Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Jan 2018 1

45 views

Published on

ARE YOU READY FOR GENERAL DATA PROTECTION REGULATIONS (GDPR)?

Published in: Business
  • Be the first to comment

  • Be the first to like this

GDPR Jan 2018 1

  1. 1. CHILTERN BUSINESS CONNECTIONS GOOD MORNING
  2. 2. ARE YOU READY FOR GENERAL DATA PROTECTION REGULATIONS (GDPR)?
  3. 3. GENERAL DATA PROTECTION REGULATIONS (GDPR) GDPR comes into effect May 2018 Initially EU ‘driven’ – set to become a worldwide standard - builds upon existing data protection rules Information Commissioner’s Office (ICO) is relevant U.K. ‘body’
  4. 4. GENERAL DATA PROTECTION REGULATIONS (GDPR) Prompted by the growth in data processing Evolution rather than revolution of the rules Not a new Millennium Bug Aim to achieve privacy by design and default
  5. 5. GENERAL DATA PROTECTION REGULATIONS (GDPR) Requires personal data (PD) to be respected - Accountability - Transparency - Individuals’ rights An obligation on all businesses/organisations Severe penalties for non- compliance
  6. 6. GENERAL DATA PROTECTION REGULATIONS (GDPR) Important in terms of client reassurance An opportunity to focus on client care Positive use of GDPR
  7. 7. GENERAL DATA PROTECTION REGULATIONS (GDPR) Organisations are required to have a legal basis to process 1. Contract 2. Consent 3. Vital Interest 4. Public Task 5. Comply with legal obligations 6. Legitimate Interests
  8. 8. GENERAL DATA PROTECTION REGULATIONS (GDPR) Segmentation appropriate i.e. - Contract basis for preparing wills/LPAs etc. - Consent basis for marketing communication A ‘granular‘ approach required - Consent cannot be ‘bundled’ Consent must be ‘active’
  9. 9. GENERAL DATA PROTECTION REGULATIONS (GDPR) Privacy statements to include: - Legal basis for processing data - What is to happen to the data - What a client does if there’s a problem On website and in terms of trading
  10. 10. GENERAL DATA PROTECTION REGULATIONS (GDPR) Imposes general obligation to implement technical and organisational measures to show that consideration has been given to data protection when processing.
  11. 11. GENERAL DATA PROTECTION REGULATIONS (GDPR) IOC checklist: Privacy Impact Assessment (PIA) Audit and log what PD held and how it flows Document who PD comes from - what you do with it - with whom you share it
  12. 12. GENERAL DATA PROTECTION REGULATIONS (GDPR) Identify and document lawful basis for processing PD Review and record how consent is obtained and recorded Establish means to record/manage ongoing consent
  13. 13. GENERAL DATA PROTECTION REGULATIONS (GDPR) Maintain registration with ICO Ensure privacy notices readily available Concise - easy to understand - identifies you – confirms how PD to be handled - with whom shared – how long to be retained
  14. 14. GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish right for individuals to access PD Establish process to keep PD accurate and up to date (relevant for wills/LPAs?) Provide for effective destruction of PD no longer required.
  15. 15. GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish procedure to respond to clients’ requests to restrict processing Allow individuals to copy/move their PD Reference to automated decision making (NA)
  16. 16. GENERAL DATA PROTECTION REGULATIONS (GDPR) Ensure data protection policy in place and review compliance periodically Provide data protection training for all staff Written contract with appropriately vetted ‘data processors’
  17. 17. GENERAL DATA PROTECTION REGULATIONS (GDPR) Clear security policies and procedures – regularly reviewed Ensure data protection is integrated into all activities Understand when and how Data Protection Impact Assessments (DPIAs) should be used.
  18. 18. GENERAL DATA PROTECTION REGULATIONS (GDPR) Nominate Data Protection Officer (DPO) Promote positive culture of data protection Develop and maintain an information security policy
  19. 19. GENERAL DATA PROTECTION REGULATIONS (GDPR) Special rules for any information transferred beyond the EEA Establish procedure to deal with identifying, reporting, managing and resolving PD breaches
  20. 20. GENERAL DATA PROTECTION REGULATIONS (GDPR) That’s all there is to it !

×