SlideShare a Scribd company logo

GDPR-compliance for SMEs and foundations

Download as PPTX, PDF
J
JudyJordaan1

Thank you ACRON (Association of Contract Research Organisations in the Netherlands) for the opportunity to run your members through the steps needed for GDPR-compliance

Law
1 of 11
with Judy Jordaan
2. Collected for specified, explicit and legitimate purpose 3. Adequate, relevant and limited to what is necessary 4. Accurate and up-to-date 5. Identifiable only for as long as necessary 6. Secure 1. Fairly, lawfully and transparently processed GDPR Personal Data Principles
METHODOLOGY GDPR GAP ANALYSIS
Personal data Do you process personal data?  Data is personal if it relates to an identified or identifiable individual - For example: name, ID/BSN numbers, physical addresses, online identifiers (like IP addresses or cookies)  One-man-owned entities (ZZPers) are viewed as individuals  Any sensitive personal data?
Mapping the data flow Examples of where personal data may come from? Websites Newsletters Memberships ABC B.V. HR
Processing the data What do you do with the data?  ‘Process’ means collect, record, organise, structure, store, adapt, alter, retrieve, use, restrict, disclose, erase, destroy.  What type of processing organisation are you? ‘Controller’ determines the purpose of the data and the way in gets processed  ‘Processor’ only processes on instruction of the Controller
Purpose of Processing Why are you processing the personal data?  Defining the purpose is the cornerstone to establishing whether you are respecting GDPR principles:  Collecting more data than is needed to achieve your purpose = Breach of data minimisation principle  Storing data for longer than you need to achieve your purpose = Breach of storage limitation principle
Legal basis for Processing Are you allowed to process the data?  Consent  Performance of a contract  Legitimate interest of Controller  Legal obligation  Protection of vital interests  Public interest
Outsourced Data Processing Any third party Processors?  If so, are written agreements in place?  Any international transfer of data? - If yes, adequate protection levels need to be met by ensuring transfer is per Privacy Shield Framework or EU Standard Contractual Clauses
Security of data What safety measures are in place?  Technical & Organisational security measures taken?  Data Breach Response Plan in place?  Third party processor capable of implementing?
Document findings Remedial measures required?  REGISTRY of Data Processing Activities - Cornerstone of your Data Protection Strategy - Action items demonstrate your continual working towards compliance - Reviewed regularly and is constant work in progress COMPLIANT

Recommended

Living with gdpr
Living with gdprLiving with gdpr
Living with gdpr
Sarah Chadbourne
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICOGDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICO
BCS Data Management Specialist Group
 
The GDPR timeline - Stephen Bailey, NCC Group
The GDPR timeline - Stephen Bailey, NCC GroupThe GDPR timeline - Stephen Bailey, NCC Group
The GDPR timeline - Stephen Bailey, NCC Group
BCS Data Management Specialist Group
 
GDPR Checklist Infographic
GDPR Checklist InfographicGDPR Checklist Infographic
GDPR Checklist Infographic
Connexica
 
DHR GDPR Overview
DHR GDPR OverviewDHR GDPR Overview
DHR GDPR Overview
Frank Smeekes
 
GDPR for marketers
GDPR for marketersGDPR for marketers
GDPR for marketers
Mapp Digital
 
Developing a privacy compliance program
Developing a privacy compliance programDeveloping a privacy compliance program
Developing a privacy compliance program
Raoul Miller
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
etouches
 

Recommended

Living with gdpr
Living with gdprLiving with gdpr
Living with gdpr
Sarah Chadbourne
 
GDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICOGDPR: The Regulator's Perspective, Peter Brown, ICO
GDPR: The Regulator's Perspective, Peter Brown, ICO
BCS Data Management Specialist Group
 
The GDPR timeline - Stephen Bailey, NCC Group
The GDPR timeline - Stephen Bailey, NCC GroupThe GDPR timeline - Stephen Bailey, NCC Group
The GDPR timeline - Stephen Bailey, NCC Group
BCS Data Management Specialist Group
 
GDPR Checklist Infographic
GDPR Checklist InfographicGDPR Checklist Infographic
GDPR Checklist Infographic
Connexica
 
DHR GDPR Overview
DHR GDPR OverviewDHR GDPR Overview
DHR GDPR Overview
Frank Smeekes
 
GDPR for marketers
GDPR for marketersGDPR for marketers
GDPR for marketers
Mapp Digital
 
Developing a privacy compliance program
Developing a privacy compliance programDeveloping a privacy compliance program
Developing a privacy compliance program
Raoul Miller
 
GDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to FollowGDPR: the Steps Event Planners Need to Follow
GDPR: the Steps Event Planners Need to Follow
etouches
 
Information classification
Information classificationInformation classification
Information classification
Howard Diesel (CDMP BI, DW, DBA, Msc Elec Eng)
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
 
Proving GDPR Compliance
Proving GDPR ComplianceProving GDPR Compliance
Proving GDPR Compliance
Arden Group
 
Introduction to Information Technology ( IT )
Introduction to Information Technology ( IT )Introduction to Information Technology ( IT )
Introduction to Information Technology ( IT )
Er Aadarsh Srivastava
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locations
InTechnology Managed Services (part of Redcentric)
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017
John M Walsh
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Cybersecurity and Data Protection Executive Briefing
Cybersecurity and Data Protection Executive BriefingCybersecurity and Data Protection Executive Briefing
Cybersecurity and Data Protection Executive Briefing
RFA
 
Data protection act
Data protection actData protection act
Data protection act
Rev Marketing
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud Storage
Texas Medical Liability Trust
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
Mafazo: Digital Solutions
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
Vuzion
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
Guy Griffiths
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
Jatin Kochhar
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
Jatin Kochhar
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
Jatin Kochhar
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
Finto Thomas , CISSP, TOGAF, CCSP, ITIL. JNCIS
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 

More Related Content

What's hot

Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
David J Rosenthal
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
IDERA Software
 

What's hot (20)

Information classification
Information classificationInformation classification
Information classification
 
Classifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoftClassifying Data to Help Secure Business Information - Template fromMicrosoft
Classifying Data to Help Secure Business Information - Template fromMicrosoft
 
Proving GDPR Compliance
Proving GDPR ComplianceProving GDPR Compliance
Proving GDPR Compliance
 
Introduction to Information Technology ( IT )
Introduction to Information Technology ( IT )Introduction to Information Technology ( IT )
Introduction to Information Technology ( IT )
 
Effective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locationsEffective data protection for businesses with multiple locations
Effective data protection for businesses with multiple locations
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017 Data Protection Forum meetup 23052017
Data Protection Forum meetup 23052017
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Cybersecurity and Data Protection Executive Briefing
Cybersecurity and Data Protection Executive BriefingCybersecurity and Data Protection Executive Briefing
Cybersecurity and Data Protection Executive Briefing
 
Data protection act
Data protection actData protection act
Data protection act
 
What Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud StorageWhat Every Physician Needs to Know About Cloud Storage
What Every Physician Needs to Know About Cloud Storage
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
GDPR Data Lifecycle
GDPR Data LifecycleGDPR Data Lifecycle
GDPR Data Lifecycle
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
 
Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0Data lake protection ft 3119 -ver1.0
Data lake protection ft 3119 -ver1.0
 
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and GovernanceGeek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
Geek Sync | Tackling Key GDPR Challenges with Data Modeling and Governance
 

Similar to GDPR-compliance for SMEs and foundations

GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 

Similar to GDPR-compliance for SMEs and foundations (20)

GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
GDPR: What does it mean for your business?
GDPR: What does it mean for your business?GDPR: What does it mean for your business?
GDPR: What does it mean for your business?
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Conducting a self-audit of data protection compliance
Conducting a self-audit of data protection complianceConducting a self-audit of data protection compliance
Conducting a self-audit of data protection compliance
 
Microsoft dynamics 365 for small and medium sized charities - session 2 gdpr
Microsoft dynamics 365 for small and medium sized charities - session 2 gdprMicrosoft dynamics 365 for small and medium sized charities - session 2 gdpr
Microsoft dynamics 365 for small and medium sized charities - session 2 gdpr
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR Demystified
GDPR Demystified GDPR Demystified
GDPR Demystified
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
IAB Europe's GDPR Compliance Primer
IAB Europe's GDPR Compliance PrimerIAB Europe's GDPR Compliance Primer
IAB Europe's GDPR Compliance Primer
 

Recently uploaded

一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
trryfxkn
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
Fir La
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
mefyqyn
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
Airst S
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
F La
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
ZurliaSoop
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
doypbe
 

Recently uploaded (20)

It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy NovicesIt’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
It’s Not Easy Being Green: Ethical Pitfalls for Bankruptcy Novices
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
一比一原版(McMaster毕业证书)麦克马斯特大学毕业证学历认证可查认证
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
Elective Course on Forensic Science in Law
Elective Course on Forensic Science in LawElective Course on Forensic Science in Law
Elective Course on Forensic Science in Law
 
Democratic Awareness with Legal Literacy POLS 303.pptx
Democratic Awareness with Legal Literacy POLS 303.pptxDemocratic Awareness with Legal Literacy POLS 303.pptx
Democratic Awareness with Legal Literacy POLS 303.pptx
 
5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf5-6-24 David Kennedy Article Law 360.pdf
5-6-24 David Kennedy Article Law 360.pdf
 
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdfposts-harmful-to-secular-structure-of-the-country-539103-1.pdf
posts-harmful-to-secular-structure-of-the-country-539103-1.pdf
 
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
一比一原版(IC毕业证书)帝国理工学院毕业证如何办理
 
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
一比一原版(ASU毕业证书)亚利桑那州立大学毕业证成绩单原件一模一样
 
Jim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docxJim Eiberger Rental Agreement Redacted Former Lease.docx
Jim Eiberger Rental Agreement Redacted Former Lease.docx
 
一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理一比一原版赫尔大学毕业证如何办理
一比一原版赫尔大学毕业证如何办理
 
Dematerialisation of securities of private companies
Dematerialisation of securities of private companiesDematerialisation of securities of private companies
Dematerialisation of securities of private companies
 
judicial remedies against administrative actions.pptx
judicial remedies against administrative actions.pptxjudicial remedies against administrative actions.pptx
judicial remedies against administrative actions.pptx
 
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
一比一原版(Monash毕业证书)澳洲莫纳什大学毕业证如何办理
 
Career As Legal Reporters for Law Students
Career As Legal Reporters for Law StudentsCareer As Legal Reporters for Law Students
Career As Legal Reporters for Law Students
 
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
Jual obat aborsi Bandung ( 085657271886 ) Cytote pil telat bulan penggugur ka...
 
The Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in GreeceThe Main Procedures for a Divorce in Greece
The Main Procedures for a Divorce in Greece
 
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
一比一原版(Columbia毕业证书)哥伦比亚大学毕业证原件一模一样
 

GDPR-compliance for SMEs and foundations

  • 2. 2. Collected for specified, explicit and legitimate purpose 3. Adequate, relevant and limited to what is necessary 4. Accurate and up-to-date 5. Identifiable only for as long as necessary 6. Secure 1. Fairly, lawfully and transparently processed GDPR Personal Data Principles
  • 4. Personal data Do you process personal data?  Data is personal if it relates to an identified or identifiable individual - For example: name, ID/BSN numbers, physical addresses, online identifiers (like IP addresses or cookies)  One-man-owned entities (ZZPers) are viewed as individuals  Any sensitive personal data?
  • 5. Mapping the data flow Examples of where personal data may come from? Websites Newsletters Memberships ABC B.V. HR
  • 6. Processing the data What do you do with the data?  ‘Process’ means collect, record, organise, structure, store, adapt, alter, retrieve, use, restrict, disclose, erase, destroy.  What type of processing organisation are you? ‘Controller’ determines the purpose of the data and the way in gets processed  ‘Processor’ only processes on instruction of the Controller
  • 7. Purpose of Processing Why are you processing the personal data?  Defining the purpose is the cornerstone to establishing whether you are respecting GDPR principles:  Collecting more data than is needed to achieve your purpose = Breach of data minimisation principle  Storing data for longer than you need to achieve your purpose = Breach of storage limitation principle
  • 8. Legal basis for Processing Are you allowed to process the data?  Consent  Performance of a contract  Legitimate interest of Controller  Legal obligation  Protection of vital interests  Public interest
  • 9. Outsourced Data Processing Any third party Processors?  If so, are written agreements in place?  Any international transfer of data? - If yes, adequate protection levels need to be met by ensuring transfer is per Privacy Shield Framework or EU Standard Contractual Clauses
  • 10. Security of data What safety measures are in place?  Technical & Organisational security measures taken?  Data Breach Response Plan in place?  Third party processor capable of implementing?
  • 11. Document findings Remedial measures required?  REGISTRY of Data Processing Activities - Cornerstone of your Data Protection Strategy - Action items demonstrate your continual working towards compliance - Reviewed regularly and is constant work in progress COMPLIANT