SlideShare une entreprise Scribd logo

Ensuring GDPR Compliance - A Zymplify Guide

Télécharger en tant que PPTX, PDF
Zymplify
Zymplify

The GDPR will come into force on 25 May 2018 and will change data protection laws across the EU. Organisations can face heavy fines if they are found to be in breach of the GDPR, so take a look at Zymplify's guide to the most important parts of the regulation. Act now to get ready for the GDPR. Book a Demo with Zymplify - http://d36.co/12vWD

Marketing
1  sur  20
GDPR What It Means For Your Business A Zymplify Guide
Michael Green Head of Finance/Data Protection Officer Certified GDPR Practitioner Chartered Accountant michaelg@Zymplify.com
Contents ZYMPLIFY 2017 • Introduction to Zymplify • What is GDPR • How does GDPR differ from the Data Protection Act • Accountability & Governance Concepts • Consent • Privacy Notices • Cookies • Breach reporting and sanctions • Summary • How can Zymplify help? • Q&A
Zymplify is Marketing as a Service Reach More. Engage More. Sell More Zymplify is a Marketing as a Service company. We transform the way marketing and sales work by integrating them seamlessly with your business Our All-In-One Solution gives businesses the ability to create, publish, track and analyse all your marketing campaigns and activities from one integrated dashboard.
What is GDPR? • Places significant additional responsibilities on data controllers and processors • It’s about personal data – it does not cover “business data” (e.g. accounts) • Protection of personal data is a fundamental right, enshrined at EU Charter level • It is about putting control back in the hands of the individual – forcing businesses to put data protection ‘front and center’ • Brexit proof – UK Government has confirmed that the decision to leave the EU will not affect the commencement of the GDPR • Applies to processing carried out by organisations operating within the EU and organisations outside the EU that offer goods or services to individuals in the EU ZYMPLIFY 2017 GDPR is the General Data Protection Regulation which will apply in the UK from 25th May 2018
GDPR – what’s new? • Accountability and Data Governance • Definition of personal data and sensitive personal data • Data portability • Rights to erasure • Consent • Transparency • Profiling • Punitive administrative fines • Breach notification • Data transfers ZYMPLIFY 2017
Accountability Concept • Article 5: Principles relating to processing of personal data: • “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability'). “ 1•Processed lawfully, fairly and in a transparent manner 2•Collected for specified, explicit and legitimate purposes 3•Adequate, relevant and limited to what is necessary 4•Accurate and, where necessary, kept up to date 5•Retained only for as long as necessary 6•Processed in an appropriate manner to maintain security This statement raises the bar across the board and process will be key to demonstrating accountability. The bottom line is businesses need to shift focus to a proactive approach to data protection ZYMPLIFY 2017
Data Governance • Data Protection Officers must be appointed by: • Public bodies • Organisations whose core activities consist of processing that requires regular systematic monitoring of data subjects on a large scale • Organisations that process large quantities of special category data • Organisations should create a culture of Data protection by design and default – “bake it in” to their business (DPDD) • Data protection impact assessments (DPIA’s) – risk mitigation assessments which may be carried out “where there is a high risk to data subjects • Develop processes to ensure that records records are processed and maintained accurately ZYMPLIFY 2017
Article 4 : Consent • ‘must be freely given, specific, informed and unambiguous’ • ‘Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations.’ • ‘The controller must be able to demonstrate that the data subject has consented to processing’ • ‘Data subjects have the right to withdraw consent at any time’ • It’s important to note that pre-ticked boxes on forms does not constitute consent – the data subject must manually click the button for consent to be valid • Documentation of consent is crucial! ZYMPLIFY 2017
Privacy Notices ZYMPLIFY 2017 You should have a clear privacy notice and make people aware of it. It should tell people:  What information is being collected?  Who is collecting it?  How is it collected?  Why is it being collected?  How will it be used?  Who will it be shared with? ico.org.uk/for-organisations/guide-to-data- protection/privacy-notices-transparency-and- control/
Cookies ZYMPLIFY 2017 • Sites will need an always-available opt-out: Even after getting valid consent, there must be a route for people to change their mind. • Soft opt-in is likely the best consent model: Website owners should give visitors an opportunity to act before cookies are set on a first visit to a site. • Consent will need to be specific to different cookie purposes: Sites that use different types of cookies with different processing purposes will need valid consent mechanisms for each purpose. • If accepting cookies is as easy as clicking a link on a landing page then withdrawal of consent must be just as simple.
Cookies ZYMPLIFY 2017 Many businesses are now updating their cookie policies and acceptance processes to ensure they are fully compliant with the legislation. For example Easyjet will now not allow a new visitor onto their site without first accepting their cookie policy – other companies have similar notices which require a positive affirmation to proceed.
Breach reporting & sanctions Data Breaches: • Data breaches must be reported to the ICO within 72 hours • Measures being taken to remedy should be outlined • If rights or freedoms of individuals are at risk they must be informed without undue delay Sanctions for failure to comply: • Fines of up to €20mil or 4% of global annual turnover (whichever is greater) • Individuals have the right to compensation ZYMPLIFY 2017
Summary • The clock is ticking – less than a year until this regulation comes into force • Data protection by Design is key • Accountability • Review the use of consent • Update privacy notices & cookie policies • Opportunity or threat • Protect your business ZYMPLIFY 2017 Don’t wait until it’s too late – ACT NOW! Companies need to act now to ensure that they are prepared for this new regulation – you should be taking steps to identify what data you currently hold, whether you have a lawful basis for processing this data and whether your systems are adequate for ensuring that data is maintained in a compliant manner.
How can Zymplify help? ZYMPLIFY 2017 • Bring all your marketing & sales activities into one centralised dashboard
How can Zymplify help? ZYMPLIFY 2017 Manage Templates - By having a set of standard templates you can be sure that all of your marketing campaigns have transparent notices in place and when data subjects interact with your marketing campaigns you can tie this all back to the policy that was in place at the time ensuring you have a full audit trail on consent etc.
How can Zymplify help? ZYMPLIFY 2017 Manage Consent - With a single customer view you can track every interaction with a data subject across all campaigns and channels. You can also monitor the consent status of each individual covering SMS consent, Email Consent, Mail Consent, Telephone Consent, Consent to receive cookies, and consent in respect of profiling
How can Zymplify help? ZYMPLIFY 2017 • 5 hours per month dedicated campaign management and compliance support
How can Zymplify help? ZYMPLIFY 2017 • £299 per month gets you all this:
To book a free demo of the Zymplify platform please go to: www.Zymplify.com sales@Zymplify.com ZYMPLIFY 2017

Recommandé

GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 

Recommandé

GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesDimitri Sirota
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for DummiesCaroline Boscher
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
GDPR Awareness for YOU
GDPR Awareness for YOUGDPR Awareness for YOU
GDPR Awareness for YOUCliff Gibson
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017Amarach Research
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?Christiana Kozakou
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?NCVO - National Council for Voluntary Organisations
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparationPromapp Solutions
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceMongoDB
 

Contenu connexe

Tendances

Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?DATUM LLC
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...CIO Edge
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashedChris Gilmour
 
GDPR Awareness for YOU
GDPR Awareness for YOUGDPR Awareness for YOU
GDPR Awareness for YOUCliff Gibson
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017Amarach Research
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]TrustArc
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?Christiana Kozakou
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparationPromapp Solutions
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 

Tendances (20)

Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
 
GDPR Awareness for YOU
GDPR Awareness for YOUGDPR Awareness for YOU
GDPR Awareness for YOU
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
Marketing under the GDPR: What You Can and Cannot Do [Webinar Slides]
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...GDPR The New Data Protection Law coming into effect May 2018. What does it me...
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 

En vedette

Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance Jean-Michel Franco
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceMongoDB
 
Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery? Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery? Logikcull.com
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceMarketingArrowECS_CZ
 
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for Dummies
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for DummiesDevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for Dummies
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for DummiesDevOpsDays Riga
 
GDPR en Cloud security
GDPR en Cloud securityGDPR en Cloud security
GDPR en Cloud securityDelta-N
 
Doing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doDoing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doPatric Dahse
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...Ardoq
 
How is GDPR relevant for US companies
How is GDPR relevant for US companies How is GDPR relevant for US companies
How is GDPR relevant for US companies Patric Dahse
 
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]TrustArc
 
GDPR i offentlige anskaffelser
GDPR i offentlige anskaffelserGDPR i offentlige anskaffelser
GDPR i offentlige anskaffelserKjell Steffner
 

En vedette (12)

Practical steps to GDPR compliance
Practical steps to GDPR compliance Practical steps to GDPR compliance
Practical steps to GDPR compliance
 
Using GDPR to Transform Customer Experience
Using GDPR to Transform Customer ExperienceUsing GDPR to Transform Customer Experience
Using GDPR to Transform Customer Experience
 
Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery? Will the GDPR Kibosh EU-US Discovery?
Will the GDPR Kibosh EU-US Discovery?
 
Splunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR ComplianceSplunk: How Machine Data Supports GDPR Compliance
Splunk: How Machine Data Supports GDPR Compliance
 
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for Dummies
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for DummiesDevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for Dummies
DevOpsDaysRiga 2017: Edward van Deursen - GDPR in DevOps for Dummies
 
GDPR en Cloud security
GDPR en Cloud securityGDPR en Cloud security
GDPR en Cloud security
 
Doing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and doDoing Business in Europe? GDPR: What you need to know and do
Doing Business in Europe? GDPR: What you need to know and do
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...GDPR From the Trenches - Real-world examples of how companies are approaching...
GDPR From the Trenches - Real-world examples of how companies are approaching...
 
How is GDPR relevant for US companies
How is GDPR relevant for US companies How is GDPR relevant for US companies
How is GDPR relevant for US companies
 
2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final2017 10 26 webinar - gdpr final
2017 10 26 webinar - gdpr final
 
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
Profiling, Big Data & Consent Under the GDPR [TrustArc Webinar Slides]
 
GDPR i offentlige anskaffelser
GDPR i offentlige anskaffelserGDPR i offentlige anskaffelser
GDPR i offentlige anskaffelser
 

Similaire à Ensuring GDPR Compliance - A Zymplify Guide

Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacyCenter.cloud
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy RegulationJatin Kochhar
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?Jatin Kochhar
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issuesJagdeepSingh394
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyIvan Tsarynny
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps FrameworkFeroot
 
What Marketers Need To Know About GDPR
What Marketers Need To Know About GDPRWhat Marketers Need To Know About GDPR
What Marketers Need To Know About GDPRCrawfordGroup
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarSpotler
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceEquiGov Institute
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUser Vision
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesStephen Denning
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPRMarketo
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptxRavindra Babu
 
Show Me You Care: Why You Should Be Talking About Privacy and Value-Exchange
Show Me You Care: Why You Should Be Talking About Privacy and Value-ExchangeShow Me You Care: Why You Should Be Talking About Privacy and Value-Exchange
Show Me You Care: Why You Should Be Talking About Privacy and Value-ExchangeTealium
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Delphix
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 

Similaire à Ensuring GDPR Compliance - A Zymplify Guide (20)

Privacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User DataPrivacy Policies: Guide to Protecting User Data
Privacy Policies: Guide to Protecting User Data
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Internet security and privacy issues
Internet security and privacy issuesInternet security and privacy issues
Internet security and privacy issues
 
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot PrivacyPrivacy Operations (PrivacyOps) Framework - Feroot Privacy
Privacy Operations (PrivacyOps) Framework - Feroot Privacy
 
PrivacyOps Framework
PrivacyOps FrameworkPrivacyOps Framework
PrivacyOps Framework
 
What Marketers Need To Know About GDPR
What Marketers Need To Know About GDPRWhat Marketers Need To Know About GDPR
What Marketers Need To Know About GDPR
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett Long
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator SeminarEU GDPR Changes: What do you need to know? - CommuniGator Seminar
EU GDPR Changes: What do you need to know? - CommuniGator Seminar
 
Data protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure complianceData protection: Steps Organisations can take to ensure compliance
Data protection: Steps Organisations can take to ensure compliance
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
Understanding & Working with the GDPR
Understanding & Working with the GDPRUnderstanding & Working with the GDPR
Understanding & Working with the GDPR
 
Ethics in Data Management.pptx
Ethics in Data Management.pptxEthics in Data Management.pptx
Ethics in Data Management.pptx
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
Show Me You Care: Why You Should Be Talking About Privacy and Value-Exchange
Show Me You Care: Why You Should Be Talking About Privacy and Value-ExchangeShow Me You Care: Why You Should Be Talking About Privacy and Value-Exchange
Show Me You Care: Why You Should Be Talking About Privacy and Value-Exchange
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 

Dernier

Elevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift AdvertisingElevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift AdvertisingVikasYadav194549
 
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
The Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfThe Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfVWO
 
Press Release Distribution Evolving with Digital Trends.pdf
Press Release Distribution Evolving with Digital Trends.pdfPress Release Distribution Evolving with Digital Trends.pdf
Press Release Distribution Evolving with Digital Trends.pdfPR Wires
 
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Labour Day Celebrating Workers and Their Contributions.pptx
Labour Day Celebrating Workers and Their Contributions.pptxLabour Day Celebrating Workers and Their Contributions.pptx
Labour Day Celebrating Workers and Their Contributions.pptxelizabethella096
 
Unlocking the Mystery of the Voynich Manuscript
Unlocking the Mystery of the Voynich ManuscriptUnlocking the Mystery of the Voynich Manuscript
Unlocking the Mystery of the Voynich Manuscriptelizabethella096
 
[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies UncoveredSearch Engine Journal
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdftbatkhuu1
 
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdfMicro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdfPiyush Kumar
 
Social media, ppt. Features, characteristics
Social media, ppt. Features, characteristicsSocial media, ppt. Features, characteristics
Social media, ppt. Features, characteristicswasim792942
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?riteshhsociall
 
Situation Analysis | Management Company.
Situation Analysis | Management Company.Situation Analysis | Management Company.
Situation Analysis | Management Company.DanielaQuiroz63
 
2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.comnmislamchannal
 
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptxUnveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptxelizabethella096
 
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756dollysharma2066
 
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort ServiceDelhi Call girls
 

Dernier (20)

Elevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift AdvertisingElevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
Elevate Your Advertising Game: Introducing Billion Broadcaster Lift Advertising
 
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 19 Noida Escorts >༒8448380779 Escort Service
 
The Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdfThe Science of Landing Page Messaging.pdf
The Science of Landing Page Messaging.pdf
 
Press Release Distribution Evolving with Digital Trends.pdf
Press Release Distribution Evolving with Digital Trends.pdfPress Release Distribution Evolving with Digital Trends.pdf
Press Release Distribution Evolving with Digital Trends.pdf
 
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Vaishali Escorts >༒8448380779 Escort Service
 
Labour Day Celebrating Workers and Their Contributions.pptx
Labour Day Celebrating Workers and Their Contributions.pptxLabour Day Celebrating Workers and Their Contributions.pptx
Labour Day Celebrating Workers and Their Contributions.pptx
 
Unlocking the Mystery of the Voynich Manuscript
Unlocking the Mystery of the Voynich ManuscriptUnlocking the Mystery of the Voynich Manuscript
Unlocking the Mystery of the Voynich Manuscript
 
[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered[Expert Panel] New Google Shopping Ads Strategies Uncovered
[Expert Panel] New Google Shopping Ads Strategies Uncovered
 
Brand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdfBrand experience Dream Center Peoria Presentation.pdf
Brand experience Dream Center Peoria Presentation.pdf
 
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdfMicro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
Micro-Choices, Max Impact Personalizing Your Journey, One Moment at a Time.pdf
 
Buy Linkedin Sales Navigator at Cheap Price
Buy Linkedin Sales Navigator at Cheap PriceBuy Linkedin Sales Navigator at Cheap Price
Buy Linkedin Sales Navigator at Cheap Price
 
Social media, ppt. Features, characteristics
Social media, ppt. Features, characteristicsSocial media, ppt. Features, characteristics
Social media, ppt. Features, characteristics
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?
 
Situation Analysis | Management Company.
Situation Analysis | Management Company.Situation Analysis | Management Company.
Situation Analysis | Management Company.
 
2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com2024 Social Trends Report V4 from Later.com
2024 Social Trends Report V4 from Later.com
 
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptxUnveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
Unveiling the Legacy of the Rosetta stone A Key to Ancient Knowledge.pptx
 
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
 
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
 
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort ServiceBusty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort Service
Busty Desi⚡Call Girls in Sector 49 Noida Escorts >༒8448380779 Escort Service
 
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 39 Noida Escorts Escorts >༒8448380779 Escort Service
 

Ensuring GDPR Compliance - A Zymplify Guide

  • 1. GDPR What It Means For Your Business A Zymplify Guide
  • 2. Michael Green Head of Finance/Data Protection Officer Certified GDPR Practitioner Chartered Accountant michaelg@Zymplify.com
  • 3. Contents ZYMPLIFY 2017 • Introduction to Zymplify • What is GDPR • How does GDPR differ from the Data Protection Act • Accountability & Governance Concepts • Consent • Privacy Notices • Cookies • Breach reporting and sanctions • Summary • How can Zymplify help? • Q&A
  • 4. Zymplify is Marketing as a Service Reach More. Engage More. Sell More Zymplify is a Marketing as a Service company. We transform the way marketing and sales work by integrating them seamlessly with your business Our All-In-One Solution gives businesses the ability to create, publish, track and analyse all your marketing campaigns and activities from one integrated dashboard.
  • 5. What is GDPR? • Places significant additional responsibilities on data controllers and processors • It’s about personal data – it does not cover “business data” (e.g. accounts) • Protection of personal data is a fundamental right, enshrined at EU Charter level • It is about putting control back in the hands of the individual – forcing businesses to put data protection ‘front and center’ • Brexit proof – UK Government has confirmed that the decision to leave the EU will not affect the commencement of the GDPR • Applies to processing carried out by organisations operating within the EU and organisations outside the EU that offer goods or services to individuals in the EU ZYMPLIFY 2017 GDPR is the General Data Protection Regulation which will apply in the UK from 25th May 2018
  • 6. GDPR – what’s new? • Accountability and Data Governance • Definition of personal data and sensitive personal data • Data portability • Rights to erasure • Consent • Transparency • Profiling • Punitive administrative fines • Breach notification • Data transfers ZYMPLIFY 2017
  • 7. Accountability Concept • Article 5: Principles relating to processing of personal data: • “The controller shall be responsible for, and be able to demonstrate compliance with, paragraph 1 ('accountability'). “ 1•Processed lawfully, fairly and in a transparent manner 2•Collected for specified, explicit and legitimate purposes 3•Adequate, relevant and limited to what is necessary 4•Accurate and, where necessary, kept up to date 5•Retained only for as long as necessary 6•Processed in an appropriate manner to maintain security This statement raises the bar across the board and process will be key to demonstrating accountability. The bottom line is businesses need to shift focus to a proactive approach to data protection ZYMPLIFY 2017
  • 8. Data Governance • Data Protection Officers must be appointed by: • Public bodies • Organisations whose core activities consist of processing that requires regular systematic monitoring of data subjects on a large scale • Organisations that process large quantities of special category data • Organisations should create a culture of Data protection by design and default – “bake it in” to their business (DPDD) • Data protection impact assessments (DPIA’s) – risk mitigation assessments which may be carried out “where there is a high risk to data subjects • Develop processes to ensure that records records are processed and maintained accurately ZYMPLIFY 2017
  • 9. Article 4 : Consent • ‘must be freely given, specific, informed and unambiguous’ • ‘Consent is presumed not to be freely given if it does not allow separate consent to be given to different personal data processing operations.’ • ‘The controller must be able to demonstrate that the data subject has consented to processing’ • ‘Data subjects have the right to withdraw consent at any time’ • It’s important to note that pre-ticked boxes on forms does not constitute consent – the data subject must manually click the button for consent to be valid • Documentation of consent is crucial! ZYMPLIFY 2017
  • 10. Privacy Notices ZYMPLIFY 2017 You should have a clear privacy notice and make people aware of it. It should tell people:  What information is being collected?  Who is collecting it?  How is it collected?  Why is it being collected?  How will it be used?  Who will it be shared with? ico.org.uk/for-organisations/guide-to-data- protection/privacy-notices-transparency-and- control/
  • 11. Cookies ZYMPLIFY 2017 • Sites will need an always-available opt-out: Even after getting valid consent, there must be a route for people to change their mind. • Soft opt-in is likely the best consent model: Website owners should give visitors an opportunity to act before cookies are set on a first visit to a site. • Consent will need to be specific to different cookie purposes: Sites that use different types of cookies with different processing purposes will need valid consent mechanisms for each purpose. • If accepting cookies is as easy as clicking a link on a landing page then withdrawal of consent must be just as simple.
  • 12. Cookies ZYMPLIFY 2017 Many businesses are now updating their cookie policies and acceptance processes to ensure they are fully compliant with the legislation. For example Easyjet will now not allow a new visitor onto their site without first accepting their cookie policy – other companies have similar notices which require a positive affirmation to proceed.
  • 13. Breach reporting & sanctions Data Breaches: • Data breaches must be reported to the ICO within 72 hours • Measures being taken to remedy should be outlined • If rights or freedoms of individuals are at risk they must be informed without undue delay Sanctions for failure to comply: • Fines of up to €20mil or 4% of global annual turnover (whichever is greater) • Individuals have the right to compensation ZYMPLIFY 2017
  • 14. Summary • The clock is ticking – less than a year until this regulation comes into force • Data protection by Design is key • Accountability • Review the use of consent • Update privacy notices & cookie policies • Opportunity or threat • Protect your business ZYMPLIFY 2017 Don’t wait until it’s too late – ACT NOW! Companies need to act now to ensure that they are prepared for this new regulation – you should be taking steps to identify what data you currently hold, whether you have a lawful basis for processing this data and whether your systems are adequate for ensuring that data is maintained in a compliant manner.
  • 15. How can Zymplify help? ZYMPLIFY 2017 • Bring all your marketing & sales activities into one centralised dashboard
  • 16. How can Zymplify help? ZYMPLIFY 2017 Manage Templates - By having a set of standard templates you can be sure that all of your marketing campaigns have transparent notices in place and when data subjects interact with your marketing campaigns you can tie this all back to the policy that was in place at the time ensuring you have a full audit trail on consent etc.
  • 17. How can Zymplify help? ZYMPLIFY 2017 Manage Consent - With a single customer view you can track every interaction with a data subject across all campaigns and channels. You can also monitor the consent status of each individual covering SMS consent, Email Consent, Mail Consent, Telephone Consent, Consent to receive cookies, and consent in respect of profiling
  • 18. How can Zymplify help? ZYMPLIFY 2017 • 5 hours per month dedicated campaign management and compliance support
  • 19. How can Zymplify help? ZYMPLIFY 2017 • £299 per month gets you all this:
  • 20. To book a free demo of the Zymplify platform please go to: www.Zymplify.com sales@Zymplify.com ZYMPLIFY 2017

Notes de l'éditeur

  1. Zymplify is a Marketing as a Service company – we transform the way marketing and sales work by integrating them seamlessly with your business. Our all in one solution gives businesses the ability to create, publish, track and analyse all your marketing campaigns and activities from one integrated dashboard. Our team of Zympli-Gurus are on hand, on demand to provide expert advice and a full range of digital marketing services.
  2. The general data protection regulation will come into effect in the UK from 25th May 2018 – the DPA was a directive whereas the GDPR is a regulation which means all member states must implement it. GDPR applies to data controllers and processors. The definitions are broadly the same as under the DPA. If you are currently subject to the DPA it is likely that you will also be subject to the GDPR. The regulation places specific legal obligations on data processors for example you are required to maintain records of personal data and processing activities. You will also have significantly more legal liability if you are responsible for a breach. Data controllers will have additional responsibilities to ensure that their processors and contracts comply with GDPR. The regulation applies to personal data which is any data that can identify a living individual, it does not apply to business data for example accounts The essence of the legislation is to safeguard the rights of EU Citizens to to put control back in the hands of the data subject forcing businesses to take a proactive approach to data protection The UK government has confirmed that the legislation will not be affected by the decision to leave the EU. It is has already been passed in EU law and the May 2018 deadline is for implementation by member states. Applies to the processing of personal data of EU Citizens regardless of whether the organisation is located within the EU or not.
  3. The 2 key areas of GDPR are accountability and data governance – controllers and processors are required implement the regulation AND demonstrate that they do so – demonstrate being the key point – businesses must put systems in place to ensure that they can prove compliance – this requires management buy in, a top down approach and adequate processes to maintain and monitor compliance The definition of personal data has remained largely the same but has been expanded under GDPR to include data such as online identifiers e.g. an IP address or cookies – these are now classed as personal data Sensitive personal data classed as special categories of data includes genetic data, biometric data or data concerning health and GDPR requires explicit consent for processing such data – companies processing large volumes of special category data should also appoint a data protection officer GDPR applies to both automated personal data and manual filing systems – so your filing cabinet full of patient records or employee personnel files are covered under this regulation and appropriate safeguards need to be put in place around manual filing systems to avoid data breaches Data subjects have additional rights under GDPR in respect of how their data is handled and specifically the right to port their data and the right to be forgotten – for example if I decide to move to a new dentist I have the right for the data on my dental record files to be transferred to my new dentist without undue delay, or if I no longer wish for a company to process my data I have the right to request full deletion (subject to any restrictions in respect of governing laws etc) Consent will be harder to obtain and harder to rely on so companies need to put tracking mechanisms in place to ensure they can both gather consent efficiently and maintain it – we will go into further detail on how to manage consent shortly A special emphasis has been placed on transparency – companies need to update their privacy statements to be concise, clear and unambiguous – they should be standardised and auditable – you should ensure that you keep a log of changes to privacy statements and put processes in place to track the policies that were in place when an individual provided their data to you Profiling is specifically mentioned in GDPR and any automated decision making must be notified to an individual – data subjects have the right to request human intervention and we will touch upon how that affects marketing activities later The penalties for a breach of the GDPR are extremely onerous and have the potential to cripple small businesses – fines of up to 20million euros or 4% of global annual turnover can be imposed – the ICO is the regulatory body in the UK responsible for ensuring GDPR is adhered to Data transfers to non EU countries are specifically mentioned in GDPR and the authorities have issued a white list of countries which are deemed to have adequate data protection controls – important to note the US is not on this list – the new EU US Privacy Shield replaces safe harbour and you should ensure that any US based processers are self certified under the privacy shield
  4. Article 5 sets out the principles in relation to processing personal data and legislates for this concept of accountability. *Read slide* This statement raises the bar across the board and process will be key to demonstrating accountability Privacy statements must provide more detailed information and be concise and easy to understand Consent must be unambiguous Profiling will be subject to greater focus and scrutiny Mandatory breach notifications introduced The bottom line is businesses need to shift focus to a proactive approach to data protection
  5. Data Governance is closely tied to accountability and organisations need to put good governance in place: Specifically required within GDPR are: All Public bodies must appoint a DPO. as do organisations processing large amounts of sensitive personal data and organisations who’s core activities is the systematic monitoring of data subjects. This has resulted in a shortage of DPO’s and as such you may wish to consider which staff within in your organisation may be suitable for taking on the role and provide adequate training. I would highly recommend the GDPR Practictioner Qualification with IT Governance. Process is key – identifying and carrying out DPIA’s and establishing Data Protection by Design and Default – think about how you could meaningfully keep records – and how to build up a single view of all interactions with a data subject Where there is a high risk to data subjects rights GDPR requires mandatory DPIA’s to be carried out Consider whether current marketing activities are designed with the data subjects rights in mind Devise workable policies and procedures to govern how data is processed and put processes in place that ensure that records can be maintained accurately
  6. In General you have to have a data subjects consent to process their data. While there are specific circumstances where consent is not strictly necessary these generally revolve around legal requirements such as compliance with another law or to protect the data subjects rights etc The conditions for consent are outlined here on the slide – Run through above and supplement with: •Consent should cover all processing activities carried out for the same purpose(s). •If processing for multiple purposes consent should be given for each of them. Companies should consider how they record consent for each purpose – what systems do they have in place to manage opt in and opt out and across channels or processes? Individuals should be able to withdraw consent as easily as it has been given i.e if consent was given via a tick box on a landing page then it should be removed via a similar means e.g updating preferences on a landing page, or if given via sms it should be able to be removed via SMS. •Specific rules apply to children (e.g. verify age, seek parental consent) (Article 7). •Specific rules apply to processing restricted data (Article 9). •Consent should not be considered freely given if data subject has no genuine or free choice Important to note that pre-ticked boxes on forms does not constitute consent – the data subject must manually click the button for consent to be valid Documentation of consent is crucial!
  7. Privacy notices are an important and necessary way of being transparent and telling data subjects what you’re doing with their information. You should have a clear privacy notice and make people aware of it – on your website and on other marketing campaigns such as landing pages etc. It should tell people: What is information is being collected Who is collecting it How it is collected Why it is collected and how it will be used Who it will be shared with More information of privacy notices and transparency can be found on the ICO website
  8. 1.If accepting cookies is as easy as clicking a link on a landing page then withdrawal of consent must be just as simple 2. Once fair notice is given, continuing to browse can, in most circumstances, be valid consent via affirmative action, the GDPR does not specifically change the legislation around cookies but re-inforces the current E Privacy legislation – it’s important to have a clear cookie policy and monitor opt outs or do not track requests 3. This means granular levels of control, with separate consents for tracking and analytics cookies, for example.
  9. Many businesses are now updating their cookie policies and acceptance processes to ensure they are fully compliant with the legislation. For example Easyjet will now not allow a new visitor onto their site without first accepting their cookie policy – other companies have similar notices which require a positive affirmation to proceed.
  10. In a world of increasing cyber attacks it is inevitable that breaches will happen – the mere fact that a breach has occurred does not necessarily mean that companies will be punished. The ICO will look at how companies have handled a breach in the first instance: 1. Did they report the breach within 72 hours 2. Were adequate processes in place to reduce the risk of infringement of data subjects rights e.g was the data encrypted or pseudonymised? 3. Where there was a risk identified have individuals been informed of a breach The penalties for failure to comply with GDPR are extremely punitive however and companies should be aware of them: Articles 83 of GDPR states that fines will be effective, proportionate and dissuasive and can be imposed in addition to or instead of corrective powers of the ICO These correct powers include things like issuing warnings, reprimands or ordering companies to comply with data subject requests As a small company you do not want to be one of the first companies to be reprimanded as the ICO will likely look to make an example of early offenders so it is important to take the necessary steps now to ensure that you have adequate controls and processes in place to ensure compliance
  11. Companies need to act now to ensure that they are prepared for this new regulation – you should be taking steps to identify what data you currently hold, whether you have a lawful basis for processing this data and whether your systems are adequate for ensuring that data is maintained in a compliant manner. Data protection by design is essential to ensuring that you are prepared – this means looking at what systems are in place to handle data – how can these be modified to ensure that you have a full picture of all interactions with a data subject – do you have a single view of all touchpoints? As mentioned previously you must be able to prove how you have put measures in place that ensure the rights of data subjects are protected Consent can be relied upon however you must ensure that data subjects have freely given this consent and have measures in place for removal of specific consent Transparency is also a key element of GDPR so you should update your privacy notices and cookie policies to ensure they are clear, concise and accurately reflect how data is collected and used - take steps to ensure that all data processing from a marketing perspective is open and transparent. This new regulation can be an opportunity for small businesses – consumers are more and more aware of their rights and will look to interact with businesses that take a proactive approach to protecting their data The fines for failure to comply are a significant risk to small businesses so you should act now to ensure that this risk is mitigated. This legislation is coming in regardless of Brexit and will be a massive burden on all businesses. A report out this week by IT Governance shows that 68% of organisations have not yet updated processes to comply with the GDPR – we are already well over a year since the legislation was passed with a 2 year time frame for implementation so a lot of businesses are behind the curve on this and need to seriously consider taking steps to get compliant.
  12. The next 3 or 4 slides will briefly outline how we are helping companies bring their marketing processes in line with GDPR By bringing all our your organisations marketing & sales activities under one single dashboard you will have a central repository of data subjects information which will make it much easier to maintain accurate and up to date data. So if you are running email campaigns, social campaigns, ppc ads etc all of the data coming back from those campaigns can be collated in one place. It will be much easier to respond to data subject access requests and to remove data from your systems when no longer appropriate or lawful to retain. These are key elements of GDPR – if you are working on multiple systems such as an email provider, a CRM, a social media management platform etc you will find it difficult to accurately maintain all databases and remove data easily and you will struggle to get a single customer view which tracks all touchpoints.
  13. The Zymplify platform allows you to create standardised templates for privacy policies, cookie pop ups, T&C’s, profiling policies etc. By having a set of standard templates you can be sure that all of your marketing campaigns have transparent notices in place and when data subjects interact with your marketing campaigns you can tie this all back to the policy that was in place at the time ensuring you have a full audit trail on consent etc.
  14. With a single customer view you can track every interaction with a data subject across all campaigns and channels You can also monitor the consent status of each individual covering SMS consent, Email Consent, Mail Consent, Telephone Consent, Consent to receive cookies, and consent in respect of profiling In addition you can tie each element of consent back to the time of collection, the campaign used and the policies in place at that time
  15. Zymplify include 5 hours per month of dedicated campaign management. Our Zympli-Gurus are a team of marketing professionals and are on hand, on demand to assist with all aspects of campaign set up and management. This can include assistance to build campaigns and review results or to help create your overall marketing strategy, you choose what you want us to do and when - we can also provide ongoing advice around ensuring compliance with GDPR. We are taking GDPR extremely seriously as an organisation and are actively training our staff in this area so that we can assist our clients in maintaining compliance.
  16. For £299 per month we provide you with the tools to manage your marketing activities and 5 hours of dedicated support per month to ensure your campaigns are both effective and compliant. In addition we are offering a 90 day money back guarantee so you can try the system for 3 months and at the end of that period if you do not wish to continue we offer a full refund – we do this because we are confident once a client comes on board they will see the value in our platform and services very quickly
  17. Thanks for your time this morning and if anyone would like to take a demo of the platform you can do so by going to our website and filling in the contact form where a member of our team will be in touch to schedule a 1 to 1 demo for you. Have a great day and thanks again