SlideShare a Scribd company logo

EU GDPR - 12 Steps To Compliance

Download as PPTX, PDF
T
Tom Haynes

With a fine of up to 4% of an organisation’s annual turnover on the line, Individuals accountable and responsible for data protection are actively seeking clarification and advice regarding the impending changes to the EU General Data Protection Regulation. The question now? How prepared are you to meet the EU General Data Protection Regulation? IRM’s resident Data Protection expert Paul Sexby, addresses the areas that need to be considered in order to prepare for the new requirements.

Data & Analytics
1 of 17
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Revised EU General Data Protection Regulation 12 steps to compliance. Paul Sexby, Head of Strategic Practice September 2016 IRM
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Whilst the GDPR does not come into force until May 2018, it is important that organisations are properly prepared for these changes in the context of operational need and business risk.
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM In order to address the requirements introduced in the revised regulation, consider these 12 steps for compliance…
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The EU GDPR introduces changes and possible business impacts that all key stakeholders need to be conversant with. Get properly briefed and armed with the facts to make accurate, informed and timely decisions. 1. EDUCATION & AWARENESS
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Organisations are required to be able to demonstrate how they comply with the Data Protection Principles. Ensure you are aware of the data you hold so you can provide details of the personal information you store, process and transmit. 2. ACCOUNTABILITY
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM 3. LEGAL BASIS Individuals now have stronger rights that your business has to fulfil. Be prepared to include ‘legal basis’ for processing within Privacy Notices and have a process in place to respond to Subject Access Requests.
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Data Controllers must be able to demonstrate that ‘consent’ was given. This could have potentially huge implication for some organisations. Maintain and retain an ‘audit trail’ and ‘history’ for the life of the data you hold to avoid business disruption. 4. CONSENT
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Whilst this has been implicit within the current Data Protection Principles, the GDPR is explicit that this is a legal requirement. Where high-risk processing takes place a Privacy Impact Assessment (PIA) will be required. 5. PRIVACY-BY-DESIGN
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Where organisations are likely to struggle is with regards to having information deleted and in facilitating data portability; though these have to be taken into context with legal obligations and responsibilities to retain information in accordance with other legal and contractual needs. Have a clearly defined Data Retention Policy and supporting processes to meet the policy. 6. INDIVIDUAL’S RIGHTS
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Most organisations will have to revise their Privacy Notices to incorporate the obligations introduced within the GDPR to address elements such as the ‘legal basis’ for processing and defining data retention periods for personal information. Make your Privacy notices CLEAR and UNAMBIGUOUS. 7. PRIVACY NOTICES
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Internal business processes and procedures for handling SARs will undoubtedly need to be revised. Most organisations will no longer be able to charge a fee to comply with an SAR, which will have to be processed within a month (rather than 40 days currently allowed). 8. SUBJECT ACCESS REQUESTS
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The GDPR requires special protection in the form of ‘consent’ to process children’s personal information. ‘Consent’ has to be verifiable and where children’s data is collected ‘Privacy Notices’ must be written in a manner that children can, understand and comprehend. 9. CHILDREN
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM This notification is to data subjects and not necessarily the ICO/Regulator – unless there is the potential for identity theft or loss of confidentiality to the individual. Create and exercise your Data Breach plan to reduce the impact and exposure in the event of a breach. Failure to report a breach could result in a fine - in addition to any penalty that might arise from the breach itself. 10. DATA BREACH NOTIFICATION
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The latest iteration of the GDPR has stepped back from mandating that ALL organisations must have a DPO. There is a requirement for “someone” to take ownership and responsibility for ensuring there is effective data protection compliance in place. Do not underestimate the time this functionality will require. 11. DATA PROTECTION OFFICER
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM In its simplistic terms, the ‘Lead Authority’ for investigating a complaint is determined according to where your organisation makes key business decisions regarding data processing; in some cases this may be outside the UK. Be aware of the locations your data is processed and educate your organisation on the rules and regulations to prepare in the event of a breach. 12. INTERNATIONAL OPERATIONS
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Organisations that wait for the changes to be finalised and implemented into National Law are unlikely to achieve the requirements in the time frames required. This will potentially hand an advantage to your competitors.
SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM FURTHER INFORMATION +44 (0)1242 255200 hello@irmsecurity.com Paul Sexby Head of Strategic Practice Prepare for the EU GDPR with IRM’s EU Data Protection Assessment

Recommended

GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
The Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection RegulationThe Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection Regulation
Ghostery, Inc.
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
Cliff Ashcroft
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 

Recommended

GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
The Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection RegulationThe Practical Impact of the General Data Protection Regulation
The Practical Impact of the General Data Protection Regulation
Ghostery, Inc.
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
Cliff Ashcroft
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
Dave James
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
Exove
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
Stephanie Vasey
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
Hans Demeyer
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
Sabrina Kirrane
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
Jake DiMare
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
DAMA Ireland
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
Faidepro
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
Chris Gilmour
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
Findwise
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
VYTIS MALECKAS
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matter
Exove
 
Preparing to the GDPR - the next steps
Preparing to the GDPR - the next stepsPreparing to the GDPR - the next steps
Preparing to the GDPR - the next steps
Exove
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
Craig Clark ITIL, CIS LI,EU GDPR P
 

More Related Content

What's hot

Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
Stephanie Vasey
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
VYTIS MALECKAS
 

What's hot (19)

GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Modelling the General Data Protection Regulation
Modelling the General Data Protection RegulationModelling the General Data Protection Regulation
Modelling the General Data Protection Regulation
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
What is GDPR?
What is GDPR?What is GDPR?
What is GDPR?
 
12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed12 steps to gdpr compliance unleashed
12 steps to gdpr compliance unleashed
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 

Viewers also liked

CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
Shadi A. Razak
 
Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data Classification
Watchful Software
 

Viewers also liked (12)

GDPR and technology - details matter
GDPR and technology - details matterGDPR and technology - details matter
GDPR and technology - details matter
 
Preparing to the GDPR - the next steps
Preparing to the GDPR - the next stepsPreparing to the GDPR - the next steps
Preparing to the GDPR - the next steps
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
GDPR in a nutshell
GDPR in a nutshellGDPR in a nutshell
GDPR in a nutshell
 
[Infographie] GDPR in a nutshell
[Infographie] GDPR in a nutshell[Infographie] GDPR in a nutshell
[Infographie] GDPR in a nutshell
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
Who is driving innovation in your business?
Who is driving innovation in your business? Who is driving innovation in your business?
Who is driving innovation in your business?
 
EU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection ChangesEU Trade Secrets Directive & Data Protection Changes
EU Trade Secrets Directive & Data Protection Changes
 
CyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPRCyNation - 7 things you should know about EU-GDPR
CyNation - 7 things you should know about EU-GDPR
 
Jump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data ClassificationJump start EU Data Privacy Compliance with Data Classification
Jump start EU Data Privacy Compliance with Data Classification
 

Similar to EU GDPR - 12 Steps To Compliance

Similar to EU GDPR - 12 Steps To Compliance (20)

GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 
The Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To ConsiderThe Evolution of Data Privacy: 3 Things You Need To Consider
The Evolution of Data Privacy: 3 Things You Need To Consider
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
 
GPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-RightGPDR_Get-Data-Protection-Right
GPDR_Get-Data-Protection-Right
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...The Evolution of Data Privacy - A Symantec Information Security Perspective o...
The Evolution of Data Privacy - A Symantec Information Security Perspective o...
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)EU Data Protection Legislation, Peter Ridley (HPE)
EU Data Protection Legislation, Peter Ridley (HPE)
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
DevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay AgileDevOps vs GDPR: How to Comply and Stay Agile
DevOps vs GDPR: How to Comply and Stay Agile
 

Recently uploaded

Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
gajnagarg
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
gragchanchal546
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
ahmedjiabur940
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
Timothy Spann
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
wsppdmt
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Klinik kandungan
 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
kumargunjan9515
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
ranjankumarbehera14
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
gajnagarg
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
gajnagarg
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
nirzagarg
 
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
HyderabadDolls
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
nirzagarg
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
gajnagarg
 

Recently uploaded (20)

Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Latur [ 7014168258 ] Call Me For Genuine Models We ...
 
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
5CL-ADBA,5cladba, Chinese supplier, safety is guaranteed
 
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Hapur [ 7014168258 ] Call Me For Genuine Models We ...
 
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
Gulbai Tekra * Cheap Call Girls In Ahmedabad Phone No 8005736733 Elite Escort...
 
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi ArabiaIn Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
In Riyadh ((+919101817206)) Cytotec kit @ Abortion Pills Saudi Arabia
 
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNKDATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
DATA SUMMIT 24 Building Real-Time Pipelines With FLaNK
 
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
如何办理英国诺森比亚大学毕业证(NU毕业证书)成绩单原件一模一样
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
Ranking and Scoring Exercises for Research
Ranking and Scoring Exercises for ResearchRanking and Scoring Exercises for Research
Ranking and Scoring Exercises for Research
 
Kings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about themKings of Saudi Arabia, information about them
Kings of Saudi Arabia, information about them
 
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
Fun all Day Call Girls in Jaipur 9332606886 High Profile Call Girls You Ca...
 
Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1Lecture_2_Deep_Learning_Overview-newone1
Lecture_2_Deep_Learning_Overview-newone1
 
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
Top profile Call Girls In Chandrapur [ 7014168258 ] Call Me For Genuine Model...
 
Discover Why Less is More in B2B Research
Discover Why Less is More in B2B ResearchDiscover Why Less is More in B2B Research
Discover Why Less is More in B2B Research
 
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
Top profile Call Girls In Vadodara [ 7014168258 ] Call Me For Genuine Models ...
 
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
Top profile Call Girls In Bihar Sharif [ 7014168258 ] Call Me For Genuine Mod...
 
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
Sealdah % High Class Call Girls Kolkata - 450+ Call Girl Cash Payment 8005736...
 
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
Top profile Call Girls In Satna [ 7014168258 ] Call Me For Genuine Models We ...
 
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
Top profile Call Girls In dimapur [ 7014168258 ] Call Me For Genuine Models W...
 
7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt7. Epi of Chronic respiratory diseases.ppt
7. Epi of Chronic respiratory diseases.ppt
 

EU GDPR - 12 Steps To Compliance

  • 1. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Revised EU General Data Protection Regulation 12 steps to compliance. Paul Sexby, Head of Strategic Practice September 2016 IRM
  • 2. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Whilst the GDPR does not come into force until May 2018, it is important that organisations are properly prepared for these changes in the context of operational need and business risk.
  • 3. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM In order to address the requirements introduced in the revised regulation, consider these 12 steps for compliance…
  • 4. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The EU GDPR introduces changes and possible business impacts that all key stakeholders need to be conversant with. Get properly briefed and armed with the facts to make accurate, informed and timely decisions. 1. EDUCATION & AWARENESS
  • 5. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Organisations are required to be able to demonstrate how they comply with the Data Protection Principles. Ensure you are aware of the data you hold so you can provide details of the personal information you store, process and transmit. 2. ACCOUNTABILITY
  • 6. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM 3. LEGAL BASIS Individuals now have stronger rights that your business has to fulfil. Be prepared to include ‘legal basis’ for processing within Privacy Notices and have a process in place to respond to Subject Access Requests.
  • 7. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Data Controllers must be able to demonstrate that ‘consent’ was given. This could have potentially huge implication for some organisations. Maintain and retain an ‘audit trail’ and ‘history’ for the life of the data you hold to avoid business disruption. 4. CONSENT
  • 8. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Whilst this has been implicit within the current Data Protection Principles, the GDPR is explicit that this is a legal requirement. Where high-risk processing takes place a Privacy Impact Assessment (PIA) will be required. 5. PRIVACY-BY-DESIGN
  • 9. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Where organisations are likely to struggle is with regards to having information deleted and in facilitating data portability; though these have to be taken into context with legal obligations and responsibilities to retain information in accordance with other legal and contractual needs. Have a clearly defined Data Retention Policy and supporting processes to meet the policy. 6. INDIVIDUAL’S RIGHTS
  • 10. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Most organisations will have to revise their Privacy Notices to incorporate the obligations introduced within the GDPR to address elements such as the ‘legal basis’ for processing and defining data retention periods for personal information. Make your Privacy notices CLEAR and UNAMBIGUOUS. 7. PRIVACY NOTICES
  • 11. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Internal business processes and procedures for handling SARs will undoubtedly need to be revised. Most organisations will no longer be able to charge a fee to comply with an SAR, which will have to be processed within a month (rather than 40 days currently allowed). 8. SUBJECT ACCESS REQUESTS
  • 12. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The GDPR requires special protection in the form of ‘consent’ to process children’s personal information. ‘Consent’ has to be verifiable and where children’s data is collected ‘Privacy Notices’ must be written in a manner that children can, understand and comprehend. 9. CHILDREN
  • 13. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM This notification is to data subjects and not necessarily the ICO/Regulator – unless there is the potential for identity theft or loss of confidentiality to the individual. Create and exercise your Data Breach plan to reduce the impact and exposure in the event of a breach. Failure to report a breach could result in a fine - in addition to any penalty that might arise from the breach itself. 10. DATA BREACH NOTIFICATION
  • 14. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM The latest iteration of the GDPR has stepped back from mandating that ALL organisations must have a DPO. There is a requirement for “someone” to take ownership and responsibility for ensuring there is effective data protection compliance in place. Do not underestimate the time this functionality will require. 11. DATA PROTECTION OFFICER
  • 15. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM In its simplistic terms, the ‘Lead Authority’ for investigating a complaint is determined according to where your organisation makes key business decisions regarding data processing; in some cases this may be outside the UK. Be aware of the locations your data is processed and educate your organisation on the rules and regulations to prepare in the event of a breach. 12. INTERNATIONAL OPERATIONS
  • 16. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM Organisations that wait for the changes to be finalised and implemented into National Law are unlikely to achieve the requirements in the time frames required. This will potentially hand an advantage to your competitors.
  • 17. SECURE CYBER UNLOCK OPPORTUNITY IRMSECURITY.COM FURTHER INFORMATION +44 (0)1242 255200 hello@irmsecurity.com Paul Sexby Head of Strategic Practice Prepare for the EU GDPR with IRM’s EU Data Protection Assessment