SlideShare uma empresa Scribd logo

Amberhawk - Law Enforcement Parts of the Data Protection Bill

techUK
techUK

Presentations on How Will Policing and Justice Be Affected By the Data Protection Bill? event held on 14 November

Tecnologia
1 de 11
LAW ENFORCEMENT PARTS OF THE DP BILL Divergence from the Applied GDPR chris.pounder@amberhawk.com 1
DP BILL FOR LAW ENFORCEMENT • PART 3. Law Enforcement Processing (Clauses 27-79) Implements the LED for law enforcement data processing • Schedule 7 (List of competent authorities covered by LED) • Schedule 8 (Conditions for sensitive processing under Part 3) • PART 4. Intelligence Services Processing (Clauses 80-111): adopts data protection standards for intelligence services data processing. • Schedules 9-11 (Conditions for processing, sensitive processing and other exemptions under Part 4) 2
LAW ENFORCEMENT PURPOSES The “law enforcement purposes” are: • the “prevention, investigation, detection or prosecution of criminal offences” and • “execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” Any processing not for a law enforcement purpose (e.g. Human Resources) is subject to the GDPR elements of the DP Bill CCTV – is that processing for a law enforcement purpose? Answer “NO” if the controller is not a competent authority 3
WHO DOES “LAW ENFORCEMENT”? • All organisations in Schedule 7 (i.e. the usual suspects) And • any other person if and to the extent that the person has statutory functions for any of the law enforcement purposes • (e.g. Trading standards for Local Authority) 4
COMMENTS ON DEFINITIONS 1. If a law requires personal data to be processed for a law enforcement purpose, then the organisation that is required by law to processes the personal data is the controller (like S.1(4) DPA). 2. The grounds for the processing are limited to (a) data subject consent or (b) necessary for the functions of a competent authority. Processing policies needed for both (e.g. how consent is obtained; what are the functions). Policies are subject to FOIA/FOISA requests 3. There is no “special personal data” but there is “sensitive processing” of personal data 5
COMMENTS ON PRINCIPLES 1. If the processing is necessary for a law enforcement purpose, then the fairness provisions are negated if informing the data subject would be likely to “undermine” the law enforcement purpose 2. Disclosures from one law enforcement purpose for any further law enforcement purpose by another controller is likely to be compatible. 3. Fourth Principle requires; – Facts separate from opinions – Distinction between suspects, convicted, victims and witnesses 6
COMMENTS ON SECURITY • Security Principle in general applies to ALL processing of personal data for a law enforcement purpose. For automated processing, each controller & processor must: • do an evaluation of the risks (e.g. DPIA) • prevent unauthorised processing or unauthorised interference with the systems used in connection with it, • ensure that it is possible to establish the precise details of any processing that takes place (logging requirements in Cl. 60) • ensure that systems function properly and may, in the case of interruption, be restored • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions 7
COMMENTS ON TRANSFERS (Clauses 71-75) Data transfers to “comparable” law enforcement agencies in Third Countries for law enforcement purposes can occur when: • an adequacy decision exists for that Third Country • there is not an adequacy decision but there are alternative safeguards for the transfer (e.g. binding contract or the organisation transferring can assess adequacy; Brexit option?) • there is neither of the above but special circumstances apply for the transfer to the Third Country (e.g. vital or legitimate interests of data subject; serious security threat) In the last two cases, the transfer has to be fully documented (e.g. date, time, justification for transfer, details of recipient etc) 8
COMMENTS ON RIGHTS Several rights apply (e.g. right of access to personal data, rectification, erasure, restriction). Rights negated if satisfying the right: • obstructs an official/legal inquiry, investigation or procedure • prejudices the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; • jeopardises public security, national security or the rights and freedoms of others. Rules similar to “FOIA’s neither confirm nor deny” apply But ICO can check whether exemption is properly applied 9
FINAL COMMENTS (LED LIKE GDPR) • “Personal data” and “filing system” definitions the same • A Data Protection Officer is definitely needed • Data Protection Impact Assessments and prior notification of a high risk that cannot be mitigated • Data Loss reporting within 72hrs at the latest • Data Protection by Design included in procurement processes • Must have detailed records of processing activities (in addition to the detailed logging arrangements) • Processor arrangements and sub-contracting procedures • Joint controllership rules identified in advance. 10
THE END ©Chris Slane 11 More on the GDPR and LED in all Amberhawk DP courses …. and on HAWKTALK (wholly balanced blog) Q U E S T I O N S

Recomendados

DPIA
DPIADPIA
DPIAMartyn Ripley
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...Frederick Lane
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc
 

Recomendados

DPIA
DPIADPIA
DPIAMartyn Ripley
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QA
QA Fest 2017. Per Thorsheim.GDPR - An overview and its relevance for QAQAFest
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...
2014-08-28 AAA* Approach to Financial Forensics: Anticipation, Acquisition, A...Frederick Lane
 
Safe Harbor Webinar
Safe Harbor WebinarSafe Harbor Webinar
Safe Harbor WebinarEthisphere
 
IT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkIT Perspectives in Implementing Privacy Framework
IT Perspectives in Implementing Privacy FrameworkShankar Subramaniyan
 
Third-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActThird-Party Risk Management: How to Identify, Assess & Act
Third-Party Risk Management: How to Identify, Assess & ActTrustArc
 
GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data PortabilityBusola Awani
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?Patrick Soenen
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELEugene Lee
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
Gdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELGdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELEugene Lee
 
IT Security Services
IT Security ServicesIT Security Services
IT Security ServicesOmar Toor
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?TrustArc
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaserLava Consult BVBA
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPRMyComplianceOffice
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptSamir Jha
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawSynopsys Software Integrity Group
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 

Mais conteúdo relacionado

Mais procurados

GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data PortabilityBusola Awani
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?Patrick Soenen
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELEugene Lee
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime caseOnline
 
Gdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELGdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELEugene Lee
 
IT Security Services
IT Security ServicesIT Security Services
IT Security ServicesOmar Toor
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?TrustArc
 

Mais procurados (7)

GDPR – Data Portability
GDPR – Data PortabilityGDPR – Data Portability
GDPR – Data Portability
 
GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?GDPR Are you ready for auditing privacy ?
GDPR Are you ready for auditing privacy ?
 
GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services EL
 
Building a cybercrime case
Building a cybercrime caseBuilding a cybercrime case
Building a cybercrime case
 
Gdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework ELGdpr and ISMS Quick Map Framework EL
Gdpr and ISMS Quick Map Framework EL
 
IT Security Services
IT Security ServicesIT Security Services
IT Security Services
 
COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?COVID-19: What are the Potential Impacts on Data Privacy?
COVID-19: What are the Potential Impacts on Data Privacy?
 

Semelhante a Amberhawk - Law Enforcement Parts of the Data Protection Bill

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Dione McBride, CISSP, CIPP/E
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideBlack Duck by Synopsys
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfJakeAldrinDegala1
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptSamir Jha
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityEmerson Bryan
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management Endcode_org
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...Jason Haislmaier
 

Semelhante a Amberhawk - Law Enforcement Parts of the Data Protection Bill (20)

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Data Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR FrameworkData Protection and Academic Research: The New GDPR Framework
Data Protection and Academic Research: The New GDPR Framework
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1Data Privacy for Information Security Professionals Part 1
Data Privacy for Information Security Professionals Part 1
 
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical GuideFLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
FLIGHT Amsterdam Presentation - Data Breaches and the Law: A Practical Guide
 
GDPR for Marketers - teaser
GDPR for Marketers - teaserGDPR for Marketers - teaser
GDPR for Marketers - teaser
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdfAll_you_need_to Know_About_the_Data_Privacy_Act.pdf
All_you_need_to Know_About_the_Data_Privacy_Act.pdf
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
CCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.pptCCSP_Self_Domain_6.ppt
CCSP_Self_Domain_6.ppt
 
Flight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the LawFlight East 2018 Presentation–Data Breaches and the Law
Flight East 2018 Presentation–Data Breaches and the Law
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
Jamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business communityJamaica's Data Protection Act: Compliance required from the business community
Jamaica's Data Protection Act: Compliance required from the business community
 
Data Protection & Risk Management
Data Protection & Risk Management Data Protection & Risk Management
Data Protection & Risk Management
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...When Past Performance May Be Indicative of Future Results - The Legal Implica...
When Past Performance May Be Indicative of Future Results - The Legal Implica...
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 

Mais de techUK

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options techUK
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...techUK
 
Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2techUK
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutiontechUK
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFtechUK
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccesstechUK
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodstechUK
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingtechUK
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...techUK
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018techUK
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementtechUK
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for UtilitiestechUK
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials techUK
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review techUK
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODtechUK
 
India Secondment
India SecondmentIndia Secondment
India SecondmenttechUK
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDItechUK
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations PrioritiestechUK
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA WorkshoptechUK
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectivetechUK
 

Mais de techUK (20)

Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options Abhaya Sumanasena - Real Wireless - Spectrum Options
Abhaya Sumanasena - Real Wireless - Spectrum Options
 
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
Anil Shukla - QinetiQ - spectrum policy forum-framework_qinetiq_030518_intro_...
 
Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2Paul Howland - DSTL - SPF EM risk framework presentation v2
Paul Howland - DSTL - SPF EM risk framework presentation v2
 
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access EvolutionPeter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
Peter Curnow-Ford - SPF Cluster 2 - Spectrum Access Evolution
 
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPFStephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
Stephen Temple - 5GIC - Dynamic Spectrum Expansion for 21 May SPF
 
Nigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum AccessNigel King - UK WISPA - Flexible Spectrum Access
Nigel King - UK WISPA - Flexible Spectrum Access
 
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access MethodsTony lavender - Plum Consulting - Flexible Spectrum Access Methods
Tony lavender - Plum Consulting - Flexible Spectrum Access Methods
 
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and SharingCliff Mason - Ofcom - Spectrum Awards, Access and Sharing
Cliff Mason - Ofcom - Spectrum Awards, Access and Sharing
 
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...Tony lavender - Plum Consulting - incorporating social value into spectrum al...
Tony lavender - Plum Consulting - incorporating social value into spectrum al...
 
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
Philip bates - Analysys Mason - spectrum policy forum 29 march 2018
 
Enabling Dynamic Spectrum Management
Enabling Dynamic Spectrum ManagementEnabling Dynamic Spectrum Management
Enabling Dynamic Spectrum Management
 
Spectrum Requirements for Utilities
Spectrum Requirements for UtilitiesSpectrum Requirements for Utilities
Spectrum Requirements for Utilities
 
406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials 406MHz - 430MHz Sharing and Trials
406MHz - 430MHz Sharing and Trials
 
CMU Update Review
CMU Update Review CMU Update Review
CMU Update Review
 
Sharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MODSharing Defence Managed Spectrum - MOD
Sharing Defence Managed Spectrum - MOD
 
India Secondment
India SecondmentIndia Secondment
India Secondment
 
DIT Space FDI
DIT Space FDIDIT Space FDI
DIT Space FDI
 
Space Trade Negotiations Priorities
Space Trade Negotiations PrioritiesSpace Trade Negotiations Priorities
Space Trade Negotiations Priorities
 
Feedback from USA Workshop
Feedback from USA WorkshopFeedback from USA Workshop
Feedback from USA Workshop
 
Thales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's PerspectiveThales - LED and DP from a Vendor's Perspective
Thales - LED and DP from a Vendor's Perspective
 

Último

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 

Último (20)

Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
TrustArc Webinar - Unlock the Power of AI-Driven Data Discovery
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 

Amberhawk - Law Enforcement Parts of the Data Protection Bill

  • 1. LAW ENFORCEMENT PARTS OF THE DP BILL Divergence from the Applied GDPR chris.pounder@amberhawk.com 1
  • 2. DP BILL FOR LAW ENFORCEMENT • PART 3. Law Enforcement Processing (Clauses 27-79) Implements the LED for law enforcement data processing • Schedule 7 (List of competent authorities covered by LED) • Schedule 8 (Conditions for sensitive processing under Part 3) • PART 4. Intelligence Services Processing (Clauses 80-111): adopts data protection standards for intelligence services data processing. • Schedules 9-11 (Conditions for processing, sensitive processing and other exemptions under Part 4) 2
  • 3. LAW ENFORCEMENT PURPOSES The “law enforcement purposes” are: • the “prevention, investigation, detection or prosecution of criminal offences” and • “execution of criminal penalties, including the safeguarding against and the prevention of threats to public security” Any processing not for a law enforcement purpose (e.g. Human Resources) is subject to the GDPR elements of the DP Bill CCTV – is that processing for a law enforcement purpose? Answer “NO” if the controller is not a competent authority 3
  • 4. WHO DOES “LAW ENFORCEMENT”? • All organisations in Schedule 7 (i.e. the usual suspects) And • any other person if and to the extent that the person has statutory functions for any of the law enforcement purposes • (e.g. Trading standards for Local Authority) 4
  • 5. COMMENTS ON DEFINITIONS 1. If a law requires personal data to be processed for a law enforcement purpose, then the organisation that is required by law to processes the personal data is the controller (like S.1(4) DPA). 2. The grounds for the processing are limited to (a) data subject consent or (b) necessary for the functions of a competent authority. Processing policies needed for both (e.g. how consent is obtained; what are the functions). Policies are subject to FOIA/FOISA requests 3. There is no “special personal data” but there is “sensitive processing” of personal data 5
  • 6. COMMENTS ON PRINCIPLES 1. If the processing is necessary for a law enforcement purpose, then the fairness provisions are negated if informing the data subject would be likely to “undermine” the law enforcement purpose 2. Disclosures from one law enforcement purpose for any further law enforcement purpose by another controller is likely to be compatible. 3. Fourth Principle requires; – Facts separate from opinions – Distinction between suspects, convicted, victims and witnesses 6
  • 7. COMMENTS ON SECURITY • Security Principle in general applies to ALL processing of personal data for a law enforcement purpose. For automated processing, each controller & processor must: • do an evaluation of the risks (e.g. DPIA) • prevent unauthorised processing or unauthorised interference with the systems used in connection with it, • ensure that it is possible to establish the precise details of any processing that takes place (logging requirements in Cl. 60) • ensure that systems function properly and may, in the case of interruption, be restored • ensure that stored personal data cannot be corrupted if a system used in connection with the processing malfunctions 7
  • 8. COMMENTS ON TRANSFERS (Clauses 71-75) Data transfers to “comparable” law enforcement agencies in Third Countries for law enforcement purposes can occur when: • an adequacy decision exists for that Third Country • there is not an adequacy decision but there are alternative safeguards for the transfer (e.g. binding contract or the organisation transferring can assess adequacy; Brexit option?) • there is neither of the above but special circumstances apply for the transfer to the Third Country (e.g. vital or legitimate interests of data subject; serious security threat) In the last two cases, the transfer has to be fully documented (e.g. date, time, justification for transfer, details of recipient etc) 8
  • 9. COMMENTS ON RIGHTS Several rights apply (e.g. right of access to personal data, rectification, erasure, restriction). Rights negated if satisfying the right: • obstructs an official/legal inquiry, investigation or procedure • prejudices the prevention, detection, investigation or prosecution of criminal offences or the execution of criminal penalties; • jeopardises public security, national security or the rights and freedoms of others. Rules similar to “FOIA’s neither confirm nor deny” apply But ICO can check whether exemption is properly applied 9
  • 10. FINAL COMMENTS (LED LIKE GDPR) • “Personal data” and “filing system” definitions the same • A Data Protection Officer is definitely needed • Data Protection Impact Assessments and prior notification of a high risk that cannot be mitigated • Data Loss reporting within 72hrs at the latest • Data Protection by Design included in procurement processes • Must have detailed records of processing activities (in addition to the detailed logging arrangements) • Processor arrangements and sub-contracting procedures • Joint controllership rules identified in advance. 10
  • 11. THE END ©Chris Slane 11 More on the GDPR and LED in all Amberhawk DP courses …. and on HAWKTALK (wholly balanced blog) Q U E S T I O N S

Notas do Editor

  1. Go through the courseware; identify action plan for controllers – parking rights for the moment