mark gracey [email protected] of processing - data subject has given consent required for...
TRANSCRIPT
How the GDPR will change the way you do business
Mark [email protected]
Welcome
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
MarkGraceyFounder,FlavourfyDigitalConsultancy&DigitalComplianceHub
What’sGDPR?
? !DoIneedtoworryaboutit?
"WhatdoIdoto
comply?
GDPRCompliance
About data protection
Key Data Protection Definitions
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
PersonalData
Processing
DataSubject
DataController
DataProcessor
The Principles of Data Protection
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Lawful,fair&transparent Specificpurpose Relevant
Accurate Retention Security
Individuals'rights
Internationaltransfer
Lawfulness of processing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
DataSubjecthasgivenconsent
Requiredforperformanceofacontract
Legalobligation
ToprotectinterestsoftheDataSubject
Inthepublicinterest
LegitimateinterestsoftheDataController
General Data Protection Regulation
GDPR: What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
GDPRMay2018
Scope
Accountability
Children
Consent
Rights Processors
By Design
DPOs
Breaches
Fines
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Scope
AppliesacrossthewholeoftheEU
Affectsanynon-EUbusinessofferinggoods
andservicestoEUcitizens
Onlineidentifiersincludedindefinitionofpersonal
data
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Accountability
Demonstrationofcompliance
Recordprocessingactivities
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Children &OnlineServices
Childfriendlingmessaging
Guardianconsent
Ageverification
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Consent
Clearmessaging
Positiveopt-in
Recordingconsent
Consentwithoutdetriment
Withdrawingconsent
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Rights
Righttobeinformed
Subjectaccessrequests:nofee,lesstime
Therighttoerasure
Therighttodataportability
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Processors
Controller– Processorrelationship
Contractualterms
Processorresponsibilities
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
By Design
ByDesign&Default
DPIA
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
DPOs
Specificperson
responsibleforcompliance
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Breaches
Breachnotificationtoregulatorybody
Breachnotificationtodatasubjects
What’s changing?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Fines
Upto4%ofglobal
turnoveror€20m
GDPR challenge: Marketing
GDPR challenge: Marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Consentfornewdata
ThirdPartyData
LegacyData
OngoingManagement
GDPR challenge: Marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Consentfornewdata
Auditexistingdatacapture
Adjustdatacapture&privacynoticestobeGDPRcompliant
Recordyourapproachand
findings
GDPR challenge: Marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
ThirdPartyData
Carryoutduediligenceon
providerandsource
Appropriateconsentandproof?
Recordyourapproachand
findings
GDPR challenge: Marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
LegacyData
DoesyourdatameetthenewGDPRconsent
rules?
Canyoulawfullyre-
verifyconsent?
Anopportunitytorefreshyour
data?
Recordyourapproachand
findings
GDPR challenge: Marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
OngoingManagement
Regulardataquality&consentrefresh
Makeiteasyforconsentwithdrawal
Actonwithdrawalofconsentimmediately
&remember
Documentyour
approach
MakesureyourteamaretrainedinthewaysoftheGDPR
Marketing compliance in the UK
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
DataProtection• lawfulbasisforprocessing
PrivacyRules• marketingrules
MarketingCompliance
GDPR, Privacy and marketing
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Marketingdata
"Cold"consumers
Customers
Soletraders
Individualsinbusiness
Genericbusinessdata
GDPR challenge: Controller - Processor
GDPR challenge: Controller – Processor relationship
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
DataController
DataProcessor
Whichareyou?
GDPR challenge: Controller – Processor relationship
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Data
Controller
UseonlyprocessorsthatareGDPRcompliant
Carryoutduediligenceonthirdpartyprocessors
Putinplacecontractualrequirements
GDPR challenge: Controller – Processor relationship
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Data
Processor
Expectduediligencefromclients
Expectstrictercontractualterms
Newresponsibilities
Being GDPR compliant
Steps to compliance
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Appointsomeonetotakeresponsibilityandactasasinglepointofcontact
Audityourdata,systemsandpolicies
Documentyourapproachtodataprotection&putpoliciesinplace
Provideinternaldocumentationandguidance
Trainyourstaff
Maintainyourcompliance&keepuptodate
Preparing your business for the GDPR
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Prepare
• KnowtheGDPR
• Getseniorbuy-in
• Setupaworkinggroup
Audit
• Data• Systems• Policies
Analyse
• Thestateofyourdata
• Policyupdates
• Systemchanges
Deliver
• Actionplan• Employeetraining
Manage
• Ongoingcompliance
• Keepuptodate
Managing Compliance
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
Security
Training
Policies
Review
UserRights
EffectivelymanagingyourGDPRcompliancewillnotonlyprotectyourbusinessbutwillinstilltrustandconfidenceinyourcustomersandfuturecustomers
But… what else?
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
ePrivacyRegulations
DataProtection
Bill
ICOGuidanceGDPR2018&
BeyondA29WPGuidance
EnforcementBrexit
Digital Compliance Hub – Managing your compliance
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
DataProtection
&GDPR
$Privacy&Marketing
%Web,Data&CyberSecurity
Info,guidance,toolkits,advice,support&training
https://digitalcompliancehub.co.uk
Flavourfy Digital Consultancy
https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk
&Compliance
Audits
'Management
(Consultancy&
Advice
)Training
DigitalComplianceHub
[email protected]://flavourfydigital.co.uk
?MarkGracey
https://flavourfydigital.co.ukhttps://digitalcompliancehub.co.uk
Question Mark