SlideShare a Scribd company logo
ONE DOESN’T JUST… IMPLEMENT GDPR
WHAT IS IT LIKE?
COMMON GOAL
•SUPPORT THE BUSINESS IN HANDLING AND USING (PERSONAL) DATA
•“RESPONSABLY”,
•LIKE A “GOOD HEAD OF THE FAMILY”,
•IN LINE WITH THE STATE-OF-THE-ART AND THE LAW
SHOULD WE REINVENT THE WHEEL?
TO WIN / FINISH THE TOUR…
https://datasciencebe.com
https://www.facebook.com/Datasciencebe/
https://www.youtube.com/channel/UCUBG
Yn2sbKzVITW7y9D8dlQ
https://www.meetup.com/Data-Science-
Community-Meetup/
@DataScienceBe
Mission: educate, inspire, empower
scholars & experts to apply
#datascience to address humanity’s
grand challenges
Bien
Venue
CHATHAM HOUSE RULE
• THE CHATHAM HOUSE RULE ORIGINATED AT CHATHAM HOUSE WITH THE AIM OF PROVIDING ANONYMITY TO
SPEAKERS AND TO ENCOURAGE OPENNESS AND THE SHARING OF INFORMATION. IT IS NOW USED
THROUGHOUT THE WORLD AS AN AID TO FREE DISCUSSION.
• THE CHATHAM HOUSE RULE READS AS FOLLOWS:
•WHEN A MEETING, OR PART THEREOF, IS HELD UNDER THE CHATHAM
HOUSE RULE, PARTICIPANTS ARE FREE TO USE THE INFORMATION
RECEIVED, BUT NEITHER THE IDENTITY NOR THE AFFILIATION OF THE
SPEAKER(S), NOR THAT OF ANY OTHER PARTICIPANT, MAY BE REVEALED.
https://en.wikipedia.org/wiki/Chatham_House_Rule
STAND UP Q&A
DIVIDE AND CONQUER
QUESTIONS…
• RAISE QUESTIONS
• DID ANYONE PREPARE A PRESENTATION FOR HIS / HER QUESTION?
• QUESTIONS CAN BE LEGAL, TECHNICAL, ORGANISATIONAL, PRACTICAL,…
• QUESTIONS OF PEOPLE A BIT FURTHER FROM A PRACTICAL IMPLEMENTATION MAY SHED A FRESH LIGHT
ON THINGS.
… & ANSWERS
• WE HOPE WE HAVE GATHERED ALL TYPES OF SKILLS IN THE ROOM TO FIND THE ANSWERS.
• ANSWERS CAN BE
• A CLEAR VIEW ON THE THEORY,
• POTENTIAL TOOLING,
• TEMPLATES OR (ANONYMISED) EXAMPLES,
• …
• ANSWERS ARE NOT ADVICE , JUST A BEST EFFORT NUDGE IN A (GOOD) DIRECTION.
TALLY UP
KNOWLEDGE
• LAW
• DATA SCIENCE
• DATA GOVERNANCE
• BUSINESS INTELLIGENCE
• MARKETING
• HUMAN RESOURCES
• TOOLING
EXPERIENCE
• PROJECT LEAD
• EXPERT
• DATA STEWARD / IMPACTED BUSINESS
• COMPLAINTS HANDLING / DS RIGHTS
TALLY UP
SIZE
• ONE MAN
• SME
• LARGE COMPANY
• GROUP
• AFFILIATE
• (REGIONAL) TOP
SECTOR
• LOW ON (PERSONAL) DATA
• MANUFACTURNING
• IOT PRODUCTS
• DATA GOVERNANCE TOOLING
• BIG DATA MANAGEMENT TOOLING
• HIGH ON (PERONSONAL) DATA
• PROCESSOR
• CLOUDSERVICES
• MARKETING AGENCY
• R&S AGENCY
• PAYROLL AGENCY
• CONSULTANCY
• CONTROLLER
• DATA BROKERAGE
• HEALTH
• FINANCE
• R&S COMPANY (“INTERIM”)
TALLY UP
SYSTEMS
• NO LEGACY SYSTEMS
• WORKING WITH STANDARD SYSTEMS
• SYSTEMS SOMEWHAT CUSTOMIZED
• CORE SYSTEMS ARE CUSTOMIZED (= ”LEGACY”)
• CLOUD
• ALL CLOUD PRODUCTS
• SOME CLOUD PRODUCTS
• NO CLOUD PRODUCTS
PROFIT
• NOT-FOR-PROFIT
• GOVERNMENT
• ASSOCIATION
• FOR PROFIT
• COMMERCIAL ENTERPRISE
• COMMERCIAL CORPORATION
TIME MANAGEMENT
18:30 Welcome and introduction … that’s where we are now
19:00 Break-out 1 A:
B:
19:45 Break + switch Central stage - bar
20:00 Break–out 2 A:
B:
20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage
21:15 The floor is open Central stage - bar
SUGGESTION 1
1 2
A GDPR supporting tooling GDPR in SMEs
B GDPR and public information GDPR in the Business as Usual
SUGGESTION 2
1 2
A
B
SUGGESTION 3
1 2
A
B
PARTICIPATE
• ASK QUESTIONS
• ANSWER QUESTIONS WHERE YOU CAN
AVOID SYMANTIC DISCUSSIONS
• TRY TO USE OR LINK TO THE DEFINITIONS IN THE GDPR
• TRY TO CONNECT LANGUAGES: EXPLAIN TERMS (IN SHORT)
KEEP IT PRACTICAL
• DOES NOT MEAN: DON’T ABIDE THE LAW, OR PUT IT ASIDE,…
• IF RISK TAKING IS INVOLVED, MENTION IT
• TRY TO BE CONCRETE
• WHAT TOOL CAN YOU USE?
• WHAT ARE SPECIFIC STEPS?
• ….
• AVOID (PURELY) THEORETICAL QUESTIONS / ANDWERS
TRY TO GET FACTS STRAIGHT
• IF SOMETHING CAN BE CHECKED OR EXPRESSED OBJECTIVELY, DO IT
• USE THE TEXT OF THE GDPR
• CHECK IT ON THE INTERNET (WITH CARE)
• …
BINDING INTERPRETATION OF THE LAW
• EUROPEAN COURT OF JUSTICE : IS NOT HELPFUL SINCE ONLY AVAILABLE IN 3-5 YEARS AT BEST
• EUROPEAN LEGISLATOR (INTERPRETATIVE LAW): UNLIKELY
• NOT (BUT TO BE TAKEN INTO ACCOUNT DUE TO ENFORCEMENT MECHANISM)
• SINGLE EUROPEAN MEMBER OF THE LEGISLATOR (COMMISSION, PARLIAMENT, COUNCIL)
• ARTICLE 29 WORKING PARTY / EUROPEAN DATA PROTECTION BOARD
• NATIONAL DATA PROTECTION AUTHORITY
BE OPEN TO DIFFERENT OPINIONS
KEEP THE DISCUSSION RELEVANT
• AIM: GET A SPECIFIC ANSWER TO A SPECIFIC QUESTION
• STAY ON TARGET
• PERHAPS PARK SOME (SUB)QUESTIONS OR DISCUSSION TO RESEARCH A BIT FURTHER OR TO OUTSIDE OF THE
GROUP (TO LATER BRING IT BACK IN)
• WHEN SPEAKING TRY TO BE ON POINT AND CONCISE, BUT EXPLAIN TERMS AND ANSWER QUESTIONS IF NEED BE
• DON’T DRAG DISCUSSIONS
• SOMETIMES THERE IS NO SINGLE CORRECT ANSWER (E.G. IN TERMS OF RISK APPROACH)
• CHECK RELEVANCE REGULARLY
GAMESTORMING SUGGESTION
Every seven mintues, you can be Commodus
LEARN
• LISTEN TO WHAT OTHERS (HAVE TO) SAY
• A DIFFERENT APPROACH MAY BE USEFUL JUST AS A BENCHMARK
• ASK QUESTIONS IF YOU DON’T UNDERSTAND SOMETHING, BUT LET PEOPLE FINISH THEIR REASONING IF
POSSIBLE, SO WRITE DOWN FOLLOW UP QUESTIONS
HAVE FUN
TIME MANAGEMENT
18:30 Welcome and introduction … that’s where we are now
19:00 Break-out 1 A:
B:
19:45 Break + switch Central stage - bar
20:00 Break–out 2 A:
B:
20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage
21:15 The floor is open Central stage - bar
RISK
MANAGEMENT
RISK
APPROACHImpact
Likelihood
Share
Accept
Avoid
Mitigate
High
High
Low
Low
Impact
Likelihood
Mitigate
Cont. monitoring
Share
Accept
Per. monitoring
Mitigate
Cont. review
Avoid
Mitigate
Per. Review
High
High
Low
Low
Whatwecomprehend
What there is to know
What we
don’t know
we know
What we
know we
know
What we
don’t know
we don’t
know
What we
know we
don’t know
Unknown
Unknown
Known
Known
FOCUS
GDPR - NEW
• PROCESSOR NOW ALSO AN ADDRESSEE
• ORGANISATION
• ”ACCOUNTABILITY” (REVERSAL OF THE BURDEN OF PROOF), CONCRETE
• PROCESSING REGISTER (AND RISK REGISTER)
• PRIVACY IMPACT ASSESSMENT (“PIA”)
• PRIVACY BY DESIGN AND PRIVACY BY DEFAULT
• DATA PROTECTION OFFICER
• ACKNOWLEDGEMENT OF “FRAME”-MECHANISMS: CERTIFICATIONS, CODES OF CONDUCT,
BINDING CORPORATE RULES,…
• INCIDENT MANAGEMENT AND DATA BREACH NOTIFICATION
• RIGHTS OF INDIVIDUAL ARE INCREASED AND FURTHER ELABORATED
• ENFORCEMENT
• ADMINISTRATIVE FINES UNIVERSAL AND UNIFORM
• COLLECTIVE ACTIONS OF INDIVIDUALS UNIVERSAL AND UNIFORM
Control
Data
Subject
Processing personal data
Data
Controller
Data
processor
Finality Legitimacy
Transparency Organisation
proportional
End-to-end
Environment
Physical
Human
Device
Application
Repository
Carrier
Risk Assessment
Risk Decision
Controls
Incident
Management
Changes
• In the regulatory environment
• In processes
• In people (JLT)
• In technology
Network
Data
3rd Parties
• 1st line
• 2nd line
• 3rd line
• Impact
• Probability
• Avoid
• Mitigate
• Share
• Accept
47
Firm
Svc P
group
entities
Vendor
SC
MSA
Client Client ClientClientClient
Svc P
Client
Client
Client
Client
Client
Client
Client
GROUP

More Related Content

Similar to 20170801 GDPR Q&A intro

POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
OvationsGroup
 
471 Public Affairs and Crisis Comm
471 Public Affairs and Crisis Comm471 Public Affairs and Crisis Comm
471 Public Affairs and Crisis Comm
Ohio University
 

Similar to 20170801 GDPR Q&A intro (20)

How to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web DesignHow to Not Destroy the World - the Ethics of Web Design
How to Not Destroy the World - the Ethics of Web Design
 
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
Bit by Bit: Effective Use of People, Processes and Computer Technology in the...
 
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a LawyerBit by Bit: A Framework for Building Technological Competence as a Lawyer
Bit by Bit: A Framework for Building Technological Competence as a Lawyer
 
The law and ethics of data-driven artificial intelligence
The law and ethics of data-driven artificial intelligenceThe law and ethics of data-driven artificial intelligence
The law and ethics of data-driven artificial intelligence
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
 
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
Reverse Engineering the Wetware: Understanding Human Behavior to Improve Info...
 
Data Science-final7
Data Science-final7Data Science-final7
Data Science-final7
 
2007 09 28 ELNs as Patent Evidence Systems
2007 09 28 ELNs as Patent Evidence Systems2007 09 28 ELNs as Patent Evidence Systems
2007 09 28 ELNs as Patent Evidence Systems
 
Hard won lessons on an 18 year rollercoaster ride - Nic Lawrence.pdf
Hard won lessons on an 18 year rollercoaster ride - Nic Lawrence.pdfHard won lessons on an 18 year rollercoaster ride - Nic Lawrence.pdf
Hard won lessons on an 18 year rollercoaster ride - Nic Lawrence.pdf
 
#JTSMAsocial - a social media workshop
#JTSMAsocial - a social media workshop#JTSMAsocial - a social media workshop
#JTSMAsocial - a social media workshop
 
CYCLES Course (1): Course Introduction
CYCLES Course (1): Course Introduction CYCLES Course (1): Course Introduction
CYCLES Course (1): Course Introduction
 
Balancing Implant Innovation and Price - OMTEC 2017
Balancing Implant Innovation and Price - OMTEC 2017Balancing Implant Innovation and Price - OMTEC 2017
Balancing Implant Innovation and Price - OMTEC 2017
 
"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!"What Could Go Wrong?" - We're Glad You Asked!
"What Could Go Wrong?" - We're Glad You Asked!
 
POPI Act compliance presentation
POPI Act compliance presentationPOPI Act compliance presentation
POPI Act compliance presentation
 
471 Public Affairs and Crisis Comm
471 Public Affairs and Crisis Comm471 Public Affairs and Crisis Comm
471 Public Affairs and Crisis Comm
 
Himc toolbox slides-petterw
Himc toolbox slides-petterwHimc toolbox slides-petterw
Himc toolbox slides-petterw
 
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
How Yammer Stayed Lean Post-Acquisition: Customer Development as Survival Str...
 
Crowd Sourcing and Crowd Funding
Crowd Sourcing and Crowd FundingCrowd Sourcing and Crowd Funding
Crowd Sourcing and Crowd Funding
 
Addo nov-culture-holding us accountable
Addo nov-culture-holding us accountableAddo nov-culture-holding us accountable
Addo nov-culture-holding us accountable
 
Truth Telling & Truth Suppression:Lies, Myths. and Realities
Truth Telling & Truth Suppression:Lies, Myths. and RealitiesTruth Telling & Truth Suppression:Lies, Myths. and Realities
Truth Telling & Truth Suppression:Lies, Myths. and Realities
 

More from Brussels Legal Hackers

20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI
Brussels Legal Hackers
 
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
Brussels Legal Hackers
 

More from Brussels Legal Hackers (20)

20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI20190528 - Guidelines for Trustworthy AI
20190528 - Guidelines for Trustworthy AI
 
20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...20190423 PRiSE model to tackle data protection impact assessments and data pr...
20190423 PRiSE model to tackle data protection impact assessments and data pr...
 
20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele
20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele
20190316 - CLBFest - Blockchain & the law - Willem Van de Wiele
 
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
20190316 - CLBFest - Blockchain is WTF - Gerrie Smits
 
20190316 - CLBFest - 1337 to legal - Koen Vingerhoets
20190316 - CLBFest - 1337 to legal - Koen Vingerhoets20190316 - CLBFest - 1337 to legal - Koen Vingerhoets
20190316 - CLBFest - 1337 to legal - Koen Vingerhoets
 
20190316 - CLBFest - GDPR & Blockchain - Axel Beelen
20190316 - CLBFest - GDPR & Blockchain - Axel Beelen20190316 - CLBFest - GDPR & Blockchain - Axel Beelen
20190316 - CLBFest - GDPR & Blockchain - Axel Beelen
 
20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman
20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman
20190316 - CLBFest - Cryptocurrencies and tax - Hendrik Putman
 
20190221 Algorithmic transparency and accountability in practice
20190221 Algorithmic transparency and accountability in practice20190221 Algorithmic transparency and accountability in practice
20190221 Algorithmic transparency and accountability in practice
 
20190221 Data subject rights in practice
20190221 Data subject rights in practice20190221 Data subject rights in practice
20190221 Data subject rights in practice
 
20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements20180619 Controller-to-Processor agreements
20180619 Controller-to-Processor agreements
 
20180607 - Tech Summit presentation
20180607 - Tech Summit presentation20180607 - Tech Summit presentation
20180607 - Tech Summit presentation
 
20180317 CLBfest 2018 - Trase
20180317 CLBfest 2018 - Trase20180317 CLBfest 2018 - Trase
20180317 CLBfest 2018 - Trase
 
20171108 IAPP Congress - Privacy by Design presentation
20171108 IAPP Congress - Privacy by Design presentation20171108 IAPP Congress - Privacy by Design presentation
20171108 IAPP Congress - Privacy by Design presentation
 
20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUN20171106 - Privacy Design Lab - LINDDUN
20171106 - Privacy Design Lab - LINDDUN
 
20170601 - Digital festival presentation
20170601 - Digital festival presentation20170601 - Digital festival presentation
20170601 - Digital festival presentation
 
20170620 MEETUP intro to blockchain and smart contracts (2)
20170620 MEETUP intro to blockchain and smart contracts (2)20170620 MEETUP intro to blockchain and smart contracts (2)
20170620 MEETUP intro to blockchain and smart contracts (2)
 
20170620 MEETUP smart contracts proof of concept for prescriptions
20170620 MEETUP smart contracts proof of concept for prescriptions20170620 MEETUP smart contracts proof of concept for prescriptions
20170620 MEETUP smart contracts proof of concept for prescriptions
 
20170620 MEETUP intro to blockchain and smart contracts (1)
20170620 MEETUP intro to blockchain and smart contracts (1)20170620 MEETUP intro to blockchain and smart contracts (1)
20170620 MEETUP intro to blockchain and smart contracts (1)
 
20170418 MEETUP on Creative Commons
20170418 MEETUP on Creative Commons20170418 MEETUP on Creative Commons
20170418 MEETUP on Creative Commons
 
20170122 MEETUP on autonomous vehicles
20170122 MEETUP on autonomous vehicles20170122 MEETUP on autonomous vehicles
20170122 MEETUP on autonomous vehicles
 

Recently uploaded

Recently uploaded (20)

1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx1.4 modern child centered education - mahatma gandhi-2.pptx
1.4 modern child centered education - mahatma gandhi-2.pptx
 
Benefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational ResourcesBenefits and Challenges of Using Open Educational Resources
Benefits and Challenges of Using Open Educational Resources
 
NCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdfNCERT Solutions Power Sharing Class 10 Notes pdf
NCERT Solutions Power Sharing Class 10 Notes pdf
 
Palestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptxPalestine last event orientationfvgnh .pptx
Palestine last event orientationfvgnh .pptx
 
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
 
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup   New Member Orientation and Q&A (May 2024).pdfWelcome to TechSoup   New Member Orientation and Q&A (May 2024).pdf
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdf
 
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdfDanh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
Danh sách HSG Bộ môn cấp trường - Cấp THPT.pdf
 
NLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptxNLC-2024-Orientation-for-RO-SDO (1).pptx
NLC-2024-Orientation-for-RO-SDO (1).pptx
 
Embracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic ImperativeEmbracing GenAI - A Strategic Imperative
Embracing GenAI - A Strategic Imperative
 
Overview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with MechanismOverview on Edible Vaccine: Pros & Cons with Mechanism
Overview on Edible Vaccine: Pros & Cons with Mechanism
 
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptxJose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
Jose-Rizal-and-Philippine-Nationalism-National-Symbol-2.pptx
 
How to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERPHow to Create Map Views in the Odoo 17 ERP
How to Create Map Views in the Odoo 17 ERP
 
How to Break the cycle of negative Thoughts
How to Break the cycle of negative ThoughtsHow to Break the cycle of negative Thoughts
How to Break the cycle of negative Thoughts
 
The approach at University of Liverpool.pptx
The approach at University of Liverpool.pptxThe approach at University of Liverpool.pptx
The approach at University of Liverpool.pptx
 
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptxMARUTI SUZUKI- A Successful Joint Venture in India.pptx
MARUTI SUZUKI- A Successful Joint Venture in India.pptx
 
Sectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdfSectors of the Indian Economy - Class 10 Study Notes pdf
Sectors of the Indian Economy - Class 10 Study Notes pdf
 
Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345Sha'Carri Richardson Presentation 202345
Sha'Carri Richardson Presentation 202345
 
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptxSolid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
Solid waste management & Types of Basic civil Engineering notes by DJ Sir.pptx
 
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
UNIT – IV_PCI Complaints: Complaints and evaluation of complaints, Handling o...
 
How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...How libraries can support authors with open access requirements for UKRI fund...
How libraries can support authors with open access requirements for UKRI fund...
 

20170801 GDPR Q&A intro

  • 1.
  • 2.
  • 3. ONE DOESN’T JUST… IMPLEMENT GDPR
  • 4. WHAT IS IT LIKE?
  • 5. COMMON GOAL •SUPPORT THE BUSINESS IN HANDLING AND USING (PERSONAL) DATA •“RESPONSABLY”, •LIKE A “GOOD HEAD OF THE FAMILY”, •IN LINE WITH THE STATE-OF-THE-ART AND THE LAW
  • 6. SHOULD WE REINVENT THE WHEEL?
  • 7. TO WIN / FINISH THE TOUR…
  • 9.
  • 11.
  • 12. CHATHAM HOUSE RULE • THE CHATHAM HOUSE RULE ORIGINATED AT CHATHAM HOUSE WITH THE AIM OF PROVIDING ANONYMITY TO SPEAKERS AND TO ENCOURAGE OPENNESS AND THE SHARING OF INFORMATION. IT IS NOW USED THROUGHOUT THE WORLD AS AN AID TO FREE DISCUSSION. • THE CHATHAM HOUSE RULE READS AS FOLLOWS: •WHEN A MEETING, OR PART THEREOF, IS HELD UNDER THE CHATHAM HOUSE RULE, PARTICIPANTS ARE FREE TO USE THE INFORMATION RECEIVED, BUT NEITHER THE IDENTITY NOR THE AFFILIATION OF THE SPEAKER(S), NOR THAT OF ANY OTHER PARTICIPANT, MAY BE REVEALED. https://en.wikipedia.org/wiki/Chatham_House_Rule
  • 15. QUESTIONS… • RAISE QUESTIONS • DID ANYONE PREPARE A PRESENTATION FOR HIS / HER QUESTION? • QUESTIONS CAN BE LEGAL, TECHNICAL, ORGANISATIONAL, PRACTICAL,… • QUESTIONS OF PEOPLE A BIT FURTHER FROM A PRACTICAL IMPLEMENTATION MAY SHED A FRESH LIGHT ON THINGS.
  • 16. … & ANSWERS • WE HOPE WE HAVE GATHERED ALL TYPES OF SKILLS IN THE ROOM TO FIND THE ANSWERS. • ANSWERS CAN BE • A CLEAR VIEW ON THE THEORY, • POTENTIAL TOOLING, • TEMPLATES OR (ANONYMISED) EXAMPLES, • … • ANSWERS ARE NOT ADVICE , JUST A BEST EFFORT NUDGE IN A (GOOD) DIRECTION.
  • 17. TALLY UP KNOWLEDGE • LAW • DATA SCIENCE • DATA GOVERNANCE • BUSINESS INTELLIGENCE • MARKETING • HUMAN RESOURCES • TOOLING EXPERIENCE • PROJECT LEAD • EXPERT • DATA STEWARD / IMPACTED BUSINESS • COMPLAINTS HANDLING / DS RIGHTS
  • 18. TALLY UP SIZE • ONE MAN • SME • LARGE COMPANY • GROUP • AFFILIATE • (REGIONAL) TOP SECTOR • LOW ON (PERSONAL) DATA • MANUFACTURNING • IOT PRODUCTS • DATA GOVERNANCE TOOLING • BIG DATA MANAGEMENT TOOLING • HIGH ON (PERONSONAL) DATA • PROCESSOR • CLOUDSERVICES • MARKETING AGENCY • R&S AGENCY • PAYROLL AGENCY • CONSULTANCY • CONTROLLER • DATA BROKERAGE • HEALTH • FINANCE • R&S COMPANY (“INTERIM”)
  • 19. TALLY UP SYSTEMS • NO LEGACY SYSTEMS • WORKING WITH STANDARD SYSTEMS • SYSTEMS SOMEWHAT CUSTOMIZED • CORE SYSTEMS ARE CUSTOMIZED (= ”LEGACY”) • CLOUD • ALL CLOUD PRODUCTS • SOME CLOUD PRODUCTS • NO CLOUD PRODUCTS PROFIT • NOT-FOR-PROFIT • GOVERNMENT • ASSOCIATION • FOR PROFIT • COMMERCIAL ENTERPRISE • COMMERCIAL CORPORATION
  • 20. TIME MANAGEMENT 18:30 Welcome and introduction … that’s where we are now 19:00 Break-out 1 A: B: 19:45 Break + switch Central stage - bar 20:00 Break–out 2 A: B: 20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage 21:15 The floor is open Central stage - bar
  • 21. SUGGESTION 1 1 2 A GDPR supporting tooling GDPR in SMEs B GDPR and public information GDPR in the Business as Usual
  • 24. PARTICIPATE • ASK QUESTIONS • ANSWER QUESTIONS WHERE YOU CAN
  • 25. AVOID SYMANTIC DISCUSSIONS • TRY TO USE OR LINK TO THE DEFINITIONS IN THE GDPR • TRY TO CONNECT LANGUAGES: EXPLAIN TERMS (IN SHORT)
  • 26. KEEP IT PRACTICAL • DOES NOT MEAN: DON’T ABIDE THE LAW, OR PUT IT ASIDE,… • IF RISK TAKING IS INVOLVED, MENTION IT • TRY TO BE CONCRETE • WHAT TOOL CAN YOU USE? • WHAT ARE SPECIFIC STEPS? • …. • AVOID (PURELY) THEORETICAL QUESTIONS / ANDWERS
  • 27. TRY TO GET FACTS STRAIGHT • IF SOMETHING CAN BE CHECKED OR EXPRESSED OBJECTIVELY, DO IT • USE THE TEXT OF THE GDPR • CHECK IT ON THE INTERNET (WITH CARE) • …
  • 28. BINDING INTERPRETATION OF THE LAW • EUROPEAN COURT OF JUSTICE : IS NOT HELPFUL SINCE ONLY AVAILABLE IN 3-5 YEARS AT BEST • EUROPEAN LEGISLATOR (INTERPRETATIVE LAW): UNLIKELY • NOT (BUT TO BE TAKEN INTO ACCOUNT DUE TO ENFORCEMENT MECHANISM) • SINGLE EUROPEAN MEMBER OF THE LEGISLATOR (COMMISSION, PARLIAMENT, COUNCIL) • ARTICLE 29 WORKING PARTY / EUROPEAN DATA PROTECTION BOARD • NATIONAL DATA PROTECTION AUTHORITY
  • 29. BE OPEN TO DIFFERENT OPINIONS
  • 30.
  • 31. KEEP THE DISCUSSION RELEVANT • AIM: GET A SPECIFIC ANSWER TO A SPECIFIC QUESTION • STAY ON TARGET • PERHAPS PARK SOME (SUB)QUESTIONS OR DISCUSSION TO RESEARCH A BIT FURTHER OR TO OUTSIDE OF THE GROUP (TO LATER BRING IT BACK IN) • WHEN SPEAKING TRY TO BE ON POINT AND CONCISE, BUT EXPLAIN TERMS AND ANSWER QUESTIONS IF NEED BE • DON’T DRAG DISCUSSIONS • SOMETIMES THERE IS NO SINGLE CORRECT ANSWER (E.G. IN TERMS OF RISK APPROACH) • CHECK RELEVANCE REGULARLY
  • 32. GAMESTORMING SUGGESTION Every seven mintues, you can be Commodus
  • 33. LEARN • LISTEN TO WHAT OTHERS (HAVE TO) SAY • A DIFFERENT APPROACH MAY BE USEFUL JUST AS A BENCHMARK • ASK QUESTIONS IF YOU DON’T UNDERSTAND SOMETHING, BUT LET PEOPLE FINISH THEIR REASONING IF POSSIBLE, SO WRITE DOWN FOLLOW UP QUESTIONS
  • 34.
  • 36. TIME MANAGEMENT 18:30 Welcome and introduction … that’s where we are now 19:00 Break-out 1 A: B: 19:45 Break + switch Central stage - bar 20:00 Break–out 2 A: B: 20:40 Re-assemble and short debrief (max. 5’ per BO) Central stage 21:15 The floor is open Central stage - bar
  • 37.
  • 38.
  • 41. Whatwecomprehend What there is to know What we don’t know we know What we know we know What we don’t know we don’t know What we know we don’t know Unknown Unknown Known Known FOCUS
  • 42. GDPR - NEW • PROCESSOR NOW ALSO AN ADDRESSEE • ORGANISATION • ”ACCOUNTABILITY” (REVERSAL OF THE BURDEN OF PROOF), CONCRETE • PROCESSING REGISTER (AND RISK REGISTER) • PRIVACY IMPACT ASSESSMENT (“PIA”) • PRIVACY BY DESIGN AND PRIVACY BY DEFAULT • DATA PROTECTION OFFICER • ACKNOWLEDGEMENT OF “FRAME”-MECHANISMS: CERTIFICATIONS, CODES OF CONDUCT, BINDING CORPORATE RULES,… • INCIDENT MANAGEMENT AND DATA BREACH NOTIFICATION • RIGHTS OF INDIVIDUAL ARE INCREASED AND FURTHER ELABORATED • ENFORCEMENT • ADMINISTRATIVE FINES UNIVERSAL AND UNIFORM • COLLECTIVE ACTIONS OF INDIVIDUALS UNIVERSAL AND UNIFORM
  • 43. Control Data Subject Processing personal data Data Controller Data processor Finality Legitimacy Transparency Organisation proportional End-to-end
  • 44. Environment Physical Human Device Application Repository Carrier Risk Assessment Risk Decision Controls Incident Management Changes • In the regulatory environment • In processes • In people (JLT) • In technology Network Data 3rd Parties • 1st line • 2nd line • 3rd line • Impact • Probability • Avoid • Mitigate • Share • Accept
  • 45. 47 Firm Svc P group entities Vendor SC MSA Client Client ClientClientClient Svc P Client Client Client Client Client Client Client GROUP

Editor's Notes

  1. You don’t need to win a single étappe, it is smarter to stay in the bus
  2. Jack Whitehal Possible that we don’t know the answer in the group
  3. It is not ananàs or anànas, but pineapple If it walks like a duck, and kwaks like a duck, it must be a duck.
  4. 1. Roll you sleeves up 2. No discrimination: also for women 3. Proverbially, get your hands dirty
  5. May be stretching it a bit?!
  6. House is portrayed as one of the best differential analysis doctors in the world, and still he has a team
  7. There is so much we don’t know To remind him of that Umberto Eco has a big library of unread books
  8. Dorfman 1997 Tolerate (retain), Treat (mitigate), Terminate (eliminate) and Transfer (by contract or insurance) Check GRC Tuesdays: a new approach to risk oversight: A lens to look through and levers to pull” SAP
  9. “As we know, there are known knowns; there are things we know we know. We also know there are known unknowns; that is to say we know there are some things we do not know. But there are also unknown unknowns—the ones we don’t know we don’t know.” – Donald Rumsfeld https://www.theatlantic.com/politics/archive/2014/03/rumsfelds-knowns-and-unknowns-the-intellectual-history-of-a-quip/359719/