2. Source: Ernst-Oliver Wilhelm A Brief History of the General Data Protection Regulation via iapp.org
Technology & Data Protection
3. Classification of Data under the GDPR
Data
Company
Data
Personal Data
Sensitive Data
Article 9 of GDPR:
• Racial or ethnic origin
• Political opinions
• Religious / philosophical beliefs
• Genetic & biometric data
• Health data
• Sex life / sexual orientation
• Trade union membership
5. Collection Processing & Use Transfer
Consent required, for sensitive data*: explicit consent
Lawful bases other
than consent:*
• Vital interest of
individual
• Public interest
• Contract
• Compliance
with legal
obligations
• Legitimate
interest of data
controller
• Lawfully / transparently / fairly
• For specified purpose
• Adequate/relevant/ limited
• Up to date/ accurate
• Identification for no longer than
necessary
• Secure: data protection
by design & by default
• Recorded
Within EU: no need
for further approval
International:
• Subject to
“adequate level of
protection”
• US: Privacy Shield
• Contract
performance
• Legal claims
• Public register
GDPR basics
6. Individual rights
• The right to be informed
• The right of access
• The right to rectification
• The right to erasure
• The right to restrict processing
• The right to data portability
• The right to object
• Rights in relation to automated decision making and profiling.
7. Immediate steps
• Awareness
• Data audit: external communications, internal instructions, risk
management and privacy processes, such as vendor management.
• Review lawful bases for data collection & processing
• Privacy notices
• Consent
• Contracts review
• Ensure rights of individuals
• Data management system
• Procedures to detect, report and investigate data breach
• Employee responsible for GDPR compliance
• Budget for GDPR compliance
8. Potential GDPR benefits
Source: Working Toward GDPR Compliance, SAS Survey, 2018
via www.sas.com
• Improved data management
= better business efficiency
• Gaining competitive advantage
by having more accurate data
• Higher customer satisfaction
• Increased cyber security globally