Vip Dewas Call Girls #9907093804 Contact Number Escorts Service Dewas
Convince your board - Ten steps to GDPR compliance
1. A GDPR compliance checklist -
and some useful resources
Convince Your Board…
Ten steps to GDPR compliance
2. Ascentor: Convince Your Board
Are you looking for help preparing for GDPR compliance?
2
Then this Slideshare is for you.
It has been prepared by Ascentor as part of a series of “Convince
Your Board” presentations.
We help organisations stay safe through information risk
management – and equip suppliers to deliver projects and bid for
contracts more successfully. Our public and private sector
customers rely on our pragmatic and business focused approach to
their cyber security and information assurance challenges.
The concept is to use any of the slides as you see fit - with the aim
of convincing your board of the importance of topics related to
Information Risk Management, and, in this instance, GDPR.
Ascentor - September 2017
Please note: This Slideshare is provided free of charge and for information purposes
only. Any steps taken as a result of the information contained are at your own risk.
3. Ascentor: Convince Your Board
The GDPR deadline
3
The launch date of 25th May 2018 is fast approaching
and the General Data Protection Regulation (GDPR) will
be on every organisations priority list.
But don’t panic - the following ten steps will help you
prepare for compliance.
This checklist is a summary of our recent article Ten steps
to GDPR compliance which contains additional
information on each step.
GDPR
May 25th
2018
4. Ascentor: Convince Your Board
Step 1: Data Protection Officer (DPO)
4
Do you really need one?
The Data Protection Officer (DPO) will play a key role in
ensuring compliance with GDPR – but it’s not immediately
obvious what is involved.
If you are a public authority then you’re obliged to appoint
one - and many private sector organisations will require one
too.
The role of the DPO is covered at length in the Ascentor blog
article Do you really need a Data Protection Officer (DPO)?
GDPR
May 25th
2018
5. Ascentor: Convince Your Board
Step 2: Train your staff
5
People are the one of the biggest risks you face in terms
of failure to comply.
Training staff helps them understand the organisation’s
responsibilities and reduces the chances of them
unwittingly doing something which will result in a data
breach.
Once all your staff are onboard with GDPR and
understand what they need to do, you’ll be in a better
position to ensure compliance is built in to day-to-day
processes and isn’t seen as an additional burden.
GDPR
May 25th
2018
6. Ascentor: Convince Your Board
Step 3: It’s got to be fair
6
You’ll probably need to update your fair processing and
privacy notifications to customers and maybe even
your staff.
Review whether or not the information you provide to
individuals is explicitly clear.
Ensure you put in place a process for regularly reviewing
and if necessary updating your fair processing
information.
GDPR
May 25th
2018
7. Ascentor: Convince Your Board
Step 4: With your permission
7
The new Regulation is designed to ensure you gain
consent for every purpose (when you rely on it as the
condition for carrying out processing).
Consent needs to be opt-in (not opt-out) and
customers need to genuinely understand your
conditions and agree.
The key consideration here is that consent must be
freely given.
GDPR
May 25th
2018
8. Ascentor: Convince Your Board
Step 5: Another legal basis
8
If you can’t rely on consent for processing some or all of
your personal data, you must find another legal basis on
which to carry out your processing.
Aside from consent, the Regulation sets out additional
bases (covered in more depth in the full 'Ten steps to
compliance' article).
If you cannot meet any of them for the personal data
you’re processing, then the particular activity has no
legal basis and cannot continue.
GDPR
May 25th
2018
9. Ascentor: Convince Your Board
Step 6: Privacy impact assessments
9
Privacy impact assessments (PIAs) are now mandatory
for processes and systems processing high risk data.
One of the key ways of determining whether or not a
process or solution will present a high risk to the rights
and freedoms of data subjects is to carry out a PIA.
You should consider having in place a means of
standardising these into your assurance processes.
GDPR
May 25th
2018
10. Ascentor: Convince Your Board
Step 7: Forget me (The right to be forgotten)
10
The right to be forgotten (Article 17) is the new data
subject right causing most discussion.
If you are required to action a request for data removal
under this right it’s essential that you are able to remove
the data from all sources where you hold it.
This includes backups. It is wise to develop a process
now to ensure you are able to action such requests.
GDPR
May 25th
2018
11. Ascentor: Convince Your Board
Step 8: Review and update agreements
11
Data sharing and processing agreements you have (or
are party to) are likely to reflect current data protection
law.
The legal basis you are currently using for these
agreements may change or cease to exist.
It is essential to review the agreements you have in
place and take time to amend these to reflect the
requirements of the new Regulation.
GDPR
May 25th
2018
12. Ascentor: Convince Your Board
Step 9: Secure IT (and manual data too)
12
Providing adequate protection for the data you
process is essential for compliance with the Regulation.
Data subjects will expect that their information will be
held in ways which it cannot be accessed by those
without appropriate authority.
Physical and procedural security controls will be just as
important as technical ones.
GDPR
May 25th
2018
13. Ascentor: Convince Your Board
Step 10: Map your data flows
13
If you don’t know what data is going where, you’ll
struggle to comply with the requirements of the
Regulation.
Mapping your data flows provides a clear picture to
your organisation of how data are travelling around,
helps you identify abnormalities or non-compliances
with your policies and procedures and facilitates your
taking appropriate steps to manage information risk.
GDPR
May 25th
2018
14. Ascentor: Convince Your Board
Additional GDPR resources
14
From Ascentor
Ten steps to GDPR compliance
Do you really need a Data Protection Officer (DPO)?
GDPR: What does it really mean for your organisation?
From the Information Commissioner’s Office
Getting ready for the GDPR
Preparing for GDPR: 12 steps to take now
GDPR guidance: What to expect and when
GDPR
May 25th
2018
15. Ascentor: Convince Your Board
Don’t panic - Ascentor can help
15
If you’d like to discuss how our consultants could advise
on any aspect of GDPR compliance, please contact
Dave James, MD at Ascentor.
Email: info@ascentor.co.uk
Office: 01452 881712
Web: www.ascentor.co.uk
You might also like to keep in touch with Ascentor by
receiving our quarterly newsletter and following us
on LinkedIn and Twitter.
GDPR
May 25th
2018