SlideShare a Scribd company logo

Tim Fransen - Klaw

Digitopia
Digitopia

Evolve Event - GDPR

Marketing
1 of 19
GDPR – the truth about the changes in 2018 Tim Fransen Evolve 23 november 2017
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 1 General Data Privacy Regulation - Timeline 1995 2012 2015 2016 2017 2018 … … Implementation period EU Directive 95-46-EC Proposal for new data privacy legislation Agreement on the GDPR text by the European Commission, Parliament and Counsel (17/12/2015) Publication of the General Data Protection Regulation (04/05/2016) - GDPR has entered into force (24/05/2016) General Data Protection Regulation will apply as of (25/05/2018) 1992 Belgian Privacy Act
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 2 What is (sensitive) Personal Data? Financial information. Union membership is sensitive data Family and demographic information. Religious beliefs and race are sensitive data Home and work information. Sexual orientation is sensitive data Medical records. Health information is sensitive data Online behavioral patterns, devices used, etc. Fingerprints, and genetic information Leisure activities and hobbies. Political opinions and group membership are sensitive data Behavioral patterns and interests Travel history and location data
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 3 What is Processing? Legislation Processing Examples Some examples of processing • Remote and read only access • Holding but not performing actions upon personal data • Computer processing data without a human viewing it • Use of “pseudonymized” data Operations performed on personal data: manual or automated The General Data Protection Regulation protects “individuals with regard to the processing of personal data and on the free movement of such data” • consultation, • use, • disclosure by transmission, • dissemination, • alignment or combination, • blocking, • erasure or destruction • collection, • recording, • organization, • storage, • retadaptation or alteration, • rieval,
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 4 Territorial Scope of the GDPR Territorial scope: 1. European Union: 2. European Economic Area: 3. Switserland: 4. “Other” countries: 5. UK & the Brexit?
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 5 Legal basis for Processing? Lawfulness of processing? • Consent • Necessary for the performance of a contract • Necessary for compliance with a legal obligation • Necessary to protect vital interests • Necessary for the performance of a task carried out in the public interest; • Necessary for the purposes of the legitimate interests Consent VitalInterests
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 6 Consent Freely-Given Specific Informed Provide Evidence Easy Accessible Form Distinguishable Right to Withdraw Affirmative action
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 7 Processing principles Purpose Limitation Data Minimization Accuracy Storage Limitation Integrity and Confidentiality Accountability Transparency Fairness Lawfulness
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 8 Controller and Processors Data Controller Data ProcessorData Subject Supervisory Authority Supervisory Authority EU Directive GDPR EU Directive GDPR
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 9 Data Protection Officer? KNOWLEDGE MULTIPLE ENTITIES PROFESSIONAL DUTIES REGISTERED & SPOCDPO REQUIRED? Position of the DPO
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 10 Privacy by Design / Default When? • When determination of the means for processing • When processing itself What? • technical and organizational measures • implement data protection principles • integrate the necessary safeguards (compliance + data subject rights) Privacy by Design When? • Always What? • technical and organizational measures • only personal data is processed which are necessary for each specific purpose • Such as:  amount of data collected  extent of their processing  period of their storage  accessibility Privacy by Default 1 2
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 11 Data Controller Data Processor Identify Document Analyse Report Identify Notify Analyse 72h Data Breach Reporting
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 12 Rights of the Data Subject – Existing Information Access to Data Right to Rectification Right to Object
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 13 Rights of the Data Subject – New Right to be forgotten Data Portability Right to restriction of processing
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 14 The 2-tiered system for penalties 10MIOEURor2%* 20MIOEURor4%* Infringement of the basic processing conditions for consent Infringement of the data subject’s rights: transparency, information, access, right to be forgotten,…) Infringement of personal data transfer modalities Non-compliance with member state laws Non-compliance with temporary or definite suspension of processing Etc. Obligations with regard to consent (incl. Children's data) Privacy by Design / Default (+ PIA) Infringement of the processor’s obligations on protecting the data Records of processing activities (retention schedules, contact details of the processor, documentation of safeguards, etc.) Implementing security safeguards Personal data breaches Data Protection Officer Etc.²
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 15 Cross-border transfer of personal data  Company in EU  Server in EU  Server in USA  Maintenance in 3rd country
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 16 What do we see?
© 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 17 Turning compliance into competitive advantage Prioritising your employees’ and customers’ privacy and branding your organisation accordingly can create a competitive advantage. Brand your organisation Managing privacy risks will build trust from customers, citizens and politicians Build trust A transparent privacy approach will enhance customers’ willingness to consent. Enhance customers’ willingness Adhering to compliance requirements you will be controlling legal liability and reducing the risk of sanctions. Control legal liability Decreasing privacy and security risks will decrease risks of reputational, brand or business relationship damages. Decrease risks Aligning your compliance efforts with existing or planned process or technology changes and projects will decrease the cost of these. Decrease cost
klaw.be Effective. Proactive. Creative. More than a law firm. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. Kratos Law civ. CVBA/SCRL civ. has entered into a cost association with KPMG Tax Advisers civ. CVBA/SCRL civ. Tim Fransen Senior counsel K law tfransen@klaw.be 02/708.36.28

Recommended

Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)University of Ferrara
 
Data protection For CYP Organisations
Data protection For CYP OrganisationsData protection For CYP Organisations
Data protection For CYP OrganisationsCliff Ashcroft
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRMartyn Ripley
 
GDPR - GoDataFest - October 16 - Juliette van Baalen
GDPR - GoDataFest - October 16 - Juliette van BaalenGDPR - GoDataFest - October 16 - Juliette van Baalen
GDPR - GoDataFest - October 16 - Juliette van BaalenGoDataDriven
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Hairul Hafiz Hasbullah
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data... EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...European Data Forum
 

Recommended

Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)
In Praise of Privacy (in the Age of Exchange of Information for Tax Purposes)University of Ferrara
 
Data protection For CYP Organisations
Data protection For CYP OrganisationsData protection For CYP Organisations
Data protection For CYP OrganisationsCliff Ashcroft
 
Introduction to GDPR
Introduction to GDPRIntroduction to GDPR
Introduction to GDPRMartyn Ripley
 
GDPR - GoDataFest - October 16 - Juliette van Baalen
GDPR - GoDataFest - October 16 - Juliette van BaalenGDPR - GoDataFest - October 16 - Juliette van Baalen
GDPR - GoDataFest - October 16 - Juliette van BaalenGoDataDriven
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPRIT Governance Ltd
 
Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Pdpa2010 & GDPR (part 5)
Pdpa2010 & GDPR (part 5) Hairul Hafiz Hasbullah
 
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data... EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...
EDF2013: Selected Talk: František Nonnemann: Re-use of PSI and Personal Data...European Data Forum
 
Data Protection Institutions in EU
Data Protection Institutions in EUData Protection Institutions in EU
Data Protection Institutions in EUMartyn Ripley
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
KK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we doKK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we dokklegal99
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
Case by case - moving data centres to Romania
Case by case - moving data centres to RomaniaCase by case - moving data centres to Romania
Case by case - moving data centres to RomaniaȚuca Zbârcea & Asociații
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalExecutive Leaders Network
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
AA Ukraine
AA UkraineAA Ukraine
AA UkraineEuro Education
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
Economic integration
Economic integrationEconomic integration
Economic integrationEuro Education
 
DCFTA Ukraine
DCFTA UkraineDCFTA Ukraine
DCFTA UkraineEuro Education
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...pi
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 

More Related Content

What's hot

Data Protection Institutions in EU
Data Protection Institutions in EUData Protection Institutions in EU
Data Protection Institutions in EUMartyn Ripley
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Agustin Argelich Casals
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
KK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we doKK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we dokklegal99
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Agustin Argelich Casals
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)FOTIOS ZYGOULIS
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?walescva
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalExecutive Leaders Network
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionDavid Erdos
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines Skyhigh Networks
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 

What's hot (15)

Data Protection Institutions in EU
Data Protection Institutions in EUData Protection Institutions in EU
Data Protection Institutions in EU
 
Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16Martha Buyer V SCTC day conference 24 feb16
Martha Buyer V SCTC day conference 24 feb16
 
EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTe
 
KK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we doKK Legal Law Firm - Who we are & What we do
KK Legal Law Firm - Who we are & What we do
 
Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16Patricia Ayojedi V SCTC day Cloud 24 feb16
Patricia Ayojedi V SCTC day Cloud 24 feb16
 
The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)The implementation of gdpr in greece (1)
The implementation of gdpr in greece (1)
 
Case by case - moving data centres to Romania
Case by case - moving data centres to RomaniaCase by case - moving data centres to Romania
Case by case - moving data centres to Romania
 
Websites: do you tick all the boxes?
Websites: do you tick all the boxes?Websites: do you tick all the boxes?
Websites: do you tick all the boxes?
 
Gemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New NormalGemserv - Accounting for Brexit in the New Normal
Gemserv - Accounting for Brexit in the New Normal
 
New Media Internet Expression and European Data Protection
New Media Internet Expression and European Data ProtectionNew Media Internet Expression and European Data Protection
New Media Internet Expression and European Data Protection
 
AA Ukraine
AA UkraineAA Ukraine
AA Ukraine
 
11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines 11 European Privacy Regulations That Could Cost You €1 Million in Fines
11 European Privacy Regulations That Could Cost You €1 Million in Fines
 
Economic integration
Economic integrationEconomic integration
Economic integration
 
DCFTA Ukraine
DCFTA UkraineDCFTA Ukraine
DCFTA Ukraine
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
 

Similar to Tim Fransen - Klaw

SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPRRobert Bond
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...pi
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1rtjbond
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteClive Rich
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
 
Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Bart Van Den Brande
 
Engage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To GoEngage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To Gopanagenda
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Software Integrity Group
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-LatemAnn Van den Bunder
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...m-hance
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Bart Van Den Brande
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...Carrenza
 
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...Accenture - How Will Policing and Justice Be Affected By the Data Protection ...
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...techUK
 

Similar to Tim Fransen - Klaw (20)

SCCE Processors and GDPR
SCCE Processors and GDPRSCCE Processors and GDPR
SCCE Processors and GDPR
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORI
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...General Data Protection Regulation - The Belgian Guidance on Records of Proce...
General Data Protection Regulation - The Belgian Guidance on Records of Proce...
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1Auditing your EU entities for data protection compliance 5661651 1
Auditing your EU entities for data protection compliance 5661651 1
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florerNtxissacsc5 purple 1-eu-gdpr_patrick_florer
Ntxissacsc5 purple 1-eu-gdpr_patrick_florer
 
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...
 
Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013Privacy and cookies crm inspiration days 2013
Privacy and cookies crm inspiration days 2013
 
Engage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To GoEngage 2018: GDPR Three Days To Go
Engage 2018: GDPR Three Days To Go
 
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17FinTech Belgium GDPR MeetUp - Laga - 14/09/17
FinTech Belgium GDPR MeetUp - Laga - 14/09/17
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
 
GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...GDPR – what does it mean for charities and what you need to consider - Iain P...
GDPR – what does it mean for charities and what you need to consider - Iain P...
 
Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017Abto ledenvergadering: gdpr impact on the travel industry 2017
Abto ledenvergadering: gdpr impact on the travel industry 2017
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
 
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...Accenture - How Will Policing and Justice Be Affected By the Data Protection ...
Accenture - How Will Policing and Justice Be Affected By the Data Protection ...
 

More from Digitopia

Bart Gouweloose - Aveve
Bart Gouweloose - AveveBart Gouweloose - Aveve
Bart Gouweloose - AveveDigitopia
 
Jan Bussels - Digitopia
Jan Bussels - DigitopiaJan Bussels - Digitopia
Jan Bussels - DigitopiaDigitopia
 
Thierry Geerts - Google
Thierry Geerts - GoogleThierry Geerts - Google
Thierry Geerts - GoogleDigitopia
 
Jochen Deldaele - House of digital
Jochen Deldaele - House of digitalJochen Deldaele - House of digital
Jochen Deldaele - House of digitalDigitopia
 
Bram Vanderborght - VUB
Bram Vanderborght - VUB Bram Vanderborght - VUB
Bram Vanderborght - VUB Digitopia
 
Jo caudron - Duval Union
Jo caudron - Duval UnionJo caudron - Duval Union
Jo caudron - Duval UnionDigitopia
 

More from Digitopia (6)

Bart Gouweloose - Aveve
Bart Gouweloose - AveveBart Gouweloose - Aveve
Bart Gouweloose - Aveve
 
Jan Bussels - Digitopia
Jan Bussels - DigitopiaJan Bussels - Digitopia
Jan Bussels - Digitopia
 
Thierry Geerts - Google
Thierry Geerts - GoogleThierry Geerts - Google
Thierry Geerts - Google
 
Jochen Deldaele - House of digital
Jochen Deldaele - House of digitalJochen Deldaele - House of digital
Jochen Deldaele - House of digital
 
Bram Vanderborght - VUB
Bram Vanderborght - VUB Bram Vanderborght - VUB
Bram Vanderborght - VUB
 
Jo caudron - Duval Union
Jo caudron - Duval UnionJo caudron - Duval Union
Jo caudron - Duval Union
 

Recently uploaded

How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessAggregage
 
Uncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsUncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsVWO
 
Kraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationKraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationtbatkhuu1
 
Unraveling the Mystery of The Circleville Letters.pptx
Unraveling the Mystery of The Circleville Letters.pptxUnraveling the Mystery of The Circleville Letters.pptx
Unraveling the Mystery of The Circleville Letters.pptxelizabethella096
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxelizabethella096
 
Martal Group - B2B Lead Gen Agency - Onboarding Overview
Martal Group - B2B Lead Gen Agency - Onboarding OverviewMartal Group - B2B Lead Gen Agency - Onboarding Overview
Martal Group - B2B Lead Gen Agency - Onboarding OverviewMartal Group
 
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceDelhi Call girls
 
Social Media Marketing PPT-Includes Paid media
Social Media Marketing PPT-Includes Paid mediaSocial Media Marketing PPT-Includes Paid media
Social Media Marketing PPT-Includes Paid mediaadityabelde2
 
personal branding kit for music business
personal branding kit for music businesspersonal branding kit for music business
personal branding kit for music businessbrjohnson6
 
Brand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdfBrand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdftbatkhuu1
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?riteshhsociall
 
Cash payment girl 9257726604 Hand ✋ to Hand over girl
Cash payment girl 9257726604 Hand ✋ to Hand over girlCash payment girl 9257726604 Hand ✋ to Hand over girl
Cash payment girl 9257726604 Hand ✋ to Hand over girlCall girl Jaipur
 
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesGoogle 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesSearch Engine Journal
 
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...ChesterYang6
 
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756dollysharma2066
 

Recently uploaded (20)

How to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail SuccessHow to Leverage Behavioral Science Insights for Direct Mail Success
How to Leverage Behavioral Science Insights for Direct Mail Success
 
Uncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 ReportsUncover Insightful User Journey Secrets Using GA4 Reports
Uncover Insightful User Journey Secrets Using GA4 Reports
 
Kraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentationKraft Mac and Cheese campaign presentation
Kraft Mac and Cheese campaign presentation
 
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
Generative AI Master Class - Generative AI, Unleash Creative Opportunity - Pe...
 
Unraveling the Mystery of The Circleville Letters.pptx
Unraveling the Mystery of The Circleville Letters.pptxUnraveling the Mystery of The Circleville Letters.pptx
Unraveling the Mystery of The Circleville Letters.pptx
 
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptxUnraveling the Mystery of the Hinterkaifeck Murders.pptx
Unraveling the Mystery of the Hinterkaifeck Murders.pptx
 
The Future of Brands on LinkedIn - Alison Kaltman
The Future of Brands on LinkedIn - Alison KaltmanThe Future of Brands on LinkedIn - Alison Kaltman
The Future of Brands on LinkedIn - Alison Kaltman
 
Martal Group - B2B Lead Gen Agency - Onboarding Overview
Martal Group - B2B Lead Gen Agency - Onboarding OverviewMartal Group - B2B Lead Gen Agency - Onboarding Overview
Martal Group - B2B Lead Gen Agency - Onboarding Overview
 
How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan ScheltgenHow to Create a Social Media Plan Like a Pro - Jordan Scheltgen
How to Create a Social Media Plan Like a Pro - Jordan Scheltgen
 
Driving AI Competency - Key Considerations for B2B Marketers - Rosemary Brisco
Driving AI Competency - Key Considerations for B2B Marketers - Rosemary BriscoDriving AI Competency - Key Considerations for B2B Marketers - Rosemary Brisco
Driving AI Competency - Key Considerations for B2B Marketers - Rosemary Brisco
 
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort ServiceBDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
BDSM⚡Call Girls in Sector 144 Noida Escorts >༒8448380779 Escort Service
 
Social Media Marketing PPT-Includes Paid media
Social Media Marketing PPT-Includes Paid mediaSocial Media Marketing PPT-Includes Paid media
Social Media Marketing PPT-Includes Paid media
 
personal branding kit for music business
personal branding kit for music businesspersonal branding kit for music business
personal branding kit for music business
 
Brand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdfBrand experience Peoria City Soccer Presentation.pdf
Brand experience Peoria City Soccer Presentation.pdf
 
Turn Digital Reputation Threats into Offense Tactics - Daniel Lemin
Turn Digital Reputation Threats into Offense Tactics - Daniel LeminTurn Digital Reputation Threats into Offense Tactics - Daniel Lemin
Turn Digital Reputation Threats into Offense Tactics - Daniel Lemin
 
What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?What is Google Search Console and What is it provide?
What is Google Search Console and What is it provide?
 
Cash payment girl 9257726604 Hand ✋ to Hand over girl
Cash payment girl 9257726604 Hand ✋ to Hand over girlCash payment girl 9257726604 Hand ✋ to Hand over girl
Cash payment girl 9257726604 Hand ✋ to Hand over girl
 
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best StrategiesGoogle 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
Google 3rd-Party Cookie Deprecation [Update] + 5 Best Strategies
 
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...
Netflix Ads The Game Changer in Video Ads – Who Needs YouTube.pptx (Chester Y...
 
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Majnu.Ka.Tilla Delhi Contact Us 8377877756
 

Tim Fransen - Klaw

  • 1. GDPR – the truth about the changes in 2018 Tim Fransen Evolve 23 november 2017
  • 2. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 1 General Data Privacy Regulation - Timeline 1995 2012 2015 2016 2017 2018 … … Implementation period EU Directive 95-46-EC Proposal for new data privacy legislation Agreement on the GDPR text by the European Commission, Parliament and Counsel (17/12/2015) Publication of the General Data Protection Regulation (04/05/2016) - GDPR has entered into force (24/05/2016) General Data Protection Regulation will apply as of (25/05/2018) 1992 Belgian Privacy Act
  • 3. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 2 What is (sensitive) Personal Data? Financial information. Union membership is sensitive data Family and demographic information. Religious beliefs and race are sensitive data Home and work information. Sexual orientation is sensitive data Medical records. Health information is sensitive data Online behavioral patterns, devices used, etc. Fingerprints, and genetic information Leisure activities and hobbies. Political opinions and group membership are sensitive data Behavioral patterns and interests Travel history and location data
  • 4. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 3 What is Processing? Legislation Processing Examples Some examples of processing • Remote and read only access • Holding but not performing actions upon personal data • Computer processing data without a human viewing it • Use of “pseudonymized” data Operations performed on personal data: manual or automated The General Data Protection Regulation protects “individuals with regard to the processing of personal data and on the free movement of such data” • consultation, • use, • disclosure by transmission, • dissemination, • alignment or combination, • blocking, • erasure or destruction • collection, • recording, • organization, • storage, • retadaptation or alteration, • rieval,
  • 5. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 4 Territorial Scope of the GDPR Territorial scope: 1. European Union: 2. European Economic Area: 3. Switserland: 4. “Other” countries: 5. UK & the Brexit?
  • 6. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 5 Legal basis for Processing? Lawfulness of processing? • Consent • Necessary for the performance of a contract • Necessary for compliance with a legal obligation • Necessary to protect vital interests • Necessary for the performance of a task carried out in the public interest; • Necessary for the purposes of the legitimate interests Consent VitalInterests
  • 7. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 6 Consent Freely-Given Specific Informed Provide Evidence Easy Accessible Form Distinguishable Right to Withdraw Affirmative action
  • 8. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 7 Processing principles Purpose Limitation Data Minimization Accuracy Storage Limitation Integrity and Confidentiality Accountability Transparency Fairness Lawfulness
  • 9. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 8 Controller and Processors Data Controller Data ProcessorData Subject Supervisory Authority Supervisory Authority EU Directive GDPR EU Directive GDPR
  • 10. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 9 Data Protection Officer? KNOWLEDGE MULTIPLE ENTITIES PROFESSIONAL DUTIES REGISTERED & SPOCDPO REQUIRED? Position of the DPO
  • 11. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 10 Privacy by Design / Default When? • When determination of the means for processing • When processing itself What? • technical and organizational measures • implement data protection principles • integrate the necessary safeguards (compliance + data subject rights) Privacy by Design When? • Always What? • technical and organizational measures • only personal data is processed which are necessary for each specific purpose • Such as:  amount of data collected  extent of their processing  period of their storage  accessibility Privacy by Default 1 2
  • 12. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 11 Data Controller Data Processor Identify Document Analyse Report Identify Notify Analyse 72h Data Breach Reporting
  • 13. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 12 Rights of the Data Subject – Existing Information Access to Data Right to Rectification Right to Object
  • 14. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 13 Rights of the Data Subject – New Right to be forgotten Data Portability Right to restriction of processing
  • 15. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 14 The 2-tiered system for penalties 10MIOEURor2%* 20MIOEURor4%* Infringement of the basic processing conditions for consent Infringement of the data subject’s rights: transparency, information, access, right to be forgotten,…) Infringement of personal data transfer modalities Non-compliance with member state laws Non-compliance with temporary or definite suspension of processing Etc. Obligations with regard to consent (incl. Children's data) Privacy by Design / Default (+ PIA) Infringement of the processor’s obligations on protecting the data Records of processing activities (retention schedules, contact details of the processor, documentation of safeguards, etc.) Implementing security safeguards Personal data breaches Data Protection Officer Etc.²
  • 16. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 15 Cross-border transfer of personal data  Company in EU  Server in EU  Server in USA  Maintenance in 3rd country
  • 17. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 16 What do we see?
  • 18. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. 17 Turning compliance into competitive advantage Prioritising your employees’ and customers’ privacy and branding your organisation accordingly can create a competitive advantage. Brand your organisation Managing privacy risks will build trust from customers, citizens and politicians Build trust A transparent privacy approach will enhance customers’ willingness to consent. Enhance customers’ willingness Adhering to compliance requirements you will be controlling legal liability and reducing the risk of sanctions. Control legal liability Decreasing privacy and security risks will decrease risks of reputational, brand or business relationship damages. Decrease risks Aligning your compliance efforts with existing or planned process or technology changes and projects will decrease the cost of these. Decrease cost
  • 19. klaw.be Effective. Proactive. Creative. More than a law firm. © 2017 Kratos Law, a Belgian civ. CVBA/SCRL civ. All rights reserved. Kratos Law civ. CVBA/SCRL civ. has entered into a cost association with KPMG Tax Advisers civ. CVBA/SCRL civ. Tim Fransen Senior counsel K law tfransen@klaw.be 02/708.36.28