1 Data Protection RegulationGeneral Data Protection Regulation Alan Martin Information Compliance Officer My job GDPR scope and Great Repeal Bill Talk Talk enforcement G D P R 25 May 2018

2 Where is all the personal data? Information Audit“Yeah, I keep a clean desk. Now all the mess in in the computer!” Information audit – Allows us to prioritise Set-up records custodians/contacts

3 Collecting and managing personal data 1 Purpose, fairness and consentFairness - Privacy notice - How we use your data. For individuals and staff sets expectations and legal basis.. Purpose –Core of validating collection, sharing and retention. 

4 Collecting and managing personal data 2 SecurityI changed all my passwords to “incorrect”, so whenever I forget, it will tell me, “Your password is incorrect.” How is it collecting, holding, sharing, destroying. What is good practice? Should we develop guidance?

5 Collecting and managing personal data 3 Retention and destructionPhoto by Vitor Sá Does anyone destroy anything? Case management system for s?

6 General Data Protection Regulation requirementsAccountability Privacy Impact Assessments Information audit Free Subject Access Requests Report breaches within 72 hours New Data Protection Officer Accountability e.g. consent PIA – Getting it right for all new projects Records custodians for audit

7 What next? Appoint Data Protection Officer Information audit On-line training ICO information risk review - June 2017

8 Alan Martin Information Compliance Officer