4959004
Description
Mind Map by sharon lynch, updated more than 1 year ago
|
Created by sharon lynch
over 8 years ago
|
|
Data Protection
- Who
- Data Controller
- Obligations
- OF
- 1. Obtain and process information fairly - collecting using
disclosing retaining disposing of Personal data , fairness
meaning transparent
- Example - student visa 85% attendence, fair
to provide attendance records to grada
national immigration bureau compliance
- Example - student visa 85% attendence, fair
to provide attendance records to grada
national immigration bureau compliance
- 1. Obtain and process information fairly - collecting using
disclosing retaining disposing of Personal data , fairness
meaning transparent
- KELP
- 2. Keep information only for one or
more specified explicit and lawful
purposes - data subject aware ,
reason should be legitimate
- 2. Keep information only for one or
more specified explicit and lawful
purposes - data subject aware ,
reason should be legitimate
- CUP
- 3. Compatable Use Purpose - Use and
Disclose in ways compatable with its
purpose
- 3. Compatable Use Purpose - Use and
Disclose in ways compatable with its
purpose
- TOSS
- 4. Technical Organisation
Safe and Secure
- 4. Technical Organisation
Safe and Secure
- ARE
- 6. Keep it adequate ,
Relevant and Not
Excessive
- Supermarket doesnt
need to know your
blood type
- Supermarket doesnt
need to know your
blood type
- 6. Keep it adequate ,
Relevant and Not
Excessive
- CAD
- 5, Complete Accurate
Up to Date
- You are
entitled to
check it
- You are
entitled to
check it
- 5, Complete Accurate
Up to Date
- RUN
- 7. Retain Un Necessary - for No
longer than Necessary
- 7. Retain Un Necessary - for No
longer than Necessary
- CAR
- 8. Copy at request
- 8. Copy at request
- 8 Data Protection Principles
- OF
- Controls the Content and Use
- Obligations
- Data Subject
- Rights - H.E.A.D
- H Have it Erased, Estabish
Existence , Access to data,
To object to Disclosure to
third party
- Existence - Writing and Response 21 Days
- Access - Data subject Access Request ( DAR)
Writing and Response 42 Days. Controller may
require ID and can charge Fee up to 6,35 request
should be logged . Controller should send copy
and permanent form
- Cannot Respond in Full
- Confidential References, Legally privileged documents,
Disproportionate burden, Information related to third party
- Failure to reply within given time could result in ODPC complaint process an audit or a criminal PRosecution
- Failure to reply within given time could result in ODPC complaint process an audit or a criminal PRosecution
- Confidential References, Legally privileged documents,
Disproportionate burden, Information related to third party
- Cannot Respond in Full
- Existence - Writing and Response 21 Days
- H Have it Erased, Estabish
Existence , Access to data,
To object to Disclosure to
third party
- Disclosure requirements
to Data Subject
- Identity of Data Controller
- Reason data is being kept - Keep your
own information Up to date etc
- Any other reasonable information
data subject may require
- Identity of Data Controller
- human subject /individual
- Rights - H.E.A.D
- Data Processor
- Data Controller
- Types
- Manual
- Electronic
- Email
- automated
- Email
- Personal Data - Facilitates
the identification of the
subject
- Risk - Use data for
Improper Use
- Sensitive Personal Data
- Etnic
- Religion
- Trade Union
Submission
- Mental Health
- Political Opinion
- Info related to the commission or
alleged commision of an offence
- Etnic
- Express Consent of Data Subject Must be
Obtained before Personal Data can be
gathered or Processed
- Risk - Use data for
Improper Use
- Manual
- ACT to Protect- 1988 2003 - TO protest your personal
information from unwarrented Dissemination
- ODPC
- Sanctions
- Forfeiture
- Court has right to
ask for data to be
destroyed
- Court has right to
ask for data to be
destroyed
- Civil
- Based on Negligence - Torte Law
data controller or processor owes
a duty of care to the data subjeect
about whom data is being kept
- Show there was a
breach
- That they suffered damages
- That the breach caused the damage
- Example : Pharmacy ,
Married woman, stress in
marriage - pregnancy test
- Show there was a
breach
- Damages and Injunctions
- Based on Negligence - Torte Law
data controller or processor owes
a duty of care to the data subjeect
about whom data is being kept
- Criminal
- An Offence - A fine of
up to 3000 per offence
on Summary
- Up to 100000 on indictment
- Electronic communcations company security
obligations - Fine not exceeding 5000 on summary
or 50000 for a natural person to 250000 if the
offender is a body corporate
- An Offence - A fine of
up to 3000 per offence
on Summary
- Forfeiture
- Office of
Data
Protecion
Commissioner
- Powers
- CIA
- C- Conduct Investigations
- I - Issue Enforcement
- Compliance
- Enforcement Notices
- Compliance
- A - Authorized to Enter Premises
- Can conduct an audit this Policy
- Eg : If you have a policy in place the auditors can chek your policy
- Eg : If you have a policy in place the auditors can chek your policy
- Can engage in
Mediation - the
complainer and the
complaint
- C- Conduct Investigations
- CIA
- Sanctions
- Stems from European LAW
- ODPC
- Data Security Breach Code of Practice
- DPC ( DAta protection
commissioner - in July 2010
- Data controller needs to inform ODPC -
where there is a breach in manual or
electronic data
- An Garda
- Financial Institutions
- Report in 2 days
- Amount of Data
- Action been taking to secure and recover data
- Action to inform data subjects or reasons not to
- Actions to limit damage
- Chronology of events
- Measure to prevent it happening again
- Amount of Data
- An Garda
- DPC ( DAta protection
commissioner - in July 2010
Media attachments
Want to create your own Mind Maps for free with GoConqr? Learn more.