The General Data Protection Regulation (GDPR) is an EU law that sets guidelines for collecting and processing personal information from individuals in the European Union. It aims to give citizens control over their personal data and unify data protection within the EU. The GDPR takes effect on May 25, 2018 and replaces the 1995 Data Protection Directive. It applies to any organization worldwide that collects data on EU citizens. Non-compliance can result in fines of up to 20 million euros or 4% of annual global turnover.

1. 1111 01 100 00100 00011 0001010 101000 111 0101 00010100 10111 00010 1010 101010 100010 10111 100001 10001 1011101 100011 0001100001000010000110101 11 1000 000 S K I L L Z M I D D L E E A S T 0001 000 111 00011 1000110001 1111
GDPR and www
Dieter Hovorka CTO
Skillz Middle East
dieter@skillzme.com
+971 56 101 2480

2. GDPR IS IT A LAW?
WHAT DOES IT MEAN

3. The Digital Experts
History of GDPR

4. The Digital Experts
The General Data Protection Regulation (GDPR) is a regulation in EU law on data
protection and privacy for all individuals within the European Union.
It also addresses the export of personal data outside the EU.
The GDPR aims primarily to give control to citizens and residents over their personal data
and to simplify the regulatory environment for international business by unifying the
regulation within the EU.
It was adopted on 14 April 2016, and after a two-year transition period, becomes
enforceable on 25 May 2018. The GDPR replaces the 1995 Data Protection Directive.
Because the GDPR is a regulation, not a directive.
It does not require national governments to pass any enabling legislation and is directly
binding and applicable.
What does it mean?

5. The Digital Experts
Who is effected, does it effect UK also?
The United Kingdom's upcoming withdrawal from the EU and wonder whether
this will affect the country's compliance with the GDPR. As of this writing, it is
expected that the U.K. will update the Data Protection Act 1998 with a new law
called the Data Protection Bill 2017. However, because companies in the U.K.
often do business with customers or other organizations in EU member states,
it is expected that businesses in the U.K. will still need to comply with the
General Data Protection Regulation either directly or though an "adequacy
test" acceptable to European authorities.

6. The Digital Experts
Why change?

7. The Digital Experts
GDPR’s goals

8. The Digital Experts
The expanded definition of personal data

9. The Digital Experts
The expanded definition of personal data

10. The Digital Experts
How does it help consumers?

11. The Digital Experts
Under GDPR, companies may not legally process any person's personally
identifiable information without meeting at least one of six conditions.
1. Express consent of the data subject.
2. Processing is necessary for the performance of a contract with the data
subject or to take steps to enter into a contract.
3. Processing is necessary for compliance with a legal obligation.
4. Processing is necessary to protect the vital interests of a data subject or
another person.
5. Processing is necessary for the performance of a task carried out in the public
interest or in the exercise of official authority vested in the controller.
6. Processing is necessary for the purposes of legitimate interests pursued by
the controller or a third party, except where such interests are overridden by
the interests, rights or freedoms of the data subject.
When are companies allowed to use data?

12. The Digital Experts
Why should you be worried?

13. The Digital Experts
How will the GDPR change Businesses?

14. The Digital Experts
Personal Data Handling Process

15. The Digital Experts
The Road to Compliance

16. The Digital Experts
Data Protection Officer
do you need to appoint one?
Does company Size matter?
No it is looking into data processing, in most of the
cases a compliance officer or CIO or CFO can carry
the duty

17. The Digital Experts
While this part of the regulation likely isn't enough to give foreign
nationals cause for concern, there is one particular aspect of the
regulation that makes it much more far-reaching than it would
otherwise be: The GDPR applies to any organization, anywhere in
the world, that collects data on citizens of the EU. As such, even a
small, web-based business located on a different continent would
have to be GDPR compliant.
What about he rest of the world?

18. The Digital Experts
The Consequences of not complying
can be gave

19. The Digital Experts
The following cases are not covered by the regulation
• Lawful interception, national security, the army, the
police, justice
• Statistical and scientific analysis
• Deceased persons are subject to national legislation
• There is a dedicated law on employer-employee
relationships
• Processing of personal data by a natural person in the
course of a purely personal or household activity
Who is excluded?

20. The Digital Experts
Sample: Usage of a Photo, does GDPR apply?
Source of Picture: Private, yourself
Usage: Blog, own Website, social Media
PRIVAT NO GDPR
Source of Picture: Private, friend
Usage: Blog, own Website, social Media
GDPR
Source of Picture: Private, friend
Usage: company website, company social Media
GDPR

21. The Digital Experts
Will Cybersecurity be the next biggest concern?

22. The Digital Experts
Sample of statements from Companies

23. The Digital Experts
Experts in Digital Content and Marketing
Dieter Hovorka CTO
Skillz Middle East
dieter@skillzme.com
+971 56 1012480
Q&A

24. The Digital Experts
Under the General Data Protection Regulation, data subject rights include:
Right to be forgotten - data subjects can request personally identifiable data to be erased
from a company's storage. The company has the right to refuse requests if they can
successfully demonstrate the legal basis for their refusal.
Right of access - data subjects can review the data that an organization has stored about
them.
Right to object - data subjects can refuse permission for a company to use or process the
subject's personal data. The company can ignore the refusal if they can satisfy one of the
legal conditions for processing the subject's personal data, but must notify the subject and
explain their reasoning behind doing so.
Right to rectification - data subjects can expect inaccurate personal information to be
corrected.
Right of portability - data subjects can access the personal data that a company has about
them and transfer it.
What are the covered rights for EU Citizens?

25. The Digital Experts
If a company does not comply with the GDPR
when it becomes effective, 25.May 2018.
What’s the risk on Fines?
20 million euros or 4 percent
of annual global turnover.
The following sanctions can be imposed (extract):
• a warning in writing in cases of first and non-
intentional noncompliance
• regular periodic data protection audits
• the obligations of the certification body
• the obligations of the monitoring body

26. The Digital Experts
EU Digital Single Market