Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

How does GDPR affect your business?


Published on

Presentation to Cyprus Computer Society Records Management event by Christoforos Christoforou, Risk and Strategic Planning Manager at Fileminders

1. Introduction to the General Data Protection Regulation (GDPR )
2.Data protection: Why all the fuss?
3. How does GDPR affect your business?

Published in: Technology
  • Be the first to comment

How does GDPR affect your business?

  1. 1. How does the General Data Protection Regulation (GDPR) affect your business? Christoforos Christoforou Risk and Strategic Planning Manager
  2. 2.  Introduction to the General Data Protection Regulation (GDPR )  Data protection: Why all the fuss?  How does GDPR affect your business? Agenda How does the GDPR affect your business?
  3. 3. Introduction to the GDPR
  4. 4. How much control over the information you provide online do you feel you have? 15% complete control 50% partial control 31% no control Introduction to GDPR Harmonization Hurdles Eurobarometer 431: 2015
  5. 5. Almost all Europeans say they would want to be informed if their data has been lost or stolen. Eurobarometer 431: 2015 Introduction to GDPR Harmonization Hurdles
  6. 6. Introduction to GDPR Harmonization Hurdles
  7. 7. • GDPR is intended to harmonize data protection law across the EU • GDPR is not a directive. It will supersede national laws • It is already implemented but it comes into force on 25 May 2018 Introduction to GDPR
  8. 8. Data Protection Why all the fuss?
  9. 9. How is data regulation changing? • Updated personal data definitions • Territorial scope • Well defined penalties for violations • Greater control of data, on behalf of the EU citizen: • Right to be forgotten • Consent • Data portability • Data protection officer appointment • Data breach notification
  10. 10. GDPR Highlights Personal Data Definition(s) • Personal data is any information relating to an identified or identifiable natural person ("data subject") • Sensitive Personal Data are personal data characterizing the identified natural person • Data related to criminal offenses • Pseudonymous data
  11. 11. GDPR Highlights Territorial Scope Scenario 1: Processing personal data as an establishment of a data controller or a data processor in the EU, regardless of whether the processing takes place in the EU or not. Scenario 2: Any organisation which is not established in the EU but is processing personal data about data subjects who are in the EU
  12. 12. GDPR Highlights Right to be forgotten Individuals have a right to have personal data erased and to prevent processing in specific circumstances: • Personal data no longer necessary in relation to the purpose for which it was originally collected/processed. • When the individual withdraws consent. • The personal data was unlawfully processed • Legal obligation (e.g. court order)
  13. 13. GDPR Highlights Portability The right to data portability applies: • to personal data an individual has provided to a controller; • where the processing is based on the individual’s consent or for the performance of a contract; • when processing is carried out by automated means.
  14. 14. Now think about this… • Are you confident that when an individual demands full personal data portability you can allocate the data and transfer it without the risk of leaving something behind? • Can you confirm that one’s personal data is not sitting in an email archive, on azure backup or as a completed KYC paper form somewhere in compliance? GDPR Highlights Portability
  15. 15. GDPR Highlights The Data Protection Officer • The requirement to appoint a Data Protection Officer (DPO) is mandatory in the GDPR. • Guidelines on DPO’s published on 05 April 2017 (16/EN - WP 243 rev.01)
  16. 16. Data Breaches…
  17. 17. Data Breaches…
  18. 18. Does the GDPR apply to me?
  19. 19. How to prepare for GDPR? GDPR compliance is not a quick fix and Data breach management not the only step to compliance. Privacy by design Change in culture
  20. 20. How to prepare for GDPR? Privacy by Design • C-Suite attention • Openness and transparency • Restructuring of information/data governance systems • Re-appraisal of information security systems • and serious levels of staff training.
  21. 21. Documents & Records • Registers and Data Attributes • Data Protection Impact Assessments (DPIA) • Applications and System Management • Data Subject's rights • Incident Management • Trainings • Vendor Management (Controller/Processor) • Data Transfers and Portability • Risk Management • Validations & Audits • Notifications Management • Obligatory Reporting (e.g. data breach) • Right to be forgotten Integrations Roles Processes How to prepare for GDPR? Interactions
  22. 22. How to prepare for GDPR? Process Flow 1. Begin with an Information audit 2. Decide what data to keep 3. Securely destroy unnecessary data 4. Assign a Data Protection Officer 5. Begin staff training 6. Review your information/data governance framework 7. Put a clear and effective reporting process in place
  23. 23. GDPR: Data Governance • CCTV recordings • Security Access records • Cookies, web browsing history • GPS records • Criminal record • Gene sequence, dna • Training certificates • Race, religion, political beliefs etc.
  24. 24. GDPR: Don’t forget about paper. • Paper and data privacy relation is easy to ignore. • 15-20 years ago paper would be the focus – Paper, however, is still there. • The longer paper sits without any plan, the bigger risk it becomes.
  25. 25. Data Governance policies will fail if paper is ignored! • Paper is as important in the data privacy conversation - precisely because it’s now so easy to ignore. • Nearly every organization still uses paper in some format. • Paper also poses a risk in that it can be quite difficult to find once misplaced. GDPR: Don’t forget about paper.
  26. 26. Where is the data? How is the data stored? Why do we keep that data? Who is in charge for the data? When do I have to request consent? What does the data consist of? GDPR: Are you ready?
  27. 27. GDPR & Records Management Getting GDPR-ready
  28. 28. GDPR: Records Management
  29. 29. GDPR as an opportunity Data Governance - Digital Transformation - Business Reform GDPR: Records Management
  30. 30. • Physical and Digital Data marriage • Intelligent Content Management • Systems Integration (ERP, CRM, etc.) • Business Process Analysis and Management • Retention Policies • Secure Destruction (physical and digital) GDPR: Records Management Solutions
  31. 31. • Scale Economies • Shared responsibility • Industry know-how • Compliance • Efficiency • Audited processes • SLA monitored performance • Risk Mitigation GDPR: Records Management Benefits
  32. 32. You can not randomly collect personal data? But, it’s just a list of who was naughty and who was nice! Thank You!
  33. 33. Contact Details Christoforos Christoforou Risk and Strategic Planning Manager at Fileminders Email: Phone: +357 22445526