close

Вход

Забыли?

вход по аккаунту

?

Data Protection - The Jersey Safety Council Website

код для вставкиСкачать
The Data
Protection (Jersey)
Law 2005
Jersey Occupational Safety & Health
Association
27th November 2007
www.dataprotection.gov.je
• Human Rights
• Employment
• Regulation of Investigatory Powers
• Data Protection
• Health & Safety
• Rehabilitation of Offenders
• Public Records
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
A Law to make provision for the regulation of the
processing of information relating to individuals
including the obtaining, holding and use or
disclosure of such information.
www.dataprotection.gov.je
Key new Features of the new
Jersey Law
• Definition of data includes structured
manual personal information
• Must meet minimum criteria before
processing commences
• Still 8 enforceable basic Principles
• Principles are strengthened
• Principles apply – notified (registered) or
not
www.dataprotection.gov.je
Key new Features of the new Jersey
Law (Cont’d)
• Individuals’ Rights enhanced
• Limited Exemptions
• Establishes an independent DP
Commissioner with increased powers
• Enforcement – pre-assessments
• Transition period for currently exempt
data when processing already underway
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
DATA
Means information which is:
Automatically processed
or
Recorded with the intention of being automatically
processed
or
Recorded as part of a relevant filing system
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
RELEVANT FILING SYSTEM
Means any set of information relating to individuals
to the extent that the set is structured either by
reference to individuals, or in such a way that
specific information relating to a particular individual
is readily accessible.
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
PERSONAL DATA
Data which relates to a living individual who can
be identified:
From those data
or
From those data and any information which is in the
possession
of, or is likely to come into the possession of the data
controller
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
SENSITIVE PERSONAL DATA
•
•
•
•
•
•
•
Racial or ethnic origin
Political opinions
Religious or other beliefs
Trade union membership
Physical or mental health
Sexual life
Offences
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
PROCESSING
includes obtaining, holding and carrying
out any operation on the information or
data
www.dataprotection.gov.je
The Data Protection(Jersey)Law 2005
KEY DEFINITIONS:
DATA SUBJECT
An individual who is the subject of personal data.
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
DATA CONTROLLER
A person who (either alone or in common with
other persons) determines the purposes for which
and the manner in which personal data are, or are
to be, processed.
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
KEY DEFINITIONS:
DATA PROCESSOR
a person (other than an employee) who processes the
data on behalf of the data controller
www.dataprotection.gov.je
The Data Protection (Jersey) Law 2005
The Principles
There are 8 Data Protection Principles which set
enforceable standards for the collection and use of
personal data.
www.dataprotection.gov.je
Data Protection (Jersey) Law 2005
The First Principle:
Personal data shall be processed fairly
and lawfully and in particular shall not
be processed unless:
• Schedule 2 is satisfied
for all personal data
• Schedule 3 is satisfied
for all sensitive
personal data
www.dataprotection.gov.je
The First Principle (Cont’d):
Fairness:
The individual must be informed of:
•
The identity of the data controller
•
The purpose(s) for which the data are
intended to be processed
•
Any other information which is necessary
having regard to the specific circumstances
in which the data are, or are to be
processed
www.dataprotection.gov.je
The First Principle (Cont’d):
Conditions for the processing of any Personal Data:
Schedule 2:
At least one of the following conditions must be satisfied
before processing can commence:
• Consent
• Performance of a contract to which the
data subject is a party or has
requested
• Legal obligation
• Vital interests
• Public functions and administration of
justice
• Legitimate interests
www.dataprotection.gov.je
The First Principle (Cont’d):
Conditions for the processing of any Sensitive
Personal Data:
Schedule 3:
At least one of the following conditions must be satisfied
before processing can commence:
•
•
•
•
•
•
•
•
•
Explicit consent
Employment purposes
Vital interests
Non Profit Organisations
Information already made public
Legal proceedings
Public functions
Medical purposes
Equal opportunity research
www.dataprotection.gov.je
The Second Principle:
Personal data shall be obtained for only
one or more specified and lawful purpose
and shall not be further processed in any
manner incompatible with that purpose or
purposes.
www.dataprotection.gov.je
The Third Principle:
Personal data shall be adequate,
relevant and not excessive in relation to
the purpose or purposes for which they
are processed.
www.dataprotection.gov.je
The Fourth Principle:
Personal data shall be accurate and, where
necessary, kept up to date.
www.dataprotection.gov.je
The Fifth Principle:
Personal data processed for any
purpose or purposes shall not be
kept for longer than is necessary
for that purpose or those
purposes.
www.dataprotection.gov.je
The Sixth Principle:
Personal data shall be processed in
accordance with the rights of data subjects
under this Law.
www.dataprotection.gov.je
Individuals Rights
• Access *
• Correction, erasure, destruction
• Stop processing
• Direct marketing
• Automated decision-making
• Compensation
www.dataprotection.gov.je
Individuals Rights cont.
Access
Article 31
Exemption for the sake of regulatory activity
If access request would prejudice the proper
discharge of a function designed for securing
health, safety and welfare of persons at work
www.dataprotection.gov.je
The Seventh Principle:
Appropriate technical and organisational
measures
shall
be
taken
against
unauthorised or unlawful processing of
personal data and against accidental loss or
destruction of, or damage to, personal data.
www.dataprotection.gov.je
The Eighth Principle:
Personal data shall not be transferred to
a country or territory outside the
European Economic Area unless that
country or territory ensures an
adequate level of protection for the
rights and freedoms of data subjects in
relation to the processing of personal
data.
www.dataprotection.gov.je
Enforcement
The Commissioner has legal powers to ensure that Data
Controllers comply with the Law.
1. Failing to Notify or Notify Changes
2. Failing to make information available when requested by a
data subject (when not notified)
3. Breaching an Information/Enforcement /Special Information
Notice issued by the Commissioner
4. Making a false statement (intentional or reckless) in
purported compliance with an Information Notice
5. Unlawful obtaining or selling of personal data
6. Providing false or misleading information to the
Commissioner
www.dataprotection.gov.je
Contact details:
Emma Martins
Morier House
Halkett Place
St Helier
Jersey JEI IDD
Telephone – 441064
Website – www.dataprotection.gov.je
www.dataprotection.gov.je
Документ
Категория
Презентации
Просмотров
7
Размер файла
545 Кб
Теги
1/--страниц
Пожаловаться на содержимое документа