Everything you need to know about GDPR in 15 slides! An easy, human friendly explanation of GDPR. The goal is to help people understand the basic concepts of it and why is it important.

2. We respect your privacy!
I’ve heard that before...
Anyway, our service is much
better when personalized.
Why we need it?

3. And let’s agree that you need to ask me for it and that I still own it.
Ok, I’ll share with you my private
data. But this is what respect
means for me:
Understand what you collect
and what you do with it
Collect just what you need and
guard it.
Do the right thing about it

4. AGREE?
#@*()^&$
Consent
In obtaining consent for
data, companies cannot
use indecipherable terms
and conditions filled with
legalese. It must be easy
to withdraw consent as it
is to give it.
Components

5. Breach notifications
In the event of a data
breach, data processors
have to notify their
controllers and
customers of any risk
within 72 hours.

6. Right to access
Data subjects have the right
to obtain confirmation from
data controller of whether
their personal data are being
processed. Data controller
should provide an electronic
copy of personal data for free
to data subjects.

7. Right to be forgotten
When data is no longer
relevant to its original
purpose, data subject
can have the data
controller erase their
personal data, and
cease its dissemination.

8. Data portability
Allows individuals to obtain
and reuse their personal data
for their own purpose by
transferring it across different
IT environments.

9. Privacy by design
Calls for inclusion of data
protection from the onset of
designing systems,
implementing appropriate
technical and infrastructural
measures.

10. Data protection officers
Professionally qualified officers
must be appointed in public
authorities, or organizations
that engage in large scale
(>250 employees) systematic
monitoring or processing of
sensitive personal data.

11. Fine
Can get to 20,000,000 EUR
or 4% of annual turnover.

12. What should be done?
Champion
Assign someone in charge.
Map
1. Tools the person is engaged with.
2. Type of data collected.
3. The flow of the data in your systems and external systems.
Analyze
Perform Data Protection Risk analysis.

13. Enable
Enable data transfer, breach
notifications, data erasing.
Protect
Standardize the Data protection.
Map
Impose procedures and to keep
your standard.
Document
Document each of the parts above to
keep it in place.

14. When?
May 25, 2018

15. Data Controller
Businesses that collect their end
users’ data and decide why and how
that data is processed.
Data Processor
A company that helps our
customers with the processing of
their customer data.
Who?

16. Follow us on Twitter
toriihq.com
Made with by Torii