2608010
Description
Data protection – from the Information
Commissioner Office (ICO)
- Personal data
- Living person
- Can be ideintified by data
- Includes opinions on the individual
- Sensitive personal data
- Race/ethnicity
- political opinion
- religion
- trade union membership
- health
- sexual life
- criminal activity
- Race/ethnicity
- Living person
- What type of data it covers
- electronic
- data
- texts
- images
- recordings
- data
- manual
- electronic
- Who is responsible?
- Data controllers
- Staff
- e.g Think/client/distribution house - whoever is responsible
for keeping it updated and secure at that moment in time
- e.g Think/client/distribution house - whoever is responsible
for keeping it updated and secure at that moment in time
- Data processors
- e.g Distribution house
- Should have written data sharing agreements in place with processors
- e.g Distribution house
- Safest option is to ASSUME that you're the data
controller and you are responsible
- Staff
- Data controllers
- Data protection principles
- 1. Processed fairly and lawfully
- 2. Obtained and used only for the specified purpos(es)
- 3. Data held will be adequate, relevant and not excessive to the purpose
- 4. Accurate and (where necessary) kept up to date
- 5. Not kept longer than necessary
- 6. Processed in accordance with the rights of data subjects
under the 1998 act
- Subject access
- Prevent processing that
causes unwarranted
substantial danage or distress
- Prevent direct marketing
- Automated decision making
- 7. Data protected by appropriate technical and organisational measures
- 8. Not to be transferred to a country or territory outside the European Economic Area
unless there's an adequate level of preotection
- 8. Not to be transferred to a country or territory outside the European Economic Area
unless there's an adequate level of preotection
- Subject access
- 6. Processed in accordance with the rights of data subjects
under the 1998 act
- 5. Not kept longer than necessary
- 4. Accurate and (where necessary) kept up to date
- 3. Data held will be adequate, relevant and not excessive to the purpose
- 2. Obtained and used only for the specified purpos(es)
- 1. Processed fairly and lawfully
- Direct marketing
- Think marketing mailing lists
- 1. Obtain consent for each method used
- 2. Say who you might share personal details with
- 3. Keep record of consent and what it covers
- 4. Provide unsubscribe link on emails an texts
- 5. Keep a suppression list (not to be contacted)
- 5. Keep a suppression list (not to be contacted)
- 4. Provide unsubscribe link on emails an texts
- 3. Keep record of consent and what it covers
- 2. Say who you might share personal details with
- 1. Obtain consent for each method used
- Second hand marketing lists
- 1. Check list is accurate and up to date
- 2. Check consent and what it covers
- 3. Screen telephone numbers against Telephone
Preference Service (TPS)
- 4. Be open about where you obtained details
- 4. Be open about where you obtained details
- 3. Screen telephone numbers against Telephone
Preference Service (TPS)
- 2. Check consent and what it covers
- 1. Check list is accurate and up to date
- Think marketing mailing lists
0 comments
Want to create your own Mind Maps for free with GoConqr? Learn more.