Key features of GDPR. Basic challenges of business-friendly implementation.

1. SETTING UP
GDPR-PROOF
PRIVACY COMPLIANCE
Dr.Igor Máté

2. DATA PROTECTION IS ON AGENDA NOWWHY
Oh,myGod!
Youareinsecure,
because
yourdatais
unsecured
?

3. DATA PROTECTION IS ON AGENDA NOWWHY
BUSINESS
PUBLIC
LAW
?
PIE:valueofdataofEuropeancitizensincreaseby1trillionEURbyyear
corporatereputation
employerbranding
overallgovernance
PrivacyShield
BCR
NEW!EU GENERALDATA
PROTECTION REGULATION
Austrianstudentattacked
Facebook
>ECJnullifiedEU-US privacy
regime
Yahoodatabreach
TODAY
TOMORROW

4. THE SCALE ASTRONOMIC
Sun Earth TODAY
200k EUR *
TOMORROW
200m EUR **
* RECENTMAXIMUM FINE (averageEU)
** NEW MAXIMUM:4% OFGLOBALTURNOVER
(takingaglobalcompanyasexample)

5. THE NAME OFTHE GAME GDPR
EU REGULATION
regulation
single,
unifiedregime
effectiveoutsideofEurope
May25,2018
multipleenforcement
significantlyhigher
consequencesof
non-compliance
extended& enlarged
obligations
EU GeneralDataProtectionRegulation

6. KEY NEW FEATURESOFGDPR
ACCOUNTABILITY
DATA PROTECTION
BY DESIGN
& BY DEFAULT
PIA
INDIVIDUALS’RIGHTS
righttobeinformed
recipientsof
personaldata
DataProtection
Officer
Privacy
Impact
Assessment
BREACHNOTIFICATION DPO
processes& policies
documentation
fosteringto
livetherights

7. CORPORATE RESPONDS&ACTIONS
GROUP DATA PROTECTION FRAMEWORK
SINGLE
UNIFIED
CENTRALIZED
SCALECHANGE BOARDROOM ISSUE
SPECIALPROFESSIONAL
TIMELY SOLUTION
IMPLEMENTATION
CHALLENGES
NEW DIMENSION
PRIVACY FUNCTION
MULTIPLEDEPARTMENTS
CONCERNED

8. KEY ELEMENTS OFFRAMEWORK 4W
WHY?
WHAT?
WHERE?
WHO?
businesspurpose:
processes/actions
typeofdata
systems,files
delicate
distinction
reaccess

9. KEY STAKEHOLDERS
DATA USERS (PROCESS /INFORMATION OWNERS)
DATA PROCESSORS
HR
Sales/Marketing/CRM
Communications/CSR
PurchaseIT
ITSecurity
Security

10. ACTIONSIN COOPERATION WITH STAKEHOLDERS
2016 2017 2018Q1 Q1 Q2 Q3 Q4 March31
Dataprotection
fitnesssurvey
Developingmanuals,
trainingmaterials
Trainingofstakeholders
(processowners)
Briefing(local)
management
NominatingLocalData
ProtectionCoordinators
Workshopswith
stakeholders
(Basicself-compliance
checkwithnational
legislation)
DATA MAPPING
AND INVENTORY
GDPR-PROOFGROUP
PRIVACY FAMEWORK
1
2
3
4

11. dataMAPPING
purpose
deletion
rightsofdata
subjects
(consent,SAR)
datacategories
processes
accessrights
andrecipients
transfer
(outsourcing)
quality(accuracy)
assurance
storageand
safeguarding
(security)
backupactions
(breach/incident)

12. BRIEFINGS,WORKSHOPS,TRAININGS
AWARENESS
APPROACH
ATTRIBUTEOFPERSONALDATA PROTECTION
AS CORPORATE FUNCTION
ConstitutionalRight
“CONSUMER TRUSTIS ESSENTIAL
TO ACHIEVING GROWTH.”
CodeofConduct
„WHATEVER DIRECTION YOU’RE TAKING WITH
PEOPLE’S INFORMATION;YOU’RE TAKING THOSE
PEOPLE WITH YOU.”
Accessory
„YOU NEED TO BUILD THE CONSIDERATIONS FOR
PRIVACY INTO YOUR PROJECTS RIGHTFROM
THE BEGINNING TO MAKE ITWORK.”

13. DATA PROTECTION WILLBE ON AGENDAWHY?
INTERNALLY EXTERNALLY OTHERS
PRIVACY BY DESIGN /PRIVACY
RISK ASESSMENT
OUTSOURCING (TRANSFER)
EDUCATION AND TRAINING
REVIEW /CONTROL
INCIDENTMANGEMENT
SARs
DOCUMENTING AND
REPORTING COMPLIANCE
DPA AUDITS
BREXIT
PRIVACY SHIELD
DUE DILIGENCE

14. TAKEAWAYS
PERSONALDATA PROTECTION VERY MUCH IN FOCUS
TOUGHER REGULATIONS ATTHE DOORSTEP
RISKS EVOLVE
NON-COMPLIANCE MAY BRING SEVERE IMPLICATIONS
NEW STAKE OFINTERNAL ACTIVITY NEEDED
DEDICATED CORPORATE FUNCTION TO SETUP
375,374,373,372,371,370,369...BUSINESS DAYS

15. QUESTIONS
THANK YOU!
Dr.IgorMáté
https://no.linkedin.com/in/igormate