Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Everything you need to know about the GDPR

710 views

Published on

The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.

Published in: Marketing
  • Be the first to comment

  • Be the first to like this

Everything you need to know about the GDPR

  1. 1. Everything you need to know about the GDPR The new EU data protection law
  2. 2. By the end of this presentation, you’ll understand: • What the GDPR is • How you can prepare • Good data protection practices
  3. 3. Let’s get personal • Question: What do you think happens to your personal data when you open a bank account, join a social network, book a flight or sign up to a newsletter?
  4. 4. Let’s get personal • Should an organisation keep your information forever?
  5. 5. Let’s get personal • Could your personal information fall into the wrong hands?
  6. 6. The GDPR is an EU privacy law that regulates the treatment and use of personal data belonging to EU citizens
  7. 7. Ok. Why a new law? What’s changed?
  8. 8. • “Rapid technological developments and globalisation have brought new challenges for the protection of personal data. The scale of the collection and sharing of personal data has increased significantly.” • DIRECTIVE (EU) 2016/680 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016
  9. 9. HMRC, 2007 • In 2007, two password-protected CDs containing the records of 25 million child benefit claimant in the UK (including every child in the country) went missing in the post. • The incident underlined how valuable data was being handled by poorly trained employees.
  10. 10. UK government, 2012 • Civil servants in two government departments were reprimanded for looking through medical records, National Insurance numbers, even criminal records over a 13-month period. • This added up to 150 breaches of data security in the Department for Work and Pensions and Department of Health.
  11. 11. Tesco Bank, 2016 • Tesco Bank had to freeze its online operations after an estimated 20,000 customers had money stolen from their accounts. • In total, 40,000 accounts had been compromised – and half of those had money stolen from them.
  12. 12. Uber, 2016 • Hackers stole personal data of 57m Uber customers and drivers in 2016. • The firm paid $100,000 to delete data and keep quiet about the massive global breach. • Under California state law, companies are required to notify state residents of any breach of unencrypted personal information.
  13. 13. In 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU
  14. 14. A new Regulation and Directive entered into force May 2016, but it shall apply and become national law by May 2018
  15. 15. Why we need to take the GDPR seriously • There are fines. BIG FINES.
  16. 16. Why we need to take the GDPR seriously • Under the GDPR, supervisory authorities will be able to impose fines of: • €20 million or 4% of annual global turnover for breaches of, for example, the principles of processing and data subjects' rights • €10 million or 2% of annual global turnover for breaches of obligations including maintaining written records, implementing technical and organisational measures and in relation to the appointment of Data Protection Officers.
  17. 17. Why we need to take the GDPR seriously • Data processors (companies that collect data) are just as liable as data owners (companies that require the data). • If one person gets in trouble, everyone gets in trouble
  18. 18. It’s not just big businesses at risk, either • It’s any organisation or individual that : • collects or processes data
  19. 19. It’s not just big businesses at risk, either • It’s any organisation or individual that : • Is susceptible to a data breach (could you get hacked? Could someone steal data? Do we know where our data is?)
  20. 20. It’s not just big businesses at risk, either • It’s any organisation or individual that : • Fails to be compliant (do we let our e-mail subscribers how we intend to use their data?)
  21. 21. In other words, it affects us.
  22. 22. How can you prepare? • Produce, display and maintain a data protection policy on your website.
  23. 23. How can you prepare? • Let users give explicit consent for their data to be collected
  24. 24. How can you prepare? • Clean your current data so you only have the data you need. Old data is a no-no.
  25. 25. How can you prepare? • Stick to a reputable and compliant Data Processor, such as Mailchimp (However, if Mailchimp was to have a data breach, you could be liable for using them)
  26. 26. How can you prepare? • Implement a procedure to keep appropriate records of your data processing activities. How do you store and protect data? And who owns this document? It should be password protected to avoid any potential breaches.
  27. 27. • The GDPR will automatically become law in the UK if we’re still in the EU on 25 May 2018 (which is likely). Finally, will Brexit impact the GDPR?
  28. 28. • However, when the UK does officially leave the EU, the GDPR will no longer be directly applicable into UK law. • The UK government has proposed a new Data Protection Bill (which is currently going through the parliamentary process) to incorporate the provisions of the GDPR into domestic legislation, so as to align the data protection laws in the UK with the EU following Brexit. Finally, will Brexit impact the GDPR?
  29. 29. • Information Commissioner’s Office online - ico.org.uk • Seven ways a small business can prepare for the GDPR - www.hellosoutherly.com/prepare-for-gdpr For more GDPR guidance, visit:
  30. 30. We tell stories that engage your audience. We use words, conversations, video and pictures to tell your story. We work online, face to face and in print to create compelling content. But really, the medium by which we tell your story doesn’t matter, it’s how we tell it that makes the difference. So how can we help tell your story? 020 3397 4971 - info@hellosoutherly.com - www.hellosoutherly.com

×