Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

A Brief Overview on GDPR


Published on

This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.

I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.

General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.

Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.

Important Definitions and Notes from the presentation:

The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).

Published in: Business
  • Be the first to comment

A Brief Overview on GDPR

  1. 1. GDPR
  2. 2. Note: This presentation is not a legal advice for your company to use in complying with EU data privacy laws like the GDPR.
  3. 3. GDPR stands for General Data Protection Regulation.
  4. 4. Around May 25, 2018
  5. 5. Key Terms 1. Data 2. Data subject 3. Data Controllers 4. Data Processors
  6. 6. Understanding GDPR and the Key Changes
  7. 7. Fines can add up to 4% of annual global turnover or 20 Million Euros €’000 → €’000,000 Previously fines were limited based on the size and the scope of the impact. GDPR fines will apply to both controllers and processors. Key Changes of the GDPR
  8. 8. GDPR will cover more Territory EU → World GDPR will apply to all companies processing the personal data of data subjects residing in the EU, regardless of the company’s location. Key Changes of the GDPR
  9. 9. Explicit and retractable consent Must be provided in an intelligible and easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it. Key Changes of the GDPR
  10. 10. Right to access and portability Data subjects can request confirmation as to whether or not personal data concerning them is being processed, where and for what purpose. Further, the controller shall provide a copy of the personal data, free of charge, in an electronic format. Key Changes of the GDPR
  11. 11. Breach notification within 72 hours Now mandatory that breaches, which are likely to “result in a risk for the rights and freedoms of individuals”, are reported within 72 hours of first having become aware of the breach. Key Changes of the GDPR 72
  12. 12. Design privacy embedded systems Now a legal requirement for the inclusion of data protection from the onset of the designing of systems, rather than a retrospective addition. Key Changes of the GDPR
  13. 13. Right to be forgotten Entitles the data subject to have the data controller erase his/ her personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data. Key Changes of the GDPR Your name Last name Age
  14. 14. Mandatory Data Protection Officers A Data protection officer is mandatory for certain types of organizations. Key Changes of the GDPR
  15. 15. All the different areas of your Organization that will be affected by GDPR ● Legal and Compliance, ● Technology and ● Data
  16. 16. Legal & Compliance ● Many organizations will require to appoint a Data Protection Officer (DPO). (refer article 37-39) ● There are estimates that there will be 28,000 new DPO’s in Europe alone. ● More emphasis is given on how organizations review their privacy policy so that it is easier for visitors to understand
  17. 17. How the Legal & Compliance areas are affected ● With a fine as high as 4% of the overall income - there is a lot more enforcement that will take place ● There will be more accountability requirements for organizations to prove that they are GDPR compliant with regulators ● An increased demand for data officers will make it a challenge to find qualified and competent professionals due to their short supply ● Organizations will have to provide more clarity and education transparently to customers
  18. 18. From the Technology perspective ● When a security breach occurs, organizations will have 72 hours to report it to regulators ● Individuals have the option to “opt-out” of being tracked and from having their information being shared with third-party organizations and websites ● Even if organizations have encryption, they will still have to focus heavily on how their data infrastructure is set up. This ultimately means that they can’t be careless regardless of having encryption on their end ● There is more emphasis on “Privacy by Design” based on how new technologies are deployed.
  19. 19. Data Storage Best Practices ● Organizations will have to demonstrate how they store their data, what information is stored and how it is shared ● Data portability allows customers to request a copy of their data based on a standardized format ● Customers have the right to be forgotten and can have their information and data on them to be deleted ● There is more emphasis on the classification of data based on the information being pseudo-anonymous
  20. 20. How to make sure that Your Organization is compliant with GDPR ● Notify the key people in your organization about GDPR and the compliance rules and regulations around it ● Assess your organization based on the above key points to verify what needs to be done in order to make it GDPR compliant ● Put together the inventory of all the data collected, stored and with whom that data is shared as well as how it is governed ● Implement GDPR by taking the approach on how data privacy is governed and what are the associated roles and responsibilities
  21. 21. How to make sure that Your Organization is compliant with GDPR (continued) ● Determine how compliance will be demonstrated, how your organization will capture the consent of customers and how to make your privacy policy more transparent in order to educate and inform customers ● Implement and deploy technology in order to comply with Privacy by Design ● Make sure that your Organization has the right data governance policies in place in order to respond effectively to the individual’s rights based on GDPR ● Updating contracts with 3rd party tools that process customer data ● Cookie notification popup ● Keep a record of all European opt-ins ● Updating privacy policy and terms of services
  22. 22. F.A.Q
  23. 23. Do we need Double opt-in?
  24. 24. Was I suppose to send a re-optin before May 25th?
  25. 25. People Celebrating After GDPR
  26. 26. Thank you
  27. 27. Some Resources 1. Suzanne Dibble’s Facebook group - 2. GDPR Website 3. For Organizations general-data-protection-regulation-gdpr/ 4. DELOITTE and GDPR / 5. Hubspot and GDPR / 6. Privacy Policy with GDPR by Termsfeed /
  28. 28. Neha Patel Email: