accenture, profile picture
Uploaded byaccenture
PPTX, PDF3,213 views

GDPR: Data Privacy in the New

The document outlines the General Data Protection Regulation (GDPR), which establishes new data privacy rights and protections for EU citizens while emphasizing accountability, consent, and breach notification requirements. It highlights the increased obligations for organizations, including the potential for significant fines for non-compliance, and the need for data governance and protective measures. Additionally, it discusses the necessity of embedding a data protection officer and prioritizing risks in organizational processes to align with GDPR standards.

Embed presentation

Downloaded 71 times
Copyright © 2018 Accenture. All rights reserved. 1 GDPRDATA PRIVACY IN THE NEW
Copyright © 2018 Accenture. All rights reserved. 2 GDPR harmonizes a series of complex European data protection requirements and codifies new privacy rights and protections for EU citizens. GDPR’S INTENT: CODIFY RIGHTS AND GIVE PEOPLE POWER OVER THEIR INFORMATION Key GDPR Requirements Data Subject Rights Can you completely erase personal data when needed? Privacy by Design Are your products and services privacy friendly? Accountability Are you confident the third parties you use will be compliant? Consent Have you collected and documented consent for every data use? Breach Notification Can you quickly recognize and report a data breach?
GENERAL DATA PROTECTION REGULATION SCOPE WIDENED STRONGER ENFORCEMENT & ACCOUNTABILITY INDIVIDUAL’S RIGHTS INCREASEDHARMONIZATION ACROSS EU Protect personally identifiable data of EU citizens, wherever it is possible New: Significant amendments and new obligations. Individuals have new rights to object to profiling, to be forgotten and for data portability. GDPR has come into effect The final text of the GDPR was published The EU Parliament approved the final text in its plenary session TIMELINE  Right to be forgotten, to erasure, to data portability, to rectification, to restriction of processing, of access by the data subject, to object  Notification obligation for data breaches  Unambiguous consent required for data usage 2015 2019 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 15.12.2015 25.05.201814.04.2016 IMPACT/CHANGES  Fines for violations can be 4% of global turnover (revenue), or €20 million (whichever is higher)  Data protection officer to be appointed  Privacy by Design  Data Protection Authority assessment & approval  Culture of internal monitoring & reviewing  Harmonized rules - unified legal landscape  Overseen by a European Data Privacy Board plus local regulators  Territorial scope in EU & EU data subjects, regardless of where data controller / processor located  Special rules for sensitive data such as health, biometric, ethnic data, etc., and for data concerning criminal convictions and offenses  Data controller vs. processor: accountability for 3rd party processors DRIVERS  Data breaches: increasing amount led to concerns for customers and regulators  Regulatory changes: new rights for individuals - right to be forgotten, portability, breach notification  Lack of harmonization of privacy regulation in EU: GDPR to harmonize privacy legislation among EU member states THEEUGENERALDATAPROTECTIONREGULATION 2016 2018 Ongoing compliance activities and continuous improvement Copyright © 2018 Accenture. All rights reserved. Accenture analysis based upon publicly available documents.
WHAT CONCERNS DO ORGANIZATIONS HAVE? 46% of companies surveyed are concerned about FINES 33% of companies surveyed are concerned about the NEED TO INFORM CUSTOMERS OF DATA BREACHES within 72hrs. 31% of companies surveyed are concerned about the VOLUME OF DATA STORE they need to protect Source: “EU General Data Protection Regulation Survey,” Boldonjames.com. Access at: https://www.boldonjames.com/resources/eu-data-protection-regulation-survey-infographic/. 36% of companies surveyed believe changing processes around DATA PROTECTION and MANAGEMENT is the biggest challenge 4 Copyright © 2018 Accenture. All rights reserved. Accenture’s research into consumer behavior suggests data privacy and protection is not just about compliance and should be at the core of wider business strategy. 8out of 10 surveyed consumers say trust is a key driver of brand loyalty† Consumers surveyed would consider asking their financial services provider to delete personal data, About 2 out of 3 †† 4 out of 10 consumers surveyed, trust in a company increases when breaches are handled swiftly and correctly† of UK consumers surveyed are willing to share their personal information with their bank in return for certain added benefits and more personalized, relevant services 54%†† † A New Slice of PI, with a Side of Digital Trust, Accenture 2017. † † UK Financial Services Customer Survey 2018, Accenture 2018.
Copyright © 2018 Accenture. All rights reserved. 5 REGULATORY CONTEXT AND INDUSTRY CHALLENGES GDPR COMPLIANCE IS FAR FROM BEING A SINGLE ONE-OFF REMEDIATION EFFORT AND MOST ORGANIZATIONS MAY NOT BE FULLY COMPLIANT BY 25TH MAY, 2018 2018 ACHIEVE “DEFENSIBLE” COMPLIANCE POSITION BASED ON RISK APPETITE IMPLEMENT GDPR MEASURES TO MITIGATE “RESIDUAL RISKS” STATEGIC GDPR DIFFERENTIATION  Implement data deletion and security measures for medium - low risk areas  Improve data governance and data discovery  Improve third party due- diligence / risk management  Increase customer trust by improving privacy controls and culture  Help reduce cost of data operations  Leverage data as a strategic differentiator  Reduce third-party supplier risk  Implement new GDPR Governance Model  Implement new subject rights and consent framework  Implement data deletion and security measures for high risk areas 2019 MARKET INSIGHTS MAY High Impact: GDPR is a complex game with high impact on Systems Risk-Based Approach: Clients’ GDPR is too big to be totally completed by 2018 – primary focus should be on the highest risk areas with an intent to cover in a second step the remaining ones Different actions according to Maturity Level: The action plan is linked to the maturity level / state of art of the Privacy Framework / existing solutions / projects
Users have the right to be forgotten; data should be erased on request Organizations have to notify authorities of data breaches Personal data is portable, and can be transferred on request Organizations handling personal data have to assign a data protection officer A user should be able to easily withdraw, and give informed data collection consent Security / Privacy by design; for solutions and processes related to handling / collecting of personal data, privacy and security should be prioritized Organizationscanbeauditedtoprovetheir compliancewithGDPR Organizations have to follow the data minimization principle; only collect data which is directly relevant and necessary to accomplish a specified purpose OPERATIONAL THEMES TO BECOME GDPR READY All data should be adequately protected and consent secured 6Copyright © 2018 Accenture. All rights reserved.
Copyright © 2018 Accenture. All rights reserved. 7 OPPORTUNITIES AND CONSIDERATIONS FOR THE FUTURE GDPR impacts across businesses, thus requires a cross-functional team It is not just a Risk, IT, Security or legal project – business involvement is key 1 Ensure you understand accountability of data controllers This is more than just a name in the frame, it is about where it may be funded from and who has influence to make the change happen across the organization 6 Customer journey led discovery Identify the top 5-10 customer journeys, they may often drive out the biggest risks like data movement across Utility entities and across systems and prioritize remediation accordingly 2 Embed the Data Protection Officer (DPO) in the organization Ensure that the DPO has the right capabilities (skills, team, authority) and is empowered to highlight risks and make changes happen 7 Prioritize on risks and demonstrate change In many ways GDPR might be too big to be totally completed by 2018 – focus on the highest risks first with an intent to cover all areas 3 Alliance and partners are your responsibility You are now accountable for your alliance / partners being Data Processors and these are often obscure e.g. cloud providers 4 Assess existing projects to scale Data privacy should be a part of all data-related projects, not just a one-time dedicated program 5 Different parts of the organization can be different in maturity It’s natural for some areas to be further ahead, use the wins of leading parts of the organization and make sure all areas are coordinated 8 Tools and organizational experience are critical There is no silver bullet to GDPR compliance. There should be no substitute for engaging stakeholders around the enterprise to understand the hidden nuances in getting to a compliant position 9 From burden to opportunity GDPR investment can be leveraged to drive business value and opportunities e.g. establishing simpler data operations and potentially reduce the cost and data noise 10
FROM BURDEN TO OPPORTUNITY A defined customer data strategy may help companies to turn regulatory burden and challenges into a competitive advantage. Stricter consent Detailed records on data use New categories of personal data Stricter governance Data privacy by design Accountability for 3rd party sharing Minimization of customer data Right to be forgotten Improve marketing opt-in More efficient data operations More comprehensive profiles Value-based data investments Improved ROI of new initiatives More value from data sharing Potential reduction of cost and data noise Improved marketing spend Enhance consent model /Value exchange Enterprise-wide customer data mapping Treat digital shadow as customer data Put customer data into business ownership Business cases with value / risk of customer data Define 3rd party data sharing strategy Cleanse data lakes from no-value records Stop targeting customers that are not interested From Burden... ...to Opportunity 8Copyright © 2018 Accenture. All rights reserved.
Copyright © 2018 Accenture. All rights reserved. 9 PRIVACY ACT – WHAT’S THE BILL GOING TO DO? Personal Info Collected Personal Information Sold Right to Say No The California Consumer Privacy Act of 2018 is going to put safeguards in place to further project consumers privacy. If enacted the bill will govern the way a consumer’s personal information is being received, held and shared with businesses. The bill has severe implications to businesses that handle or share consumer(s) information. The 8 sections outlined below are components of the bill and will cover how Personal Information (PI) should be handled. 2 3 Equal Service and Price Disclosure Requirements Notice Requirements 5 6 4 Clarifying Definitions Exemptions 7 1 8 Biometric data Personal identifiers like real name, alias, account name, etc. Audio, electronic, visual, thermal Inferences to any PI info Any PI related to children of consumer Internet or network activity info Psychometric Info Geolocation data Records of property, products or services provided Professional or employment- related info Examples of Personal Information Accenture analysis based upon publicly available documents.
Copyright © 2018 Accenture. All rights reserved. 10 ACCENTURE CONTACT INFORMATION Lisa Bloomberg Principal Director Financial Services Regulatory & Compliance New York Lisa.Bloomberg@Accenture.com Tel: +1 917-452-6247 Chris Beck Senior Manager Financial Services Regulatory & Compliance Chicago Christoper.t.beck@Accenture.com Tel: +1 312-693-6246 Samantha Regan Managing Director Financial Services Regulatory & Compliance Management Lead for North America samantha.regan@accenture.com Tel: +1 404-790-7378 Ben Shorten Senior Manager Financial Services Regulatory & Compliance New York benjamin.j.shorten@accenture.com Tel: +1 (512) 739 4080 Daniel J. Maloney Senior Manager Regulatory & Compliance Charlotte Daniel.Maloney@Accenture.com Tel: +1 908-489-4602
Copyright © 2018 Accenture. All rights reserved. 11 GDPR DATA PRIVACY IN THE NEW About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 442,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Disclaimer This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.

More Related Content

PDF
Building the Metaverse
byJon Radoff
 
PDF
Infra Migration Proposal Draft from Oracle to Snowflake
byShruti Chaurasia
 
PDF
Pathways to Profitability for the Communications Industry
byaccenture
 
PDF
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
byaccenture
 
PDF
MPG Life Sciences Software Market Snapshot October 2020
byMadison Park Group
 
PDF
AI Readiness: Five Areas Business Must Prepare for Success in Artificial Inte...
byKaleido Insights
 
PDF
CB-Insights_Big-Tech-In-Healthcare-2022.pdf
byPaul Brian Contino
 
PDF
Research and Development Solutions | Accenture
byaccenture
 
Building the Metaverse
byJon Radoff
 
Infra Migration Proposal Draft from Oracle to Snowflake
byShruti Chaurasia
 
Pathways to Profitability for the Communications Industry
byaccenture
 
Accenture Cloud Platform: Control, Manage and Govern the Enterprise Cloud
byaccenture
 
MPG Life Sciences Software Market Snapshot October 2020
byMadison Park Group
 
AI Readiness: Five Areas Business Must Prepare for Success in Artificial Inte...
byKaleido Insights
 
CB-Insights_Big-Tech-In-Healthcare-2022.pdf
byPaul Brian Contino
 
Research and Development Solutions | Accenture
byaccenture
 

What's hot

PPTX
Building a Virtual Data Lake with Apache Arrow
byDremio Corporation
 
PDF
Seven building blocks for MDM
byKousik Mukherjee
 
PDF
Nonprofit reinvention in a time of unprecedented change
byaccenture
 
PDF
Growth-Driving Enterprise Innovation Model | Accenture
byaccenture
 
PDF
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
byHostedbyConfluent
 
PDF
Data Catalog as the Platform for Data Intelligence
byAlation
 
PDF
Data Mesh in Practice: How Europe’s Leading Online Platform for Fashion Goes ...
byDatabricks
 
PDF
Data Governance Trends and Best Practices To Implement Today
byDATAVERSITY
 
PDF
Master data management executive mdm buy in business case (2)
byMaria Pulsoni-Cicio
 
PPTX
Thrive with accenture product and platform engineering services
byAccenture Technology
 
PDF
Data Architecture Best Practices for Advanced Analytics
byDATAVERSITY
 
PDF
Data Mesh in Practice - How Europe's Leading Online Platform for Fashion Goes...
byDr. Arif Wider
 
PPTX
Financial Services - New Approach to Data Management in the Digital Era
byaccenture
 
PDF
Cloud architecture with the ArchiMate Language
byIver Band
 
PDF
Value Untangled Slideshare
byaccenture
 
PDF
DAS Slides: Data Governance - Combining Data Management with Organizational ...
byDATAVERSITY
 
PPTX
A Responsible Future for Immersive Technologies
byaccenture
 
PDF
Solution Security Architecture
byAlan McSweeney
 
PDF
An Introduction to the ArchiMate 3.0 Specification
byIver Band
 
PDF
Oscar health insurance
byJeffrey Funk Business Models
 
Building a Virtual Data Lake with Apache Arrow
byDremio Corporation
 
Seven building blocks for MDM
byKousik Mukherjee
 
Nonprofit reinvention in a time of unprecedented change
byaccenture
 
Growth-Driving Enterprise Innovation Model | Accenture
byaccenture
 
How to Build the Data Mesh Foundation: A Principled Approach | Zhamak Dehghan...
byHostedbyConfluent
 
Data Catalog as the Platform for Data Intelligence
byAlation
 
Data Mesh in Practice: How Europe’s Leading Online Platform for Fashion Goes ...
byDatabricks
 
Data Governance Trends and Best Practices To Implement Today
byDATAVERSITY
 
Master data management executive mdm buy in business case (2)
byMaria Pulsoni-Cicio
 
Thrive with accenture product and platform engineering services
byAccenture Technology
 
Data Architecture Best Practices for Advanced Analytics
byDATAVERSITY
 
Data Mesh in Practice - How Europe's Leading Online Platform for Fashion Goes...
byDr. Arif Wider
 
Financial Services - New Approach to Data Management in the Digital Era
byaccenture
 
Cloud architecture with the ArchiMate Language
byIver Band
 
Value Untangled Slideshare
byaccenture
 
DAS Slides: Data Governance - Combining Data Management with Organizational ...
byDATAVERSITY
 
A Responsible Future for Immersive Technologies
byaccenture
 
Solution Security Architecture
byAlan McSweeney
 
An Introduction to the ArchiMate 3.0 Specification
byIver Band
 
Oscar health insurance
byJeffrey Funk Business Models
 

Similar to GDPR: Data Privacy in the New

PPTX
General Data Protection Regulation (GDPR) Compliance
byaccenture
 
PPTX
General Data Protection Regulation (GDPR) Implications for Canadian Firms
byaccenture
 
PDF
General data protection regulation - GDPR
byAccenture Italia
 
PPTX
GDPR How to get started?
byPeter Witsenburg
 
PPTX
CRMCS GDPR - Why it matters and how to make it Easy
byPaul McQuillan
 
PPTX
Keep Calm and Comply: 3 Keys to GDPR Success
bySirius
 
PDF
GDPR- The Buck Stops Here
byKellyn Pot'Vin-Gorman
 
PPTX
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
byCIO Edge
 
PDF
Looking Beyond GDPR Compliance Deadline
byaccenture
 
DOCX
Do You Have a Roadmap for EU GDPR Compliance? Article
byUlf Mattsson
 
PPTX
Using GDPR to Transform Customer Experience
byMongoDB
 
PPTX
GDPR - Why it matters and how to make it Easy
byPaul McQuillan
 
PDF
What's Next - General Data Protection Regulation (GDPR) Changes
byOgilvy Consulting
 
PDF
[REPORT PREVIEW] GDPR Beyond May 25, 2018
byAltimeter, a Prophet Company
 
PPTX
Vuzion Love Cloud GDPR Event
byVuzion
 
PPTX
Do You Have a Roadmap for EU GDPR Compliance?
byUlf Mattsson
 
PDF
GDPR Jennifer Rose
byJennifer Rose
 
PPTX
Gdpr action plan - ISSA
byUlf Mattsson
 
PDF
Data Protection and Privacy
byVertex Holdings
 
PPTX
GDPR: Are you Ready?
byEngageHub
 
General Data Protection Regulation (GDPR) Compliance
byaccenture
 
General Data Protection Regulation (GDPR) Implications for Canadian Firms
byaccenture
 
General data protection regulation - GDPR
byAccenture Italia
 
GDPR How to get started?
byPeter Witsenburg
 
CRMCS GDPR - Why it matters and how to make it Easy
byPaul McQuillan
 
Keep Calm and Comply: 3 Keys to GDPR Success
bySirius
 
GDPR- The Buck Stops Here
byKellyn Pot'Vin-Gorman
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
byCIO Edge
 
Looking Beyond GDPR Compliance Deadline
byaccenture
 
Do You Have a Roadmap for EU GDPR Compliance? Article
byUlf Mattsson
 
Using GDPR to Transform Customer Experience
byMongoDB
 
GDPR - Why it matters and how to make it Easy
byPaul McQuillan
 
What's Next - General Data Protection Regulation (GDPR) Changes
byOgilvy Consulting
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
byAltimeter, a Prophet Company
 
Vuzion Love Cloud GDPR Event
byVuzion
 
Do You Have a Roadmap for EU GDPR Compliance?
byUlf Mattsson
 
GDPR Jennifer Rose
byJennifer Rose
 
Gdpr action plan - ISSA
byUlf Mattsson
 
Data Protection and Privacy
byVertex Holdings
 
GDPR: Are you Ready?
byEngageHub
 

More from accenture

PDF
The Industrialist: Trends & Innovations - January 2024
byaccenture
 
PDF
The Industrialist: Trends & Innovations - September 2023
byaccenture
 
PPTX
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
PDF
The Industrialist: Trends & Innovations - July 2023
byaccenture
 
PDF
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
PDF
Engineering Services: con gli ingegneri per creare valore sostenibile
byaccenture
 
PDF
Digital Euro: Implications for the Financial System
byaccenture
 
PDF
More deals, less money: the Black founder funding journey
byaccenture
 
PDF
The Industrialist: Trends & Innovations - June 2023
byaccenture
 
PPTX
Reinventing Enterprise Operations
byaccenture
 
PPTX
Semiconductor Gender Parity Study
byaccenture
 
PDF
The Industrialist: Trends & Innovations - March 2023
byaccenture
 
PPTX
Free to be 100% me
byaccenture
 
PDF
The Industrialist: Trends & Innovations - February 2023
byaccenture
 
PDF
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
byaccenture
 
PDF
The Industrialist: Trends & Innovations - January 2023
byaccenture
 
PDF
Reimagining the Agenda | Accenture
byaccenture
 
PDF
Climate Leadership Eleventh Hour | Accenture
byaccenture
 
PDF
Sustainable Value Chain
byaccenture
 
PDF
Chemical Companies in the Metaverse
byaccenture
 
The Industrialist: Trends & Innovations - January 2024
byaccenture
 
The Industrialist: Trends & Innovations - September 2023
byaccenture
 
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
The Industrialist: Trends & Innovations - July 2023
byaccenture
 
Accenture Technology Vision - How the trends apply to higher education
byaccenture
 
Engineering Services: con gli ingegneri per creare valore sostenibile
byaccenture
 
Digital Euro: Implications for the Financial System
byaccenture
 
More deals, less money: the Black founder funding journey
byaccenture
 
The Industrialist: Trends & Innovations - June 2023
byaccenture
 
Reinventing Enterprise Operations
byaccenture
 
Semiconductor Gender Parity Study
byaccenture
 
The Industrialist: Trends & Innovations - March 2023
byaccenture
 
Free to be 100% me
byaccenture
 
The Industrialist: Trends & Innovations - February 2023
byaccenture
 
Mundo gamer e a oportunidade de entrada pela abordagem do movimento
byaccenture
 
The Industrialist: Trends & Innovations - January 2023
byaccenture
 
Reimagining the Agenda | Accenture
byaccenture
 
Climate Leadership Eleventh Hour | Accenture
byaccenture
 
Sustainable Value Chain
byaccenture
 
Chemical Companies in the Metaverse
byaccenture
 

Recently uploaded

PPTX
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
PPTX
Celonis Optimizing your future with process
bydevjeremyappleyard
 
PDF
final.pdf
byomarbishtawi04
 
PPTX
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
PDF
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
PDF
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
PDF
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
PDF
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
PDF
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
PDF
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
PDF
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
PDF
apidays New York 2025 | AI in Application Security
byapidays
 
PDF
apidays Paris 2025 | Zero Trust By Design
byapidays
 
PDF
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
PDF
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
PDF
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
PDF
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
PDF
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
PDF
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
PDF
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 
The Transformative Technology in Contemporary Businesses
bygreyaudrina
 
Celonis Optimizing your future with process
bydevjeremyappleyard
 
final.pdf
byomarbishtawi04
 
Critique Prompting: The Secret to High-Quality AI Outputs
bySemantic SEO BD
 
UiPath Automation Developer Associate Training Series 2025 - Session 4
byDianaGray10
 
Explaining the flow of purpose-specific BOM
byakipii ogaoga
 
Chapter 5 Security Mechanisms iin computer security.pdf
byGetnet Tigabie Askale -(GM)
 
From Artificial Intelligence to African Intelligence: Transforming Research &...
byMoses Kemibaro
 
Escape from the Forbidden Zone: Smuggling green and inclusive tech past the g...
byBookNet Canada
 
Bringing AI into R&D, Taking a Human-Centric Approach / Haim Yadid
byHaim Yadid
 
GDG Cloud Southlake #49: Pradeep R Kumar: Implications of Agentic AI for Iden...
byJames Anderson
 
apidays New York 2025 | AI in Application Security
byapidays
 
apidays Paris 2025 | Zero Trust By Design
byapidays
 
Towards a Vibrant AI Hardware Accelerator Ecosystem, invited talk at the 4th ...
byMichiaki Tatsubori
 
Preserve workload integrity during cross-architecture migration
byPrincipled Technologies
 
final~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~.pdf
byomarbishtawi04
 
Automated Governance for FME Flow: Smarter Admin at Scale
bySafe Software
 
Explaining specific examples of purpose-specific BOM
byakipii ogaoga
 
shayk.online - Anonymous chat with Sinatra and WebSockets
byEleanor McHugh
 
20260212 Security-JAWS activity results for 2025 and activity goals for 2026
byTyphon 666
 

GDPR: Data Privacy in the New

  • 1.
    Copyright © 2018Accenture. All rights reserved. 1 GDPRDATA PRIVACY IN THE NEW
  • 2.
    Copyright © 2018Accenture. All rights reserved. 2 GDPR harmonizes a series of complex European data protection requirements and codifies new privacy rights and protections for EU citizens. GDPR’S INTENT: CODIFY RIGHTS AND GIVE PEOPLE POWER OVER THEIR INFORMATION Key GDPR Requirements Data Subject Rights Can you completely erase personal data when needed? Privacy by Design Are your products and services privacy friendly? Accountability Are you confident the third parties you use will be compliant? Consent Have you collected and documented consent for every data use? Breach Notification Can you quickly recognize and report a data breach?
  • 3.
    GENERAL DATA PROTECTIONREGULATION SCOPE WIDENED STRONGER ENFORCEMENT & ACCOUNTABILITY INDIVIDUAL’S RIGHTS INCREASEDHARMONIZATION ACROSS EU Protect personally identifiable data of EU citizens, wherever it is possible New: Significant amendments and new obligations. Individuals have new rights to object to profiling, to be forgotten and for data portability. GDPR has come into effect The final text of the GDPR was published The EU Parliament approved the final text in its plenary session TIMELINE  Right to be forgotten, to erasure, to data portability, to rectification, to restriction of processing, of access by the data subject, to object  Notification obligation for data breaches  Unambiguous consent required for data usage 2015 2019 Q4 Q1 Q2 Q3 Q4 Q1 Q2 Q3 Q4 Q1 Q2 15.12.2015 25.05.201814.04.2016 IMPACT/CHANGES  Fines for violations can be 4% of global turnover (revenue), or €20 million (whichever is higher)  Data protection officer to be appointed  Privacy by Design  Data Protection Authority assessment & approval  Culture of internal monitoring & reviewing  Harmonized rules - unified legal landscape  Overseen by a European Data Privacy Board plus local regulators  Territorial scope in EU & EU data subjects, regardless of where data controller / processor located  Special rules for sensitive data such as health, biometric, ethnic data, etc., and for data concerning criminal convictions and offenses  Data controller vs. processor: accountability for 3rd party processors DRIVERS  Data breaches: increasing amount led to concerns for customers and regulators  Regulatory changes: new rights for individuals - right to be forgotten, portability, breach notification  Lack of harmonization of privacy regulation in EU: GDPR to harmonize privacy legislation among EU member states THEEUGENERALDATAPROTECTIONREGULATION 2016 2018 Ongoing compliance activities and continuous improvement Copyright © 2018 Accenture. All rights reserved. Accenture analysis based upon publicly available documents.
  • 4.
    WHAT CONCERNS DOORGANIZATIONS HAVE? 46% of companies surveyed are concerned about FINES 33% of companies surveyed are concerned about the NEED TO INFORM CUSTOMERS OF DATA BREACHES within 72hrs. 31% of companies surveyed are concerned about the VOLUME OF DATA STORE they need to protect Source: “EU General Data Protection Regulation Survey,” Boldonjames.com. Access at: https://www.boldonjames.com/resources/eu-data-protection-regulation-survey-infographic/. 36% of companies surveyed believe changing processes around DATA PROTECTION and MANAGEMENT is the biggest challenge 4 Copyright © 2018 Accenture. All rights reserved. Accenture’s research into consumer behavior suggests data privacy and protection is not just about compliance and should be at the core of wider business strategy. 8out of 10 surveyed consumers say trust is a key driver of brand loyalty† Consumers surveyed would consider asking their financial services provider to delete personal data, About 2 out of 3 †† 4 out of 10 consumers surveyed, trust in a company increases when breaches are handled swiftly and correctly† of UK consumers surveyed are willing to share their personal information with their bank in return for certain added benefits and more personalized, relevant services 54%†† † A New Slice of PI, with a Side of Digital Trust, Accenture 2017. † † UK Financial Services Customer Survey 2018, Accenture 2018.
  • 5.
    Copyright © 2018Accenture. All rights reserved. 5 REGULATORY CONTEXT AND INDUSTRY CHALLENGES GDPR COMPLIANCE IS FAR FROM BEING A SINGLE ONE-OFF REMEDIATION EFFORT AND MOST ORGANIZATIONS MAY NOT BE FULLY COMPLIANT BY 25TH MAY, 2018 2018 ACHIEVE “DEFENSIBLE” COMPLIANCE POSITION BASED ON RISK APPETITE IMPLEMENT GDPR MEASURES TO MITIGATE “RESIDUAL RISKS” STATEGIC GDPR DIFFERENTIATION  Implement data deletion and security measures for medium - low risk areas  Improve data governance and data discovery  Improve third party due- diligence / risk management  Increase customer trust by improving privacy controls and culture  Help reduce cost of data operations  Leverage data as a strategic differentiator  Reduce third-party supplier risk  Implement new GDPR Governance Model  Implement new subject rights and consent framework  Implement data deletion and security measures for high risk areas 2019 MARKET INSIGHTS MAY High Impact: GDPR is a complex game with high impact on Systems Risk-Based Approach: Clients’ GDPR is too big to be totally completed by 2018 – primary focus should be on the highest risk areas with an intent to cover in a second step the remaining ones Different actions according to Maturity Level: The action plan is linked to the maturity level / state of art of the Privacy Framework / existing solutions / projects
  • 6.
    Users have theright to be forgotten; data should be erased on request Organizations have to notify authorities of data breaches Personal data is portable, and can be transferred on request Organizations handling personal data have to assign a data protection officer A user should be able to easily withdraw, and give informed data collection consent Security / Privacy by design; for solutions and processes related to handling / collecting of personal data, privacy and security should be prioritized Organizationscanbeauditedtoprovetheir compliancewithGDPR Organizations have to follow the data minimization principle; only collect data which is directly relevant and necessary to accomplish a specified purpose OPERATIONAL THEMES TO BECOME GDPR READY All data should be adequately protected and consent secured 6Copyright © 2018 Accenture. All rights reserved.
  • 7.
    Copyright © 2018Accenture. All rights reserved. 7 OPPORTUNITIES AND CONSIDERATIONS FOR THE FUTURE GDPR impacts across businesses, thus requires a cross-functional team It is not just a Risk, IT, Security or legal project – business involvement is key 1 Ensure you understand accountability of data controllers This is more than just a name in the frame, it is about where it may be funded from and who has influence to make the change happen across the organization 6 Customer journey led discovery Identify the top 5-10 customer journeys, they may often drive out the biggest risks like data movement across Utility entities and across systems and prioritize remediation accordingly 2 Embed the Data Protection Officer (DPO) in the organization Ensure that the DPO has the right capabilities (skills, team, authority) and is empowered to highlight risks and make changes happen 7 Prioritize on risks and demonstrate change In many ways GDPR might be too big to be totally completed by 2018 – focus on the highest risks first with an intent to cover all areas 3 Alliance and partners are your responsibility You are now accountable for your alliance / partners being Data Processors and these are often obscure e.g. cloud providers 4 Assess existing projects to scale Data privacy should be a part of all data-related projects, not just a one-time dedicated program 5 Different parts of the organization can be different in maturity It’s natural for some areas to be further ahead, use the wins of leading parts of the organization and make sure all areas are coordinated 8 Tools and organizational experience are critical There is no silver bullet to GDPR compliance. There should be no substitute for engaging stakeholders around the enterprise to understand the hidden nuances in getting to a compliant position 9 From burden to opportunity GDPR investment can be leveraged to drive business value and opportunities e.g. establishing simpler data operations and potentially reduce the cost and data noise 10
  • 8.
    FROM BURDEN TOOPPORTUNITY A defined customer data strategy may help companies to turn regulatory burden and challenges into a competitive advantage. Stricter consent Detailed records on data use New categories of personal data Stricter governance Data privacy by design Accountability for 3rd party sharing Minimization of customer data Right to be forgotten Improve marketing opt-in More efficient data operations More comprehensive profiles Value-based data investments Improved ROI of new initiatives More value from data sharing Potential reduction of cost and data noise Improved marketing spend Enhance consent model /Value exchange Enterprise-wide customer data mapping Treat digital shadow as customer data Put customer data into business ownership Business cases with value / risk of customer data Define 3rd party data sharing strategy Cleanse data lakes from no-value records Stop targeting customers that are not interested From Burden... ...to Opportunity 8Copyright © 2018 Accenture. All rights reserved.
  • 9.
    Copyright © 2018Accenture. All rights reserved. 9 PRIVACY ACT – WHAT’S THE BILL GOING TO DO? Personal Info Collected Personal Information Sold Right to Say No The California Consumer Privacy Act of 2018 is going to put safeguards in place to further project consumers privacy. If enacted the bill will govern the way a consumer’s personal information is being received, held and shared with businesses. The bill has severe implications to businesses that handle or share consumer(s) information. The 8 sections outlined below are components of the bill and will cover how Personal Information (PI) should be handled. 2 3 Equal Service and Price Disclosure Requirements Notice Requirements 5 6 4 Clarifying Definitions Exemptions 7 1 8 Biometric data Personal identifiers like real name, alias, account name, etc. Audio, electronic, visual, thermal Inferences to any PI info Any PI related to children of consumer Internet or network activity info Psychometric Info Geolocation data Records of property, products or services provided Professional or employment- related info Examples of Personal Information Accenture analysis based upon publicly available documents.
  • 10.
    Copyright © 2018Accenture. All rights reserved. 10 ACCENTURE CONTACT INFORMATION Lisa Bloomberg Principal Director Financial Services Regulatory & Compliance New York Lisa.Bloomberg@Accenture.com Tel: +1 917-452-6247 Chris Beck Senior Manager Financial Services Regulatory & Compliance Chicago Christoper.t.beck@Accenture.com Tel: +1 312-693-6246 Samantha Regan Managing Director Financial Services Regulatory & Compliance Management Lead for North America samantha.regan@accenture.com Tel: +1 404-790-7378 Ben Shorten Senior Manager Financial Services Regulatory & Compliance New York benjamin.j.shorten@accenture.com Tel: +1 (512) 739 4080 Daniel J. Maloney Senior Manager Regulatory & Compliance Charlotte Daniel.Maloney@Accenture.com Tel: +1 908-489-4602
  • 11.
    Copyright © 2018Accenture. All rights reserved. 11 GDPR DATA PRIVACY IN THE NEW About Accenture Accenture is a leading global professional services company, providing a broad range of services and solutions in strategy, consulting, digital, technology and operations. Combining unmatched experience and specialized skills across more than 40 industries and all business functions—underpinned by the world’s largest delivery network—Accenture works at the intersection of business and technology to help clients improve their performance and create sustainable value for their stakeholders. With more than 442,000 people serving clients in more than 120 countries, Accenture drives innovation to improve the way the world works and lives. Visit us at www.accenture.com Accenture, its logo, and High Performance Delivered are trademarks of Accenture. Disclaimer This presentation is intended for general informational purposes only and does not take into account the reader’s specific circumstances, and may not reflect the most current developments. Accenture disclaims, to the fullest extent permitted by applicable law, any and all liability for the accuracy and completeness of the information in this presentation and for any acts or omissions made based on such information. Accenture does not provide legal, regulatory, audit, or tax advice. Readers are responsible for obtaining such advice from their own legal counsel or other licensed professionals.