GDPR what next? PRACTICAL IMPLICATIONS FOR NATIONAL LEGISLATORS, DPAs AND DATA CONTROLLERS. GDPR and the NORDIC ACTIONS

Similar documents
APPENDIX D WORKPLACE SKILLS & CAREER DEVELOPMENT COMPETENCIES LINKAGE TO THE ILLINOIS LEARNING STANDARDS

ü Nordic Council of Ministers The Freedom of Movement Council

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

ARTICLE 29 DATA PROTECTION WORKING PARTY

DATA PROTECTION OFFICER (DPO) Maria Maxim Partner Bucharest October 25, 2017

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)

GDPR: AN OVERVIEW.

POLICY FOR THE REMUNERATIONS OF THE EMPLOYEES WORKING FOR INVESTMENT INTERMEDIARY TRADING 212 LTD

Agenda. What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance

PUBLIC COUNCILOF THEEUROPEANUNION. Brusels,11March /14. InterinstitutionalFile: 2012/0011(COD) LIMITE

GDPR: A PRAGMATIC APPROACH

GDPR Factsheet - Key Provisions and steps for Compliance

ENERGY SAFETY CANADA COR AUDIT PROTOCOL PROPOSED CHANGES (2019)

The 2014/2015 European Peer Reviews facilitating for statistical cooperation in the Nordic countries

ARTICLE 29 DATA PROTECTION WORKING PARTY

ARTICLE 29 Data Protection Working Party

Radioactive Waste Management System in Georgia (Ways for Development)

AmCham EU s Recommendations on GDPR Implementation

COMPREHENSIVE LEGAL, TAX, ACCOUNTING AND AUDIT SERVICES

Procedia - Social and Behavioral Sciences 109 ( 2014 ) Laine Fogh Knudsen a *, Signe Balina b

GDPR POLICY. This policy complies with the requirements set out in the GDPR, which will come into effect on

Global Recycled Standard Summary of Changes from 3.0 to 4.0

GDPR factsheet Key provisions and steps for compliance

Basic information on the reform, autumn 2016

Third Evaluation Round

MEMORANDUM OF UNDERSTANDING

TRANSLATION OF THE OFFICIAL PUBLICATION OF SINT MAARTEN (AB 2010, GT no. 6)

Fresh Food Access Plan

Desk Review Questionnaire

Paul Jordan Thursday 12 October,

GOVERNMENT EMERGENCY MANAGEMENT REGULATION

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

To ensure safety at sea. To prevent human injury or loss of life. To avoid damage to the environment and to the ship.

Work with the B2B Compliance Manager and NS&I GPS clients to align risk appetites in respect of matters pertaining to data protection compliance

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

GDPR & SMART PIA. Wageningen University Feb 2017

Scope of Decree. Designation of water bodies

More information at cventconnect.com/europe/mobileapp

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs

Guidance on the General Data Protection Regulation: (1) Getting started

SURVEY OF ANTI-CORRUPTION MEASURES IN THE PUBLIC SECTOR IN OECD COUNTRIES: KOREA

FOURTH EVALUATION ROUND. Corruption prevention in respect of members of parliament, judges and prosecutors SECOND COMPLIANCE REPORT

Briefing No. 2 GDPR. 1 mccann fitzgerald

Preparing for the GDPR

Government Rules of Procedure (262/2003; amendments up to 1143/2008 included) Section 1 - Scope of application of the Government Rules of Procedure

ANNEX XX ENVIRONMENT

We reserve the right to update this privacy notice at any time. Please check our website from time to time for any changes we may make.

4-1 CITY CENTRE WEST COMMUNITY IMPROVEMENT PLAN

SIGMA Support for Improvement in Governance and Management A joint initiative of the OECD and the European Union, principally financed by the EU

MODERNISING THE CIVIL SERVICE Francisco Cardona OECD, Sigma Programme

General Personal Data Protection Policy

CHARTER OF THE AUDIT, FINANCE AND RISK COMMITTEE OF THE BOARD OF DIRECTORS OF ACE AVIATION HOLDINGS INC.

The Helsinki Treaty. Treaty of Co-operation between Denmark, Finland, Iceland, Norway and Sweden

Accountability under the GDPR: What does it mean for Boards & Senior Management?

CODE OF CORPORATE GOVERNANCE 2010

THEMATIC COMPILATION OF RELEVANT INFORMATION SUBMITTED BY ARMENIA ARTICLE 10 UNCAC PUBLIC REPORTING

JOB DESCRIPTION. Hours: Monday Thursday, 8.30am 4.45pm; Friday 8.30am 4.30pm Term Time plus four weeks

JOB TITLE: Head of Risk and Governance and Data Protection Officer. REPORTS TO: Director of Corporate Affairs and Governance

The Charities Property Association. The impact of the GDPR (including its affect on your direct marketing and fundraising activities)

GDPR Readiness: Role of the DPO

The General Data Protection Regulation in health & social care. 6 October 2016 Leeds

AEGON N.V. AUDIT COMMITTEE CHARTER

Moldova s Priority Reform Action Roadmap Key measures until 31 July 2016

I am the complainant in the Investigatory Power Tribunal (IPT CH) against Cleveland Police. The public hearing commences on December

CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]

Third Evaluation Round. Second Compliance Report on Iceland

LAW ON TRADE UNIONS

Genera Data Protection Regulation and the Public Sector

Ward Councillor Role and Responsibilities

New Data Protection & Privacy Regulations in the EU. March 7, 2018

Expert meeting on Building an open and innovative government for better policies and service delivery. Paris, 8-9 June 2010

Appointing your Data Protection Officer (DPO) March 2018

Annual Report to the European Commission. Finland. Summary

GENERAL DATA PROTECTION REGULATION REPORT

Colleges and public authority status under data protection legislation

Audit Committee Charter

Regional Development Australia

Personal Information Protection and Privacy

PROBATION IN UKRAINE. Ministry of Justice of Ukraine Probation Department Director, OLEG YANCHUK

June PUBLIC OVERSIGHT OF THE AUDIT PROFESSION: Enhancing Credibility and Supporting Cooperation

AMF Position Compliance function requirements

Republic of Bulgaria NATIONAL ANTI-CORRUPTION STRATEGY

Vocational Education and Training (VET) Systems: Role of the Social Partners

Data Protection Law: An Update

TERMS OF REFERENCE FOR THE BOARD OF DIRECTORS AND THE MANAGEMENT OF SA SA INTERNATIONAL HOLDINGS LIMITED

Ministry of Public Safety and Solicitor General. Assistant Deputy Minister Corrections Victoria, BC

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features:

Parliamentary and Health Ombudsman. Data protection audit report

Chapter 1. Assessment and recommendations

Pay and Salary Setting HR-03-30

ADELAIDE BRIGHTON LIMITED ACN

GENERAL DATA PROTECTION REGULATION

2019 COR AUDIT PROTOCOL 2015 COR AUDIT PROTOCOL (2016 GUIDELINES)

Contract Management in the Antimonopoly Office

CNPD Training: Data Protection Basics

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

European Data Protection Supervisor (Controleur europeen de la protection des donnees)

BACKGROUND NOTE ON ACTION PLANS

SCHOOLS DATA PROTECTION POLICY. Guidance Notes for Schools

General Data Protection Regulation

Transcription:

SPRING CONFERENCE 2016 BUDAPEST GDPR what next? PRACTICAL IMPLICATIONS FOR NATIONAL LEGISLATORS, DPAs AND DATA CONTROLLERS GDPR and the NORDIC ACTIONS Mr Reijo Aarnio Data Protection Ombudsman OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 1

Nordic countries https://fi.wikipedia.org/wiki/pohjoismaat#/media/file:location_nordic_council.svg The Nordic countries are a geographical and cultural region in Northern Europe and the North Atlantic, where they are most commonly known as Norden (lit., "The North"). They consist of Denmark, Finland, Iceland, Norway and Sweden, including their associated territories (Greenland, the Faroe Islands, and the Åland Islands). FINLAND SWEDEN DENMARK ICELAND NORWAY OFFICE OF THE DATA PROTECTION OMBUDSMAN 2

GDPR: PRACTICAL IMPLICATIONS FOR DPAs NOTHING BUT: 1) NEW LEGAL FRAMEWORK 2) NEW TASKS 3) NEW COMPETENCIES 4) NEW NETWORK DPOs 5) NEW CUSTOMERS (+ 500 MILLION) 6) NEW WORKING METHODS 7) NEW IT-PLATFORM 8) NEW DECISSION MAKING SYSTEM 9) NEW ORGANISATIONS (?!) 10) NEW JOB-DESCRIPTIONS 11) NEW AUTHORITY? AND ALL THIS WHILE STILL TAKING CARE OF CURRENT DAILY WORK OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 3

FUTURE STRUCTURE OF - One man s office? THE DPO? - Independent Deputy Modell? (State auditing authority) - Multimember organization? - BOARD? OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 4

FINNISH DATA PROTECTION PLAYERS DATA PROTECTION BOARD FINNISH COMMUNICATIONS REGULATORY AUTHORITY (Ficora) NATIONAL SUPERVISORY AUTHORITY FOR WELFARE AND HEALTH (Valvira) OFFICE OF THE DATA PROTECTION OMBUDSMAN THE CONSUMER OMBUDSMAN NATIONAL ARCHIVE OCCUPATIONAL HEALTH AND SAFETY AUTHORITY WHO? OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland

OR JUST. OFFICE OF THE DATA PROTECTION OMBUDSMAN Or other individual authority OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 6

NORDIC CO-OPERATION: CORNERSTONES 1) COMMON JUDICIAL TRADITION 2) TRANSPARENCY AND BENCHMARKING 3) Mr GÖRAN GRÄSLUND: 4) LEARNING BY DOING; INSPECTIONS 5) COMMITTED CHIEFS 80 % OF CROSSBORDER CASES ARE LOCAL OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 7

NORDIC MEETINGS; TOPICS: FINLAND 2011: 1) EFFICIENCY 2) PLANNING SYSTEM 3) BUDGETING 4) INFORMATION MANAGEMENT 5) STRATEGICAL CO-OPERATION 6) VISI0NS, BUSINESS IDEA, STRATEGIES AND VALUES OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 8

NORDIC MEETINGS; TOPICS: NORWAY 2012: 1) STRENGHTEN CO-OPERATION 2) CROSS BORDER CASES 3) CROSS BORDER & JOINT INSPECTIONS 4) INTERNATIONAL CO-OPERATION ------------------------------------------------------------------- EXTRA MEETING ALSO IN SWEDEN 2012 - case examples OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 9

NORDIC MEETINGS; TOPICS: SWEDEN 2014: 1) LESSONS LEARNED FROM INSPECTIONS 2) EFFECTIVENESS 3) KNOWLEDGE MANAGEMENT - internal databases - staff - external 4) DPA S INFLUENCE IN GOVERNMENTAL PROPOSALS OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 10

HOW TO MAKE A GOOD STATEMENT ON GOVERNMENTAL PROPOSAL E) Go carefully through all different processing phases and estimate their legality D) Evaluate if the proposal has influence on other basic rights - DUTY OF CARE - DEFINED PURPOSE OF PROCESSING - EXCLUSIVITY OF PURPOSE - NECESSITY REQUIREMENT - ACCURACY REQUIREMENT And also: - PROPORTIONALITY - FINALITY - QUALITY - sensitive data - liability - disclosure E D C B A C) Evaluate that the proposal meets: a) Article 10 in the Constitution b) resolutions of Constitutional Committee and the Administration Committee c) essential issues shall not be regulated by a Degree. B) Evaluate the need for a special law and estimate if the relation of Personal Data Act and the proposal in question is clear. It has to be evident, whether the proposal in question replaces the corresponding regulation of the Personal Data Act (which is general provision) or not. A) Evaluate in the beginning if the proposal has influence on data processing, does it change, supplement, overrule or clarifiy the principles of Personal Data Act. Analyse and specify which phases of the processing the proposal concerns. OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 11

OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 1. Strategic human resource planning, personnel strategy COULD BE IMPROVED REGARDING THE PRACTICES No strategy at all, only calculation/estimation of the number of persons by units for budgeting. The personnel is not informed about personnel strategy, it s not planned how to spread the information enough. (Unofficial translation) GOOD PRACTISE The management group deals with both the personnel strategy and the personnel plan in connection of making annual planning and budgeting. The leaders of every unit are informed about personnel strategy. PROGRESSIVE, FORWARD- LOOKING PRACTICE Personnel strategy is also strategy for competence. It s one of the 3 most important issues and dealed with throughout the whole year both by the management group and administration. The management group has created and decided with the help of experts an exact view about strategic competence and the information has been given to all managers/directors and staff. Self-evaluation tool is created by Finnish Institute of Occupational Health. In finnish it s found on the Internet. 12

13

14

6.5.2015 15

6.5.2015 16

SWOT The Reform and its influence on ICT-functions

STRENGHTS WEAKNESSES Homogenious internal market Overall efficiency Easier international operations Data protection becomes more important One-stop-shop from any DPA Disruption of national law Foreign administrative culture Conflicts between DPR and national law One-stop-shop from any DPA OPPORTUNITIES THREATS Prestige and power Virtualresources, outsourcing, sharingof experts Distribution of super-cases Additional resources Diminished independence Competition between DPAs Lack of competence Lack of resources Lack of good leadership

19

OFFICE OF THE DATA PROTECTION OMBUDSMAN REFORM AND DIRECTIVE * Check points: - Situation - Need for updating - Achievements - risk assessments - book keeping, estimated costs - internal information / staff - how has the reform taken into consideration nationally and in EUlevel The projectis called TSAU START 18.11 2015 Risk assessment **** Approval of the project plan -Introduction - Appointments - Distribution of tasks ** CURRENT PROCESSES: 1. Public counsel, ombudsman 2. Inspector 3. Consult 4. Educator 5. Political adviser 6. Negotiant 7. Executor 8. International emissary *** NEW PROCESSES: 1. Consistency mechanism 2. Administrative sanctions 3. Prior checking auditing 4. Data transfers to third countries 5. Data Breach Notifications 6. Inspections 7. Electronic platform for handling and conducting issues 8. National legislation Version 27.11.2015 Internal information A. Knowledge management B. Organization C. Raising Awareness * March2016 Check point 1 D. New Processes E. Other projects F. International Co-operation G. IT-platform A.1.a Internal A.2.a External B.1.a Resources C.1.a Project plan D.1.a Legal Framework A.1.b - Staff plan 2016-2019 - Training plan 2016-2019 -Help desk A.2.b Choosing co-operation partners B.1.b Check point C.1.b Check point Nordic meeting, Island * May2016 Check point 2 (International) E.1.a Ministryof Justice task force F.1.a. EDPB F.2.a. Substantial issues F.3.a. Administrative issues G.2.a. National Convertions D.1.a.a Updating current processes** G.1.a. International complaints D.1.a.b Work Flows (8 new processes***) E.1.b Sub task forces A.2.c -Website -SOME -Education B.1.c Organization plan * September 2016 Check point 3 F.1.b Check point D.1.b.1 Testing E.1.c Check point F.2.b. WP 29 roadmap F.3.b. WP 29 roadmap G.1.b. Joint operations G.2.b. - Raising awereness -Knowhow management - Quality control A.1.c Quality of Internal data base A.2.d DPO s (DP Officers) B.1.d -Job descriptions -Salaries * December 2016 Check point 4 D.1.b.2 Implementation F.2.c Check point F.3.c Check point A.1.d Execution & reporting A.2.e Check point B.1.e -Appointments G.1.c. Consistency Mechanism G.2.c Check point D.1.b.3 Check point A.1.e Check point B.1.f Check point * June2017 Check point 5 G.1.d Check point 20 FOLLOW UP END 2018 H. Overall CHECK POINT I. SAUNA EVENING J. IMPLE- MENTA- TION

21

11.5.2016 22

12.5.2016 23

12.5.2016 24

12.5.2016 25

DATA PROTECTION REFORM AND ITS EFFECTS ON NATIONAL LEGISLATION -a working group by the finnish Ministry of Justice TASKS: - to evaluate the need for national legal actions presumed in the Reform, especially if there is a need for a common national data protection legislation such as the Data Protection Act at the moment, and to prepare a proposition for such a possible regulation -to evaluate, if there is a need to amend the national legislation concerning the national data protection authority and to prepare a proposition for such an authority and its organization, duties and competencies -to evaluate the possibilities of the latitude that the Reform allows to national legislation of a member country and to present the principles for to use it in an appropriate and functional way -to co-ordinate and assist the work which will and has to be done for to evaluate national special legislation OFFICE OF THE DATA PROTECTION OMBUDSMAN / Finland 26

THANK YOU FOR LISTENING Mr Reijo Aarnio Data Protection Ombudsman OFFICE OF THE DATA PROTECTION OMBUDSMAN / FINLAND 27

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback