2. WHAT IS GDPR?
• A new set of rules and processes that strengthens the protection of
personal data in the digital era;
• Regulation: One continent – one Law;
• Apply to individuals rights to personal data and not B2B.
• Coming into action on 25 May 2018.
• Key enabler of Digital Single Market;
4. GDPR..
• Expand its Territorial Reach;
• Captures a lot of data by broadening the personal data definitions;
• Brings Changes to consent nature & mechanisms;
• Swift control back to Data Subjects;
• Introduces Right to Data Portability;
• Places Restrictions on Profiling;
Consent must
be
Freely given,
specific,
informed and
unambiguous
indication,
Easy to
withdraw.
Data include
Online identifiers,
Device identifiers
Cookies IDs, IP
addresses,
Pseudonymized
& anonymous
data
reidentification,
genetic ,
biometric data,
Data
subjects’ Right to
be informed;
erasure;
restriction;
access;
object;
5. GDPR..
• Increases the scope for processors;
• Introduces Privacy by design and by default;
• Talks about Data Protection Privacy Assessment (DPIA);
• Encourages Co- operation/ Consultation with DPAs;
• Imposes Security Obligations & Data breaches notifications;
• Makes provisions about Data Protection Officers;
• Introduces the leading DPA for International Organizations;
• Accountability: Imposes Record keeping obligations and
demonstration of compliance.
6. FINES IS THE KING!
• Up to 20m or
• 4% of worldwide turnover €
Whichever is BIGGER!!
• Multinational organizations are treated as a single entity!!
8. Review…
• The way privacy information is communicated;
• Contracts and services with data processors;
• Existing data bases;
• Processes and mechanisms for obtaining consent;
• Marketing Policies;
• Process to handle data subjects requests;
• Security measures.
10. You have to…
• Create Awareness & Right Team;
• Assess how GDPR is prioritized in the operational excellence,
growth, digital, data and cyber security transformation objectives.
• Map & Review data processing activities (what, how, when, where,
why) & Security Policies & Key Partners;
• Make a gap analysis;
• Choose your right roadmap plan to GDPR;
• Implement;
• Audit.
11. “At its core, data protection is about simple
things: respect, trust, integrity, and
professionalism”.
THANK YOU!
PENNY KONTOGEORGOU
E- BUSINESS & DATA PRIVACY LAW SPECIALIST
"To avoid change fatigue and maximize data
monetization, you must realize the
motivation found within the privacy
concept”.