From e61078915cc0bded39d4eef39be45f136a609b5f Mon Sep 17 00:00:00 2001 From: Brendan Golden Date: Tue, 22 Oct 2024 14:32:57 +0100 Subject: [PATCH] training: notes from GDPR training --- .../Training/2024-10-22_Semester-1_Week-07.md | 98 +++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md diff --git a/Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md b/Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md new file mode 100644 index 0000000..af0688d --- /dev/null +++ b/Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md @@ -0,0 +1,98 @@ +# GDPR training 1 +## History +GDPR started (originally) with teh (EU) declaration of rights +More specialised over time +Privacy in written communications + +From: +Written coms protected from gov +yo +Digital coms protected from corps + +## Personal data +Dead folks dont count for GDPR +userID would count as identifiable information. + +Some data is protected, except under certain conditions such as criminal convictions + +## Principals +* Must be fairly and lawfully processed + * 6 recognised means you can choose to gather and store data + * Concent trumps all other means + * Contractual and legal obligations are tied + * Obliged to gather + * public interest + +Wolves is joint controllers +Committees are also joint controllers + +* Rights of data subjects + * Right to be informed + * Right of access + * Human has to be involved + + +## Enforcement +The office of the Data commissioner got bumped up in funding and manpower +Most of the big corpos are headquartered in Ireland (for a variety of reasons) + +fines got bumped, to big number and a % of revenue + +More power than revenue commissioners. + +DPC are looking at a broad spectrum of organisations + +Loosing access to data counts as a breach +* Leak +* Hack +* Accidental deletion +* ransomware +* .... + +Technically having former committee with access to teh gcloud could ahve counted. + +## Compliance +A creche may need to keep data of a 3 year old till they are 25 +7 year timer starts once they turn 18 +18+7=25 + + +Main areas of action: +* Data breaches + * ye have 72 hrs to report it + * Find out what happened + * Fix the issue + * Mitigate issue + * If high risk to members then they have to e notified +* Data Access + * One calendar month (28 days?) + + +## Misc +### Why +We (committees) are controllers of data. + +### Questions +#### Skynet bot +Had a good chat, will send email. + +#### Old data from before GDPR (home dirs and emails) +Basically as long as ye want. +Best to keep teh data until either they contact ius or we contact them. +Give a clear options on what to do with it. + +#### Logging bot on discord +Not a good idea + + + + + + + + + + + + +***Ask for slides*** \ No newline at end of file