Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

GDPR Tech briefing and overview

213 views

Published on

At the end of May 2018 new EU legislation comes to to effect that affects all the data you have that enables an individual to be identified. This is called the General Data Protection Regulations (GDPR) and replaces the UK's Data Protection Act.

Brexit has no impact and it applies to all businesses

Published in: Business
  • Be the first to comment

GDPR Tech briefing and overview

  1. 1. Get ready for GDPR 2018 1Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data The world’s most valuable resource
  2. 2. Get ready for GDPR 2018 2Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > GDPR Don’t get caught out
  3. 3. Get ready for GDPR 2018 3Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Cyber Crime - UK Govt. figures ● 2.9m (46%) UK businesses suffered from a Cyber Attack or Breach in 2016 ○ 66% between 50 - 249 employees ○ 68% - more than 249 employees ● Total cost to the economy - £29.1Bn ○ Average Cost per SME - £1,570 ○ Average Cost for larger companies - £19,600
  4. 4. Get ready for GDPR 2018 4Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Cyber Crime - UK Govt. figures 1. Phishing - 1,299,178 businesses 2. Virus attacks - 1,288,547 businesses 3. Hacking - 1,022,781 businesses 4. Ransomware - 388,858 businesses
  5. 5. Get ready for GDPR 2018 5Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Why replace the Data Protection Act? ○ Online Banking ○ Comparison websites ○ Online Accounting Packages ○ Cloud Storage ○ Cloud Processing ○ Social Media ○ Recruitment Portals ○ CMS’ Huge increase in the volume of data & the way it’s used
  6. 6. Get ready for GDPR 2018 6Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Why replace the Data Protection Act? ● Big changes in the way we use data ● Lots of different ways to access data
  7. 7. Get ready for GDPR 2018 7Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > What is Data? Personal Data - Anything that can uniquely identify an individual ● An “online identifier” - IP Address for example ● HR Records ● Customer Lists ● Contact Details ● Supplier Lists ● CCTV files Special Categories ● Genetic Data ● Biometric Data (fingerprint, Iris scanners)
  8. 8. Get ready for GDPR 2018 8Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > ● Ethnic origin ● Political opinions ● Religious beliefs ● Health data ● Criminal Convictions ● Offenses What is Data - ‘Special categories’ of data
  9. 9. Get ready for GDPR 2018 9Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data What have you got & what are you gathering?
  10. 10. Get ready for GDPR 2018 10Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - What Do You Already Have?
  11. 11. Get ready for GDPR 2018 11Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > ● Employee Records ● Customer Records ● Supplier Records ● Bid/Tender Records ● Contact Lists ● Marketing Lists ○ Email ○ Phone numbers ○ Mailshot ● HMRC Records ● Expired Customer Records ● Expired Supplier Records ● Recruitment Notes ● Newsletter Subscriptions ● etc………………….. Data Audit - What Do You Already Have?
  12. 12. Get ready for GDPR 2018 12Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - Where do you obtain new data?
  13. 13. Get ready for GDPR 2018 13Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit Where do you keep it?
  14. 14. Get ready for GDPR 2018 14Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - where do you store it?
  15. 15. Get ready for GDPR 2018 15Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - How/where do you store it? Amazon Web Services Box DropBox Google Drive Mega One Drive pCloud Vimeo YouTube current IT systems; portable media devices; mobile phones; mobile data storage ie USBs and external hard drives; network folders; spreadsheets (and other such static documentation); emails and archived inboxes; other external communications; social media postings; microfiche; back-up tapes; secure drop boxes; web sites;
  16. 16. Get ready for GDPR 2018 16Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - How/where do you store it? Know WHERE your data is stored Take adequate measures to protect personal data from loss, alteration or unauthorised processing Enter into a Data Processing Agreement with your Cloud Provider Ensure your Cloud Provider is GDPR complaint Ensure you can audit their Data Processing Ensure data is erased should you change Cloud supplier and when people leave your platform
  17. 17. Get ready for GDPR 2018 17Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - How long do you store it? For as long as it is required and relevant Destruction should occur as soon as possible after this time a. Paper Records - securely shredded b. Digital data - deleted, not just abandoned c. Cloud Data - erased and NO LONGER
  18. 18. Get ready for GDPR 2018 18Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit What do you do with it?
  19. 19. Get ready for GDPR 2018 19Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - What do you do with it? Using it in any way is called Data Processing and includes ○ Payroll Processing ○ HR ○ Sales Processing ○ Order Processing ○ Contact lists ○ Marketing Lists ○ Christmas Card Lists ○ Banking Records ○ Insurance Details and Records ○ Data Mining ○ Loyalty Card Processing ○ CCTV Recording ○ etc………….
  20. 20. Get ready for GDPR 2018 20Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - How is it accessed?
  21. 21. Get ready for GDPR 2018 21Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - Who can access it?
  22. 22. Get ready for GDPR 2018 22Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - Who can access it? Ensure people can ONLY access files relevant to their requirements
  23. 23. Get ready for GDPR 2018 23Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Control Audit - Who oversees your Data Policy and use ■ If the processing is carried out by a ‘public authority’. ■ If the ‘core activities’ require regular and systematic monitoring of data subjects on a ‘large scale’. (e.g. Banks, insurance Companies) ■ If ‘core activities’ involve ‘large scale’ processing of ‘Special Categories’ of personal data and/or relate to criminal convictions and offences. You need a Data Protection Officer
  24. 24. Get ready for GDPR 2018 24Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > ● Data Controller Control Audit - Who oversees your Data Policy and use Who processes (uses) your data? ● Data Processors ○ Internal and third party ○ If 3rd party, written contract REQUIRED Who Manages your data?
  25. 25. Get ready for GDPR 2018 25Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Record Keeping • Name and details of your organisation (and where applicable, of other controllers, your representative and data protection officer). • Purposes of the processing. • Description of the categories of individuals and categories of personal data. • Categories of recipients of personal data. • Details of transfers to third countries including documentation of the transfer mechanism safeguards in place. • Retention schedules. • Description of technical and organisational security measures. You may be required to make these records available to the relevant supervisory authority for purposes of an investigation.
  26. 26. Get ready for GDPR 2018 26Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Record Keeping All businesses must provide comprehensive, clear and transparent privacy policies If you have more than 250 employees you also need to record activities related to “higher risk processing” such as • Processing Personal Data that could result in a risk to the rights and freedoms of an individual • Processing of “Special Categories” of data or criminal convictions and offenses
  27. 27. Get ready for GDPR 2018 27Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > In the event of a breach or loss of data In the event of a loss of data - 2. Where there's a high risk to the rights and freedoms of individuals you must notify those concerned, directly 1. You must notify your Data Protection Officer
  28. 28. Get ready for GDPR 2018 28Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > 1. Your Data Protection Officer may also need to notify the Information Commissioner's Office - a. Name and Contact details of DPO or other contact point b. Description of likely consequences of the breach c. Description of measures taken (or proposed) to deal with the personal data breach, steps taken to mitigate any possible adverse effects and measures to ensure that it isn’t repeated In the event of a breach or loss of data
  29. 29. Get ready for GDPR 2018 29Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > In the event of a breach or loss of data When should notification take place? ● Affected Individuals - without undue delay ● Relevant Supervisory Authority - Within 72 hours of the organisation becoming aware of the breach Failure to notify Fine up to 10m EU or 2% of global T/O
  30. 30. Get ready for GDPR 2018 30Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - if it goes wrong
  31. 31. Get ready for GDPR 2018 31Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - if it goes wrong
  32. 32. Get ready for GDPR 2018 32Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Audit - if it goes wrong
  33. 33. Get ready for GDPR 2018 33Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > Data Subject Request How do you respond to Data Subject Requests? Requests must be fulfilled without delay and within 1 month at the latest. ● If complex or numerous, you can extend by 3 months but must inform the individual within the 1st month as to the reason for the delay · There is no longer a “Subject Access Fee” that you can charge - unless ● a request is manifestly unfounded or excessive or repetitive, you can charge ● there is a request for multiple copies of the same information Fees MUST be based on the administrative cost of providing the information
  34. 34. Get ready for GDPR 2018 34Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions > GDPR Audit Summary ● What have you already got? ● How did you get it? ● Who collects new data, how is it acquired? ● Why do you have it? ● Do you have consent to use it? ● How can it be accessed? ● Who can access it? ● How do you store it? ● How are you using it? ● How long do you need to keep it? ● How do you destroy it? ● How do you respond to “Data Subject Requests”?

×