Data Protection Act 2018 Live Online Learner Guide

Data Protection Act 2018 Training Course

Table of Contents Introduction ................................................................................................................................................6 IT Governance training pathway ...............................................................................................................7 Action plan ................................................................................................................................................7 Course content..........................................................................................................................................8 Course resources......................................................................................................................................8 Module 1 – Scope and definitions .............................................................................................................9 Key definitions.........................................................................................................................................10 The DPA 2018 and the GDPR ................................................................................................................12 The six lawful bases for processing personal data ..................................................................................13 Definition of special categories of data and the difference between the DPA 1998 and the DPA 2018....14 Exceptions...........................................................................................................................................14 Conditions under which special categories of data relating to employment, health and research can be processed legitimately.............................................................................................................................15 Conditions under which special categories of data relating to substantial public interest can be processed (Schedule 1, Part 2, DPA 2018) ..............................................................................................................16 Module 1 summary .................................................................................................................................19 Module 2 – How the DPA 2018 differs from the GDPR...........................................................................20 GDPR terms that have been modified under the DPA.............................................................................20 Rights of the data subjects ......................................................................................................................21 Obligations of credit reference agencies .................................................................................................21 Obligations of controllers in relation to automated decision-making ........................................................22 Some of the exemptions listed in the DPA ..............................................................................................22 Exemptions listed in the DPA: .................................................................................................................23 Adequacy criteria and appropriate means of transfer to a third country, from the GDPR.........................24 The principles for transferring personal data to third countries ................................................................24 The conditions for transferring personal data to persons other than relevant authorities .........................25 The circumstances when subsequent transfers can legitimately be made...............................................26 National security certificates and their implications .................................................................................26 The process for reporting infringements ..................................................................................................26 Exemptions under transfers of personal data to a third country...............................................................27 The two reasons for restricting a transfer ................................................................................................27 Derogations in relation to archiving, scientific research or historical research and statistical purposes ...27 Module 2 summary .................................................................................................................................28 Module 3 – Other general processing .....................................................................................................29 Application of the GDPR .........................................................................................................................29 Processing that applies under the GDPR................................................................................................29 Modifications to the GDPR......................................................................................................................29 Exemptions to manual unstructured data held by FOI public authorities..................................................31 Exemptions for manual unstructured data used in longstanding historical research ................................31 The national security and defence exemption and when it applies ..........................................................32 Scenario - WizardTickets data breach – overview...................................................................................33

Page 3 of 105

 IT Governance Ltd 2019

v01.00

Made with FlippingBook HTML5