Ce diaporama a bien été signalé.
Le téléchargement de votre SlideShare est en cours. ×

General Data Protection Regulation (GDPR)

Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Publicité
Prochain SlideShare
Presentation on GDPR
Presentation on GDPR
Chargement dans…3
×

Consultez-les par la suite

1 sur 19 Publicité

General Data Protection Regulation (GDPR)

Télécharger pour lire hors ligne

GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!

About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.

www.extentia.com

GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!

About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.

www.extentia.com

Publicité
Publicité

Plus De Contenu Connexe

Diaporamas pour vous (20)

Similaire à General Data Protection Regulation (GDPR) (20)

Publicité

Plus par Extentia Information Technology (20)

Plus récents (20)

Publicité

General Data Protection Regulation (GDPR)

  1. 1. GENERAL DATA PROTECTION REGULATION (GDPR)
  2. 2. What does GDPR want? ■ Protection of personal data and privacy of EU citizens ■ Restriction on export of personal data outside the EU
  3. 3. Areas protected by GDPR.
  4. 4. When? ■ The regulation was adopted on 27 April, 2016 ■ Companies must be able to show compliance by 25 May, 2018
  5. 5. What data does GDPR protect? ■ Personally identifiable information (PII) is any data that can be used to identify a specific individual, such as: ■ Basic identity information – name, address and ID numbers, and email addresses ■ Web data – location, IP address, cookie data, RFID tags, login IDs, social media posts, or digital images, geolocation, biometric, and behavioral data ■ Health and genetic data ■ Biometric data ■ Racial or ethnic data ■ Political opinions ■ Sexual orientation
  6. 6. The rights of a data subject Any resident of EU can demand the following: ■ Right to access – find out what information about him or her you hold, where did it come from, when it was used and who all used it. ■ Right to be forgotten – ask for all records – and all traces of him/her be removed. This applies when: ■ The personal data is no longer necessary in relation to the purpose for which it was collected ■ The individual specifically withdraws consent to processing ■ Personal data has been unlawfully processed ■ The data must be erased in order for a controller to comply with legal obligations (for example, the deletion of certain data after a set period of time)
  7. 7. GDPR – algorithms and analytics ■ GDPR will have a significant effect on data capture by algorithms or for the purpose of analytics ■ In order to use personal data: ■ Data controllers and processors must implement new technical measures to ‘pseudonymise’ data to reduce the risk of unauthorized re-identification ■ Data Protection by Default requires data protection to be applied at the earliest opportunity and requires that steps be affirmatively taken to make use of personal data
  8. 8. GDPR and automated decision making ■ Article 22 of the regulation restricts the use of intelligent algorithms in decision making and profiling of individuals ■ E.g. Bail, immigration, etc.
  9. 9. Who will be responsible for compliance? ■ Data Controller – is the user/consumer of the personal data – a company that wants to act on it ■ Data Processors – the company or an outsourced partner – who seeks and works on the data – as a service provider to the Data Controller ■ Data Protection Officer – an appointed officer responsible for responding to all queries and insuring compliance. Could be an internal officer or an external consultant
  10. 10. Which companies does this apply to? Any company that stores or processes personal information about EU citizens within EU states that has: ■ A presence in an EU country ■ No presence in the EU, but it processes personal data of EU residents ■ More than 250 employees ■ Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects.
  11. 11. Information companies must provide ■ Article 13 of the regulation tells us the information to give: ■ Details about the data controller ■ Contact details about the controller’s Data Protection Officer, such as a generic email address dataprotection@company.com ■ What processing is done and the legal basis for doing it ■ Who data will be passed on to ■ How data is protected if it is passed or stored outside the EU ■ How long data is retained ■ How to exercise the right to have data erased, probably through a generic email address such as dataprotection@company.com. ■ A ‘self-service’ area on a website for individuals to maintain the personal data they have provided
  12. 12. The internet is notorious for providing all kinds of personal data in this day and age. Rampant use of which, makes it difficult to safeguard this very data.
  13. 13. What if you are not GDPR compliant? ■ Steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher, for non- compliance
  14. 14. 6 steps to GDPR 1 – Understand the GDPR legal framework 2 – Create a Data Register, a GDPR diary to maintain proof of the companies GDPR process 3 – Classify data that can directly or indirectly identify an EU citizen, then determine its relevance 4 – Privacy and Data Protection Impact Assessment of policies by evaluating data life cycles from origination to destruction points 5 – Assess and document additional risks and processes 6 – Revise and repeat
  15. 15. GDPR and data capture ■ Each time you request data, consent is required, especially, if the data is being processed for different purposes ■ A single consent does not cover all instances of data capture ■ Businesses will no longer be able to rely on opt-out processes or implicit consent ■ Inaction on the part of a user does not assume consent ■ Clear, plain language needs to be used every time data is requested ■ To gain consent, companies need: ■ A written statement – including by electronic means ■ An oral statement ■ Ticking of a box on a website ■ Choosing technical settings for information society services
  16. 16. GDPR and data capture ■ Consent should be verifiable, so data controllers will need to keep detailed records to prove a user has ‘opted-in’ and consented. ■ To stay on the right side of the law, companies will need to: ■ Get valid consent for use of any personal data, with an affirmative act by the subject ■ Explain how and why data will be processed in any given circumstance ■ Re-obtain consent if the processing methods change or use of that data alters ■ Provide records of consent and access to the data that has been captured upon request
  17. 17. Making your organisation GDPR compliant ■ Identify what personal data you have and where it is ■ Logging all use of personal data is extremely important ■ Control the manner in which personal data is accessed and used ■ Implement measures to prevent, detect, and respond to vulnerabilities in the system and to data breaches ■ Maintain documentation and handle requests for personal data and notification of breaches ■ Set up a process for ongoing assessment
  18. 18. Sources ■ https://www.csoonline.com/article/3202771/data-protection/general-data-protection- regulation-gdpr-requirements-deadlines-and-facts.html ■ https://www.eugdpr.org/ ■ https://gdpr-info.eu/ ■ http://ec.europa.eu/justice/data-protection/reform/index_en.htm ■ http://www.itpro.co.uk/it-legislation/27814/what-is-gdpr-everything-you-need-to-know-8 ■ https://www.csoonline.com/article/3239786/regulation/6-steps-for-gdpr-compliance.html ■ https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf ■ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self- assessment/getting-ready-for-the-gdpr/ ■ https://gowlingwlg.com/GowlingWLG/media/UK/pdf/170630-gdpr-checklist-for- compliance.pdf ■ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self- assessment/data-controllers/ ■ https://ico.org.uk/for-organisations/resources-and-support/data-protection-self- assessment/data-processors/
  19. 19. THANK YOU Questions?

Notes de l'éditeur

  • GDPR – General Data Protection Regulation

×