An overview of the key facts about the GDPR and what businesses need to do before the legislation goes live in May 2018. Originally delivered at an event in September 2017 by Carswell Gould (a marketing communications agency) and Moore Blatch (a law firm) and in collaboration with Sofigate (an IT consultancy).
Eluru Call Girls Service ☎ ️93326-06886 ❤️🔥 Enjoy 24/7 Escort Service
Is your business GDPR ready?
1. Is your business GDPR ready?
BROUGHT TO YOU BY
27/09 Richmond
28/09 Southampton
2. Is your business GDPR ready?
Welcome
Moore Blatch, Carswell Gould and Sofigate recently joined forces for two GDPR
breakfast briefings, in Richmond and Southampton. The three firms have
combined their know-how on the subject to deliver a unique insight into the legal,
communication, IT challenges and opportunities presented by the GDPR.
Our aim is to help you get GDPR ready!
3. Is your business GDPR ready?
We’re different because we believe the most important person in a legal team isn’t the lawyer, it’s you. So we give you more than other
law firms. More expertise. More depth. More clarity. Whatever you face in life or in business, we won’t be just your lawyer, we’ll be your
trusted friend and confidant as well. Our job is to listen and understand, and then use our expertise to find the best solution for you.
You’ll find we are fast and efficient, with a team based approach and a relentless focus on quality. You’ll also find our prices are
competitive, giving you excellent value for money.
We’re the south’s best connected creative communications agency. We start with the customer and focus on delivering measurable
impact to exceed expectations. Our work spans a wide range of industries including professional services, education, culture and
heritage, land and property, start-ups and marine. Our single minded aim is to help our clients’ businesses grow. Each of our core
services of content, web development and creative design have all recently been recognised by leading industry bodies including three
Hermes Creative Awards, twelve CIPR PRide Awards and we’ve been a finalist at the Wirehive 100 Awards on multiple occasions, so you
know you are in good hands.
We work hand in hand with global clients to deliver transformational digital changes, shaping landscapes internally and externally by
accelerating growth, reducing cost and cutting time to market. Our primary focus is on enabling through technology, allowing our clients
to leverage existing digital competencies, exploring new technologies and transforming existing technologies, empowering them to
seize opportunities both old and new. Our ways of working deliver tangible results that build on the business capabilities provided by
technology, fostering sustainable and lasting positive change.
www.carswellgould.co.uk
www.mooreblatch.com
www.sofigate.com
4. Presenters
Is your business GDPR ready?
Ed Gould
Creative Director
Dorothy Agnew
Partner
Nick Russell
Director
Gareth Miller
Managing Director
John Warchus
Partner
Peter Truman
Director
5. What is the GDPR?
● General Data Protection Regulation
● Replaces the UK Data Protection Act 1998 (DPA)
● Live from 25 May 2018
● Will affect every organisation that collects or handles data relating to EU
residents.
● Monitored by national supervisory authorities
Is your business GDPR ready?
6. It’s all about personal data
The use of data will be subject to the GDPR where it involves processing personal data
There are two types of processors of personal data:
1. Controllers - determine purpose and means of processing personal data
2. Processors - process personal data on behalf of the controller
Is your business GDPR ready?
7. Six principles of data processing
Personal data must be processed in accordance with the following six principles:
1. Processed fairly and lawfully and in a transparent manner
2. Collected for specified, explicit and legitimate purposes and not further processed in a manner
that is incompatible with those purposes
3. Adequate, relevant, limited to what is necessary
4. Accurate and, where necessary, kept up to date
5. Kept in a form which permits identification of data subjects for no longer than necessary
6. Processed in a manner that ensures appropriate security of the personal data
Is your business GDPR ready?
8. Six conditions of processing
Processing is only lawful if at least one of these six conditions apply:
1. You have the data subject’s consent
2. Processing is necessary for the performance of a contract
3. Processing is necessary for compliance with a legal obligation of controller
4. Processing is necessary to protect the data subject’s vital interests
5. Processing is necessary to perform a task carried out in the public interest or
the exercise of official authority
6. Processing is necessary for the purposes of the legitimate interest of the
controller or third party, except where overridden by interests or fundamental
rights/freedoms of data subject
Is your business GDPR ready?
9. New obligations on controllers
● To demonstrate compliance with the data protection principles
● To carry out impact assessments
● Appoint a data protection officer (DPO)
● Data protection by design and default
● Notification of breaches
● Keep a record of processing activities
Is your business GDPR ready?
10. New rights for data subjects
● Broader rights of subject access
● Right to be forgotten (erasure)
● Right to object to profiling for direct marketing purposes
● Data portability
Is your business GDPR ready?
11. Increased fines for non-compliance
Controllers
● Fines up to (greater of) 4% of annual worldwide turnover of the
preceding financial year or 20 million euros
Processors
● Fines up to (greater of) 2% of annual worldwide turnover of the
preceding financial year or 10 million euros
Is your business GDPR ready?
12. Is your business GDPR ready?
The GDPR and direct marketing
Put someone in charge of GDPR in your business to:
● Update processes and communication for the collection,
cleansing and storage of personal data
● Create/update your internal data policy
● Update
○ current terms and conditions
○ data protection policy
○ sign-up forms
○ privacy notices
● Invite and encourage your active customers and subscribers
● Enshrine solid and consistent deletion processes
13. 1. Live from 25 May 2018
2. Consent should be – freely given, specific, informed and unambiguous
3. Data portability
4. Right to erasure/Right to be forgotten
5. You may be required to appoint a data protection officer (DPO)
6. Fines of up to £20 million, or 4% of turnover
Is your business GDPR ready?
Summary - Six key ‘takeaways’ about the GDPR
14. 1. Promote awareness of GDPR with your team
2. Audit the data you hold and how it is collected
3. Check the privacy policies and procedures you have in place
4. Be prepared to provide information to individuals and allow for exercise of their other rights
5. Review processing of data based on consent and collect and store the evidence
6. Consider special procedures for dealing with children's data
7. Review and if necessary update security for data and prepare for possible data breaches
8. Implement “Data Protection by Design and Default”
9. Review appointment of a Data Protection Officer
10. Don’t ignore it!
Is your business GDPR ready?
10 steps to get in shape for GDPR