forked from Computer_Society/open-goverance
training: notes from GDPR training
This commit is contained in:
parent
4234f847cb
commit
e61078915c
GPG key ID:
36F93D61BAD3FD7D
1 changed files with 98 additions and 0 deletions
98
Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md
Normal file
98
Minutes/2024-2025/Training/2024-10-22_Semester-1_Week-07.md
Normal file
|
|
@ -0,0 +1,98 @@
|
|||
# GDPR training 1
|
||||
## History
|
||||
GDPR started (originally) with teh (EU) declaration of rights
|
||||
More specialised over time
|
||||
Privacy in written communications
|
||||
|
||||
From:
|
||||
Written coms protected from gov
|
||||
yo
|
||||
Digital coms protected from corps
|
||||
|
||||
## Personal data
|
||||
Dead folks dont count for GDPR
|
||||
userID would count as identifiable information.
|
||||
|
||||
Some data is protected, except under certain conditions such as criminal convictions
|
||||
|
||||
## Principals
|
||||
* Must be fairly and lawfully processed
|
||||
* 6 recognised means you can choose to gather and store data
|
||||
* Concent trumps all other means
|
||||
* Contractual and legal obligations are tied
|
||||
* Obliged to gather
|
||||
* public interest
|
||||
|
||||
Wolves is joint controllers
|
||||
Committees are also joint controllers
|
||||
|
||||
* Rights of data subjects
|
||||
* Right to be informed
|
||||
* Right of access
|
||||
* Human has to be involved
|
||||
|
||||
|
||||
## Enforcement
|
||||
The office of the Data commissioner got bumped up in funding and manpower
|
||||
Most of the big corpos are headquartered in Ireland (for a variety of reasons)
|
||||
|
||||
fines got bumped, to big number and a % of revenue
|
||||
|
||||
More power than revenue commissioners.
|
||||
|
||||
DPC are looking at a broad spectrum of organisations
|
||||
|
||||
Loosing access to data counts as a breach
|
||||
* Leak
|
||||
* Hack
|
||||
* Accidental deletion
|
||||
* ransomware
|
||||
* ....
|
||||
|
||||
Technically having former committee with access to teh gcloud could ahve counted.
|
||||
|
||||
## Compliance
|
||||
A creche may need to keep data of a 3 year old till they are 25
|
||||
7 year timer starts once they turn 18
|
||||
18+7=25
|
||||
|
||||
|
||||
Main areas of action:
|
||||
* Data breaches
|
||||
* ye have 72 hrs to report it
|
||||
* Find out what happened
|
||||
* Fix the issue
|
||||
* Mitigate issue
|
||||
* If high risk to members then they have to e notified
|
||||
* Data Access
|
||||
* One calendar month (28 days?)
|
||||
|
||||
|
||||
## Misc
|
||||
### Why
|
||||
We (committees) are controllers of data.
|
||||
|
||||
### Questions
|
||||
#### Skynet bot
|
||||
Had a good chat, will send email.
|
||||
|
||||
#### Old data from before GDPR (home dirs and emails)
|
||||
Basically as long as ye want.
|
||||
Best to keep teh data until either they contact ius or we contact them.
|
||||
Give a clear options on what to do with it.
|
||||
|
||||
#### Logging bot on discord
|
||||
Not a good idea
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
***Ask for slides***
|
||||
Loading…
Reference in a new issue