Understanding the General Data Protection Regulations – FutureLearn course

A discussion of data protection and the course that taught it, by Christine Macleod.

I have just completed the free online course on Understanding of the General Data Protection Regulations course presented by FutureLearn. This was a self-paced, four week course, taking approximately 3 hours per week. The GDPR course is compiled and presented by staff at the University of Groningen.

I was interested in doing this course for three reasons.

  1. The SLLG committee needs to know how to apply these regulations to the SLLG membership data.
  2. As a member of the public (a data subject) I was curious as to what my rights are, and how to protect my privacy.
  3. How does the GDPR apply to my professional work

I completed a previous FutureLearn course on Genealogy by Strathclyde University, so knew roughly what the format would be – articles, videos, interactive comments, quizzes and exercises. There are also additional resources – links and articles you can read on particular topics if you want to research a topic in more depth. After each section you tick a box to confirm you have completed it so you know exactly where you are and how much more you have to do.

The course is interactive and it asks you to write comments on specific questions, like what do you think about privacy and data security. You can read comments from others on the course, and they can “Like” your comments etc. so discussions can start up. Throughout the course there are links to the regulations themselves if you want to read the actual documents or relate the concepts to the particular articles within the regulations.

The new GDPR come into force on 25 May 2018 and any company or organisation (governments, councils universities etc) in the EU that collects and stores data on individuals will have to be compliant with these Regulations by then. It also affects companies outside the EU if they hold data on EU resident data.cloud-3017392__340

The course covers a variety of topics, from basic GDPR concepts, to processing principles, rights of data subjects, obligations for controllers and processors, enforcement mechanisms and liability and sanctions. Each section in explained in articles and videos with reference to supporting materials

Week 1 Is an introduction and is designed to make you think about why and what you need to know about the new regulations and the processing of personal data e.g. What are privacy and data protection? It uses the Google case as an example which I found interesting it connects you to a real case, and goes back to the case throughout to provide a live example.

It then outlined the basic fundamentals of GDPR, Data protection principles, consent and minors, including definitions and the different roles – controllers, processors and subjects, data protection officers DPOs – the basics of what you need to understand to make sense of the regulations.

There are 6 main data protection principles which form the basis for privacy of information and data protection. I have listed them here as they are the backbone to the regulations, so are important to learn and understand.

  1. Lawfulness, fairness and transparency
  2. Purpose limitation
  3. Data minimisation
  4. Accuracy
  5. Storage limitation
  6. Integrity and confidentiality

These principles are held together by the principle of Accountancy. The Controller shall be responsible for compliance with the principles

Week 2 was all about the rights of data subjects which I found very interesting. It looked at transparency and modalities (the mode in which something is experienced eg – written, spoken, email, by phone etc) and how information about you is held, what is done to it and how to complain; the need for transparent, understandable, language, and any processes must be simple to undertake.

The sections went through the various rights and their exceptions

ecommerce-3021581_960_720

The Rights to :-

  • access and rectification
  • object and restrict processing
  • erasure (without undue delay) (except for public interest/health, legal claims etc.)
  • data portability (copy supplied is in a readable format
  • how to complain even/especially if data is processed automatically
  • judicial remedies
  • to be represented
  • compensation for material or non-material damages

These are all rights which we as individuals will have, and I feel it is important that we know what our rights are. Many of the comments in the discussions were about how you are asked by your phone to allow access to your emails, photos, location etc. and how there seems little option but to comply.

Week 3 covered the obligations of controllers and processors – who these groups are, where they overlap, what they are accountable for and to whom. It also looked at the appointment of Data Protection Offices and Data Protection Impact Assessments,

Part of the Controllers obligations include achieving data protection by design and by default. By design – data protection has to be built into systems from the start. By Default – data collections must only contain the minimum amount of data required for specific purposes, and only for a specified amount of time.

Week 4 was about GDPR enforcement and compliance, which looked at the co-ordination, powers and roles of the various authorities, such as the National Supervisory Authorities and the European Data Protection Board. It also looked at the tools available to companies and organisation to help them comply, such as certification mechanisms, codes of conduct, and binding corporate rules. It touched on cross-border data transfers, and finally the liabilities, responsibilities and penalties and sanctions of data controllers and processors are subject to if they do not comply.

Through-out the course you are asked to think about how these concepts apply, what impact they have on you personally, whether you think sanctions will actually work. This method involves you and keeps you interested and engaged, and helps you learn. I do feel I now understand what the GDPR is about and how it applies to me in my life and in my work. I have also been asked to share my new found knowledge with my colleagues.

I found the course great at presenting the information, starting from the general to the specific.  It was stimulating, interesting and very pertinent to me both as an individual, and as a SLLG committee member. It made me aware of how I can protect and access my personal data. It also made me think about what the SLLG committee needs to do to protect members’ data. It was in-depth enough to generate more questions (How will the right to be forgotten be applied? Can we have privacy and protect national security?), and stimulated an appreciation of the issues surrounding data protection and privacy in today’s society which is so steeped in social media.

There are lots more interesting courses available on FutureLearn, including several legal subjects eg. “Law for non-Lawyers” and “Maritime Law” , courses useful to chartership “Learning online: reflecting and sharing”, and just interesting subjects like geology and moons – go look and learn!

Advertisements

BIALL Legal Foundation Course: a review

An SLLG member applied for an SLLG bursary to undertake the BIALL Legal Foundations Course. This is their review of the course.

I started a new post as librarian with Dundas & Wilson in January 2013. It had been 21 years since I worked as an Assistant Librarian at the Faculty of Advocated library, but I was amazed at how quickly I remembered the basic principles, the names of all the standard texts, and was delighted by how far LexisNexis online had developed.

I was responsible for answering enquires from the Dundas and Wilson Edinburgh, Glasgow and London offices, and after a few months, realised felt unsure about the English law enquiries, so decided to do something about improving and extending my knowledge in this area, to make me feel confident I was providing a good service.

I applied for a SLLG bursary to do the BIALL Legal Foundation Course offered by the University of Westminster, and was pleased to be awarded the full amount. I managed to attend the Induction afternoon in London in the University of Westminster, and met many of my fellow students, most of whom were based in London, and were starting out in their careers as law librarians. I found it more useful to meet the staff, especially Avis Whyte the course leader.

The course is a distance learning course, lasting from Oct to April, covering 17 topics over 23 weeks. The topics are designed to cover all aspects of English law and range from ‘The English legal system’, Tort, Contract, Sale of Goods, Criminal, Employment, EU, Immigration, Human Rights, Wills & Probate, Civil procedure, Family IP, Media, Land, Company and Banking.

There is a lecture a week which, depending on the person giving the lecture, lasts between 60 to 120 minutes. There is then a multiple choice test at the end of each section or lesson. To be awarded the certificate of completion you are required to get 100% in each test. Luckily, you can do the test as many times as required, and you are given four weeks for each lecture. If you miss any lectures, there is another chance to catch up at Christmas, and at the end of the course.

I set myself the goal of doing the course every Monday evening from home, and tried not to back-slide. With trepidation, I started my first course (it has been a long time since I did any formal education!) and I found it to be really interesting. I started looking forward to my Monday evenings and absorbing the content – some more than others – and the challenge of getting 100%. I found some to be challenging e.g. Corporate and company law, and others surprisingly familiar: IP, family, immigration and criminal law. I think I read too many detective books!

There were the usual disgruntlements you will get with any course – inaccurate/out of date slides, people talking to fast or too slow; presuming you have too little or too much prior knowledge of a subject, and the usual technical problems, but on the whole it was really good, and I would recommend it to anyone who has to work with English law, especially those at the beginning of their career.

I found the history and the interpretation of English law very interesting and instructive, and quite challenging and also Tort, because it is so different. It introduced me to the basic ideas and the main legislation, and detailed the major cases, the options for the judges, the different approaches, and also the constantly changing aspect of the law e.g. sale of good catching up with online shopping.

It proved to be far more relevant than I ever imagined it to be, when the merger of Dundas & Wilson with CMS Cameron McKenna was announced at Christmas. From May 2014 onwards I have now been answering research enquiries as part of the CMS Cameron McKenna library team from staff all over the world (but mainly England). It has given me much more confidence in my understanding of enquiries, and in my ability to find and present the relevant results to enquirers.

Many thanks to the SLLG committee for awarding me the bursary to complete the course.

Avizandum autumn social: 6th November, 2014

Several members of the SLLG braved the outside evening chill to be rewarded with a warm welcome inside at Avizandum Law Bookshop.

We would like to once again thank Elizabeth and her staff at Avizandum for supplying the delicious food and for their excellent hosting of us.

Wine, cheese, fruit juice, savoury bites and chocolate biscuits complemented the professional networking and informal chatter throughout the evening. The event is special in the group calendar as it provides a purely social occasion for members to meet. The ‘pop-in’ style of the event, too, lends itself to flexibly fit in with member’s plans: allowing members to both come along when, and stay for as long as, they like. Happily, this is a semi-annual fixture of the SLLG year and we are already looking forward to the Spring version in 2015.

Refreshments at the Avizandum Autumn social event 2014

Refreshments at the Avizandum Autumn social event 2014