How the GDPR will change the way you do business

Mark Graceymark@flavourfy.co.uk

Welcome

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

MarkGraceyFounder,FlavourfyDigitalConsultancy&DigitalComplianceHub

What’sGDPR?

? !DoIneedtoworryaboutit?

"WhatdoIdoto

comply?

GDPRCompliance

About data protection

Key Data Protection Definitions

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

PersonalData

Processing

DataSubject

DataController

DataProcessor

The Principles of Data Protection

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Lawful,fair&transparent Specificpurpose Relevant

Accurate Retention Security

Individuals'rights

Internationaltransfer

Lawfulness of processing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

DataSubjecthasgivenconsent

Requiredforperformanceofacontract

Legalobligation

ToprotectinterestsoftheDataSubject

Inthepublicinterest

LegitimateinterestsoftheDataController

General Data Protection Regulation

GDPR: What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

GDPRMay2018

Scope

Accountability

Children

Consent

Rights Processors

By Design

DPOs

Breaches

Fines

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Scope

AppliesacrossthewholeoftheEU

Affectsanynon-EUbusinessofferinggoods

andservicestoEUcitizens

Onlineidentifiersincludedindefinitionofpersonal

data

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Accountability

Demonstrationofcompliance

Recordprocessingactivities

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Children &OnlineServices

Childfriendlingmessaging

Guardianconsent

Ageverification

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Consent

Clearmessaging

Positiveopt-in

Recordingconsent

Consentwithoutdetriment

Withdrawingconsent

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Rights

Righttobeinformed

Subjectaccessrequests:nofee,lesstime

Therighttoerasure

Therighttodataportability

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Processors

Controller– Processorrelationship

Contractualterms

Processorresponsibilities

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

By Design

ByDesign&Default

DPIA

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

DPOs

Specificperson

responsibleforcompliance

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Breaches

Breachnotificationtoregulatorybody

Breachnotificationtodatasubjects

What’s changing?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Fines

Upto4%ofglobal

turnoveror€20m

GDPR challenge: Marketing

GDPR challenge: Marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Consentfornewdata

ThirdPartyData

LegacyData

OngoingManagement

GDPR challenge: Marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Consentfornewdata

Auditexistingdatacapture

Adjustdatacapture&privacynoticestobeGDPRcompliant

Recordyourapproachand

findings

GDPR challenge: Marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

ThirdPartyData

Carryoutduediligenceon

providerandsource

Appropriateconsentandproof?

Recordyourapproachand

findings

GDPR challenge: Marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

LegacyData

DoesyourdatameetthenewGDPRconsent

rules?

Canyoulawfullyre-

verifyconsent?

Anopportunitytorefreshyour

data?

Recordyourapproachand

findings

GDPR challenge: Marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

OngoingManagement

Regulardataquality&consentrefresh

Makeiteasyforconsentwithdrawal

Actonwithdrawalofconsentimmediately

&remember

Documentyour

approach

MakesureyourteamaretrainedinthewaysoftheGDPR

Marketing compliance in the UK

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

DataProtection• lawfulbasisforprocessing

PrivacyRules• marketingrules

MarketingCompliance

GDPR, Privacy and marketing

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Marketingdata

"Cold"consumers

Customers

Soletraders

Individualsinbusiness

Genericbusinessdata

GDPR challenge: Controller - Processor

GDPR challenge: Controller – Processor relationship

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

DataController

DataProcessor

Whichareyou?

GDPR challenge: Controller – Processor relationship

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Data

Controller

UseonlyprocessorsthatareGDPRcompliant

Carryoutduediligenceonthirdpartyprocessors

Putinplacecontractualrequirements

GDPR challenge: Controller – Processor relationship

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Data

Processor

Expectduediligencefromclients

Expectstrictercontractualterms

Newresponsibilities

Being GDPR compliant

Steps to compliance

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Appointsomeonetotakeresponsibilityandactasasinglepointofcontact

Audityourdata,systemsandpolicies

Documentyourapproachtodataprotection&putpoliciesinplace

Provideinternaldocumentationandguidance

Trainyourstaff

Maintainyourcompliance&keepuptodate

Preparing your business for the GDPR

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Prepare

• KnowtheGDPR

• Getseniorbuy-in

• Setupaworkinggroup

Audit

• Data• Systems• Policies

Analyse

• Thestateofyourdata

• Policyupdates

• Systemchanges

Deliver

• Actionplan• Employeetraining

Manage

• Ongoingcompliance

• Keepuptodate

Managing Compliance

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

Security

Training

Policies

Review

UserRights

EffectivelymanagingyourGDPRcompliancewillnotonlyprotectyourbusinessbutwillinstilltrustandconfidenceinyourcustomersandfuturecustomers

But… what else?

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

ePrivacyRegulations

DataProtection

Bill

ICOGuidanceGDPR2018&

BeyondA29WPGuidance

EnforcementBrexit

Digital Compliance Hub – Managing your compliance

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

DataProtection

&GDPR

$Privacy&Marketing

%Web,Data&CyberSecurity

Info,guidance,toolkits,advice,support&training

https://digitalcompliancehub.co.uk

Flavourfy Digital Consultancy

https://flavourfydigital.co.uk - https://digitalcompliancehub.co.uk

&Compliance

Audits

'Management

(Consultancy&

Advice

)Training

DigitalComplianceHub

mark@flavourfy.co.ukhttps://flavourfydigital.co.uk

?MarkGracey

mark@flavourfy.co.uk

https://flavourfydigital.co.ukhttps://digitalcompliancehub.co.uk

Question Mark