Dai Davies - GDPR Presentation
•
0 likes•193 views
Dai Davis from Percy Crow Davis and Co presents more information about GDPR for Travel Marketers
![2
GDPR Topics
• Privacy by design and by default
• Rights to obtain data and have it rectified
• Rights to object to data profiling and
direct marketing
• Right to be forgotten
• Right to data portability
• Breach notification
• Revised principles, e.g. security
GDPR Enforcement
• Extraterritorial reach
– Amazon, Google, Facebook
• Some fines higher of 2% of annual
turnover or €10,000,000, e.g. consent to
processing of child data
• Maximum fine of higher of 4% of annual
turnover or €20,000,000 e.g. breach of
data principles, consent
• €500,000,000 turnover
The ICO as a driver for compliance
• 2016 statistics
• 18,300 complaints
• Some 1,950 self-reports or breaches
• 16 fines totalling £1,624,500
• Largest £400,000
• Enforcement < 0.9%
• Compare
• 23 for unsolicited automated marketing
• Totalling £1,923,000
GDPR Comments
• “Predictions of massive fines under the GDPR
that simply scale up penalties … issued under
the Data Protection Act are nonsense”
• “The GDPR gives [the ICO] a suite of
sanctions to help organisations comply -
warnings, reprimands, corrective orders.
While these will not hit organisations in the
pocket - their reputations will suffer a
significant blow”
Prepare now
• Data Mapping – where is the data: from where, how
processed, to whom given
• Privacy by Design, Pseudonymisation and Data
Minimisation
– “Storage limitation” under GDPR Art 5.1(e), 25.2
• Processing Justifications Art 7, 8, 6.1(f), 13.1(d)
• Contract Review (Index): List of contracts under which
data is processed; strengthen contracts
• Lobby board now!
• DPO where core activities involve “large scale processing
• Staff retention
New Data Protection Legislation
Friday 8th December 2017
Dai Davis
Solicitor and Chartered Engineer
Partner, Percy Crow Davis & Co
Tel: 07785 771 721
E-mail: mail@daidavis.com](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
Recommended
Recommended
More Related Content
What's hot
What's hot (19)
Similar to Dai Davies - GDPR Presentation
Similar to Dai Davies - GDPR Presentation (20)
More from Sagittarius
More from Sagittarius (20)
Recently uploaded
Recently uploaded (20)
Dai Davies - GDPR Presentation
- 1. 1 New Data Protection Legislation Friday 8th December 2017 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co Tel: 07785 771 721 E-mail: mail@daidavis.com New Data Protection Legislation • Why do we have data protection laws • Data Protection now • Overview of new legislation • Relative importance of GDPR obligations • Preparing for GDPR Background to Data Protection • Where does the legislation come from • Data Protection Act 1984 • Data Protection Directive 1996 • Data Protection Act 1998 • General Data Protection Regulation (GDPR) • Enacted: 27th April 2016 • In force: 25th May 2016 • Compliance: 25th May 2018 Structure of the existing legislation • Processing of Personal data • Registration: from where: how processed: to whom given • Data protection principles • Act in accordance with registration and principles • Individuals’ rights - self policing New Data Protection Legislation • Current state of compliance • Companies who currently comply • 100x more obligations • Future state of compliance • Companies who will comply • Old legislation – comply with principles • New legislation – comply with legislation – Contradictory Structure of the new legislation • Transparency by informing individuals –What data is collected –Individuals rights • Individuals enforce rights • More enforcement by ICO? –Current regime of reporting –Future regime of reporting • Enforcement by corporate litigation
- 2. 2 GDPR Topics • Privacy by design and by default • Rights to obtain data and have it rectified • Rights to object to data profiling and direct marketing • Right to be forgotten • Right to data portability • Breach notification • Revised principles, e.g. security GDPR Enforcement • Extraterritorial reach – Amazon, Google, Facebook • Some fines higher of 2% of annual turnover or €10,000,000, e.g. consent to processing of child data • Maximum fine of higher of 4% of annual turnover or €20,000,000 e.g. breach of data principles, consent • €500,000,000 turnover The ICO as a driver for compliance • 2016 statistics • 18,300 complaints • Some 1,950 self-reports or breaches • 16 fines totalling £1,624,500 • Largest £400,000 • Enforcement < 0.9% • Compare • 23 for unsolicited automated marketing • Totalling £1,923,000 GDPR Comments • “Predictions of massive fines under the GDPR that simply scale up penalties … issued under the Data Protection Act are nonsense” • “The GDPR gives [the ICO] a suite of sanctions to help organisations comply - warnings, reprimands, corrective orders. While these will not hit organisations in the pocket - their reputations will suffer a significant blow” Prepare now • Data Mapping – where is the data: from where, how processed, to whom given • Privacy by Design, Pseudonymisation and Data Minimisation – “Storage limitation” under GDPR Art 5.1(e), 25.2 • Processing Justifications Art 7, 8, 6.1(f), 13.1(d) • Contract Review (Index): List of contracts under which data is processed; strengthen contracts • Lobby board now! • DPO where core activities involve “large scale processing • Staff retention New Data Protection Legislation Friday 8th December 2017 Dai Davis Solicitor and Chartered Engineer Partner, Percy Crow Davis & Co Tel: 07785 771 721 E-mail: mail@daidavis.com