forked from Computer_Society/open-goverance
training: notes from GDPR training
This commit is contained in:
parent
4234f847cb
commit
e61078915c
1 changed files with 98 additions and 0 deletions
98
Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md
Normal file
98
Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md
Normal file
|
@ -0,0 +1,98 @@
|
||||||
|
# GDPR training 1
|
||||||
|
## History
|
||||||
|
GDPR started (originally) with teh (EU) declaration of rights
|
||||||
|
More specialised over time
|
||||||
|
Privacy in written communications
|
||||||
|
|
||||||
|
From:
|
||||||
|
Written coms protected from gov
|
||||||
|
yo
|
||||||
|
Digital coms protected from corps
|
||||||
|
|
||||||
|
## Personal data
|
||||||
|
Dead folks dont count for GDPR
|
||||||
|
userID would count as identifiable information.
|
||||||
|
|
||||||
|
Some data is protected, except under certain conditions such as criminal convictions
|
||||||
|
|
||||||
|
## Principals
|
||||||
|
* Must be fairly and lawfully processed
|
||||||
|
* 6 recognised means you can choose to gather and store data
|
||||||
|
* Concent trumps all other means
|
||||||
|
* Contractual and legal obligations are tied
|
||||||
|
* Obliged to gather
|
||||||
|
* public interest
|
||||||
|
|
||||||
|
Wolves is joint controllers
|
||||||
|
Committees are also joint controllers
|
||||||
|
|
||||||
|
* Rights of data subjects
|
||||||
|
* Right to be informed
|
||||||
|
* Right of access
|
||||||
|
* Human has to be involved
|
||||||
|
|
||||||
|
|
||||||
|
## Enforcement
|
||||||
|
The office of the Data commissioner got bumped up in funding and manpower
|
||||||
|
Most of the big corpos are headquartered in Ireland (for a variety of reasons)
|
||||||
|
|
||||||
|
fines got bumped, to big number and a % of revenue
|
||||||
|
|
||||||
|
More power than revenue commissioners.
|
||||||
|
|
||||||
|
DPC are looking at a broad spectrum of organisations
|
||||||
|
|
||||||
|
Loosing access to data counts as a breach
|
||||||
|
* Leak
|
||||||
|
* Hack
|
||||||
|
* Accidental deletion
|
||||||
|
* ransomware
|
||||||
|
* ....
|
||||||
|
|
||||||
|
Technically having former committee with access to teh gcloud could ahve counted.
|
||||||
|
|
||||||
|
## Compliance
|
||||||
|
A creche may need to keep data of a 3 year old till they are 25
|
||||||
|
7 year timer starts once they turn 18
|
||||||
|
18+7=25
|
||||||
|
|
||||||
|
|
||||||
|
Main areas of action:
|
||||||
|
* Data breaches
|
||||||
|
* ye have 72 hrs to report it
|
||||||
|
* Find out what happened
|
||||||
|
* Fix the issue
|
||||||
|
* Mitigate issue
|
||||||
|
* If high risk to members then they have to e notified
|
||||||
|
* Data Access
|
||||||
|
* One calendar month (28 days?)
|
||||||
|
|
||||||
|
|
||||||
|
## Misc
|
||||||
|
### Why
|
||||||
|
We (committees) are controllers of data.
|
||||||
|
|
||||||
|
### Questions
|
||||||
|
#### Skynet bot
|
||||||
|
Had a good chat, will send email.
|
||||||
|
|
||||||
|
#### Old data from before GDPR (home dirs and emails)
|
||||||
|
Basically as long as ye want.
|
||||||
|
Best to keep teh data until either they contact ius or we contact them.
|
||||||
|
Give a clear options on what to do with it.
|
||||||
|
|
||||||
|
#### Logging bot on discord
|
||||||
|
Not a good idea
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
***Ask for slides***
|
Loading…
Reference in a new issue