SlideShare a Scribd company logo

GDPR - Are you ready?

VILT
VILT

Are you ready for the General Data Protection Regulation? VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.

Technology
1 of 11
Download to read offline
1 frequently asked questions GENERAL DATA PROTECTION REGULATION Are you Ready? changing ways together
Are you ready to GDPR? Read about what it is and how we can help. Thanks for downloading this conpendium about GDPR, compiled by VILT. We recommend you to take a few minutes to read it carefully. Feel free to come back to us if you want to know more. Page 3 1 • What is GDPR? 2 • Who is Affected by the GDPR? 3 • What happens if an organization doesn’t comply? Page 4 4 • What data should I take into consideration? 5 • What is considered Personal Data? 6 • What is considered Sensitive Data? 7 • What are the requirements of the GDPR regarding the protection of personal data? Page 5 8 • Article 5. of the GDPR Page 6 9 • My organization resides outside the EU. Does GDPR apply? Page 7 10 • Which authority will audit my organization and what is the scope of application? Page 8 11 • My organization is in the UK. How does Brexit affect this? 12 • What measures can my organization take to meet GDPR requirements? 13 • Will I need to change my information systems in order to be GDPR compliant? Page 9 14 • What Solutions are there on the Market that can help my Organization support the GDPR in a fast, efficient and transparent manner? 15 • What exactly is EIM and how can their solutions help my organization? Page 10 16 • Solution: VILT FAQ answered
3GDPR FAQ 2 Who is Affected by the GDPR? The GDPR has a broad territorial scope. It applies not only to all organizations established in the EU that process personal data, but also to any non-EU established organization that process personal data of individuals who are in the EU in order to: a. offer them goods or services, irrespective of whether a payment is required; b. monitor their behavior within the EU. The GDPR’s aim is to protect personal data at all stages of data processing. The GDPR identifies two different entities that both have obligations: data controllers and data processors. 1 What is GDPR? The GDPR is the new sweeping European Union (EU) legislation that modernizes and reforms the laws that address the handling of personal data. It replaces the European Data Protection Directive (95/46/EC) which was implemented inconsistently across Europe and did not have legislative authority. 3 What happens if an organization doesn’t comply? • The framers recognize that current EU data protection penalties are too small and inconsistently applied. • The GDPR specifies that fines should be “effective” and “dissuasive” - i.e., meant to inflict pain and to discourage repeat offenses. Two categories of fines: • Level 1 = €10 million or 2% of global turnover. • Level 2 = €20 million or 4% of global turnover. In addition, individuals and privacy advocates may file civil suits, and executives may be jailed.
GDPR FAQ 4 4 5 6 What data should I take into consideration? Personal Data and Sensitive data should be taken into consideration. What is considered Personal Data? Personal Data is any information relating to an identified or identifiable natural person (‘data subject’); such as a name, an identification number, location data, an online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Organizations should take measures to minimize the amount of personally identifiable information they store, and ensure that they do not store any information for longer than necessary. What is considered Sensitive Data? Sensitive data is a special sub-category of personal data which enjoys extra consideration and protection in GDPR as they may give rise to strong stigmatization or discrimination in a society. Sensitive data are personal data that reveal any racial or ethnic origin, financial status, political opinion, philosophical belief, religion, trade- union membership, sexual orientation, or concerns health and sex life, genetic data, or biometric data. The GDPR requires companies to implement reasonable data protection measures to protect consumers’ personal data and privacy against data loss or exposure. Article 5. of the GDPR summarises the most important principles and requirements regarding the management of personal data: What are the requirements of the GDPR regarding the protection of personal data? 7
5GDPR FAQ 8 Article 5. of the GDPR Lawfulness: fairness and transparency: personal data should be processed lawfully, fairly and in a transparent manner. Limited purpose: personal data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Data minimisation: personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected Accuracy: personal data stored and managed should be accurate and, where necessary, kept up to date. Storage limitation: personal data should be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Confidentiality and integrity: personal data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Consent: Under the GDPR, consent requirements are more precise: the request for consent must be presented in a clear and unambiguous language (which excludes in particular privacy policies presented in lowercase letters), so that the person is able to give a free, specific and informed consent. Consent must be explicit, rather than implicit. Silence, pre-ticked boxes, or inactivity may thus not constitute valid consent. summarize
6 9 My organization resides outside the EU. Does GDPR apply? The GDPR is “extraterritorial.” It does not apply to a specific geography, e.g. EU states, rather, it applies to any company, located anywhere in the world, that has anything to do with EU residents specifically. Companies must comply with the GDPR if any of the following apply: • They are located in the EU • They “offer goods or services” to EU residents • They “monitor” EU residents. (For example, a company that tracks browsing with a cookie may never offer goods or services, but they are “monitoring” EU residents And must comply with regulation.) Which authority will audit my organization and what is the scope of application? GDPR FAQ
7GDPR FAQ 10Which authority will audit my organization and what is the scope of application? The GDPR will expand its territorial reach and apply to any data controller or processor offering goods or services to data subjects located in the EU, as well as to any processing relating to monitoring of data subjects’ behavior within the EU. Data processors or subcontractors having an establishment located in the EU and processing personal data for their activities will also be subject to the GDPR, bearing in mind that the concept of “establishment” has been broadly interpreted by the Court of Justice of the European Union. Where a controller or processor is not established in the EU, but is subject to the GDPR, the controller or processor will generally need to designate an EU representative by written mandate. Companies without an EU presence which offer goods or services to EU individuals or monitor their behavior should therefore get prepared to comply with the GDPR. The GDPR provides for a general personal data breach notification regime applicable to both data controllers and data processors. Controllers must notify the competent DPO of a breach within 72 hours after the company’s knowledge of the breach, unless such breach is unlikely to result in a risk to the rights and freedoms of individuals. Affected data subjects must also be informed of the breach without undue delay, if the breach is likely to result in a high risk to their rights and freedoms. Processors must notify the controller without undue delay after becoming aware of a personal data breach. From a practical standpoint, notifying a breach to the DPO within the required period (72 hours) may prove to be quite challenging in terms of investigating regarding the nature and scope of the breach. Companies will need to adopt internal procedures to handle such data breaches. Companies operating in the United States may be able to use existing procedures used in the U.S. Further bear in mind that some local DPOs currently already require companies to notify data breaches, such as the UK ICO for “serious” data breaches. Data processors will have limited but direct obligations under the GDPR. This includes, for example, implementing appropriate security measures and notifying controllers in the event of a data breach. A processor will be liable for the damage caused by unlawful data processing only if it has not complied with the GDPR obligations which apply directly to data processors or if the processor acted outside or contrary to lawful controller instructions. Companies should review existing supply agreements to verify if they cover these new processor data obligations, and if changes are needed who would bear the cost thereof. Under the GDPR, only certain companies will be required to appoint a Data Protection Officer (“DPO”). The GDPR requires a DPO where the core activities of the controller or processor consist of (i) processing, which by its nature, scope, or purposes, requires regular and systematic monitoring of data subjects on a large scale, (ii) processing special categories of personal data on a large scale, or (iii) if processing is carried out by a public authority. Member States may also provide for stricter rules and require a DPO in other cases. The DPO may be an employee or an outside provider; s/he will need to have expert knowledge. A group of companies may appoint a single DPO to act for the group. 1 Scope of application 4. Breach notification 2 Data processor liability 3 Data protection officer audit.
GDPR FAQ 8 11 12 My organization is in the UK. How does Brexit affect this? If your company collects and stores the personal data of EU citizens, the GDPR is relevant to your organization, even if you don’t have a formal presence in the EU zone. In particular the UK, apart from the intention of leaving the EU, the UK government has demonstrated adherence to the GDPR, willing to implement it in full force in order to protect UK citizens’ personal data. What measures can my organization take to meet GDPR requirements? Ensure an appropriate level of security, including confidentiality Protect personal information from unauthorized access Secure data in transit Provide right to erasure Provide right to rectification Provide right to data portability Adhere to data minimization Enforce records management Ensure data protection by design and default 13 Will I need to change my information systems in order to be GDPR compliant? There are no “one fits all” answer for this question. It depends on the data you hold on your organization, and how you hold it. It’s important to be aware that not only information which is stored in some databases are relevant here. You will need to take care of: • Structured data that you have on your information systems, like ID numbers, addresses, contacts, etc • Unstructured data, that may also contain personal data, like contracts, invoices, emails, letters, etc Both Structured and Unstructured data may reside digitally or physically on your organization, so you should also be cautions about the physical archive you own. However, there are several solutions that can be set in place in order to handle this, for both structured and unstructured data, digitally and/or physically stored.
9GDPR FAQ 14What Solutions are there on the Market that can help my Organization support the GDPR in a fast, efficient and transparent manner? There are several EIM (Enterprise Information Management) solutions that can address your concerns. Enterprise Information Management is a set of methods and technologies that help customers to maximize the value of their information while minimizing it’s risks. What exactly is EIM and how can their solutions help my organization? 15 ok.. but
10 17 18 An important first step will be for organizations to have clarity on how they manage personal information, including: What personal data they process. Where it is stored across the organization. Who has access to it. What consent has been provided and where it is documented. Where it is transferred from and to (including to third parties and cross- border). How it is secured throughout its lifecycle. If there are processes in place to dispose of personal data, as per policy. What Services and Solutions for GDPR compliance does VILT offer? VILT can provide a broad set of services and solutions that may help you on the process of GDPR compliance, depending on the state of the process you are. It may include a data analysis in order to classify the data you host and properly manage it, which may include: • Proposing a new EIM solution • Upgrading an existing EIM platform • Configuring or customizing your current EIM solutions in order to enable the control you need In order to accomplish the following: • Make sure that all the personal data stored in the systems which is not mandatory for business is erased. • Create the mechanisms to monitor the personal data to be stored in order to be able to guarantee that only the information which is necessary is stored, for the minimal amount of time and as well as to be able to manage all the consents retained. Some of the solutions that may come into action are: • Document Management • Records Management • Archiving • Application decommissioning • Cloud platforms • Software as a Service 16 GDPR FAQ
11GDPR FAQ Organizations need to act now to ensure that they are ready to comply with the new Regulation when enforcement begins May 2018 www.vilt-group.com

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
BenjaminShalevSalovi
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Dieter Hovorka
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
Plr-Printables
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
"John "Jeb"" Beckwith
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR
"John "Jeb"" Beckwith
 

Recommended

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
BenjaminShalevSalovi
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
Dieter Hovorka
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
EquiGov Institute
 
GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands GDPR: data needs to be in safe hands
GDPR: data needs to be in safe hands
legalandgeneral
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
GDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e bookGDPR, what you need to know and how to prepare for it e book
GDPR, what you need to know and how to prepare for it e book
Plr-Printables
 
Fasten Your Belts for GDPR
Fasten Your Belts for GDPRFasten Your Belts for GDPR
Fasten Your Belts for GDPR
"John "Jeb"" Beckwith
 
Fasten Your Belts for #GDPR
Fasten Your Belts for #GDPRFasten Your Belts for #GDPR
Fasten Your Belts for #GDPR
"John "Jeb"" Beckwith
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
TRA - Tax Representative Alliance
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
Joseph V. Moreno
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
Olivier Vandeputte
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
Richard Goddard
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
RAKESH S
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
Angad Dayal
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?
Gabrielė Songin
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake Morgan
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
GiannisBasa
 
Didier Reynders letter to the EU Parliament
Didier Reynders letter to the EU ParliamentDidier Reynders letter to the EU Parliament
Didier Reynders letter to the EU Parliament
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
ijtsrd
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal Data
IAB Europe
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
Faidepro
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
Kate Chan
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
Carrenza
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 
GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 

More Related Content

What's hot

"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
TRA - Tax Representative Alliance
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
Dryden Geary
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
Joseph V. Moreno
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
Olivier Vandeputte
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
Richard Goddard
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
Mark Baker
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
RAKESH S
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
Angad Dayal
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?
Gabrielė Songin
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake Morgan
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
GiannisBasa
 
Didier Reynders letter to the EU Parliament
Didier Reynders letter to the EU ParliamentDidier Reynders letter to the EU Parliament
Didier Reynders letter to the EU Parliament
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
ijtsrd
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal Data
IAB Europe
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
Faidepro
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
Kate Chan
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
Carrenza
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
David Erdos
 

What's hot (20)

"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 
Practical Guide to GDPR 2017
Practical Guide to GDPR 2017Practical Guide to GDPR 2017
Practical Guide to GDPR 2017
 
Board Priorities for GDPR Implementation
Board Priorities for GDPR ImplementationBoard Priorities for GDPR Implementation
Board Priorities for GDPR Implementation
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
 
GDPR - A practical guide
GDPR - A practical guideGDPR - A practical guide
GDPR - A practical guide
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Are you compliant?
Are you compliant?Are you compliant?
Are you compliant?
 
Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012Blake lapthorn In House Lawyer forum - 11 Sept 2012
Blake lapthorn In House Lawyer forum - 11 Sept 2012
 
Biometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization IssuesBiometric Personal Data, Legal and Technological Utilization Issues
Biometric Personal Data, Legal and Technological Utilization Issues
 
Didier Reynders letter to the EU Parliament
Didier Reynders letter to the EU ParliamentDidier Reynders letter to the EU Parliament
Didier Reynders letter to the EU Parliament
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
GIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal DataGIG Working Paper 02/2017 - The Definition of Personal Data
GIG Working Paper 02/2017 - The Definition of Personal Data
 
Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)Data theft rules and regulations things you should know (pt.1)
Data theft rules and regulations things you should know (pt.1)
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...How will your business be affected and what you can do to stay ahead of the n...
How will your business be affected and what you can do to stay ahead of the n...
 
UK GDPR: What New Direction?
UK GDPR: What New Direction?UK GDPR: What New Direction?
UK GDPR: What New Direction?
 

Similar to GDPR - Are you ready?

GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
Matthias Dobbelaere-Welvaert
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
Tim Hyman LLB
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
PECB
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
audrey miguel
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
N N
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
Elliot Reeman
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
Angad Dayal
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
dan hyde
 
GDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US BusinessesGDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US Businesses
Jessica Clark
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
NetworkIQ
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
Chris White
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
Parsons Behle & Latimer
 
All you need to know about GDPR
All you need to know about GDPRAll you need to know about GDPR
All you need to know about GDPR
Hubilo
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
Hubilo
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
Tech Data
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
Erica Walker
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
Graeme Cross
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
Morris Dorfer
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
Omo Osagiede
 

Similar to GDPR - Are you ready? (20)

GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.GDPR: the legal aspects. By Matthias of theJurists Europe.
GDPR: the legal aspects. By Matthias of theJurists Europe.
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
Guide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulationGuide to-the-general-data-protection-regulation
Guide to-the-general-data-protection-regulation
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
GDPR A Practical Guide with Varonis
GDPR A Practical Guide with VaronisGDPR A Practical Guide with Varonis
GDPR A Practical Guide with Varonis
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
GDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US BusinessesGDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US Businesses
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
GDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, EcosystmGDPR & You, Claus Mortensen, Ecosystm
GDPR & You, Claus Mortensen, Ecosystm
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
All you need to know about GDPR
All you need to know about GDPRAll you need to know about GDPR
All you need to know about GDPR
 
The Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event ProfessionalsThe Definitive GDPR Guide for Event Professionals
The Definitive GDPR Guide for Event Professionals
 
"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs"If we're leaving the EU, does GDPR even matter?" And other FAQs
"If we're leaving the EU, does GDPR even matter?" And other FAQs
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Aon GDPR white paper
Aon GDPR white paperAon GDPR white paper
Aon GDPR white paper
 
GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT works
 
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readinessGeneral Data Protection Regulation (GDPR) - Moving from confusion to readiness
General Data Protection Regulation (GDPR) - Moving from confusion to readiness
 

More from VILT

Optimize SAP, archiving your content and data
Optimize SAP, archiving your content and dataOptimize SAP, archiving your content and data
Optimize SAP, archiving your content and data
VILT
 
Properly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business ApplicationsProperly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business Applications
VILT
 
Properly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business ApplicationsProperly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business Applications
VILT
 
VILT - Arquivamento e Decomissionamento com OpenText InfoArchive
VILT - Arquivamento e Decomissionamento com OpenText InfoArchiveVILT - Arquivamento e Decomissionamento com OpenText InfoArchive
VILT - Arquivamento e Decomissionamento com OpenText InfoArchive
VILT
 
VILT - Archiving and Decommissioning with OpenText InfoArchive
VILT - Archiving and Decommissioning with OpenText InfoArchiveVILT - Archiving and Decommissioning with OpenText InfoArchive
VILT - Archiving and Decommissioning with OpenText InfoArchive
VILT
 
VILT Archivado y Decomisado con OpenText InfoArchive
VILT Archivado y Decomisado con OpenText InfoArchiveVILT Archivado y Decomisado con OpenText InfoArchive
VILT Archivado y Decomisado con OpenText InfoArchive
VILT
 
Rapid Application Development - Desarrollo Rápido de Aplicaciones
Rapid Application Development - Desarrollo Rápido de AplicacionesRapid Application Development - Desarrollo Rápido de Aplicaciones
Rapid Application Development - Desarrollo Rápido de Aplicaciones
VILT
 
Rapid Application Development
Rapid Application DevelopmentRapid Application Development
Rapid Application Development
VILT
 
Get more from SAP with OpenText
Get more from SAP with OpenTextGet more from SAP with OpenText
Get more from SAP with OpenText
VILT
 
OpenText Extended ECM for Engineering
OpenText Extended ECM for EngineeringOpenText Extended ECM for Engineering
OpenText Extended ECM for Engineering
VILT
 

More from VILT (10)

Optimize SAP, archiving your content and data
Optimize SAP, archiving your content and dataOptimize SAP, archiving your content and data
Optimize SAP, archiving your content and data
 
Properly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business ApplicationsProperly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business Applications
 
Properly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business ApplicationsProperly manage your Enterprise Content using your Lead Business Applications
Properly manage your Enterprise Content using your Lead Business Applications
 
VILT - Arquivamento e Decomissionamento com OpenText InfoArchive
VILT - Arquivamento e Decomissionamento com OpenText InfoArchiveVILT - Arquivamento e Decomissionamento com OpenText InfoArchive
VILT - Arquivamento e Decomissionamento com OpenText InfoArchive
 
VILT - Archiving and Decommissioning with OpenText InfoArchive
VILT - Archiving and Decommissioning with OpenText InfoArchiveVILT - Archiving and Decommissioning with OpenText InfoArchive
VILT - Archiving and Decommissioning with OpenText InfoArchive
 
VILT Archivado y Decomisado con OpenText InfoArchive
VILT Archivado y Decomisado con OpenText InfoArchiveVILT Archivado y Decomisado con OpenText InfoArchive
VILT Archivado y Decomisado con OpenText InfoArchive
 
Rapid Application Development - Desarrollo Rápido de Aplicaciones
Rapid Application Development - Desarrollo Rápido de AplicacionesRapid Application Development - Desarrollo Rápido de Aplicaciones
Rapid Application Development - Desarrollo Rápido de Aplicaciones
 
Rapid Application Development
Rapid Application DevelopmentRapid Application Development
Rapid Application Development
 
Get more from SAP with OpenText
Get more from SAP with OpenTextGet more from SAP with OpenText
Get more from SAP with OpenText
 
OpenText Extended ECM for Engineering
OpenText Extended ECM for EngineeringOpenText Extended ECM for Engineering
OpenText Extended ECM for Engineering
 

Recently uploaded

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
Octavian Nadolu
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Zilliz
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
SOFTTECHHUB
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
Neo4j
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
Rohit Gautam
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
Neo4j
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
DianaGray10
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
Claudio Di Ciccio
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Zilliz
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
TIPNGVN2
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
Kari Kakkonen
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
danishmna97
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Paige Cruz
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
KAMESHS29
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
Edge AI and Vision Alliance
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
Pixlogix Infotech
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
Matthew Sinclair
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
DianaGray10
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
Ana-Maria Mihalceanu
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
KatiaHIMEUR1
 

Recently uploaded (20)

Artificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopmentArtificial Intelligence for XMLDevelopment
Artificial Intelligence for XMLDevelopment
 
Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...Building RAG with self-deployed Milvus vector database and Snowpark Container...
Building RAG with self-deployed Milvus vector database and Snowpark Container...
 
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
Why You Should Replace Windows 11 with Nitrux Linux 3.5.0 for enhanced perfor...
 
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
GraphSummit Singapore | The Future of Agility: Supercharging Digital Transfor...
 
Large Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial ApplicationsLarge Language Model (LLM) and it’s Geospatial Applications
Large Language Model (LLM) and it’s Geospatial Applications
 
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
GraphSummit Singapore | The Art of the Possible with Graph - Q2 2024
 
UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6UiPath Test Automation using UiPath Test Suite series, part 6
UiPath Test Automation using UiPath Test Suite series, part 6
 
“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”“I’m still / I’m still / Chaining from the Block”
“I’m still / I’m still / Chaining from the Block”
 
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
Introducing Milvus Lite: Easy-to-Install, Easy-to-Use vector database for you...
 
Data structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdfData structures and Algorithms in Python.pdf
Data structures and Algorithms in Python.pdf
 
Climate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing DaysClimate Impact of Software Testing at Nordic Testing Days
Climate Impact of Software Testing at Nordic Testing Days
 
How to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptxHow to Get CNIC Information System with Paksim Ga.pptx
How to Get CNIC Information System with Paksim Ga.pptx
 
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdfObservability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
Observability Concepts EVERY Developer Should Know -- DeveloperWeek Europe.pdf
 
RESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for studentsRESUME BUILDER APPLICATION Project for students
RESUME BUILDER APPLICATION Project for students
 
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
“Building and Scaling AI Applications with the Nx AI Manager,” a Presentation...
 
20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website20 Comprehensive Checklist of Designing and Developing a Website
20 Comprehensive Checklist of Designing and Developing a Website
 
20240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 202420240609 QFM020 Irresponsible AI Reading List May 2024
20240609 QFM020 Irresponsible AI Reading List May 2024
 
Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1Communications Mining Series - Zero to Hero - Session 1
Communications Mining Series - Zero to Hero - Session 1
 
Monitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR EventsMonitoring Java Application Security with JDK Tools and JFR Events
Monitoring Java Application Security with JDK Tools and JFR Events
 
Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !Securing your Kubernetes cluster_ a step-by-step guide to success !
Securing your Kubernetes cluster_ a step-by-step guide to success !
 

GDPR - Are you ready?

  • 1. 1 frequently asked questions GENERAL DATA PROTECTION REGULATION Are you Ready? changing ways together
  • 2. Are you ready to GDPR? Read about what it is and how we can help. Thanks for downloading this conpendium about GDPR, compiled by VILT. We recommend you to take a few minutes to read it carefully. Feel free to come back to us if you want to know more. Page 3 1 • What is GDPR? 2 • Who is Affected by the GDPR? 3 • What happens if an organization doesn’t comply? Page 4 4 • What data should I take into consideration? 5 • What is considered Personal Data? 6 • What is considered Sensitive Data? 7 • What are the requirements of the GDPR regarding the protection of personal data? Page 5 8 • Article 5. of the GDPR Page 6 9 • My organization resides outside the EU. Does GDPR apply? Page 7 10 • Which authority will audit my organization and what is the scope of application? Page 8 11 • My organization is in the UK. How does Brexit affect this? 12 • What measures can my organization take to meet GDPR requirements? 13 • Will I need to change my information systems in order to be GDPR compliant? Page 9 14 • What Solutions are there on the Market that can help my Organization support the GDPR in a fast, efficient and transparent manner? 15 • What exactly is EIM and how can their solutions help my organization? Page 10 16 • Solution: VILT FAQ answered
  • 3. 3GDPR FAQ 2 Who is Affected by the GDPR? The GDPR has a broad territorial scope. It applies not only to all organizations established in the EU that process personal data, but also to any non-EU established organization that process personal data of individuals who are in the EU in order to: a. offer them goods or services, irrespective of whether a payment is required; b. monitor their behavior within the EU. The GDPR’s aim is to protect personal data at all stages of data processing. The GDPR identifies two different entities that both have obligations: data controllers and data processors. 1 What is GDPR? The GDPR is the new sweeping European Union (EU) legislation that modernizes and reforms the laws that address the handling of personal data. It replaces the European Data Protection Directive (95/46/EC) which was implemented inconsistently across Europe and did not have legislative authority. 3 What happens if an organization doesn’t comply? • The framers recognize that current EU data protection penalties are too small and inconsistently applied. • The GDPR specifies that fines should be “effective” and “dissuasive” - i.e., meant to inflict pain and to discourage repeat offenses. Two categories of fines: • Level 1 = €10 million or 2% of global turnover. • Level 2 = €20 million or 4% of global turnover. In addition, individuals and privacy advocates may file civil suits, and executives may be jailed.
  • 4. GDPR FAQ 4 4 5 6 What data should I take into consideration? Personal Data and Sensitive data should be taken into consideration. What is considered Personal Data? Personal Data is any information relating to an identified or identifiable natural person (‘data subject’); such as a name, an identification number, location data, an online identifier, or factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. Organizations should take measures to minimize the amount of personally identifiable information they store, and ensure that they do not store any information for longer than necessary. What is considered Sensitive Data? Sensitive data is a special sub-category of personal data which enjoys extra consideration and protection in GDPR as they may give rise to strong stigmatization or discrimination in a society. Sensitive data are personal data that reveal any racial or ethnic origin, financial status, political opinion, philosophical belief, religion, trade- union membership, sexual orientation, or concerns health and sex life, genetic data, or biometric data. The GDPR requires companies to implement reasonable data protection measures to protect consumers’ personal data and privacy against data loss or exposure. Article 5. of the GDPR summarises the most important principles and requirements regarding the management of personal data: What are the requirements of the GDPR regarding the protection of personal data? 7
  • 5. 5GDPR FAQ 8 Article 5. of the GDPR Lawfulness: fairness and transparency: personal data should be processed lawfully, fairly and in a transparent manner. Limited purpose: personal data should be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes. Data minimisation: personal data should be adequate, relevant and limited to what is necessary in relation to the purposes for which they are collected Accuracy: personal data stored and managed should be accurate and, where necessary, kept up to date. Storage limitation: personal data should be kept in a form which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed. Confidentiality and integrity: personal data should be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures. Consent: Under the GDPR, consent requirements are more precise: the request for consent must be presented in a clear and unambiguous language (which excludes in particular privacy policies presented in lowercase letters), so that the person is able to give a free, specific and informed consent. Consent must be explicit, rather than implicit. Silence, pre-ticked boxes, or inactivity may thus not constitute valid consent. summarize
  • 6. 6 9 My organization resides outside the EU. Does GDPR apply? The GDPR is “extraterritorial.” It does not apply to a specific geography, e.g. EU states, rather, it applies to any company, located anywhere in the world, that has anything to do with EU residents specifically. Companies must comply with the GDPR if any of the following apply: • They are located in the EU • They “offer goods or services” to EU residents • They “monitor” EU residents. (For example, a company that tracks browsing with a cookie may never offer goods or services, but they are “monitoring” EU residents And must comply with regulation.) Which authority will audit my organization and what is the scope of application? GDPR FAQ
  • 7. 7GDPR FAQ 10Which authority will audit my organization and what is the scope of application? The GDPR will expand its territorial reach and apply to any data controller or processor offering goods or services to data subjects located in the EU, as well as to any processing relating to monitoring of data subjects’ behavior within the EU. Data processors or subcontractors having an establishment located in the EU and processing personal data for their activities will also be subject to the GDPR, bearing in mind that the concept of “establishment” has been broadly interpreted by the Court of Justice of the European Union. Where a controller or processor is not established in the EU, but is subject to the GDPR, the controller or processor will generally need to designate an EU representative by written mandate. Companies without an EU presence which offer goods or services to EU individuals or monitor their behavior should therefore get prepared to comply with the GDPR. The GDPR provides for a general personal data breach notification regime applicable to both data controllers and data processors. Controllers must notify the competent DPO of a breach within 72 hours after the company’s knowledge of the breach, unless such breach is unlikely to result in a risk to the rights and freedoms of individuals. Affected data subjects must also be informed of the breach without undue delay, if the breach is likely to result in a high risk to their rights and freedoms. Processors must notify the controller without undue delay after becoming aware of a personal data breach. From a practical standpoint, notifying a breach to the DPO within the required period (72 hours) may prove to be quite challenging in terms of investigating regarding the nature and scope of the breach. Companies will need to adopt internal procedures to handle such data breaches. Companies operating in the United States may be able to use existing procedures used in the U.S. Further bear in mind that some local DPOs currently already require companies to notify data breaches, such as the UK ICO for “serious” data breaches. Data processors will have limited but direct obligations under the GDPR. This includes, for example, implementing appropriate security measures and notifying controllers in the event of a data breach. A processor will be liable for the damage caused by unlawful data processing only if it has not complied with the GDPR obligations which apply directly to data processors or if the processor acted outside or contrary to lawful controller instructions. Companies should review existing supply agreements to verify if they cover these new processor data obligations, and if changes are needed who would bear the cost thereof. Under the GDPR, only certain companies will be required to appoint a Data Protection Officer (“DPO”). The GDPR requires a DPO where the core activities of the controller or processor consist of (i) processing, which by its nature, scope, or purposes, requires regular and systematic monitoring of data subjects on a large scale, (ii) processing special categories of personal data on a large scale, or (iii) if processing is carried out by a public authority. Member States may also provide for stricter rules and require a DPO in other cases. The DPO may be an employee or an outside provider; s/he will need to have expert knowledge. A group of companies may appoint a single DPO to act for the group. 1 Scope of application 4. Breach notification 2 Data processor liability 3 Data protection officer audit.
  • 8. GDPR FAQ 8 11 12 My organization is in the UK. How does Brexit affect this? If your company collects and stores the personal data of EU citizens, the GDPR is relevant to your organization, even if you don’t have a formal presence in the EU zone. In particular the UK, apart from the intention of leaving the EU, the UK government has demonstrated adherence to the GDPR, willing to implement it in full force in order to protect UK citizens’ personal data. What measures can my organization take to meet GDPR requirements? Ensure an appropriate level of security, including confidentiality Protect personal information from unauthorized access Secure data in transit Provide right to erasure Provide right to rectification Provide right to data portability Adhere to data minimization Enforce records management Ensure data protection by design and default 13 Will I need to change my information systems in order to be GDPR compliant? There are no “one fits all” answer for this question. It depends on the data you hold on your organization, and how you hold it. It’s important to be aware that not only information which is stored in some databases are relevant here. You will need to take care of: • Structured data that you have on your information systems, like ID numbers, addresses, contacts, etc • Unstructured data, that may also contain personal data, like contracts, invoices, emails, letters, etc Both Structured and Unstructured data may reside digitally or physically on your organization, so you should also be cautions about the physical archive you own. However, there are several solutions that can be set in place in order to handle this, for both structured and unstructured data, digitally and/or physically stored.
  • 9. 9GDPR FAQ 14What Solutions are there on the Market that can help my Organization support the GDPR in a fast, efficient and transparent manner? There are several EIM (Enterprise Information Management) solutions that can address your concerns. Enterprise Information Management is a set of methods and technologies that help customers to maximize the value of their information while minimizing it’s risks. What exactly is EIM and how can their solutions help my organization? 15 ok.. but
  • 10. 10 17 18 An important first step will be for organizations to have clarity on how they manage personal information, including: What personal data they process. Where it is stored across the organization. Who has access to it. What consent has been provided and where it is documented. Where it is transferred from and to (including to third parties and cross- border). How it is secured throughout its lifecycle. If there are processes in place to dispose of personal data, as per policy. What Services and Solutions for GDPR compliance does VILT offer? VILT can provide a broad set of services and solutions that may help you on the process of GDPR compliance, depending on the state of the process you are. It may include a data analysis in order to classify the data you host and properly manage it, which may include: • Proposing a new EIM solution • Upgrading an existing EIM platform • Configuring or customizing your current EIM solutions in order to enable the control you need In order to accomplish the following: • Make sure that all the personal data stored in the systems which is not mandatory for business is erased. • Create the mechanisms to monitor the personal data to be stored in order to be able to guarantee that only the information which is necessary is stored, for the minimal amount of time and as well as to be able to manage all the consents retained. Some of the solutions that may come into action are: • Document Management • Records Management • Archiving • Application decommissioning • Cloud platforms • Software as a Service 16 GDPR FAQ
  • 11. 11GDPR FAQ Organizations need to act now to ensure that they are ready to comply with the new Regulation when enforcement begins May 2018 www.vilt-group.com