2. Christoph Balduck -
2
• Data
privacy
&
data
protec8on
professional
• Data
&
Informa8on
mgt.
professional
• Teaching
&
advising
companies
on
how
to
prac8cally
implement
GDPR
Copyright
DataTrustAssociates.com
3. Agenda:
3
• Is
GDPR
a
hype?
• GDPR:
a
burden
or
an
opportunity?
• Ques8ons
companies
face
during
their
GDPR
implementa8on
• How
do
I
setup
the
register
&
how
detailled
should
it
be?
• How
do
I
categorize
data?
Copyright
DataTrustAssociates.com
4. Agenda:
4
• Is
GDPR
a
hype?
• GDPR:
a
burden
or
an
opportunity?
• Ques8ons
companies
face
during
their
GDPR
implementa8on
• How
do
I
setup
the
register
&
how
detailled
should
it
be?
• How
do
I
categorize
data?
Copyright
DataTrustAssociates.com
6. Agenda:
6
• Is
GDPR
a
hype?
• GDPR:
a
burden
or
an
opportunity?
• Ques8ons
companies
face
during
their
GDPR
implementa8on
• How
do
I
setup
the
register
&
how
detailled
should
it
be?
• How
do
I
categorize
data?
Copyright
DataTrustAssociates.com
7. The
DTA
Trust
Model
Regulatory
Compliance
Opera8onal
Excellence
&
Analy8cs
Customer
Centricity
Social
Responsibility
Copyright
DataTrustAssociates.com
8. Agenda:
8
• Is
GDPR
a
hype?
• GDPR:
a
burden
or
an
opportunity?
• Ques8ons
companies
face
during
their
GDPR
implementa8on
• How
do
I
setup
the
register
&
how
detailled
should
it
be?
• How
do
I
categorize
data?
Copyright
DataTrustAssociates.com
9. 9
What the GDPR says about the register:
Copyright
DataTrustAssociates.com
Controller
name
&
contact
details
Data
protec8on
officer
Purpose
of
processing
Categories
of
data
subjects
Categories
of
personal
data
Categories
of
recipients
of
personal
data
Transfer
of
personal
data
Appropriate
safegards
Time
limits
for
erasure
Technical
&
organiza8onal
security
measures
Maintain
a
record
of
processing
ac6vi6es
What
did
Johan
men8on?
10. 10
What the GDPR says about the register:
Copyright
DataTrustAssociates.com
Maintain
a
record
of
processing
ac6vi6es
Readiness
for
complying
with
the
data
subject’s
rights
?
What
does
that
mean?
How
&
where
do
I
start?
11. 11
Business
process
level
0
Business
process
level
1
Business
process
level
n
Ac8vity
level
… …
Business
process
level
0
Business
process
level
1
High
risk
High
risk
Business
process
level
n
Ac8vity
level
High
risk
High
risk
High
risk
High
risk
Business process level 0
Business process level 1
Business process level n
Activity level
Business
process
level
0
Business
process
level
1
Business
process
level
n
Ac8vity
level
…
…
Discover
personal
data
in
systems/sources,…
db’s,
ECM’s,
docs
&
other
and
integra8ons
How to discover personal data processing ac"vi"es?
Copyright
DataTrustAssociates.com
12. 12
High risk privacy
strategy
Little or no privacy
strategy
Risk averse privacy
strategy
Risk-based only
privacy strategy
Register approach vs. privacy strategy
13. Agenda:
13
• Is
GDPR
a
hype?
• GDPR:
a
burden
or
an
opportunity?
• Ques8ons
companies
face
during
their
GDPR
implementa8on
• How
do
I
setup
the
register
&
how
detailled
should
it
be?
• How
do
I
categorize
data?
14. How to categorize data?
14
• Should
I
categorize
based
upon
department,
domain,
…?
• Should
I
categorize
based
upon
data
privacy
risk?
• Should
I
categorize
based
upon
security
(CIAT)?
• What
about
data
that
has
another
meaning
&
category
depending
on
the
context?
17. 17
Embed
risk
categories
into
the
data
categoriza8on
matrix
Open
Medium
risk
personal
data
High
risk
personal
data
Special
category/
Sensi8ve
personal
data