Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A2: Getting ready for GDPR (with only one month to go)

402 views

Published on

Slides for the breakout session A2: Getting ready for GDPR (with only one month to go) from the NCVO Annual Conference which took place on 16 April 2018.

Published in: Government & Nonprofit
  • Be the first to comment

  • Be the first to like this

A2: Getting ready for GDPR (with only one month to go)

  1. 1. GETTING READY FOR GDPR (WITH ONLY ONE MONTH TO GO) CHAIR SUSAN CORDINGLEY DIRECTOR OF PLANNING AND RESOURCES, NCVO SPEAKERS KATIE BONAS LEGAL COUNSEL, SAMARITANS VICTORIA HORDERN HEAD OF DATA PRIVACY, BATESWELLS BRAITHWAITE Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
  2. 2. 16 April 2018 Getting ready for GDPR …and does it matter if we’re not. NCVO Annual Conference 2018
  3. 3. What does Elizabeth Denham think? ICO @ICOnews Apr 9 Q: What do you think is the most important aspect of the GDPR? ED: Transparency. That's the expectation of the public. #DPPC2018
  4. 4. Your shopfront
  5. 5. So what will happen on 26th May 2018? OR
  6. 6. What will likely happen on 26th May 2018? “I hope by now you know that enforcement is a last resort. I have no intention of changing the ICO’s proportionate and pragmatic approach after 25th of May. Hefty fines will be reserved for those organisations that persistently, deliberately or negligently flout the law. Those organisations that self-report, engage with us to resolve issues and can demonstrate effective accountability arrangements can expect this to be a factor when we consider any regulatory action”. 9th April 2018
  7. 7. What usually leads to scrutiny from the ICO?
  8. 8. Avoiding Data Security Breaches • Operational safeguards – Governance and responsibility • Technical safeguards – IT security measures fit for purpose – Regular checks and audits – Deploying robust encryption • Policy and Procedure safeguards – Data Security Policy and Incident Response Plan – Have they been road tested? • Personnel safeguards – Training and Education • Legal safeguards – Auditing third party processors
  9. 9. Avoiding Complaints being made to the ICO • Transparency – Privacy Notices • Control – Giving individuals sufficient control of their data • Systems – Systems devised that assist with responding to requests • Policies and Procedures – Individual Rights Policy – responsive and efficient – Has it been road tested? • Personnel – Training and education – Can identify requests from individuals quickly
  10. 10. Final Thoughts • The ICO expects you to have effective accountability arrangements • Know your vulnerabilities/ high risk areas • Concentrate on what you can fix now: – Governance – Privacy notices – Internal policies – Training • Have a plan for the more complex/ time consuming areas – Third party processor contracts – Internal data audit/ data mapping – Data protection by design
  11. 11. Victoria Hordern Head of Data Privacy v.hordern@bwbllp.com 020 7551 7951
  12. 12. GETTING READY FOR GDPR SUSAN CORDINGLEY (DIRECTOR PLANNING & RESOURCES, NCVO) APRIL 2018 Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:
  13. 13. ASK AN EXPERT 13
  14. 14. ENGAGE THE TRUSTEES 14
  15. 15. ADOPT A RISK BASED APPROACH 15
  16. 16. “ Staff who can be relied on to exercise good judgement and use their common sense when required are more likely to achieve compliance with Data Protection than good policies alone” 16 PEOPLE NOT POLICIES
  17. 17. DOCUMENT WHAT YOU ARE DOING 17 This Photo by Unknown Author is licensed under CC BY-NC
  18. 18. DATA ASSET REGISTER • Data asset • Data controller • Data processor • Asset manager • Type of data collected • Purpose of data • Data retention policy • GDPR compliant 18
  19. 19. SOME OF OUR TRICKIER ISSUES Soft opt in Recognition – what is in scope? When does an organisation become an individual? Data sharing Don’t forget paper copies/ physical archives Keeping an eye on the big picture 19
  20. 20. PRACTICAL HELP AND SUPPORT ICO ico.org.uk/for-organisations/guide-to-the-general- data... NCVO KnowHowNonProfit website knowhownonprofit.org/organisation/operations/ dataprotection 20 DON’T PANIC – BUT DO ACT NOW!
  21. 21. GDPR – the final countdown Katie Bonas (Legal Counsel,Samaritans)
  22. 22. Prioritise & Focus Communicate, communicate, communicate!  ensure staff, volunteers and supporters know what we are using their personal data for and on what basis  ensure leadership team and Board are aware of progress and risk areas  set up FAQ pages for staff and volunteers  attend team meetings to check how confident teams are feeling about compliance Cascade training & embed accountability  compliance must be a team effort  channel queries through one contact per department /team to enable them to be dealt with efficiently
  23. 23. Prioritise & Focus Don’t wait for guidance  there are many principles under the GDPR that can be turned into action right away, without the need for detailed guidance  get your housekeeping in order Record, record, record  make sure all reviews, training sessions and organisational changes are noted to enable you to evidence the steps you have taken towards compliance
  24. 24. Prioritise & Focus Identify high risk areas  document what has been done so far in these areas, what has yet to be done, when it will be done and by whom  allocate additional resources or time to addressing these areas Reach out to your network  share ideas about how to tackle compliance  you are not alone!
  25. 25. GETTING READY FOR GDPR (WITH ONLY ONE MONTH TO GO) CHAIR SUSAN CORDINGLEY DIRECTOR OF PLANNING AND RESOURCES, NCVO SPEAKERS KATIE BONAS LEGAL COUNSEL, SAMARITANS VICTORIA HORDERN HEAD OF DATA PRIVACY, BATESWELLS BRAITHWAITE Dinner sponsors: Media partner: Headline sponsor: Lead sponsor: Digital partner:

×