Gdpr action plan - ISSA
Le téléchargement de votre SlideShare est en cours.
×
Consultez-les par la suite
![](http://img.youtube.com/vi/["ILtiQAyKTfw"]/1.jpg)
Suggestions
Plus De Contenu Connexe
Diaporamas pour vous (20)
Les utilisateurs ont également aimé (12)
Similaire à Ensuring GDPR Compliance - A Zymplify Guide (20)
Plus récents (20)
Ensuring GDPR Compliance - A Zymplify Guide
- 1. GDPR What It Means For Your Business A Zymplify Guide
- 2. Michael Green Head of Finance/Data Protection Officer Certified GDPR Practitioner Chartered Accountant michaelg@Zymplify.com
- 3. Contents ZYMPLIFY 2017 • Introduction to Zymplify • What is GDPR • How does GDPR differ from the Data Protection Act • Accountability & Governance Concepts • Consent • Privacy Notices • Cookies • Breach reporting and sanctions • Summary • How can Zymplify help? • Q&A
- 4. Zymplify is Marketing as a Service Reach More. Engage More. Sell More Zymplify is a Marketing as a Service company. We transform the way marketing and sales work by integrating them seamlessly with your business Our All-In-One Solution gives businesses the ability to create, publish, track and analyse all your marketing campaigns and activities from one integrated dashboard.
- 5. What is GDPR? • Places significant additional responsibilities on data controllers and processors • It’s about personal data – it does not cover “business data” (e.g. accounts) • Protection of personal data is a fundamental right, enshrined at EU Charter level • It is about putting control back in the hands of the individual – forcing businesses to put data protection ‘front and center’ • Brexit proof – UK Government has confirmed that the decision to leave the EU will not affect the commencement of the GDPR • Applies to processing carried out by organisations operating within the EU and organisations outside the EU that offer goods or services to individuals in the EU ZYMPLIFY 2017 GDPR is the General Data Protection Regulation which will apply in the UK from 25th May 2018
- 6. GDPR – what’s new? • Accountability and Data Governance • Definition of personal data and sensitive personal data • Data portability • Rights to erasure • Consent • Transparency • Profiling • Punitive administrative fines • Breach notification • Data transfers ZYMPLIFY 2017
- 7. Accountability Concept • Article 5: Principles relating to processing of personal data: • “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability'). “ 1•Processed lawfully, fairly and in a transparent manner 2•Collected for specified, explicit and legitimate purposes 3•Adequate, relevant and limited to what is necessary 4•Accurate and, where necessary, kept up to date 5•Retained only for as long as necessary 6•Processed in an appropriate manner to maintain security This statement raises the bar across the board and process will be key to demonstrating accountability. The bottom line is businesses need to shift focus to a proactive approach to data protection ZYMPLIFY 2017
- 8. Data Governance • Data Protection Officers must be appointed by: • Public bodies • Organisations whose core activities consist of processing that requires regular systematic monitoring of data subjects on a large scale • Organisations that process large quantities of special category data • Organisations should create a culture of Data protection by design and default – “bake it in” to their business (DPDD) • Data protection impact assessments (DPIA’s) – risk mitigation assessments which may be carried out “where there is a high risk to data subjects • Develop processes to ensure that records records are processed and maintained accurately ZYMPLIFY 2017
- 9. Article 4 : Consent • ‘must be freely given, specific, informed and unambiguous’ • ‘Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations.’ • ‘The controller must be able to demonstrate that the data subject has consented to processing’ • ‘Data subjects have the right to withdraw consent at any time’ • It’s important to note that pre-ticked boxes on forms does not constitute consent – the data subject must manually click the button for consent to be valid • Documentation of consent is crucial! ZYMPLIFY 2017
- 10. Privacy Notices ZYMPLIFY 2017 You should have a clear privacy notice and make people aware of it. It should tell people: What information is being collected? Who is collecting it? How is it collected? Why is it being collected? How will it be used? Who will it be shared with? ico.org.uk/for-organisations/guide-to-data- protection/privacy-notices-transparency-and- control/
- 11. Cookies ZYMPLIFY 2017 • Sites will need an always-available opt-out: Even after getting valid consent, there must be a route for people to change their mind. • Soft opt-in is likely the best consent model: Website owners should give visitors an opportunity to act before cookies are set on a first visit to a site. • Consent will need to be specific to different cookie purposes: Sites that use different types of cookies with different processing purposes will need valid consent mechanisms for each purpose. • If accepting cookies is as easy as clicking a link on a landing page then withdrawal of consent must be just as simple.
- 12. Cookies ZYMPLIFY 2017 Many businesses are now updating their cookie policies and acceptance processes to ensure they are fully compliant with the legislation. For example Easyjet will now not allow a new visitor onto their site without first accepting their cookie policy – other companies have similar notices which require a positive affirmation to proceed.
- 13. Breach reporting & sanctions Data Breaches: • Data breaches must be reported to the ICO within 72 hours • Measures being taken to remedy should be outlined • If rights or freedoms of individuals are at risk they must be informed without undue delay Sanctions for failure to comply: • Fines of up to €20mil or 4% of global annual turnover (whichever is greater) • Individuals have the right to compensation ZYMPLIFY 2017
- 14. Summary • The clock is ticking – less than a year until this regulation comes into force • Data protection by Design is key • Accountability • Review the use of consent • Update privacy notices & cookie policies • Opportunity or threat • Protect your business ZYMPLIFY 2017 Don’t wait until it’s too late – ACT NOW! Companies need to act now to ensure that they are prepared for this new regulation – you should be taking steps to identify what data you currently hold, whether you have a lawful basis for processing this data and whether your systems are adequate for ensuring that data is maintained in a compliant manner.
- 15. How can Zymplify help? ZYMPLIFY 2017 • Bring all your marketing & sales activities into one centralised dashboard
- 16. How can Zymplify help? ZYMPLIFY 2017 Manage Templates - By having a set of standard templates you can be sure that all of your marketing campaigns have transparent notices in place and when data subjects interact with your marketing campaigns you can tie this all back to the policy that was in place at the time ensuring you have a full audit trail on consent etc.
- 17. How can Zymplify help? ZYMPLIFY 2017 Manage Consent - With a single customer view you can track every interaction with a data subject across all campaigns and channels. You can also monitor the consent status of each individual covering SMS consent, Email Consent, Mail Consent, Telephone Consent, Consent to receive cookies, and consent in respect of profiling
- 18. How can Zymplify help? ZYMPLIFY 2017 • 5 hours per month dedicated campaign management and compliance support
- 19. How can Zymplify help? ZYMPLIFY 2017 • £299 per month gets you all this:
- 20. To book a free demo of the Zymplify platform please go to: www.Zymplify.com sales@Zymplify.com ZYMPLIFY 2017
