The General Data Protection Regulation

Præsentationer af emnet: "The General Data Protection Regulation"— Præsentationens transcript:

1 The General Data Protection Regulation
19/11/2018 The General Data Protection Regulation Personal data used in research What are my obligations? Word Cloud er fra :

2 Program manager for the implementation of GDPR at KU
19/11/2018 Winnie Larsen Program manager for the implementation of GDPR at KU Certified project manager and Privacy Information Professional

3 19/11/2018 The GDPR is new, but it is a continuation of the previous regulation and best practices There 7 core principles which forms the basis for the GDPR Lawfulness, fairness and transparency Purpose limitation Data minimization Accuracy Storage limitation Integrity and confidentiality The biggest change is with the 7’th principle 7. Accountability The ability to demonstrate compliance with above! Compliance will strengthen our work with personal data, and may lift the general level of data awareness handling as there are many points there the GDPR aligns with research codes of conduct. A visible adherence to the core principles will strengthen the image and build trust with our investors and partners

4 National Derogations and other Laws
19/11/2018 When collecting and using personal identifiable information purely research purposes, then you are obliged to; Give the data subject clear and transparent information as to the purpose of the data collection and their rights Know when consent is obligatory and ensure consent can be demonstrated at a later stage Ensure the consent is explicit in cases of collecting health and biometric data or if data subjects are underage (16) Be able to return a copy of the collected data and manage a correction if the personal data is incorrect Be able to delete the personal data if an individual has a valid objection or recalls consent Minimize the amount of data collected Unlink the data from the individuals as much as possible (e.g. annonymisation, pseudonymisation, truncation) Take the necessary safety precautions both during storage and when sharing data Only share data with whom it is absolutely necessary to achieve the purpose National Derogations and other Laws Areas where there GDPR is less strict for research, than for other types of data use

5 National Derogations and other Laws
19/11/2018 When collecting and using personal identifiable information purely research purposes, then you are obliged to; Only share personal data with others if they can demonstrate, that they also handle data according to GDPR principles. This includes appropriate safety measures. Seek legal advice before transporting data outside EU&EEA Handle data with appropriate safety during the full retention period, alternatively archive data Ensure all personal information is deleted after use, incl. shared data Register the data processing in a common register. The information will be needed for inspection by the authorities and in case of data breach (paraply-anmeldelsen) Monitor who accesses data and inform instantly the security organisation on suspicion of a data breach Do a formal Data Privacy Impact assessment for projects with (high volumes, sensitive data or new technologies) Be able to demonstrate compliance to above points . National Derogations and other Laws

6 19/11/2018 Prepare for the GDPR. Ensure you are compliant to current laws and follow existing recommendations Studerendes specialeopgaver mv. Ingen krav om anmeldelse og tilladelse  Studerendes indsamling og registrering af følsomme personoplysninger i forbindelse med deres projekt- og specialeskrivning mv. er fritaget fra kravet om anmeldelse til og tilladelse fra Datatilsynet under visse forudsætninger.   For at være fritaget fra anmeldelsespligten er det for det første et krav, at man er studerende på en erhvervsakademi-, professionsbachelor-, bachelor- eller kandidatuddannelse eller uddannelse på tilsvarende niveau. For det andet skal indsamlingen og registreringen af personoplysninger ske med udtrykkeligt samtykke fra de personer, oplysningerne vedrører.  Begge krav skal være opfyldt, for at man som studerende er fritaget fra anmeldelsespligten. Undtagelsen gælder kun for projekter mv., der gennemføres i privat regi. Vid hvor du søger hjælp hvis du har haft et dtabrud Sørg for at din forskning er registeret under paraply-anmeldelsen