SlideShare a Scribd company logo

12 steps to gdpr compliance unleashed

Download as PPTX, PDF
C
Chris Gilmour

Unleashed recommends the following 12 steps to enable you get GDPR compliant before the May 2018 deadline

Business
1 of 15
GDPR 12 steps to compliance web: www.weareunleashed.com Tel: 0333 240 0565 email:unleashyourit@weareunleashed.com
GDPR (General Data Protection Regulations) comes into effect from 25th May 2018. This is new legislation replacing the outdated Data Protection Act 1998. This means, it is imperative that planning starts as soon as possible. Businesses in the UK need to be properly prepared for these changes. You will need to study these new regulations with a view to operation needs and business risk. To enable you to become GDPR compliant, Unleashed would like you to consider our 12 steps to compliance. web: www.weareunleashed.com Tel: 0333 240 0565 email:unleashyourit@weareunleashed.com
1.EducationandAwareness Planning is going to be key to getting GDPR compliant. To enable you to get compliant, you will need to ensure key personnel are familiar with what GDPR means. And, how it effects your business. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
2.Accountability You will need to demonstrate that you are compliant with data protection principles. This means, where you hold and store all personal information. This information includes name, address, phone numbers and bank/credit card details. For GDPR purposes you will need to ensure you know where all personal data is held and who has access to it. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
3.LegalBasis Under GDPR, individuals now have a lot more rights and your business will need to accept these. And ensure you are lawfully processing information. As part of your planning process, you will need to include a legal basis before any personal data is processed. This is also called ‘conditions for processing’. This simplified means, you have to have the consent of the data subject to store their data. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
4.Consent Every business must have a data controller (DC) from May 2018. One of the roles of the DC is to demonstrate you have consent from the individual to store their data. If you don’t, you need to delete it or you could be in breach and fined. Your business must, maintain and retain an audit trail and the history of the data over its lifetime. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
5.PrivacybyDesign This is a new approach and it means that any new project that includes data must promote privacy and data protection compliance from conception. New Projects that could be effected are: • New IT systems that allow for storing or accessing data • Developing strategies that have privacy implications • Data file sharing or using data for new purposes. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
6.Individual’sRights If an individual requests you to remove their personal details, this must be done immediately. This will have huge implications for IT departments. They will need to document where all personal data is held. They will need to know who has access to it and restrict that access to staff who need to know. It also means, you will need to know where all personal data is stored. A data retention policy must now be clearly defined and followed by all users. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
7.PrivacyNotices All businesses will need to revise their Privacy Notices to meet the new demands of GDPR. You will now have to include notices that are clear and unambiguous about how you process all personal data and define retention periods. This means, if you don’t need to store personal data, you shouldn’t. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
8.SubjectAccessRequest This is commonly know as subject access. It comes into effect when an individual asks a company what information is held about them. Sometimes a admin fee is attached to this information as it is normally a written request. An individual is now entitled to: • Be told whether any personal information has been processed • Given a description of personal data held and the reason it is being processed and whether it has been passed to any other organisation • Given a copy of data held on them and where it came from. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
9.Children GDPR has tightened all aspects of storing data on children. This means, children now have special protection known as ‘consent to process children’s personal information’ Consent now has to be verified and must state, where this data has come from. All privacy notices, must be written in a way a child can understand. i.e. in plain understandable language, not legal speak! web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
10.DataBreachNotification This is the area that could potentially cost you money if you are not prepared. You should prepare a data breach notice in advance and know who to send it to in the event of a data breach. You now have 72 hours to report a breach (from the time you became aware of it). In this notice, you have to state, what information has been subjected to the breach, how it happened and steps you have taken to mitigate further breaches. The timescale of 72 hours (3 days) also includes bank holidays and weekends. So if a breach occurs on a Friday, you can’t wait till Monday to prepare the notification. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
11.DataController GDPR requires someone to take responsibility and ownership for ensuring your business has effective data protection compliance. The Data Controller is obligated to carry the following: • Data Processing Agreements • Controller instructions • Accountability • Data Security • Data Protection Officer • Sanctions • Cross Border Transfers web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
12.InternationalOperations This only comes into effect if you trade overseas. Basically, this means the ‘Lead Authority’ or your head office will be liable for any breach no matter where that breach occurred within the company. If you head office is Norway, and the breach was in the UK. Then Norway will liable not the UK. You will now need to be aware of where your data is processed and stored. So a good idea is to educate your users on all the relevant rules and regulations. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
AboutUnleashed Unleashed is a boutique IT consultancy. We offer consultancy services on a number of IT solutions. Our main objective is to work with our clients in tackling the problems that exist between IT and the rest of the business. We have been advising our customers and clients on Cyber and Information Security for many years. We have experience in ISO 27001 and Cyber Essentials. We are happy to talk to you about any concerns you have about GDPR or help you to put together is Risk Assessment Plan prior to implementation of GDPR. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com

Recommended

GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality
Susan Moran
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
Richard Hogg,Global GDPR Offerings Evangelist
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
Christiana Kozakou
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
Olivier BARROT
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 

Recommended

GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality
Susan Moran
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
Richard Hogg,Global GDPR Offerings Evangelist
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
Christiana Kozakou
 
General Data Protection Regulation
General Data Protection RegulationGeneral Data Protection Regulation
General Data Protection Regulation
BCC - Solutions for IBM Collaboration Software
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
Olivier BARROT
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Qualsys Ltd
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
Frederick Penaud
 
2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
Richard Hogg,Global GDPR Offerings Evangelist
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017
Amarach Research
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
Stephanie Vasey
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
Chris Bullock
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
Hans Demeyer
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
IT Governance Ltd
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
Cliff Ashcroft
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
Findwise
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
Google
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
►David Clarke FBCS CITP
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
isc2-hellenic
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
Maddie Malling-May
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 

More Related Content

What's hot

2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
Richard Hogg,Global GDPR Offerings Evangelist
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
Tomppa Järvinen
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
Tripwire
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
Lilian Edwards
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017
Amarach Research
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
Stephanie Vasey
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
Chris Bullock
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
Hans Demeyer
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
IT Governance Ltd
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
IBM Security
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
Cliff Ashcroft
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
Findwise
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
Google
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
►David Clarke FBCS CITP
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
Harrison Clark Rickerbys
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
isc2-hellenic
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
Ulf Mattsson
 

What's hot (20)

2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
 
An Essential Guide to EU GDPR
An Essential Guide to EU GDPRAn Essential Guide to EU GDPR
An Essential Guide to EU GDPR
 
The GDPR for Techies
The GDPR for TechiesThe GDPR for Techies
The GDPR for Techies
 
GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017GDPR and Irish SMEs May 2017
GDPR and Irish SMEs May 2017
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
GDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can HelpGDPR and NIS Compliance - How HyTrust Can Help
GDPR and NIS Compliance - How HyTrust Can Help
 
Are you preparing for GDPR?
Are you preparing for GDPR?Are you preparing for GDPR?
Are you preparing for GDPR?
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPR
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017EU General Data Protection Regulation - Update 2017
EU General Data Protection Regulation - Update 2017
 
Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?Findability Day 2016 - What is GDPR?
Findability Day 2016 - What is GDPR?
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
Get you and your business GDPR ready
Get you and your business GDPR readyGet you and your business GDPR ready
Get you and your business GDPR ready
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 

Similar to 12 steps to gdpr compliance unleashed

GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
Maddie Malling-May
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
Cathy Gilmartin
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
Dan Brookman
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
Giulio Coraggio
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
MissMarvel70
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
Exponential_e
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
Tech Data
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
Carsted Rosenberg Advokatfirma
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
Dave James
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
SilverTech
 
GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
Dean Bonehill ♠Technology for Business♠
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
Benjamin Dibble
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR Requirements
Rusty Stanberry
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
VISTA InfoSec
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
Datamatics Business Solutions Ltd.
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 

Similar to 12 steps to gdpr compliance unleashed (20)

GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
The GDPR - A data revolution
The GDPR - A data revolutionThe GDPR - A data revolution
The GDPR - A data revolution
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
 
Keep Calm and GDPR
Keep Calm and GDPRKeep Calm and GDPR
Keep Calm and GDPR
 
12th July GDPR event slides
12th July GDPR event slides12th July GDPR event slides
12th July GDPR event slides
 
Microsoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR GlossaryMicrosoft and Tech Data’s Ultimate GPDR Glossary
Microsoft and Tech Data’s Ultimate GPDR Glossary
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
Convince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR complianceConvince your board - Ten steps to GDPR compliance
Convince your board - Ten steps to GDPR compliance
 
EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance EU GDPR - 12 Steps To Compliance
EU GDPR - 12 Steps To Compliance
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
 
Top 10 GDPR Requirements
Top 10 GDPR RequirementsTop 10 GDPR Requirements
Top 10 GDPR Requirements
 
Why is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with linksWhy is gdpr essential for small businesses with links
Why is gdpr essential for small businesses with links
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 

Recently uploaded

Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
Any kyc Account
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
Kirill Klimov
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
JeremyPeirce1
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
NZSG
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
hartfordclub1
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
LuanWise
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
➒➌➎➏➑➐➋➑➐➐Dpboss Matka Guessing Satta Matka Kalyan Chart Indian Matka
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
Chandresh Chudasama
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
bosssp10
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
46adnanshahzad
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
CA Dr. Prithvi Ranjan Parhi
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
taqyea
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
sssourabhsharma
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Neil Horowitz
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
ecamare2
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
Adnet Communications
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
CLIVE MINCHIN
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
Norma Mushkat Gaffin
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
techboxsqauremedia
 

Recently uploaded (20)

Easily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYCEasily Verify Compliance and Security with Binance KYC
Easily Verify Compliance and Security with Binance KYC
 
Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024Organizational Change Leadership Agile Tour Geneve 2024
Organizational Change Leadership Agile Tour Geneve 2024
 
Top mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptxTop mailing list providers in the USA.pptx
Top mailing list providers in the USA.pptx
 
-- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month ---- June 2024 is National Volunteer Month --
-- June 2024 is National Volunteer Month --
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf2024-6-01-IMPACTSilver-Corp-Presentation.pdf
2024-6-01-IMPACTSilver-Corp-Presentation.pdf
 
Building Your Employer Brand with Social Media
Building Your Employer Brand with Social MediaBuilding Your Employer Brand with Social Media
Building Your Employer Brand with Social Media
 
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel ChartSatta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
Satta Matka Dpboss Matka Guessing Kalyan Chart Indian Matka Kalyan panel Chart
 
Structural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for BuildingsStructural Design Process: Step-by-Step Guide for Buildings
Structural Design Process: Step-by-Step Guide for Buildings
 
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
Call 8867766396 Satta Matka Dpboss Matka Guessing Satta batta Matka 420 Satta...
 
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdfHOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
HOW TO START UP A COMPANY A STEP-BY-STEP GUIDE.pdf
 
Income Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IACIncome Tax exemption for Start up : Section 80 IAC
Income Tax exemption for Start up : Section 80 IAC
 
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
一比一原版新西兰奥塔哥大学毕业证(otago毕业证)如何办理
 
Digital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on SustainabilityDigital Marketing with a Focus on Sustainability
Digital Marketing with a Focus on Sustainability
 
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
Brian Fitzsimmons on the Business Strategy and Content Flywheel of Barstool S...
 
Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431Observation Lab PowerPoint Assignment for TEM 431
Observation Lab PowerPoint Assignment for TEM 431
 
Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024Lundin Gold Corporate Presentation - June 2024
Lundin Gold Corporate Presentation - June 2024
 
Best practices for project execution and delivery
Best practices for project execution and deliveryBest practices for project execution and delivery
Best practices for project execution and delivery
 
Mastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnapMastering B2B Payments Webinar from BlueSnap
Mastering B2B Payments Webinar from BlueSnap
 
Creative Web Design Company in Singapore
Creative Web Design Company in SingaporeCreative Web Design Company in Singapore
Creative Web Design Company in Singapore
 

12 steps to gdpr compliance unleashed

  • 1. GDPR 12 steps to compliance web: www.weareunleashed.com Tel: 0333 240 0565 email:unleashyourit@weareunleashed.com
  • 2. GDPR (General Data Protection Regulations) comes into effect from 25th May 2018. This is new legislation replacing the outdated Data Protection Act 1998. This means, it is imperative that planning starts as soon as possible. Businesses in the UK need to be properly prepared for these changes. You will need to study these new regulations with a view to operation needs and business risk. To enable you to become GDPR compliant, Unleashed would like you to consider our 12 steps to compliance. web: www.weareunleashed.com Tel: 0333 240 0565 email:unleashyourit@weareunleashed.com
  • 3. 1.EducationandAwareness Planning is going to be key to getting GDPR compliant. To enable you to get compliant, you will need to ensure key personnel are familiar with what GDPR means. And, how it effects your business. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 4. 2.Accountability You will need to demonstrate that you are compliant with data protection principles. This means, where you hold and store all personal information. This information includes name, address, phone numbers and bank/credit card details. For GDPR purposes you will need to ensure you know where all personal data is held and who has access to it. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 5. 3.LegalBasis Under GDPR, individuals now have a lot more rights and your business will need to accept these. And ensure you are lawfully processing information. As part of your planning process, you will need to include a legal basis before any personal data is processed. This is also called ‘conditions for processing’. This simplified means, you have to have the consent of the data subject to store their data. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 6. 4.Consent Every business must have a data controller (DC) from May 2018. One of the roles of the DC is to demonstrate you have consent from the individual to store their data. If you don’t, you need to delete it or you could be in breach and fined. Your business must, maintain and retain an audit trail and the history of the data over its lifetime. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 7. 5.PrivacybyDesign This is a new approach and it means that any new project that includes data must promote privacy and data protection compliance from conception. New Projects that could be effected are: • New IT systems that allow for storing or accessing data • Developing strategies that have privacy implications • Data file sharing or using data for new purposes. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 8. 6.Individual’sRights If an individual requests you to remove their personal details, this must be done immediately. This will have huge implications for IT departments. They will need to document where all personal data is held. They will need to know who has access to it and restrict that access to staff who need to know. It also means, you will need to know where all personal data is stored. A data retention policy must now be clearly defined and followed by all users. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 9. 7.PrivacyNotices All businesses will need to revise their Privacy Notices to meet the new demands of GDPR. You will now have to include notices that are clear and unambiguous about how you process all personal data and define retention periods. This means, if you don’t need to store personal data, you shouldn’t. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 10. 8.SubjectAccessRequest This is commonly know as subject access. It comes into effect when an individual asks a company what information is held about them. Sometimes a admin fee is attached to this information as it is normally a written request. An individual is now entitled to: • Be told whether any personal information has been processed • Given a description of personal data held and the reason it is being processed and whether it has been passed to any other organisation • Given a copy of data held on them and where it came from. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 11. 9.Children GDPR has tightened all aspects of storing data on children. This means, children now have special protection known as ‘consent to process children’s personal information’ Consent now has to be verified and must state, where this data has come from. All privacy notices, must be written in a way a child can understand. i.e. in plain understandable language, not legal speak! web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 12. 10.DataBreachNotification This is the area that could potentially cost you money if you are not prepared. You should prepare a data breach notice in advance and know who to send it to in the event of a data breach. You now have 72 hours to report a breach (from the time you became aware of it). In this notice, you have to state, what information has been subjected to the breach, how it happened and steps you have taken to mitigate further breaches. The timescale of 72 hours (3 days) also includes bank holidays and weekends. So if a breach occurs on a Friday, you can’t wait till Monday to prepare the notification. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 13. 11.DataController GDPR requires someone to take responsibility and ownership for ensuring your business has effective data protection compliance. The Data Controller is obligated to carry the following: • Data Processing Agreements • Controller instructions • Accountability • Data Security • Data Protection Officer • Sanctions • Cross Border Transfers web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 14. 12.InternationalOperations This only comes into effect if you trade overseas. Basically, this means the ‘Lead Authority’ or your head office will be liable for any breach no matter where that breach occurred within the company. If you head office is Norway, and the breach was in the UK. Then Norway will liable not the UK. You will now need to be aware of where your data is processed and stored. So a good idea is to educate your users on all the relevant rules and regulations. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com
  • 15. AboutUnleashed Unleashed is a boutique IT consultancy. We offer consultancy services on a number of IT solutions. Our main objective is to work with our clients in tackling the problems that exist between IT and the rest of the business. We have been advising our customers and clients on Cyber and Information Security for many years. We have experience in ISO 27001 and Cyber Essentials. We are happy to talk to you about any concerns you have about GDPR or help you to put together is Risk Assessment Plan prior to implementation of GDPR. web: www.weareunleashed.com Tel: 0333 240 0565 email: unleashyourit@weareunleashed.com