SlideShare a Scribd company logo

GDPRforum Brighton

Angry Creative (UK)
Angry Creative (UK)

On the 25th May 2018, all businesses across Europe and the UK will face dramatic changes to Data Privacy Laws. With fines of up to 4% of revenue for noncompliance, GDPR has huge potential for disruption if not adhered to. The GDPRforum was held on 1st Sept 2017 to gain valuable insight from Data Privacy experts, teach people how to prepare for the new laws, and how to turn a crisis into an opportunity. The forum was held at the iconic British Airways i360 for an afternoon dedicated to GDPR. During the forum, our attendees learnt about handling Data Privacy from brands like eBay, Irwin Mitchell, and Pragmatic. Our experts offered practical advice on preparing for the new laws, and how to turn a crisis into an opportunity! GDPR Speakers: David Lockie – Pragmatic – Founder Dan Hedley – Irwin Mitchell – Partner Gilbert Hill – Independent Privacy Technologist Ben Westwood – eBay – Senior Privacy Manager & Data Protection Officer UK (Slides coming soon)

Business
1 of 57
David Lockie // GDPR Forum // September 2017
● ● ● ●
● ● ●
● ● ● ●
● ● ●
● ● ● ● ● ●
● ● ● ● ● ●
● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ● ●
● ● ● ● ● ●
The Myth - The Sun, 28 July 2017
The Reality “Predictions of massive fines under the GDPR that simply scale up penalties we’ve issued under the Data Protection Act are nonsense. Don’t get me wrong, the UK fought for increased powers when the GDPR was being drawn up. Heavy fines for serious breaches reflect just how important personal data is in a 21st century world. But we intend to use those powers proportionately and judiciously. And while fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective.” - Elizabeth Denham, Information Commissioner, 9 August 2017
The Myth “You have to have consent to process personal data.” - Nearly everyone, all the time For example… “The Data Protection Bill will require explicit consent to be necessary for processing sensitive personal data.” - An actual DCMS press release (no, really)
The Reality • Consent is one possible basis for processing personal data. • There are 5 others: contractual necessity, legal obligation, protection of vital interests, public interest necessity and legitimate interests – “Special categories of data” • Consent is basically only really useful where you can’t rely on any of the others – typically, in relation to direct marketing. • Consent is hard to get right, and easy to lose. • Basically, consent is rubbish.
The Myth “It’s all ok as long as you have consent.”
The Reality • You probably don’t have consent, actually – Or at least, not for as much stuff as you think you have! • Consent might be legal basis on which you process, but you still have to do that processing in accordance with GDPR e.g. – Fairly, transparently – Purpose limited – Accurate and not retained for longer than necessary – Kept safe and secure – Record keeping – Rights exercise
The Myth “Data protection is an IT issue.” “Buy this ‘thingy’ and you’ll be compliant.”
The Reality • Data protection is a boardroom issue • IT is involved, but so are Operations, HR, Sales, Marketing… • There is no turnkey technology solution to GDPR compliance – People and process first – Technology tools can help with particular issues e.g. data discovery, record keeping, data housekeeping, security
The Myth “All businesses have to appoint a Data Protection Officer.” “All businesses with more than 250 employees have to appoint a Data Protection Officer.” …or some variation on that theme.
The Reality • Most businesses will not be obliged to appoint a DPO • You must appoint a DPO only if: – You’re a public authority – Your core activities require regular and systematic monitoring of data subjects – Your core activities consist of large scale processing of special categories of data • Otherwise, don’t have to… but might want to anyway?
The Myth “All data breaches have to be reported within 72 hours.”
The Reality • Not a straight myth, but only kinda true • Data breaches much be reported to the ICO by the controller UNLESS “unlikely to result in a risk to the rights and freedoms of natural persons” – Encrypted? – Retrieved unopened? – A bunch of corporate email addresses? • Obligation is “without undue delay and, where feasible, not later than 72 hours after having become aware of it” • Must give (good) reasons if late
A few things that aren’t myths • Extraterritorial effect • Primary obligations for data processors • Record keeping • Transparency • New subject rights • New contractual requirements for processors • More prescriptive security requirements
If watching a bunch of lawyers getting apoplectically angry is your idea of a good time… #GDPRubbish
GDPR – from Threat to Business Opportunity in 30 minutes
GDPR – New Kind of Superhero Required
Privacy 1:0 – The Cookie Monster
Audit, Transparency & Learning
GDPR – ‘The Marathon’ • Europe-Wide – Unified • Big Fines, Bigger Brand Fallout • Data Breaches – 72hrs to comply • Data Privacy & DPO’s – An Inside Job • A Journey with No Destination – Beware FUD-Mongers & ‘Experts’
Consent & Processing
What Is Consent Under GDPR? • “Any freely given, specific, informed and unambiguous indication of his/her wishes, by which the data subject, either by statement or clear affirmative action, signifies agreement to personal data related to them being processed” • “Affirmative Action” • “Freely Given” • “Specific & Informed” Consent is contextual, not absolute
Withdrawing Consent & Data Portability
Article 30 – Data Hoards & Record Keeping
Article 30 – What you need to Know & Show • Name & Contact details of Controller • Purpose of the processing • Description of categories of data subjects and data • Recipients to whom data will be disclosed including 3rd parties • Transfers of personal data to another country • Time Limits – ‘shelf life’ for retention of data • Security around how data is held
Transparency: Informed Choice = Best Sense
Wetherspoons Pubs Email - high Risk vs Return?
Keep Learning… • Train & get staff onboard • Bake into brand values, educate customers • Admit vulnerability – we’re human! • Don’t overlook offline • The Weakest Link – tough questions for suppliers • Speak with competitors
Enjoy Data Responsibly • Thanks! • Gilbertmhill@gmail.com • Twitter: @gilbertHill

Recommended

GDPRforum London
GDPRforum LondonGDPRforum London
GDPRforum London
Angry Creative (UK)
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 

Recommended

GDPRforum London
GDPRforum LondonGDPRforum London
GDPRforum London
Angry Creative (UK)
 
Privacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the artPrivacy by Design - taking in account the state of the art
Privacy by Design - taking in account the state of the art
James Mulhern
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
Ulf Mattsson
 
Privacy and Big Data Overload!
Privacy and Big Data Overload!Privacy and Big Data Overload!
Privacy and Big Data Overload!
SparkPost
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
Getting Started with GDPR Compliance
Getting Started with GDPR ComplianceGetting Started with GDPR Compliance
Getting Started with GDPR Compliance
DATAVERSITY
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Data Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethicsData Privacy: What you need to know about privacy, from compliance to ethics
Data Privacy: What you need to know about privacy, from compliance to ethics
AT Internet
 
Information lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPRInformation lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPR
Jisc
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
Jatin Kochhar
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
cjw119
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy is at the heart of data protection
Privacy is at the heart of data protectionPrivacy is at the heart of data protection
Privacy is at the heart of data protection
Jisc
 
Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...
BigchainDB
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital space
Yves Sinka
 
The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation
David Sayce
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
shekharkanodia
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summitadministrator_confidis
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by Design
Data Con LA
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
Jisc
 
Data Analytics Governance and Ethics
Data Analytics Governance and EthicsData Analytics Governance and Ethics
Data Analytics Governance and Ethics
HPCC Systems
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
Jatin Kochhar
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
Precisely
 
GDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content workGDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content work
Clovis Six
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 

More Related Content

What's hot

Information lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPRInformation lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPR
Jisc
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
Jatin Kochhar
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
cjw119
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
Kristyn Greenwood
 
Privacy is at the heart of data protection
Privacy is at the heart of data protectionPrivacy is at the heart of data protection
Privacy is at the heart of data protection
Jisc
 
Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...
BigchainDB
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
John Eckman
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital space
Yves Sinka
 
The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation
David Sayce
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
shekharkanodia
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summitadministrator_confidis
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
Unisys Corporation
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by Design
Data Con LA
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
Jisc
 
Data Analytics Governance and Ethics
Data Analytics Governance and EthicsData Analytics Governance and Ethics
Data Analytics Governance and Ethics
HPCC Systems
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
Jatin Kochhar
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
Precisely
 
GDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content workGDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content work
Clovis Six
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 

What's hot (20)

Information lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPRInformation lifecycles: a tool for GDPR
Information lifecycles: a tool for GDPR
 
Global Data Privacy Regulation
Global Data Privacy RegulationGlobal Data Privacy Regulation
Global Data Privacy Regulation
 
Big data privacy security regulation
Big data privacy security regulation Big data privacy security regulation
Big data privacy security regulation
 
Privacy by Design: White Papaer
Privacy by Design: White PapaerPrivacy by Design: White Papaer
Privacy by Design: White Papaer
 
Privacy is at the heart of data protection
Privacy is at the heart of data protectionPrivacy is at the heart of data protection
Privacy is at the heart of data protection
 
Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...Personal data and the blockchain – how will the GDPR influence blockchain app...
Personal data and the blockchain – how will the GDPR influence blockchain app...
 
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By DesignGDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
GDPR FTW, or, How I Learned to Stop Worrying and Love Privacy By Design
 
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
Trivadis TechEvent 2016 Big Data Privacy and Security Fundamentals by Florian...
 
Privacy in the digital space
Privacy in the digital spacePrivacy in the digital space
Privacy in the digital space
 
The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation The European Union’s 
General Data Protection Regulation
The European Union’s 
General Data Protection Regulation
 
Privacy issues in data analytics
Privacy issues in data analyticsPrivacy issues in data analytics
Privacy issues in data analytics
 
Keith prabhu global high on cloud summit
Keith prabhu global high on cloud summitKeith prabhu global high on cloud summit
Keith prabhu global high on cloud summit
 
Privacy and Security by Design
Privacy and Security by DesignPrivacy and Security by Design
Privacy and Security by Design
 
Data Privacy and Security by Design
Data Privacy and Security by DesignData Privacy and Security by Design
Data Privacy and Security by Design
 
DDoS mitigation at Jisc
DDoS mitigation at JiscDDoS mitigation at Jisc
DDoS mitigation at Jisc
 
Data Analytics Governance and Ethics
Data Analytics Governance and EthicsData Analytics Governance and Ethics
Data Analytics Governance and Ethics
 
Why We Require GDPR?
Why We Require GDPR?Why We Require GDPR?
Why We Require GDPR?
 
Finding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA ComplianceFinding Data at Risk for CCPA Compliance
Finding Data at Risk for CCPA Compliance
 
GDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content workGDPR & how it impacts your UX / content work
GDPR & how it impacts your UX / content work
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with ITBigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
 

Similar to GDPRforum Brighton

Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Erwin Otten
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
Benoît De Nayer
 
GDPR - CISO Perspective
GDPR - CISO PerspectiveGDPR - CISO Perspective
GDPR - CISO Perspective
George Dragusin
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
Jake DiMare
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
Tech Trust
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
Ray Bugg
 
Data Protection Magazine
Data Protection Magazine Data Protection Magazine
Data Protection Magazine
teresadepiano
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislation
IRIS
 
Gdpr workshop module_1
Gdpr workshop module_1Gdpr workshop module_1
Gdpr workshop module_1
S Sid Ahmed
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Software Integrity Group
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
Clive Rich
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
MongoDB
 
Automotive sales crashing into data? Driving customer engagement & growth in...
Automotive sales crashing into data? Driving customer engagement & growth in...Automotive sales crashing into data? Driving customer engagement & growth in...
Automotive sales crashing into data? Driving customer engagement & growth in...
IgnitionOne
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
Jatin Kochhar
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
The General data protection regulation : Salient clauses
The General data protection regulation : Salient clausesThe General data protection regulation : Salient clauses
The General data protection regulation : Salient clauses
Syed Nazir Razik ACP, CSM, PMP
 

Similar to GDPRforum Brighton (20)

Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
GDPR - CISO Perspective
GDPR - CISO PerspectiveGDPR - CISO Perspective
GDPR - CISO Perspective
 
The Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection RegulationThe Meaning and Impact of the General Data Protection Regulation
The Meaning and Impact of the General Data Protection Regulation
 
NetSquared London - GDPR for charities
NetSquared London - GDPR for charitiesNetSquared London - GDPR for charities
NetSquared London - GDPR for charities
 
GDPR Scotland 2017
GDPR Scotland 2017GDPR Scotland 2017
GDPR Scotland 2017
 
Data Protection Magazine
Data Protection Magazine Data Protection Magazine
Data Protection Magazine
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Game changing legislation
Game changing legislationGame changing legislation
Game changing legislation
 
Gdpr workshop module_1
Gdpr workshop module_1Gdpr workshop module_1
Gdpr workshop module_1
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
Synopsys Security Event Israel Presentation: Taking Your Software to the GDPR...
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
The Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPRThe Countdown is on: Key Things to Know About the GDPR
The Countdown is on: Key Things to Know About the GDPR
 
GDPR webinar presentation | LawBite
GDPR webinar presentation | LawBiteGDPR webinar presentation | LawBite
GDPR webinar presentation | LawBite
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
Automotive sales crashing into data? Driving customer engagement & growth in...
Automotive sales crashing into data? Driving customer engagement & growth in...Automotive sales crashing into data? Driving customer engagement & growth in...
Automotive sales crashing into data? Driving customer engagement & growth in...
 
GDPR Data Life Cycle
GDPR Data Life CycleGDPR Data Life Cycle
GDPR Data Life Cycle
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
 
The General data protection regulation : Salient clauses
The General data protection regulation : Salient clausesThe General data protection regulation : Salient clauses
The General data protection regulation : Salient clauses
 

More from Angry Creative (UK)

Using off the-shelf AI tools to augment WordPress
Using off the-shelf AI tools to augment WordPressUsing off the-shelf AI tools to augment WordPress
Using off the-shelf AI tools to augment WordPress
Angry Creative (UK)
 
Using off the-shelf ai tools to augment WordPress
Using off the-shelf ai tools to augment WordPressUsing off the-shelf ai tools to augment WordPress
Using off the-shelf ai tools to augment WordPress
Angry Creative (UK)
 
WCEU 2020 Online: 9 Ways to Make WordPress Better with AI
WCEU 2020 Online: 9 Ways to Make WordPress Better with AIWCEU 2020 Online: 9 Ways to Make WordPress Better with AI
WCEU 2020 Online: 9 Ways to Make WordPress Better with AI
Angry Creative (UK)
 
Webinar - solving the revenue optimisation challenge in a complex web estate ...
Webinar - solving the revenue optimisation challenge in a complex web estate ...Webinar - solving the revenue optimisation challenge in a complex web estate ...
Webinar - solving the revenue optimisation challenge in a complex web estate ...
Angry Creative (UK)
 
Web monetisation - WordCamp for Publishers April 2020
Web monetisation - WordCamp for Publishers April 2020Web monetisation - WordCamp for Publishers April 2020
Web monetisation - WordCamp for Publishers April 2020
Angry Creative (UK)
 
WordCamp London 2019 - Content monetisation platforms with WordPress
WordCamp London 2019 - Content monetisation platforms with WordPressWordCamp London 2019 - Content monetisation platforms with WordPress
WordCamp London 2019 - Content monetisation platforms with WordPress
Angry Creative (UK)
 
Furthering Human Progress - Nkiru Uwaje
Furthering Human Progress - Nkiru UwajeFurthering Human Progress - Nkiru Uwaje
Furthering Human Progress - Nkiru Uwaje
Angry Creative (UK)
 
The future of social media : Beatrice Whelan
The future of social media : Beatrice WhelanThe future of social media : Beatrice Whelan
The future of social media : Beatrice Whelan
Angry Creative (UK)
 
David lockie - PACE: future, now.
David lockie - PACE: future, now.David lockie - PACE: future, now.
David lockie - PACE: future, now.
Angry Creative (UK)
 
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
Angry Creative (UK)
 
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
Angry Creative (UK)
 
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David LockieWordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
Angry Creative (UK)
 
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David LockieWooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
Angry Creative (UK)
 
WooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
WooConf 2017: Weaving CRO and Agile Methodologies - Laura NelsonWooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
WooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
Angry Creative (UK)
 
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
Angry Creative (UK)
 

More from Angry Creative (UK) (15)

Using off the-shelf AI tools to augment WordPress
Using off the-shelf AI tools to augment WordPressUsing off the-shelf AI tools to augment WordPress
Using off the-shelf AI tools to augment WordPress
 
Using off the-shelf ai tools to augment WordPress
Using off the-shelf ai tools to augment WordPressUsing off the-shelf ai tools to augment WordPress
Using off the-shelf ai tools to augment WordPress
 
WCEU 2020 Online: 9 Ways to Make WordPress Better with AI
WCEU 2020 Online: 9 Ways to Make WordPress Better with AIWCEU 2020 Online: 9 Ways to Make WordPress Better with AI
WCEU 2020 Online: 9 Ways to Make WordPress Better with AI
 
Webinar - solving the revenue optimisation challenge in a complex web estate ...
Webinar - solving the revenue optimisation challenge in a complex web estate ...Webinar - solving the revenue optimisation challenge in a complex web estate ...
Webinar - solving the revenue optimisation challenge in a complex web estate ...
 
Web monetisation - WordCamp for Publishers April 2020
Web monetisation - WordCamp for Publishers April 2020Web monetisation - WordCamp for Publishers April 2020
Web monetisation - WordCamp for Publishers April 2020
 
WordCamp London 2019 - Content monetisation platforms with WordPress
WordCamp London 2019 - Content monetisation platforms with WordPressWordCamp London 2019 - Content monetisation platforms with WordPress
WordCamp London 2019 - Content monetisation platforms with WordPress
 
Furthering Human Progress - Nkiru Uwaje
Furthering Human Progress - Nkiru UwajeFurthering Human Progress - Nkiru Uwaje
Furthering Human Progress - Nkiru Uwaje
 
The future of social media : Beatrice Whelan
The future of social media : Beatrice WhelanThe future of social media : Beatrice Whelan
The future of social media : Beatrice Whelan
 
David lockie - PACE: future, now.
David lockie - PACE: future, now.David lockie - PACE: future, now.
David lockie - PACE: future, now.
 
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
WordCamp Athens 2017 'Enterprise ecommerce with WooCommerce at the centre' - ...
 
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
WordCamp Europe 2016 'The Discovery & Definition Approach to Project Planing'...
 
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David LockieWordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
WordCamp Brighton 2017 'Business toolkit how to de-risk' - David Lockie
 
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David LockieWooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
WooConf 2017: Enterprise eCommerce with WooCommerce at the center - David Lockie
 
WooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
WooConf 2017: Weaving CRO and Agile Methodologies - Laura NelsonWooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
WooConf 2017: Weaving CRO and Agile Methodologies - Laura Nelson
 
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
David Lockie 'Using Open Source to Speed Up your Roadmap' BrightonSEO 2017
 

Recently uploaded

5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
ofm712785
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
fakeloginn69
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
Ben Wann
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
marketing317746
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Avirahi City Dholera
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
creerey
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
taqyed
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
LR1709MUSIC
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
Bojamma2
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
Nicola Wreford-Howard
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
usawebmarket
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
tanyjahb
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
balatucanapplelovely
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
agatadrynko
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Lviv Startup Club
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
dylandmeas
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Navpack & Print
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
DerekIwanaka1
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
zechu97
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
marketingjdass
 

Recently uploaded (20)

5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer5 Things You Need To Know Before Hiring a Videographer
5 Things You Need To Know Before Hiring a Videographer
 
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptxCADAVER AS OUR FIRST TEACHER anatomt in your.pptx
CADAVER AS OUR FIRST TEACHER anatomt in your.pptx
 
Business Valuation Principles for Entrepreneurs
Business Valuation Principles for EntrepreneursBusiness Valuation Principles for Entrepreneurs
Business Valuation Principles for Entrepreneurs
 
amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05amptalk_RecruitingDeck_english_2024.06.05
amptalk_RecruitingDeck_english_2024.06.05
 
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s DholeraTata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
Tata Group Dials Taiwan for Its Chipmaking Ambition in Gujarat’s Dholera
 
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBdCree_Rey_BrandIdentityKit.PDF_PersonalBd
Cree_Rey_BrandIdentityKit.PDF_PersonalBd
 
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
一比一原版加拿大渥太华大学毕业证(uottawa毕业证书)如何办理
 
FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134FINAL PRESENTATION.pptx12143241324134134
FINAL PRESENTATION.pptx12143241324134134
 
The-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic managementThe-McKinsey-7S-Framework. strategic management
The-McKinsey-7S-Framework. strategic management
 
Exploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social DreamingExploring Patterns of Connection with Social Dreaming
Exploring Patterns of Connection with Social Dreaming
 
Buy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star ReviewsBuy Verified PayPal Account | Buy Google 5 Star Reviews
Buy Verified PayPal Account | Buy Google 5 Star Reviews
 
3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx3.0 Project 2_ Developing My Brand Identity Kit.pptx
3.0 Project 2_ Developing My Brand Identity Kit.pptx
 
The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...The effects of customers service quality and online reviews on customer loyal...
The effects of customers service quality and online reviews on customer loyal...
 
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdfikea_woodgreen_petscharity_dog-alogue_digital.pdf
ikea_woodgreen_petscharity_dog-alogue_digital.pdf
 
Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)Maksym Vyshnivetskyi: PMO Quality Management (UA)
Maksym Vyshnivetskyi: PMO Quality Management (UA)
 
Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...Discover the innovative and creative projects that highlight my journey throu...
Discover the innovative and creative projects that highlight my journey throu...
 
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n PrintAffordable Stationery Printing Services in Jaipur | Navpack n Print
Affordable Stationery Printing Services in Jaipur | Navpack n Print
 
BeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdfBeMetals Presentation_May_22_2024 .pdf
BeMetals Presentation_May_22_2024 .pdf
 
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).pptENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
ENTREPRENEURSHIP TRAINING.ppt for graduating class (1).ppt
 
Skye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto AirportSkye Residences | Extended Stay Residences Near Toronto Airport
Skye Residences | Extended Stay Residences Near Toronto Airport
 

GDPRforum Brighton

  • 1.
  • 2. David Lockie // GDPR Forum // September 2017
  • 3.
  • 4.
  • 6.
  • 8.
  • 10.
  • 11.
  • 12.
  • 13.
  • 14.
  • 18.
  • 21.
  • 22.
  • 23.
  • 24. The Myth - The Sun, 28 July 2017
  • 25. The Reality “Predictions of massive fines under the GDPR that simply scale up penalties we’ve issued under the Data Protection Act are nonsense. Don’t get me wrong, the UK fought for increased powers when the GDPR was being drawn up. Heavy fines for serious breaches reflect just how important personal data is in a 21st century world. But we intend to use those powers proportionately and judiciously. And while fines may be the sledgehammer in our toolbox, we have access to lots of other tools that are well-suited to the task at hand and just as effective.” - Elizabeth Denham, Information Commissioner, 9 August 2017
  • 26.
  • 27. The Myth “You have to have consent to process personal data.” - Nearly everyone, all the time For example… “The Data Protection Bill will require explicit consent to be necessary for processing sensitive personal data.” - An actual DCMS press release (no, really)
  • 28. The Reality • Consent is one possible basis for processing personal data. • There are 5 others: contractual necessity, legal obligation, protection of vital interests, public interest necessity and legitimate interests – “Special categories of data” • Consent is basically only really useful where you can’t rely on any of the others – typically, in relation to direct marketing. • Consent is hard to get right, and easy to lose. • Basically, consent is rubbish.
  • 29.
  • 30. The Myth “It’s all ok as long as you have consent.”
  • 31. The Reality • You probably don’t have consent, actually – Or at least, not for as much stuff as you think you have! • Consent might be legal basis on which you process, but you still have to do that processing in accordance with GDPR e.g. – Fairly, transparently – Purpose limited – Accurate and not retained for longer than necessary – Kept safe and secure – Record keeping – Rights exercise
  • 32.
  • 33. The Myth “Data protection is an IT issue.” “Buy this ‘thingy’ and you’ll be compliant.”
  • 34. The Reality • Data protection is a boardroom issue • IT is involved, but so are Operations, HR, Sales, Marketing… • There is no turnkey technology solution to GDPR compliance – People and process first – Technology tools can help with particular issues e.g. data discovery, record keeping, data housekeeping, security
  • 35.
  • 36. The Myth “All businesses have to appoint a Data Protection Officer.” “All businesses with more than 250 employees have to appoint a Data Protection Officer.” …or some variation on that theme.
  • 37. The Reality • Most businesses will not be obliged to appoint a DPO • You must appoint a DPO only if: – You’re a public authority – Your core activities require regular and systematic monitoring of data subjects – Your core activities consist of large scale processing of special categories of data • Otherwise, don’t have to… but might want to anyway?
  • 38.
  • 39. The Myth “All data breaches have to be reported within 72 hours.”
  • 40. The Reality • Not a straight myth, but only kinda true • Data breaches much be reported to the ICO by the controller UNLESS “unlikely to result in a risk to the rights and freedoms of natural persons” – Encrypted? – Retrieved unopened? – A bunch of corporate email addresses? • Obligation is “without undue delay and, where feasible, not later than 72 hours after having become aware of it” • Must give (good) reasons if late
  • 41. A few things that aren’t myths • Extraterritorial effect • Primary obligations for data processors • Record keeping • Transparency • New subject rights • New contractual requirements for processors • More prescriptive security requirements
  • 42. If watching a bunch of lawyers getting apoplectically angry is your idea of a good time… #GDPRubbish
  • 43.
  • 44. GDPR – from Threat to Business Opportunity in 30 minutes
  • 45. GDPR – New Kind of Superhero Required
  • 46. Privacy 1:0 – The Cookie Monster
  • 48. GDPR – ‘The Marathon’ • Europe-Wide – Unified • Big Fines, Bigger Brand Fallout • Data Breaches – 72hrs to comply • Data Privacy & DPO’s – An Inside Job • A Journey with No Destination – Beware FUD-Mongers & ‘Experts’
  • 50. What Is Consent Under GDPR? • “Any freely given, specific, informed and unambiguous indication of his/her wishes, by which the data subject, either by statement or clear affirmative action, signifies agreement to personal data related to them being processed” • “Affirmative Action” • “Freely Given” • “Specific & Informed” Consent is contextual, not absolute
  • 51. Withdrawing Consent & Data Portability
  • 52. Article 30 – Data Hoards & Record Keeping
  • 53. Article 30 – What you need to Know & Show • Name & Contact details of Controller • Purpose of the processing • Description of categories of data subjects and data • Recipients to whom data will be disclosed including 3rd parties • Transfers of personal data to another country • Time Limits – ‘shelf life’ for retention of data • Security around how data is held
  • 55. Wetherspoons Pubs Email - high Risk vs Return?
  • 56. Keep Learning… • Train & get staff onboard • Bake into brand values, educate customers • Admit vulnerability – we’re human! • Don’t overlook offline • The Weakest Link – tough questions for suppliers • Speak with competitors
  • 57. Enjoy Data Responsibly • Thanks! • Gilbertmhill@gmail.com • Twitter: @gilbertHill