Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
GDPR – The next steps !
6 PRINCIPLES OF DATA
PROTECTION
1. Lawfulness, fairness, transparency
2. Purpose Limitation
3. Data Minimisation
4. Accura...
NEXT STEPS….
DPO or not ?
Carry out a Data Audit and Document it (Data Map)
• Controller or Processor ?
• What do I have ?...
NEXT STEPS….
Documentation
1. Data Protection Policy Statement
2. Information Security Policy
3. Privacy Notice
4. Consent...
AND FINALLY….
• Register with the ICO and advise clients
of this.
• Regularly monitor and review policy,
procedures and pu...
Thank
You !
Upcoming SlideShare
Loading in …5
×

CBC GDPR – 1 month to go

The next steps...

Related Books

Free with a 30 day trial from Scribd

See all
  • Be the first to comment

  • Be the first to like this

CBC GDPR – 1 month to go

  1. 1. GDPR – The next steps !
  2. 2. 6 PRINCIPLES OF DATA PROTECTION 1. Lawfulness, fairness, transparency 2. Purpose Limitation 3. Data Minimisation 4. Accuracy 5. Storage Limitation 6. Integrity and confidentiality
  3. 3. NEXT STEPS…. DPO or not ? Carry out a Data Audit and Document it (Data Map) • Controller or Processor ? • What do I have ? • How do I get it ? • Where do I store it ? • Locally (digital), Locally (Physical) or Cloud digital • Who has access to it ? • How secure is it ? NOTE: GDPR applies to customers AND suppliers AND Employees Complete a Gap Analysis Spreadsheet • It looks complex and difficult but its not ! • This shows your compliance Gaps • Allows you to determine which ones you address first • Written form of Data Audit covering most Articles of GDPR – including location, Legal Basis etc.
  4. 4. NEXT STEPS…. Documentation 1. Data Protection Policy Statement 2. Information Security Policy 3. Privacy Notice 4. Consent - Notify existing customers of your GDPR program and ask for positive consent to store and use their data – strictly for the purposes of your business with them AND tell them the rights they have 5. Give your customers an easy to follow form/procedure for Subject Access requests • What data you have • Correcting errors in that data • Deleting that data • Restriction of processing • Data Portability • The right to object • The right to appropriate decision making 6. Third Party Data Processing agreements – signed, legal and binding 7. Data Breach Procedure
  5. 5. AND FINALLY…. • Register with the ICO and advise clients of this. • Regularly monitor and review policy, procedures and published documentation to ensure they remain effective and relevant
  6. 6. Thank You !

×