Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Impact of GDPR on Data Collection and Processing

This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.

  • Be the first to comment

Impact of GDPR on Data Collection and Processing

  1. 1. Impact of GDPR on Data Collection and Processing
  2. 2. What is GDPR? The General Data Protection Regulation (commonly referred to as GDPR), is a new European data privacy regulation whose enactment will start on May 25th, 2018.
  3. 3. Where will it be implemented? This regulation will be applicable for all local privacy laws in the EU and EEA region and affect all businesses which are either selling or storing personal data about EU and EEA nationals.
  4. 4. Who will GDPR affect? Controllers – Government regulators and businesses who determine how data is processed and the underlying reason. Processors – Businesses that undertake the technical aspect of data processing on behalf of the controller.
  5. 5. 10 key aspects of the regulation Consent to process data Data choices Special data Data movability Data deletion Data accessibility Restricting data processing Objection to data processing Automating data processing International data processing
  6. 6. Consent to process data Your business must get a confirmation from the user when collecting data and you need to clearly explain what type of data is getting collected along with the reason.
  7. 7. Data choices It is critical to find our exactly what type of data you would need. Time to cut the fluff.
  8. 8. Special data Note that certain types of data are considered as ‘special’ under the GDPR. These data include lifestyle choice type information such as religion, trade union membership, political beliefs, and several others.
  9. 9. Data movability The data that you collect about you customer should be under the complete control of the customer. In fact, the data should be easily accessible and they can share the same with your competitors if they deem fit.
  10. 10. Data deletion – right to be forgotten This part of the GDPR gives the data subject the right to request that any data you hold on them is ‘erased’ without delay.
  11. 11. Data accessibility You need to allow the user to access their data and also to let them know the types of processing being carried out and the type of category the data falls into.
  12. 12. Restricting data processing This particular section allows users to legally challenge the company in case they feel the data is not getting processed in correct manner.
  13. 13. Objection to data processing This provision allows users to object to their data being processed. However, this is only under special circumstances, such as when the data is being used for direct marketing.
  14. 14. Automated data processing You can only perform automated processing where there is either explicit consent obtained, or it is needed to carry out a contract, or where it is permitted under the law of an EU state.
  15. 15. International data transfer There are provisions in the GDPR to allow for data transfers to non-EU countries or international organizations as long as there are recognized ‘adequate’ frameworks for sensitive data protection.
  16. 16. How to adhere to GDPR Since it is a general truth that majority of the companies don’t actually put the collected data to use (lack of technology and know-how), it makes sense to trim down data collection.
  17. 17. Two-step approach Finalizing essential data points. 1 Scouring through old data to trim it down to critical data points 2
  18. 18. Key approach for compliance? Know Your Customer. If you know your customers, it’d be easier for you to inform them on how and why you’re collecting their data. This will drastically help you get consent from them as well.
  19. 19. A pioneer is custom and large-scale web data extraction. |