the gdpr - from implementation to opportunity
TRANSCRIPT
GDPR
• EU General Data Protection Regulation• Effective from 25 May, 2018• Reinforced with a strict and
significant penalty regime• Affects any organization globally • Brexit has no effect• UK Information Commissioner will
insist on same standards
What is Personal Data?
• Anything associated with a name or digital footprint• Health, financial, criminal history,
travel history, etc.• Passport is personal data and is
stored for each of your clients• Photos, documents, videos, scans• Data stored on your system plus
that of data storage providers
Threats and Opportunities
• Financial threats from failure to implement - penalties• Prevent the endless escalation of
data storage• Implement better search facilities
for the business• Correct implementation adds to
corporate credibility• Your technology can’t support the
legislation
Privacy by Design & Default
• By Design• All systems should include privacy
requirements in design
• Encryption
• Pseudonymisation
• By Default • All data should automatically be stored
securely and privately
• Organizations are now held accountable for both
Eight Key Principles of GDPR
Personal Data shall be processed fairly and lawfully
Personal Data shall be obtained only for specified purposes and not used for other purposes
Personal Data shall be relevant and not excessive
Personal Data shall be accurate and kept up to date
Eight Key Principles of GDPR
Personal Data shall not be kept longer than necessary
Personal Data shall be processed in accordance with rights of data subjects
Appropriate security to prevent loss of data or unlawful access
Personal data cannot be transferred outside the EU without the same level of protection
Controller & Processor
• Controller• Business is the controller of client,
prospect and employee data
• Processor• Organization that or person who
processes the data
Data Subject Access Rights
• Right to Access • Right to Erasure • Right to Portability • Right to Rectification • Data Breach Notification • Right to request all data
Financial Penalties
• Level 1 – Up to 2% of revenues• Reputational cost on top of that• Not just for a data breach – lack of
documentation means you can be fined during an audit
• Level 2 – Up to 4% of revenue or 20,000,000 Euro• Only if negligent – as in you did
nothing to prepare for GDPR
•Must be signed off by business owner – no longer only an IT issue
Finding and Reporting Dark Data
• You must find ALL documents with an individual’s data • This is not just information in your
CRM – it’s documents as well• You must provide these documents
with relevant redaction• How do you find them? • Scanned documents? Emails?
Faxes?
• How do you provide them?• Collate documents, redact, report?
DocsCorp’s Focus
Next Steps
• Raise awareness• Carry out a GDPR Impact
Assessment • Develop a GDPR Compliance Plan
(GCP) • Assess all Cloud Service Provider
Contracts
Want to know more?