GDPR - Are You Ready?

Preparing for the ‘game changing’ new privacy law the GDPR in Higher Education.

The European General Data Protection Regulation (GDPR) comes into force throughout Europe on the 25th May 2018 replacing the existing data protection framework under the EU Data Protection Directive.

The GDPR has been described by the Irish Data Protection Commissioner Helen Dixon as ‘game-changing’ It represents a major change to EU data protection law emphasising transparency, security and accountability by data controllers and processors, while at the same time standardising and strengthening the right of European citizens to data privacy. It also includes a framework which enables a huge increase in sanctions, with potential fines levied at up to 4% of organisational turnover or up to €20 Million.

This presentation will address the challenges facing the Higher Education sector in achieving compliance with the GDPR ultimately posing the question - are you ready?

Sinead Mac Bride – College Solicitor/ Information Compliance Officer at TCD
Sinead will outline the challenges as experienced by Trinity College Dublin in preparing for the introduction of GDPR in May 2018 and in achieving compliance with the GDPR. These include:
• Defining Roles and Responsibilities and amending Policies
• Hiring a dedicated Data Protection Officer
• Creating a compliance program that is suitable for all areas of the University and covers, teaching, research and administrative data.
• Creating an Awareness Program

Sara McAneney - IT Security Manager at TCD
Sara will outline how the Trinity College IT department are approaching the GDPR by considering its impact on people, processes and technical controls.
Sara will discuss the implications for the University IT Department including:
• The requirement to complete data privacy impact assessments for new systems which store and process personal data.
• Requirements for third party contractual relationships with data processors and the technical scrutiny of Third Party Processors.
• The concept of Data Protection by Design and by Default and the implications for the procurement and design of new information systems as well as the
management of existing infrastructure and systems.
• The importance of data encryption and the overwhelming need for tailored awareness programs and training for IT staff.