2. ARE YOU READY FOR
GENERAL DATA PROTECTION
REGULATIONS (GDPR)?
3. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
GDPR comes into effect May 25th
2018
Initially EU ‘driven’ – set to become a worldwide
standard - builds upon existing data protection
rules
Information Commissioner’s Office (ICO) is relevant
U.K. ‘body’
4. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Prompted by the growth in data processing
Evolution rather than revolution of the rules
Not a new Millennium Bug
Aim to achieve privacy by design and default
5. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Requires personal data (PD) to be respected
- Accountability
- Transparency
- Individuals’ rights
An obligation on all businesses/organisations
Severe penalties for non- compliance
6. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Important in terms of client reassurance
An opportunity to focus on client care
Positive use of GDPR
7. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Organisations are required to have a legal
basis to process
1. Contract
2. Consent
3. Vital Interest
4. Public Task
5. Comply with legal obligations
6. Legitimate Interests
8. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Segmentation appropriate i.e.
- Contract basis for work to be done
- Consent basis for marketing communication
A ‘granular‘ approach required
- Consent cannot be ‘bundled’
Consent must be ‘active’
9. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Privacy statements to include:
- Legal basis for processing data
- What is to happen to the data
- What a client does if there’s a problem
To be given to a customer.
10. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
Imposes general obligation to implement
technical and organisational measures to
show that consideration has been given to
data protection when processing.
12. GENERAL DATA PROTECTION REGULATIONS
(GDPR)
The sky will not fall in on May 26th
However GDPR will be the law of the land
We need to be able to demonstrate that
we’re taking it seriously