SlideShare une entreprise Scribd logo

The European Union’s 
General Data Protection Regulation

David Sayce
David Sayce

Introduction to GDPR New data protection laws for 25 May 2018 Europe's data protection rules will undergo their biggest changes in two decades. Since they were created in the 90s, the amount of digital information we create, capture, and store has vastly increased. Simply put, the old regime was no longer fit for purpose. The solution is the mutually agreed European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. It will change how businesses and public sector organisations can handle the information of customer

Business
1  sur  46
Télécharger pour lire hors ligne
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro The European Union’s 
 General Data Protection Regulation INDBC breakfast group David Sayce Digital Marketing Director South East London Chamber of Commerce & Digital Marketing Consultant
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Share on Social! David Sayce Twitter @dsayce SELCC Twitter @SELondonChamber
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Europe's data protection rules will undergo their biggest changes in two decades. Since they were created in the 90s, the amount of digital information we create, capture, and store has vastly increased. Simply put, the old regime was no longer fit for purpose. The solution is the mutually agreed European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. It will change how businesses and public sector organisations can handle the information of customer
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro • The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. • The GDPR applies to ‘controllers’ and ‘processors’.  • A controller determines the purposes and means of processing personal data. • A processor is responsible for processing personal data on behalf of a controller.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro The largest penalty will be 
 your reputation!
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Ready for GDPR?
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Lots to do little time left
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro I am NOT a legal expert My work across digital marketing includes areas around legal and regulatory issues, these include Data Protection, from the 1995 Data Protection Act to GDPR. While I have worked with and advised SMEs and FTSE 100 companies, this presentation is for general information rather than specific advice. The GDPR is an evolving document, your needs and requirement may differ. Views, comments, information and advice are my own and not necessarily those of the South East London Chamber of Commerce.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Full ICO guidance coming soon • Transparency • Consent • and more… Follow the ICO and keep up to date
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What we will (briefly) cover • What is GDPR • The principles • Individuals rights • Consent • Breaches • Assessment
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro How old is your oldest data?
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro GDPR Principles
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro • Processed lawfully, fairly and in a transparent manner in relation to individuals; • Collected for specified, explicit and legitimate purposes • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; • Accurate and, where necessary, kept up to date • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed • Processed in a manner that ensures appropriate security of the personal data
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Individuals Rights
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to be informed The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right of access Individuals have the right to access their personal data and supplementary information.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to rectification Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to erasure The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to restrict processing Individuals have a right to ‘block’ or suppress processing of personal data
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to data portability The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to object You must inform individuals of their right to object “at the point of first communication” and in your privacy notice.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Rights related to automated decision making including The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Consent • Should be explicit • Must retain proof of consent • Must have a choice in consent (not tied to T&C’s) Consent is one lawful basis for processing, but there are five others. Consent won’t always be the easiest or most appropriate.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro …the other five… • 6(1)(b) –  Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract • 6(1)(c) – Processing is necessary for compliance with a legal obligation • 6(1)(d) – Processing is necessary to protect the vital interests of a data subject or another person • 6(1)(e) –  Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. • 6(1)(f ) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Privacy Notices • What information is being collected? • Who is collecting it? • How is it collected? • Why is it being collected? • How will it be used? • Who will it be shared with? • What will be the effect of this on the individuals concerned? • Is the intended use likely to cause individuals to object or complain?
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Privacy Notices When planning privacy notices, you should be aware that more information may be needed than shown in the example above. Such information depends on what the user reasonably expects to happen to their data, and whether a lack of honesty/fairness might be levelled if pertinent information is not provided (e.g. use of personal data for profiling).
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Repermissoning You don't already have permission??! Consent to send direct email marketing should have been requested at the point of collection. If you didn’t have the opportunity (data came from a third party or the data wasn’t intended to be used for marketing purposes) then consider appraising your data collection methods rather than repermissioning.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Data Breach • Notify ICO within 72 hours • Need for internal processes to report • Inform individuals of the nature of the breach (if data is sensitive) • ICO can issue a stop order
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What is a data protection impact assessment? Data protection impact assessments (also known as privacy impact assessments or PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro When do I need to conduct a DPIA? You must carry out a DPIA when: • Using new technologies; and • The processing is likely to result in a high risk to the rights and freedoms of individuals.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What information should the DPIA contain? • A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller. • An assessment of the necessity and proportionality of the processing in relation to the purpose. • An assessment of the risks to individuals. • The measures in place to address risk, including security and to demonstrate that you comply. • A DPIA can address more than one project.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro In summary, a DPIA is: • A systematic description of the envisaged personal data processing operations and the purposes of the processing, including (where applicable) the legitimate interest pursued by the Data Controller. • An assessment of the necessity and proportionality of the personal data processing operations in relation to the purposes. • An assessment of the risks to the rights and freedoms of Data Subject. • The organisational and technical measures to secure the personal data and mitigate the absolute risk to an acceptable risk.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Marketing Post GDPR • Should improve marketing! • Smaller data base of higher value • Greater trust • More realistic reporting / metrics Make sure all GDPR related work is documented!
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Be familiar with GDPR and also PECR laws and regulations. https://ico.org.uk/ for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ • You should document what personal data you hold, where it came from and who you share it with. • Identify processes for handling, storing and deleting data • Check 3rd party suppliers are GDPR compliant • Document what you are doing
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Re-boot your thinking on Data Protection, be transparent and accountable • View GDPR as ‘by design & by default’ NOT a tick box exercise • DPIA Lite’ is a helicopter view of what you’re doing now that’s compliant with the GDPR, undertake an audit of all personal data processing activities carried out now or planned to be carried out in the future. • ensure that you have clear independently validated policies in place to prove that you meet the new data protection standards • Check supplier contracts for GDPR compliance
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Practice how you will deal with a personal data breach BEFORE it happens • Be a champion for change, foster a culture of monitoring, reviewing, and assessing data processing procedures • Be aware of cross border data transfers! • Be prepared to keep accurate and systamatic records of what changes and training have been carried out at your organisation.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro ICO offers support to SMEs The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. Callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro THE EU GENERAL DATA PROTECTION REGULATION (GDPR) IS AN OPPORTUNITY, NOT A THREAT.
David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro David Sayce Digital Marketing Consultant SEO - Improve your position on Google Strategy - Marketing planing & future thinking Technical Audits - Improve your website Training - Learn more about digital marketing www.dsayce.com hello@dsayce.com https://uk.linkedin.com/in/dsayce
Get your copy of the masthead

Recommandé

Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationZero Point Development
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 

Recommandé

Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR ComplianceDATAVERSITY
 
GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?GDPR: Threat or Opportunity?
GDPR: Threat or Opportunity?Samuel Pouyt
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceCobweb
 
Ensuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideEnsuring GDPR Compliance - A Zymplify Guide
Ensuring GDPR Compliance - A Zymplify GuideZymplify
 
GDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationGDPR - General Data Protection Regulation
GDPR - General Data Protection RegulationZero Point Development
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceIDERA Software
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckKyle Davies
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdprExponential_e
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignJohn Eckman
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance Dovetail Software
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or SwimGuy Griffiths
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection RegulationBCC - Solutions for IBM Collaboration Software
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshellMatthew Butler
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know Maddie Malling-May
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 

Contenu connexe

Tendances

12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slidesExponential_e
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...DATUM LLC
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignJohn Eckman
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017Ray Bugg
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance Dovetail Software
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slidesNaomi Holmes
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analyticsshekharkanodia
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 

Tendances (20)

12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 

Similaire à The European Union’s 
General Data Protection Regulation

The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationJake DiMare
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesTech Trust
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Inc
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetDimitri Sirota
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRCase IQ
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRJohn M Walsh
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Software Integrity Group
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
 

Similaire à The European Union’s 
General Data Protection Regulation (20)

GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar Slides
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
A5: Data protection: Your charity's biggest risk?
A5: Data protection: Your charity's biggest risk?A5: Data protection: Your charity's biggest risk?
A5: Data protection: Your charity's biggest risk?
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 
BigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR ComplianceBigID Data Sheet: GDPR Compliance
BigID Data Sheet: GDPR Compliance
 
BigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data SheetBigID GDPR Privacy Automation Data Sheet
BigID GDPR Privacy Automation Data Sheet
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
GDPRforum London
GDPRforum LondonGDPRforum London
GDPRforum London
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
Data Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPRData Protection Forum Brussels 230517 - Implementing GDPR
Data Protection Forum Brussels 230517 - Implementing GDPR
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Charity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of ChangeCharity Law Updates for 2018: Making the Most of Change
Charity Law Updates for 2018: Making the Most of Change
 

Dernier

Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...allensay1
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptxnandhinijagan9867
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Serviceritikaroy0888
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Sheetaleventcompany
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptP&CO
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...Aggregage
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperityhemanthkumar470700
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Sheetaleventcompany
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxpriyanshujha201
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceDamini Dixit
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableSeo
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756dollysharma2066
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Centuryrwgiffor
 

Dernier (20)

VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Falcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investorsFalcon Invoice Discounting: The best investment platform in india for investors
Falcon Invoice Discounting: The best investment platform in india for investors
 
Call Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine ServiceCall Girls In Panjim North Goa 9971646499 Genuine Service
Call Girls In Panjim North Goa 9971646499 Genuine Service
 
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
Business Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture conceptBusiness Model Canvas (BMC)- A new venture concept
Business Model Canvas (BMC)- A new venture concept
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Falcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to ProsperityFalcon's Invoice Discounting: Your Path to Prosperity
Falcon's Invoice Discounting: Your Path to Prosperity
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptxB.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
B.COM Unit – 4 ( CORPORATE SOCIAL RESPONSIBILITY ( CSR ).pptx
 
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort ServiceEluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
Eluru Call Girls Service ☎ ️93326-06886 ❤️‍🔥 Enjoy 24/7 Escort Service
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu Ka Tilla, Delhi Contact Us 8377877756
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Famous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st CenturyFamous Olympic Siblings from the 21st Century
Famous Olympic Siblings from the 21st Century
 

The European Union’s 
General Data Protection Regulation

  • 1. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro The European Union’s 
 General Data Protection Regulation INDBC breakfast group David Sayce Digital Marketing Director South East London Chamber of Commerce & Digital Marketing Consultant
  • 2. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Share on Social! David Sayce Twitter @dsayce SELCC Twitter @SELondonChamber
  • 3.
  • 4. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data.
  • 5. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Europe's data protection rules will undergo their biggest changes in two decades. Since they were created in the 90s, the amount of digital information we create, capture, and store has vastly increased. Simply put, the old regime was no longer fit for purpose. The solution is the mutually agreed European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. It will change how businesses and public sector organisations can handle the information of customer
  • 6. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro • The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. • The GDPR applies to ‘controllers’ and ‘processors’.  • A controller determines the purposes and means of processing personal data. • A processor is responsible for processing personal data on behalf of a controller.
  • 7.
  • 8. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro The largest penalty will be 
 your reputation!
  • 9. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Ready for GDPR?
  • 10. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Lots to do little time left
  • 11. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro I am NOT a legal expert My work across digital marketing includes areas around legal and regulatory issues, these include Data Protection, from the 1995 Data Protection Act to GDPR. While I have worked with and advised SMEs and FTSE 100 companies, this presentation is for general information rather than specific advice. The GDPR is an evolving document, your needs and requirement may differ. Views, comments, information and advice are my own and not necessarily those of the South East London Chamber of Commerce.
  • 12. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Full ICO guidance coming soon • Transparency • Consent • and more… Follow the ICO and keep up to date
  • 13. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What we will (briefly) cover • What is GDPR • The principles • Individuals rights • Consent • Breaches • Assessment
  • 14. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro How old is your oldest data?
  • 15. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro GDPR Principles
  • 16. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro • Processed lawfully, fairly and in a transparent manner in relation to individuals; • Collected for specified, explicit and legitimate purposes • Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed; • Accurate and, where necessary, kept up to date • Kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed • Processed in a manner that ensures appropriate security of the personal data
  • 17. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Individuals Rights
  • 18. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to be informed The right to be informed encompasses your obligation to provide ‘fair processing information’, typically through a privacy notice.
  • 19. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right of access Individuals have the right to access their personal data and supplementary information.
  • 20. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to rectification Individuals are entitled to have personal data rectified if it is inaccurate or incomplete.
  • 21. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to erasure The right to erasure does not provide an absolute ‘right to be forgotten’. Individuals have a right to have personal data erased and to prevent processing in specific circumstances
  • 22. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to restrict processing Individuals have a right to ‘block’ or suppress processing of personal data
  • 23. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to data portability The right to data portability allows individuals to obtain and reuse their personal data for their own purposes across different services.
  • 24. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Right to object You must inform individuals of their right to object “at the point of first communication” and in your privacy notice.
  • 25. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Rights related to automated decision making including The GDPR provides safeguards for individuals against the risk that a potentially damaging decision is taken without human intervention.
  • 26. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Consent • Should be explicit • Must retain proof of consent • Must have a choice in consent (not tied to T&C’s) Consent is one lawful basis for processing, but there are five others. Consent won’t always be the easiest or most appropriate.
  • 27. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro …the other five… • 6(1)(b) –  Processing is necessary for the performance of a contract with the data subject or to take steps to enter into a contract • 6(1)(c) – Processing is necessary for compliance with a legal obligation • 6(1)(d) – Processing is necessary to protect the vital interests of a data subject or another person • 6(1)(e) –  Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller. • 6(1)(f ) – Necessary for the purposes of legitimate interests pursued by the controller or a third party, except where such interests are overridden by the interests, rights or freedoms of the data subject.
  • 28. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Privacy Notices • What information is being collected? • Who is collecting it? • How is it collected? • Why is it being collected? • How will it be used? • Who will it be shared with? • What will be the effect of this on the individuals concerned? • Is the intended use likely to cause individuals to object or complain?
  • 29. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Privacy Notices When planning privacy notices, you should be aware that more information may be needed than shown in the example above. Such information depends on what the user reasonably expects to happen to their data, and whether a lack of honesty/fairness might be levelled if pertinent information is not provided (e.g. use of personal data for profiling).
  • 30. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Repermissoning You don't already have permission??! Consent to send direct email marketing should have been requested at the point of collection. If you didn’t have the opportunity (data came from a third party or the data wasn’t intended to be used for marketing purposes) then consider appraising your data collection methods rather than repermissioning.
  • 31. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Data Breach • Notify ICO within 72 hours • Need for internal processes to report • Inform individuals of the nature of the breach (if data is sensitive) • ICO can issue a stop order
  • 32. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What is a data protection impact assessment? Data protection impact assessments (also known as privacy impact assessments or PIAs) are a tool which can help organisations identify the most effective way to comply with their data protection obligations and meet individuals’ expectations of privacy. An effective DPIA will allow organisations to identify and fix problems at an early stage, reducing the associated costs and damage to reputation, which might otherwise occur.
  • 33. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro When do I need to conduct a DPIA? You must carry out a DPIA when: • Using new technologies; and • The processing is likely to result in a high risk to the rights and freedoms of individuals.
  • 34. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro What information should the DPIA contain? • A description of the processing operations and the purposes, including, where applicable, the legitimate interests pursued by the controller. • An assessment of the necessity and proportionality of the processing in relation to the purpose. • An assessment of the risks to individuals. • The measures in place to address risk, including security and to demonstrate that you comply. • A DPIA can address more than one project.
  • 35. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro In summary, a DPIA is: • A systematic description of the envisaged personal data processing operations and the purposes of the processing, including (where applicable) the legitimate interest pursued by the Data Controller. • An assessment of the necessity and proportionality of the personal data processing operations in relation to the purposes. • An assessment of the risks to the rights and freedoms of Data Subject. • The organisational and technical measures to secure the personal data and mitigate the absolute risk to an acceptable risk.
  • 36. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro
  • 37. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Marketing Post GDPR • Should improve marketing! • Smaller data base of higher value • Greater trust • More realistic reporting / metrics Make sure all GDPR related work is documented!
  • 38. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro
  • 39. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Be familiar with GDPR and also PECR laws and regulations. https://ico.org.uk/ for-organisations/guide-to-the-general-data-protection-regulation-gdpr/ • You should document what personal data you hold, where it came from and who you share it with. • Identify processes for handling, storing and deleting data • Check 3rd party suppliers are GDPR compliant • Document what you are doing
  • 40. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Re-boot your thinking on Data Protection, be transparent and accountable • View GDPR as ‘by design & by default’ NOT a tick box exercise • DPIA Lite’ is a helicopter view of what you’re doing now that’s compliant with the GDPR, undertake an audit of all personal data processing activities carried out now or planned to be carried out in the future. • ensure that you have clear independently validated policies in place to prove that you meet the new data protection standards • Check supplier contracts for GDPR compliance
  • 41. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro Things to do • Practice how you will deal with a personal data breach BEFORE it happens • Be a champion for change, foster a culture of monitoring, reviewing, and assessing data processing procedures • Be aware of cross border data transfers! • Be prepared to keep accurate and systamatic records of what changes and training have been carried out at your organisation.
  • 42. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro ICO offers support to SMEs The phone service is aimed at people running small businesses or charities. To access the new service dial the ICO helpline on 0303 123 1113 and select option 4 to be diverted to staff who can offer support. Callers can also ask questions about current data protection rules and other legislation regulated by the ICO including electronic marketing and Freedom of Information.
  • 43. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro THE EU GENERAL DATA PROTECTION REGULATION (GDPR) IS AN OPPORTUNITY, NOT A THREAT.
  • 44.
  • 45. David Sayce | GDPR Introduction | Twitter: @dsayce #GDPRintro David Sayce Digital Marketing Consultant SEO - Improve your position on Google Strategy - Marketing planing & future thinking Technical Audits - Improve your website Training - Learn more about digital marketing www.dsayce.com hello@dsayce.com https://uk.linkedin.com/in/dsayce
  • 46. Get your copy of the masthead