98 lines
2.1 KiB
Markdown
98 lines
2.1 KiB
Markdown
|
# GDPR training 1
|
||
|
## History
|
||
|
GDPR started (originally) with teh (EU) declaration of rights
|
||
|
More specialised over time
|
||
|
Privacy in written communications
|
||
|
|
||
|
From:
|
||
|
Written coms protected from gov
|
||
|
yo
|
||
|
Digital coms protected from corps
|
||
|
|
||
|
## Personal data
|
||
|
Dead folks dont count for GDPR
|
||
|
userID would count as identifiable information.
|
||
|
|
||
|
Some data is protected, except under certain conditions such as criminal convictions
|
||
|
|
||
|
## Principals
|
||
|
* Must be fairly and lawfully processed
|
||
|
* 6 recognised means you can choose to gather and store data
|
||
|
* Concent trumps all other means
|
||
|
* Contractual and legal obligations are tied
|
||
|
* Obliged to gather
|
||
|
* public interest
|
||
|
|
||
|
Wolves is joint controllers
|
||
|
Committees are also joint controllers
|
||
|
|
||
|
* Rights of data subjects
|
||
|
* Right to be informed
|
||
|
* Right of access
|
||
|
* Human has to be involved
|
||
|
|
||
|
|
||
|
## Enforcement
|
||
|
The office of the Data commissioner got bumped up in funding and manpower
|
||
|
Most of the big corpos are headquartered in Ireland (for a variety of reasons)
|
||
|
|
||
|
fines got bumped, to big number and a % of revenue
|
||
|
|
||
|
More power than revenue commissioners.
|
||
|
|
||
|
DPC are looking at a broad spectrum of organisations
|
||
|
|
||
|
Loosing access to data counts as a breach
|
||
|
* Leak
|
||
|
* Hack
|
||
|
* Accidental deletion
|
||
|
* ransomware
|
||
|
* ....
|
||
|
|
||
|
Technically having former committee with access to teh gcloud could ahve counted.
|
||
|
|
||
|
## Compliance
|
||
|
A creche may need to keep data of a 3 year old till they are 25
|
||
|
7 year timer starts once they turn 18
|
||
|
18+7=25
|
||
|
|
||
|
|
||
|
Main areas of action:
|
||
|
* Data breaches
|
||
|
* ye have 72 hrs to report it
|
||
|
* Find out what happened
|
||
|
* Fix the issue
|
||
|
* Mitigate issue
|
||
|
* If high risk to members then they have to e notified
|
||
|
* Data Access
|
||
|
* One calendar month (28 days?)
|
||
|
|
||
|
|
||
|
## Misc
|
||
|
### Why
|
||
|
We (committees) are controllers of data.
|
||
|
|
||
|
### Questions
|
||
|
#### Skynet bot
|
||
|
Had a good chat, will send email.
|
||
|
|
||
|
#### Old data from before GDPR (home dirs and emails)
|
||
|
Basically as long as ye want.
|
||
|
Best to keep teh data until either they contact ius or we contact them.
|
||
|
Give a clear options on what to do with it.
|
||
|
|
||
|
#### Logging bot on discord
|
||
|
Not a good idea
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
|
||
|
***Ask for slides***
|