal data None Ethnicity, because affirmative action may apply Purpose of processing Marketing information, website optimization, ROI Evaluation of applicants Legal basis for processing Consent (checkbox on popup overlay) Consent (hardcopy form signed by Data Subject) Data Processors Google Analytics, Hotjar, Microsoft cloud services Agencies, Microsoft cloud services, CRM system Any Processors outside of EU? No, all systems are hosted in EU data centres Agents are all over the world Data Processor agreement? Yes Partially (not all agents yet) Data storage Internal database, cloud storage Internal database, hardcopy file system, agent systems Data retention Indefinite Indefinite Can anything be minimized? Yes, data can be aggregated after one month. No Security measures Limited access, encryption of local systems Limited access, encryption of local systems Process data breach? Yes No Process Data Subject requests? Yes Partially. GDPR compliancy? Highly likely. No. Further notes Mostly standard digital marketing stuff. Likely low risk area Last edit 12-Mar Mar-18 High risk - limited oversight over agents globally. Further steps required. Example RPA
26 High Impact Data breach process Agent processing agreements Data hosted outside EU Data Subject right requests Lead form consent Privacy policy Risk/Impact matrix Backup and retention DPO appointment Review past consent Medium policies Impact Hardcopy document IP address collection on Huge vendor processing disposal website agreements (e.g. Google) Low Impact Low risk Medium risk High risk
27 NON-compliance & there s a problem? Non-compliance Even with virtually complete compliance, a mistake is easily made Hack, insecure backup, stolen laptop, virus, student list sent to wrong address If your Data Processor leaks personal data, you re to blame Good Data Processing Agreements can limit/prevent liability HEIs at risk Vulnerable Data Subjects (potentially minors) Often publicly funded Reliant on reputation, goodwill & trust Legal consequences Fines up to 20M EUR or 4% total yearly revenue Personal liability of top leadership Class-action suits by Data Subjects Reputation Public likely to freak out Risk of being tainted goods Public investigation may harm reputation (even if you re in the right)
28 In closing
29 The initial steps we advise First steps 1. Appoint & train a team I. Data Protection Officer II. Data ambassadors III. Management member IV. Legal advice 2. Data audit I. Record of Processing Activities II. Gap analysis & risk assessment III. Prioritise action items 3. Fix priorities I. Privacy statement(s) & consent II. Vendor contracts III. Protocols IV. Data Protection Impact Assessment if high risk V. Consolidate processing activities However, every HEI s situation is unique
30 Further tips Final notes Data transfer outside of EU may be problematic Demonstrate compliancy efforts Document everything! Get quick wins Compliancy culture Evaluate yourself using online tools Microsoft free self-assessment tool: Dutch free self-assessment tool: Get legal advice or hire expertise
31 Key Takeaways Takeaways Nobody knows what the practical reality will be Complete compliancy may not even be possible Everyone is uncertain Many think it won t be so draconian Insight into your use of personal data is a pretty good idea anyway Highlight weaknesses & cover liability Optimize data and third party service use May actually lead to innovation! Do take it seriously please!
32 Questions?
33 Unanswered questions?
GDPR: What Every MSP Needs to Know
Robert J. Scott GDPR: What Every MSP Needs to Know Speaker Robert J. Scott Agenda Purpose GDPR Intent & Obligations Applicability Subject-matter and objectives Material scope Territorial scope New Rights
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationGENERAL DATA PROTECTION REGULATION Guidance Notes
GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationDATA PROTECTION POLICY 2018
DATA PROTECTION POLICY 2018 Amesbury Baptist Church is committed to protecting all information that we handle about people we support and work with, and to respecting people s rights around how their information
More informationPreparing for the GDPR
Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection
More informationWe reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.
What is the purpose of this document? NORTHERN IRELAND SCREEN COMMISSION (Company Number NI031997) whose registered office is at 3 rd Floor Alfred House, 21 Alfred Street, Belfast, BT2 8ED is committed
More informationData Protection Policy
Data Protection Policy General Data Protection Regulations (GDPR) Document control Version control / history Note: This policy requires to be reviewed at least annually from the publication of the last
More informationCHANNING SCHOOL DATA PROTECTION POLICY
CHANNING SCHOOL DATA PROTECTION POLICY The School may amend/change/update this Policy from time to time. 1. Background Data protection is an important legal compliance issue for Channing School. During
More informationThe Growth Company Group Privacy Notice
The Growth Company Group Privacy Notice Version May 2018 INTRODUCTION Welcome to The Growth Company s privacy notice. We recognise the importance of the privacy and the security of your personal information
More informationb. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.
Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679
More informationCHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]
CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Legal02#67236978v1[RXD02] CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Notes: We recommend that any business looking to comply with the
More informationThe template uses the terms students / pupils to refer to the children or young people at the institution.
This document is for advice and guidance purposes only. It is anticipated that schools / colleges will use this advice alongside their own data protection policy. This document is not intended to provide
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationINTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT
WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationGDPR: An Evolution, Not a Revolution
GDPR: An Evolution, Not a Revolution Disclaimer This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should
More informationSt Michael s CE Primary School Data Protection Policy
St Michael s CE Primary School Data Protection Policy We will prepare the children at St. Michael's school for life, by giving them the opportunity to fulfil their potential within a happy caring Christian
More informationIf you have queries about this privacy notice or wish to exercise any of the rights mentioned in it please contact
Privacy Notice Grace Personnel Ltd takes its Data Protection responsibilities seriously and we are committed to using the data we hold in accordance with the law. The following explains how and why we
More informationBaptist Union of Scotland DATA PROTECTION POLICY
Baptist Union of Scotland DATA PROTECTION POLICY Adopted: May 2018 1 1.The Baptist Union of Scotland 48, Speirs Wharf, Glasgow G4 9TH (Charity Registration SC004960) is committed to protecting all information
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationTraining Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak
PROFESSIONAL INDEPENDENT ADVISERS LTD DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Training Manual Data Protection Officer is Mike Bandurak GDPR introduction
More informationEARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY
EARLS HALL BAPTIST CHURCH DATA PROTECTION POLICY Adopted: 5 June 2018 1 Earls Hall Baptist Church is committed to protecting all information that we handle about people we support and work with, and to
More informationSAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY. Adopted: [ ]
SAFFRON WALDEN COMMUNITY CHURCH DATA PROTECTION POLICY Adopted: [17-04-2018] 1 SAFFRON WALDEN COMMUNITY CHURCH is committed to protecting all information that we handle about people we support and work
More informationRECRUITMENT PRIVACY NOTICE
SCOPE OF PRIVACY NOTICE RECRUITMENT PRIVACY NOTICE 1. Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This notice
More informationLEICESTER HIGH SCHOOL DATA PROTECTION POLICY
LEICESTER HIGH SCHOOL DATA PROTECTION POLICY 1. Background Data protection is an important legal compliance issue for Leicester High School. During the course of the School's activities it collects, stores
More informationGDPR for whom it may concern
GDPR for whom it may concern Margarita Dubovik 12-Oct-17 GENERAL REGULATION - BACKGROUND GDPR will replace national data protection laws of all 28 EU member states in May GDPR also has international reach
More informationSection a What this Policy is for Policy Statement. 2. Why this policy is important... 3
Norwich Central Baptist Church DATA PROTECTION POLICY Adopted: May.2018 Norwich Central Baptist Church (NCBC) is committed to protecting all information that we handle about people we support and work
More informationScottish Charity Number SC Dingwall Baptist Church DATA PROTECTION POLICY
Dingwall Baptist Church DATA PROTECTION POLICY Adopted: By Trustees Dingwall Baptist Church May 2018 1 Dingwall Baptist Church is committed to protecting all information that we handle about people we
More informationThe ICT Service:
GDPR for schools 1 Intro and aims The ICT Service: support@theictservice.org.uk, 0300 300 00 00 Cambridgeshire County Council: Information and Records Team. Data.protection@cambridgeshire.gov.uk 01223
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationGet ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie
Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationVMS Software Ltd- Data Protection Privacy Policy
VMS Software Ltd- Data Protection Privacy Policy Introduction The purpose of this document is to provide a concise policy statement regarding the Data Protection obligations of VMS Software Ltd. This includes
More informationDepending on the circumstances, we may collect, store, and use the following categories of personal information about you:
Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes
More informationBrasenose College Data Protection Policy Statement v1.2
Brasenose College Data Protection Policy Statement v1.2 1. Introduction All documents referred to in this policy can be found online at the address below: https://www.bnc.ox.ac.uk/privacypolicies 1.1 Background
More informationGeneral Data Protection Regulation. Jim Sneddon GDPR-P, CISSP
General Data Protection Regulation Jim Sneddon GDPR-P, CISSP "The GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018. It s your job, it s your
More informationAgenda. What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance
Agenda What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance What is the GDPR? The General Data Protection Regulation(GDPR) is a European-wide regulation
More informationData Protection Policy
Data Protection Policy This policy will be reviewed by the Trust Board three yearly or amended if there are any changes in legislation before that time. Date of last review: Autumn 2018 Date of next review:
More informationNEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY. Adopted: 20 June 2018 To be reviewed: June 2021
NEW LIFE BAPTIST CHURCH NORTHALLERTON DATA PROTECTION POLICY Adopted: 20 June 2018 To be reviewed: June 2021 NEW LIFE BAPTIST CHURCH, NORTHALLERTON (referred to in this policy as NLBC) is committed to
More informationIntroduction to the General Data Protection Regulation (GDPR)
Introduction to the General Data Protection Regulation (GDPR) #CIPR / @CIPR_UK This guide is worth 5 CPD points Introduction to the General Data Protection Regulation (GDPR) / 2 Contents 1 Introduction
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationUniversity for the Creative Arts Application Declaration. Data Protection Privacy Notice
University for the Creative Arts Application Declaration Data Protection Privacy Notice The University for the Creative Arts takes its obligations with regard to data protection seriously. As such, we
More informationA Practical Guide to Data Protection for Information Professionals
A Practical Guide to Data Protection for Information Professionals Naomi Korn and Carol Tullo on behalf of NKCC NKCC 2018. All Rights Reserved. www.naomikorn.com The information contained within this document
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More informationData Protection for Landlords. David Smith Anthony Gold Solicitors
Data Protection for Landlords David Smith Anthony Gold Solicitors Why Protect Data at All? Personal data is key important in everyday life Internet allows information about people to be spread quickly
More informationThe current version (July 2018) is derived from, and supersedes, the version published in February 2017 and earlier versions.
Page 2 of 10 Data Protection Policy Chief Information Officer Chief Information Officer Data Protection Officer The current version (July 2018) is derived from, and supersedes, the version published in
More informationGeneral Data Protection Regulation
October 2017 Whitepaper General Data Protection Regulation What does it mean for you and your organization? Page 1 General Data Protection Regulation (GDPR) From May 2018, the General Data Protection Regulation,
More informationGDPR P4 Privacy Policy Statement & Guidance for Employees and External Providers
Once we have received notification that you have withdrawn your consent, we will no longer process your information for the purpose or purposes you originally agreed to, unless we have another legitimate
More informationData Protection Policy
Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...
More informationThe Privacy Battlefield What does the GDPR Require?
The Privacy Battlefield What does the GDPR Require? 17:00 CET 9:00am PT 12:00pm ET Mike Small CEng, FBCS, CITP Senior Analyst Kuppinger Cole Mike.Small@kuppingercole.com Agenda Mike Small KuppingerCole
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY APRIL 2018 Attendance Policy and Procedures (Pupils) (P3/Policies) Updated January 2018 Page 1 of 11 Title Summary Purpose Operational Date April 2018 Next Review Date April 2019
More informationData Protection. Document Detail Type of Document (Stat Policy/Policy/Procedure) Category of Document (Trust HR-Fin-FM-Gen/Academy) General
Data Protection Document Detail Type of Document (Stat Policy/Policy/Procedure) Policy Category of Document (Trust HR-Fin-FM-Gen/Academy) General Index reference number Approved 26/04/18 Approved by Trust
More informationTechnical factsheet: General Data Protection Regulation (GDPR) April 2018
Technical factsheet: General Data Protection Regulation (GDPR) April 2018 1 1 CONTENTS 1. What is GDPR? 2. How is GDPR different to the old Data Protection Act? 3. Why does it apply to members? 4. What
More informationMore information at cventconnect.com/europe/mobileapp
Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General
More informationGeneral Data Protection Regulation - Explained
General Data Protection Regulation - Explained Bernard Cogan & Bobby Gould CUNA Mutual Group ACE Conference & AGM 2017 12 th May 13 3h May 2017 Copthorne Hotel (Birmingham) Are you familiar with GDPR Don't
More information//DATA INNOVATION FOR DEVELOPMENT GUIDE DATA INNOVATION RISK ASSESSMENT TOOL
CHECKLIST Rationale for the checklist: Large-scale social or behavioural data may not always contain directly identifiable personal data and/or may be derived from public sources. Nevertheless, its use
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationGDPR AN OVERVIEW OF THE REGULATIONS AND THEIR LIKELY IMPACT ON APPRENTICESHIPS
GDPR AN OVERVIEW OF THE REGULATIONS AND THEIR LIKELY IMPACT ON APPRENTICESHIPS March 2018 Rebecca Rhodes, Senior Associate, UVAC r.rhodes@bolton.ac.uk Agenda Aim and purpose Scope & implications for non-compliance
More informationRAW MARKETING DATA PROTECTION POLICY
RAW MARKETING DATA PROTECTION POLICY Introduction We take your privacy very seriously and have updated our Privacy Statement in line with the upcoming GDPR regulation. Were absolutely committed to reflecting
More informationGDPR: Are You Ready? Mapping the Road to GDPR Compliance. March 2018
GDPR: Are You Ready? Mapping the Road to GDPR Compliance March 2018 Agenda GDPR Overview Should you appoint a DPO? Accountability checklist/documentation required When is consent appropriate and how do
More informationRECRUITMENT PRIVACY NOTICE
RECRUITMENT PRIVACY NOTICE 1. SCOPE OF PRIVACY NOTICE 1.1 Like most businesses, we hold and process a wide range of information, some of which relates to individuals who are applying to work for us. This
More informationNissa Consultancy Ltd Data Protection Policy
Nissa Consultancy Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments (DPIA)
More informationGDPR & SMART PIA. Wageningen University Feb 2017
GDPR & SMART PIA Wageningen University Feb 2017 Tips for Action: Anticipate on the new EU General Data Protection Regulation (GDPR) to determine the privacy standards GDPR has been adopted by EU Parliament
More informationStolle Europe Introduction Important information and who we are Controller and contact information Complaints
Stolle Europe Introduction Stolle Europe Limited respects your privacy and is committed to protecting your personal data. This privacy notice will inform you as to how we look after your personal data
More informationEU General Data Protection Regulation (GDPR)
EU General Data Protection Regulation (GDPR) May 23, 2018 Dixie B. Baker, Ph.D. Agenda GDPR Basics Key Changes from Data Protection Directive Special Categories Consent Conditions and Elements HIPAA and
More informationRBA Online Privacy Notice for
RBA Online Privacy Notice for www.responsiblebusiness.org Last updated [ ] The Responsible Business Alliance ( RBA, we, us, our ), is committed to protecting your privacy. At all times we aim to respect
More informationTHE GENERAL DATA PROTECTION REGULATION (GDPR) A GUIDE FOR CONGREGATIONS
THE GENERAL DATA PROTECTION REGULATION (GDPR) A GUIDE FOR CONGREGATIONS INTRODUCTION The present rules governing how organisations should handle, or process, personal data are set out in the Data Protection
More informationA guide to GDPR the effect on all UK organisations
A guide to GDPR the effect on all UK organisations Personal Data Penalties Consent Data Breach Notification GDPR Right to Object Data Portability Right to be Forgotten A white paper from Eazipay Ltd October
More informationPensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes
Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes 1 INTRODUCTION The General Data Protection Regulation (GDPR) comes into force in all EU Member States on 25.
More informationGuide to GDPR for Charities
Guide to GDPR for Charities 30 40 50 20 60 0 70 90 80 The new General Data Protection Regulation (GDPR) replaces the longstanding Data tightens up the rules on privacy and consent. This report looks at
More informationData Protection Policy
Reference: Date Approved: April 2015 Approving Body: Board of Trustees Implementation Date: August 2015 Supersedes: 2.0 Stakeholder groups Governance Committee, Board of Trustees consulted: Target Audience:
More informationcloser look at Definitions The General Data Protection Regulation
A closer look at Definitions The General Data Protection Regulation September 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationUK SCHOOL TRIPS PRIVACY POLICY
UK SCHOOL TRIPS PRIVACY POLICY Introduction Welcome to the UK School Trips privacy notice. UK School Trips respects your privacy and is committed to protecting your personal data. This privacy notice will
More informationA PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018
A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 1 PURPOSE OF THIS DOCUMENT 2 This document is to be used as a guide for advertisers on how they should work with their agencies,
More informationRecruitment Privacy Notice
Recruitment Privacy Notice Core Notice... 1 Our commitment to your privacy... 1 How we use your information?... 1 Personal data what we hold and why we process it... 1 Legal grounds for processing personal
More informationGDPR journey: from ready to compliant GDPR survey results
GDPR journey: from ready to compliant GDPR survey results Readiness at a glance The General Data Protection Regulation (or GDPR ) took full effect on 25 May 2018. As a key data protection regulation,
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationData Privacy, Protection and Compliance From the U.S. to Europe and Beyond
Data Privacy, Protection and Compliance From the U.S. to Europe and Beyond InsideNGO's 2017 Annual Conference Washington, DC July 20, 2017 Shannon Yavorsky Partner, Venable LLP David Goodman Global Non-
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) ServiceNow Governance, Risk, and Compliance Table of Contents What is the GDPR?...3 Key Requirements for the GDPR...4 Accountability, Policies,
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationAlexander James Recruitment Limited - DATA PROTECTION POLICY
Alexander James Recruitment Limited - DATA PROTECTION POLICY 1 ABOUT THIS POLICY (1) Why do we have a policy? (a) As an Organisation we store and use information, including personal information ( data
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationPrivacy Policy & Data Protection
Introduction Hewett Recruitment are committed to protecting the privacy or our clients, candidates and individuals who access our services and website. This policy applies where we are acting as data controller
More informationGDPR: Is it just another strict regulation or a great opportunity for operational excellence?
GDPR: Is it just another strict regulation or a great opportunity for operational excellence? Xenofon Liapakis General manager CIO & Services of Interamerican group Chairman of Hellenic CIO forum November
More informationPrivacy Statement About this privacy policy Who are we and how to contact us
Privacy Statement We take your privacy seriously and will only use your personal information to administer your account and to provide the products and services you have requested from us. We will never
More informationGPDR: Privacy Statement Last updated April How your personal information is used by Allander Print Limited.
How your personal information is used by Allander Print Limited. Your information will be held by Allander Print Limited. More information on the Group can be found at www.allander.com. How we use your
More informationPreparing for the GDPR Orla O Hannaidh - Womble Bond Dickinson
womblebonddickinson.com Preparing for the GDPR Orla O Hannaidh - Womble Bond Dickinson Agenda What is the GDPR? How Could it Apply to US companies? What are a Few Key Requirements? Share common challenges
More informationThe ecommerce Guide to GDPR. How to Ensure Compliance and a Competitive Edge
The ecommerce Guide to GDPR How to Ensure Compliance and a Competitive Edge 03 Table of Contents Executive Summary 03 What is the GDPR? 04 What Does the GDPR Mean to ecommerce? 06 Challenges to Overcome
More informationGDPR is coming soon. Are you ready. Steven Ringelberg.
GDPR is coming soon. Are you ready. Steven Ringelberg steven@ringelberglaw.com 616 227 6403 Agenda Who am I Overview What data do you have that is covered and where is it? What rights do individual data
More informationLIFE STYLE CARE PLC. Privacy Statement for Employees. August 2018
LIFE STYLE CARE PLC Privacy Statement for Employees August 2018 Key points Why we use your personal data: We typically use your personal information for purposes related to your employment relationship
More informationWhitepaper. What are the changes regarding data protection. in the future. General Data Protection Regulation? eprivacy GmbH, Hamburg, April 2017
Whitepaper What are the changes regarding data protection in the future General Data Protection Regulation? eprivacy GmbH, Hamburg, April 2017 Authors: Prof. Dr. Christoph Bauer, Dr Frank Eickmeier, Dr
More informationResponsible Business Alliance. Data Privacy and GDPR Compliance Policy
Responsible Business Alliance Data Privacy and GDPR Compliance Policy 1. INTRODUCTION 1.1 As a global non-profit membership organisation, the Responsible Business Alliance ( RBA ) has a responsibility
More informationSCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools
SCHOOLS DATA PROTECTION POLICY Guidance Notes for Schools Please read this policy carefully and ensure that all spaces highlighted in the document are completed prior to publication. Please ensure that
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationGDPR Webinar 1: Overview of Preparing for the GDPR. T-Minus 441 Days (March 9, 2017) Presenter: Peter Blenkinsop.
Webinar 1: Overview of Preparing for the T-Minus 441 Days (March 9, 2017) Presenter: Peter Blenkinsop peter.blenkinsop@dbr.com Agenda Introduction (5 mins) Level setting: Brief overview of main provisions
More informationGDPR. Applying the General Data Protection Regulation to your business
GDPR Applying the General Data Protection Regulation to your business Mediaburst SMS Guide Contents 1 Introduction 3 12 steps to take now 7 Who does it apply to? 8 What information does it apply to? 9
More information