2.1 KiB
GDPR training 1
History
GDPR started (originally) with teh (EU) declaration of rights
More specialised over time
Privacy in written communications
From:
Written coms protected from gov
yo
Digital coms protected from corps
Personal data
Dead folks dont count for GDPR
userID would count as identifiable information.
Some data is protected, except under certain conditions such as criminal convictions
Principals
- Must be fairly and lawfully processed
- 6 recognised means you can choose to gather and store data
- Concent trumps all other means
- Contractual and legal obligations are tied
- Obliged to gather
- public interest
Wolves is joint controllers
Committees are also joint controllers
- Rights of data subjects
- Right to be informed
- Right of access
- Human has to be involved
Enforcement
The office of the Data commissioner got bumped up in funding and manpower
Most of the big corpos are headquartered in Ireland (for a variety of reasons)
fines got bumped, to big number and a % of revenue
More power than revenue commissioners.
DPC are looking at a broad spectrum of organisations
Loosing access to data counts as a breach
- Leak
- Hack
- Accidental deletion
- ransomware
- ....
Technically having former committee with access to teh gcloud could ahve counted.
Compliance
A creche may need to keep data of a 3 year old till they are 25
7 year timer starts once they turn 18
18+7=25
Main areas of action:
- Data breaches
- ye have 72 hrs to report it
- Find out what happened
- Fix the issue
- Mitigate issue
- If high risk to members then they have to e notified
- Data Access
- One calendar month (28 days?)
Misc
Why
We (committees) are controllers of data.
Questions
Skynet bot
Had a good chat, will send email.
Old data from before GDPR (home dirs and emails)
Basically as long as ye want.
Best to keep teh data until either they contact ius or we contact them.
Give a clear options on what to do with it.
Logging bot on discord
Not a good idea
Ask for slides