Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
Advocaten
General Data Protection
Regulation
To fear or not to fear:
that is the question?
Prof. Dr. Ingrid DE POORTER
Content
Impact: how
to prepare?
Background Legal structure Scope Key changes and
principles
Background
Data Protection Directive 95/46/EC Applies
1995 2012 2015
Data
Protection
Directive
95/46/EC
European
Commissio...
Legal Structure
Current:
Data Protection Directive 95/46/EC
• Directive = implementation
by the EU Member States
through n...
Scope
MATERIAL SCOPE
What is personal data?
Information relating to
an identified or
identifiable natural
person (‘data su...
Scope
TERRITORIAL SCOPE
Key change GDPR:
Extra-territorial
Applicability
• Regardless of the
company’s location
• All comp...
Key Changes & Principles
• Adequate, relevant and
limited to what is
necessary for purposes
• More restrictive
obligation ...
Key Changes & Principles
• Freely given ‘consent’ or
‘explicit consent’ (for
sensitive data)
• Specific and unambiguous
• ...
Key Changes & Principles
• Retention of data for no
longer than is necessary
for purposes
• Two new factors in GDPR
1. Lon...
Key Changes & Principles
• Data Controller
• Data breach
notification
• Data Processor
• New direct obligations
– an offic...
Key Changes & Principles
Supervisory Authority (SA)
• Investigative power
• Carry out data protection audits, review
certi...
The end of big data?
• large amounts of
(personal) data;
• these data are analyzed
and combined; and
• Used to categorize ...
How to prepare & comply?
DATA MINIMIZATION
1.
• AWARENESS
2.
• DEFINE THE PROCES TO BE REVIEWED
3.
• GAP ANALYSIS – IT & L...
Heernislaan 91
9000 Gent
+32 9 277 44 17
Ingrid.DePoorter@degroote-deman.be
Contact me
for more information!
Upcoming SlideShare
Loading in …5
×

0

Share

Download to read offline

De groote de man Ingrid de Poorter

Download to read offline

General Data Protection Regulation: to fear or to not to fear - that is the question?
Ingrid De Poorter

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

De groote de man Ingrid de Poorter

  1. 1. Advocaten General Data Protection Regulation To fear or not to fear: that is the question? Prof. Dr. Ingrid DE POORTER
  2. 2. Content Impact: how to prepare? Background Legal structure Scope Key changes and principles
  3. 3. Background Data Protection Directive 95/46/EC Applies 1995 2012 2015 Data Protection Directive 95/46/EC European Commission publishes the legislative proposal Separate negotiations within council and European parliament EP Reaches agreement Negotiations & approval among the three institutions Regulation 2016/679 published in the official journal Two years implementatio n phase Regulations 2016/679 applies from Council Agreement Sprin g 2014 4 May 2016 2016 2017 25 May 2018 GDPR Applies
  4. 4. Legal Structure Current: Data Protection Directive 95/46/EC • Directive = implementation by the EU Member States through national law • Significant variation and fragmentation Future: General Data Protection Regulation 2016/679 • Goal: harmonise current legal framework • Regulation = directly applicable • Consistent effect Increase legal certainty, reduce administrative burden and cost of compliance for organisations, enhance consumer confidence
  5. 5. Scope MATERIAL SCOPE What is personal data? Information relating to an identified or identifiable natural person (‘data subject’) F.e. name, identification number, location data, online identifier or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person The processing of personal data wholly or partly by automated means and to manual processing if the personal data form part of a filing system or are intended to form part of a filing system What is processing? Any (set of) operation(s) which is performed on (sets of) personal data F.e. collection, recording, organization, structuring, storage, adaption,…
  6. 6. Scope TERRITORIAL SCOPE Key change GDPR: Extra-territorial Applicability • Regardless of the company’s location • All companies processing the personal data of data subjects in the EU/EEA Overview • Controllers/processors established in the EU/EEA • Controllers/processors not established in the EU/EEA I. when offering goods or services to data subjects in the EU/EEA or II. when monitoring their behavior • Non-EU/EEA controllers established in a place where EU/EEA law applies by virtue of public international law
  7. 7. Key Changes & Principles • Adequate, relevant and limited to what is necessary for purposes • More restrictive obligation in GDPR • Design data protection into development of business processes and new systems • Privacy settings are set at a high level by default Data minimization Privacy by design
  8. 8. Key Changes & Principles • Freely given ‘consent’ or ‘explicit consent’ (for sensitive data) • Specific and unambiguous • Informed (right to withdraw or object) • The right to be forgotten • Google v. Spain case • Affect on social networks • The right to data portability • The right to object to profiling Consent Data subject’s rigths
  9. 9. Key Changes & Principles • Retention of data for no longer than is necessary for purposes • Two new factors in GDPR 1. Longer retention period possible: historical, statistical or scientific purposes 2. Shorter retention period possible: “right to be forgotten” • Obligation to undertake PIA when conducting risky or large scale processing of personal data Data retention periods Privacy impact assessments (“pia”) • Record keeping of processing activities Data register
  10. 10. Key Changes & Principles • Data Controller • Data breach notification • Data Processor • New direct obligations – an officially regulated entity • Data Protection Officer (“DPO”) Responsabilities • Obligation to appoint in some circumstances
  11. 11. Key Changes & Principles Supervisory Authority (SA) • Investigative power • Carry out data protection audits, review certifications, notify controller/processor of any alleged infringement of the GDPR, obtain from accesses to all personal data and all information necessary to perform tasks, obtain access to any premises of controller and processor including data processing equipment • Corrective power • Issue warnings and reprimands, order compliance, impose a temporary or definitive limitation including a ban on processing, order rectification, restriction or erasure of data or order a certification body not to issue a certificate, impose administrative fines, order suspension of data flow to a recipient in a third country or to an international organisation • Fines: Up to 4 % of annual worldwide turnover or € 20,000,000 • Indemnities towards individuals • Reputation loss AND • Less business Enforcement Sanctions
  12. 12. The end of big data? • large amounts of (personal) data; • these data are analyzed and combined; and • Used to categorize them and/or to predict their behavior • Behavioral advertising • Credit risk analysis • Insurance risk analyses 1. anonymize personal data; 2. be transparent; 3. embed a privacy impact assessment process into big data projects; 4. adopt a privacy by design approach; 5. appoint a DPO 6. develop ethical principles; and 7. implement audits of machine learning algorithms Source: ico.org.uk AVANTAGES of BIG DATA? RECOMMENDATIONS
  13. 13. How to prepare & comply? DATA MINIMIZATION 1. • AWARENESS 2. • DEFINE THE PROCES TO BE REVIEWED 3. • GAP ANALYSIS – IT & LEGAL 4. • REMEDIATION 5. • TRAINING/WORKSHOPS FOR STAFF 6. • REPEAT/”BREATH” PRIVACY •Operations•Management •Legal•IT Security/ privacy by default Contracts Policies and procedures Accounta- bility
  14. 14. Heernislaan 91 9000 Gent +32 9 277 44 17 Ingrid.DePoorter@degroote-deman.be Contact me for more information!

General Data Protection Regulation: to fear or to not to fear - that is the question? Ingrid De Poorter

Views

Total views

443

On Slideshare

0

From embeds

0

Number of embeds

163

Actions

Downloads

10

Shares

0

Comments

0

Likes

0

×