This document provides an overview of the EU General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It discusses the issues with how organizations currently manage data and how GDPR aims to better protect consumer data. Key points include expanded definitions of personal data, increased rights for data subjects, higher fines for non-compliance, and new requirements for consent, transparency, accountability, and breach notification. It outlines four steps businesses need to take, including reviewing policies, establishing a legal basis for processing, demonstrating compliance, and considering appointing a data protection officer.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
Understand what GDPR is and how it affects US companies.
- Take the 3-Question Test to see if it really applies to you
- Follow a 4-part framework for updating your privacy policy
- Learn why your CRM may be a problem
- Get a full checklist on how to become compliant today
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Privacy by Design and by Default + General Data Protection Regulation with Si...Peter Procházka
My presentation for SUG Hungary presented on 26.06.2018 with topic Privacy by Design and by Default and General Data Protection Regulation with Sitecore
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
This Webinar featuring guests from the EU Commission, the French data regulator CNIL, DLA Piper and IBM provided an overview of the new EU data protection and privacy perspective from the perspective of the regulation author, regulator, legal advisor and technology providers.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
Recent surveys benchmarking the status of U.S. companies' efforts to meet the May 25 deadline for the EU Global Data Protection Regulation (GDPR) have revealed a startling lack of preparedness.
Companies not yet in compliance are likely to violate the directive if they don’t take immediate action, and fines can amount to 2-4 percent of a company’s annual gross revenue. Do you have the resources and information you need to comply?
View to learn:
--What GDPR means to your business
--Short, medium, and long-term actions you can take to protect regulated data and achieve compliance
--How you can streamline incident response and third-party risk management capabilities
--How to streamline the resources and technology needed to keep up with the evolving regulatory landscape
Don't fall behind on these compliance regulations. Take the steps needed to protect the data you collect.
Understand what GDPR is and how it affects US companies.
- Take the 3-Question Test to see if it really applies to you
- Follow a 4-part framework for updating your privacy policy
- Learn why your CRM may be a problem
- Get a full checklist on how to become compliant today
Cyber Security & Data Protection Considerations for GDPR,
GDPR Overview,
Data Centric Quick Wins,
Streamlining with Technology,
Monitor and Measure GDPR Risks,
www.3grc.co.uk
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
Will you be ready to comply with new EU Data Protection Regulation in time?Per Norhammar
No time to lose to comply with the new EU Data Protection Regulation - deadline is May 2018
Soon you will have to find, evaluate and categorize your company’s stored Personal Data (PD) in what may be thousands of databases. In order to be compliant with this new regulation, in due time, new processes have to be in order.
This presentation explains Information Governance. Learn what it takes to improve the value of information, manage information risks, and reduce information costs.
GETTINGGDPR-READY MEANS SETTING UP A PRIVACY MANAGEMENT SYSTEM,
BEING ABLE TO SHOW IT AND KEEPING IT EFFECTIVE
A management system is a “living” entity which adapts to business context (new markets-products-services, M&A, demerge, law/policies changes, … ) and improves over time
Impact of GDPR on Third Party and M&A SecurityEQS Group
GDPR impact has been dissected and examined to death - however, M&A activities, as well as third-party security posture, can be greatly affected as well, and this aspect has not been very often pursued. This session hopes to be useful for that.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Merit Event - Understanding and Managing Data Protectionmeritnorthwest
From the 24th of October 2002, the Data Protection Act 1998, which applies to local government, NHS Trusts, Schools, Universities and all UK organisations who process personal information, comes into full force. The Data Protection Act 1998 gives people more rights to have their personal information handled fairly, to object to certain types of processing and to have access to any information held about them.
Who should attend:
These briefings have been designed for those who are responsible for the implementation of the Data Protection Act 1998. The practical as well as the theory will be dealt with and attendees will have the opportunity to discuss Data Protection business issues with experts and other delegates.
Briefing Content:
Morning session - Introduction
a) The Data Protection Act and its Principles
b) Responsibilities
c) Policies and Notification
d) Dealing with sub-contractors
e) Subject Access
f) Manual Records
g) Human Resource
Afternoon Session - Auditing
a) Do you need to Audit?
b) How to Audit
c) Do you know what data you process?
d) Reviewing Responsibilities
e) Procedures and Processes
f) Putting Things Right
g) Demonstrating Compliance
About the eBusiness Club
This training day is being organised as part of the eBusiness Club activities managed on behalf of the Chamber on Merseyside by MERIT (NW) Ltd and supported by leading public and private sector partners. The Merseyside eBusiness club will assist members to achieve the best possible results from their ICT and eBusiness systems. At the same time they will learn about innovations in the market place and hear directly from the leading voices in the industry
Full details about the eBusiness Club can be found online at www.merit.org.uk/ebusinessclub or alternatively by contacting Ian Bulmer, eBusiness Club Co-ordinator, MERIT (NW) Ltd, One Old Hall Street, Liverpool. L3 9HG. Tel: 0151 285 1400 email: ebusinessclub@merit.org.uk
Information Governance, Managing Data To Lower Risk and Costs, and E-Discover...David Kearney
Information governance, records and information management, and data disposition policies are ways to help lower costs and mitigate risks for organizations. Policies and procedures to actively manage data are not just an IT "problem," they're a collaborative business initiative that is a must in today's "big data" environment. With electronic discovery rules, government regulations and the Sarbanes-Oxley Act, all organizations must proactively take steps to manage their data with well-governed processes and controls, or be willing to face the risks and costs that come along with keeping everything. Organizations must know what information they have, where it is located, the duration data must be retained and what information would be needed when responding to an event.
There have been numerous instances of severe legal penalties for organizations that did not have an electronic data strategy, tools, processes and controls to locate and understand their own data. In addition, the risks of unmanaged data include skyrocketing infrastructure and personnel costs and an increase in attorney time to manage massive amounts of data when a litigation event occurs.
Information governance is needed much like any business continuity and disaster recovery plans, but with an understanding of data: where data are located, how data are managed, event response, and regular testing of processes and procedures for preparedness.
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
The EU Global Data Protection Regulation (GDPR) and New York State Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500) represent a landmark change in the global data protection space. While they originate in different countries and apply to different organizations, their primary message is the same:
Protect your data, or pay a steep price. More specifically, protect the sensitive data you collect from customers.
With deadlines looming, is your organization ready?
The time to act is now. Read more to learn:
--Key mandates and minimum requirements for compliance
--Why a comprehensive data-centric security strategy is invaluable to all data protection and data privacy efforts
--How you can gauge your organization’s incident response capabilities
--How to extend your focus beyond the organization’s figurative four walls to ensure requirements are met throughout your supply chain
The first New York requirements deadline has arrived. With the next deadline of mandates only 6 months away, you don't want to fall behind and leave your organization at risk for potential penalties and fines.
Similar to Preparing for GDPR: General Data Protection Regulation - Stakeholder Presentation (20)
How Sirus, Building Services Management Company use EQMS by Qualsys. Here Pauline Sourdille explains all the different ways the team use EQMS for compliance and quality management.
https://qualsys.co.uk/case-studies/sirus/
https://quality.eqms.co.uk/blog/good-practice-in-the-pharmaceutical-industry
What is GxP? What is GxP important for the life science industry? How can you use software to comply with GxP
Good Practice in the Life Science industry
More https://quality.eqms.co.uk/blog/introduction-to-apqp
New to the advanced product quality planning framework?
Don't despair. In this article, Mike Bendall, Business Mentor at Qualsys, explains APQP, provides a checklist for each APQP phase, and there is a link to download his APQP training course for beginners.
Culture of quality workshop - Qualsys Training WorkshopQualsys Ltd
Establish and nurture a culture of quality within your organisation with this quality culture training.
More tools and resources at https://quality.eqms.co.uk/culture-of-quality-toolkit
The slides contain:
- How to sustain a culture of quality
- Culture of quality and continuous improvement
- Culture of quality vision statement
ISO 45001:2018 Health and Safety Management SoftwareQualsys Ltd
Health and safety survey findings - the key challenges
Transitioning from OHSAS 18001 to ISO 45001:2018
Implementing a health and safety management system
A look at 3 case study organisations
Technology recommendations for:
Capturing risk and incident data
Root cause analytics, Big Data, IoT and predictive scoring
A culture of wellbeing and safety
Integrating health and safety considerations into business change processes
Examples of how our software is used
Get your questions answered
https://quality.eqms.co.uk/health-and-safety-webinar
Lean six sigma explained: Beginners trainingQualsys Ltd
A free online introduction to Lean six sigma principles.
Includes lean six sigma tools, philosophy, disciplines, history overview of lean six sigma, applying DMAIC for complex decision making, using Qualsys EQMS software for Lean Six Sigma.
Best practice approach for PLM, Product Supply and SourcingQualsys Ltd
Buy-in presentation for PLM professionals who want an electronic management system. Download this presentation and use it for your own business case if you need better control over the products you supply, product sourcing and a more agile approach to product life cycle management. EQMS software can help capture data throughout the product lifecycle.
ISO 22301 leadership buy in presentationQualsys Ltd
ISO 22301 Leadership buy-in presentation. Demonstrate your leadership skills with this ISO 22301 business continuity management system leadership buy-in presentation. This explains why business continuity is essential, why follow ISO 22301 and the resources required to get your business continuity management system established.
How to Drive Engagement with Enterprise Compliance SoftwareQualsys Ltd
Rob Gibson is an experienced IT Systems Manager who has developed his career at facilities management and food service company Sodexo. Over the past four years, Rob has been instrumental in rolling out EQMS - an electronic quality and compliance management system. Sodexo use EQMS to manage document control, audits, incident logging and training records for many of their heavily-regulated sites. Rob has introduced and managed a number of initiatives to raise awareness of the system and engage its users. Rob and his team are now on an exciting journey to roll out EQMS worldwide. As Sodexo is one of the largest employers in the world, this is not without its challenges! In this presentation, Rob shares his journey, tips and advice for rolling out a global quality and compliance management software solution.
Embedding a culture of quality: ISO 9001:2015 FocusQualsys Ltd
What does an organisation with a mature culture of quality look like? In this ppt presentation, Richard Green, Former Head of Technical Services at CQI, explains what a culture of quality looks like, the essential building blocks and how to achieve this.
More information can be found: http://quality.eqms.co.uk/blog/6-critical-building-blocks-of-a-quality-culture
7 Step Guide To Successfully Managing a Change Project & Winning Stakeholders...Qualsys Ltd
70% of change management projects fail! 46% of senior managers agree that communication is the biggest issue.
From initial reluctance for people to do things differently, not understanding WHY a change is being implemented, denial of requirement for change, overcoming objections is unique to each project and each organisation, language barriers in global organisations and managing change roll-out across multiple sites.
Follow this 7 Step Guide to win stakeholders hearts and minds.
Watch the presentation: http://quality.eqms.co.uk/asset-equipment-management
In this slideshare:
1. An Introduction to Equipment Management: Why Business Equipment is Critical to your Business and The 7 Key Problems with Managing Business Equipment.
2. The Asset Register : Record Keeping – Compliance and a Basis for Effective Management, What and Where.
3. Maintenance and Calibration: Keeping Track of Safety: Staff – Customers – Partners – the Public.
4. The High Cost of Failure: Regulatory Non-Compliance and Human and Financial Costs.
5. Best Practice: Safe Operation, Smart Equipment and the Internet of Everything
Use this Slideshare for a best practice approach towards:
- asset register,
- preventive maintenance schedule management,
- maintenance repair and operations,
- maintenance program for equipment,
- heavy equipment maintenance,
- programmed maintenance,
- medical equipment management, industrial equipment maintenance, equipment safety, and facility maintenance management strategies are discussed detail.
More information: www.eqms.co.uk .
This survey takes the temperature of the Quality Industry 2016, identifying trends and listening to your opinions on the most pressing issues facing Quality. Never before have Quality professionals encountered such pressure in balancing and prioritising various organisational demands such as:
Hitting KPIs despite a lack of resource and tighter deadlines.
Identifying new opportunities for process improvement.
Complying to evolving Standards and regulations.
Aggregating data from a multitude of data sources.
As technology evolves alongside developing regulatory requirements, so does the role of the Quality professional. It’s time to ask, how do you compare with others in your industry?
Good Document Control Practices and Procedures: ISO 9001:2015Qualsys Ltd
Read More: quality.eqms.co.uk/eqms-governance-risk-compliance-software-datasheets
Once upon a time, records lived in lever arch-files, filing cabinets and in cardboard boxes. All key documents and records were strictly guarded under lock-and-key by those who knew the rules, and applied them assiduously.
Nowadays, records exist all over the business, well beyond the reach of the traditional warden. With everything digital, records are stored on desktops or mobile devices, on clouds or on servers, on intranets or on social media.
But what impact has this decentralisation of records had on organisations?
In this fast paced, mobile world, documentation is created at break-neck pace.
Not only has the internet, remote working and globalisation completely changed the way documents are created, it has transformed how records are exchanged, viewed, interrogated and collaborated upon.
Despite the issues with lost company records, only a third of organisations feel their document control procedures are integrated enterprise-wide, according to an AIIM Industry Report.
Two in three organisations feel they have failed to integrate document control procedures across the organisation, or have little or no document control policy at all.
Not only do these companies risk litigation costs, loosing customer confidence, bad publicity and loosing confidential customer information, they are failing to exploit important knowledge resources.
EQMS Document Manager helps you to keep control of records. EQMS enables you to:
control access and usage of documented information, as well as the distribution and retrieval of documents.
Follow a systematic approach: e.g. follow the Plan > Do > Check > Act cycle.
Retain records: have documents to prove that you have done what you said you would do.
This supports organisations to meet the requirements of ISO 9001:2015 and other management standards.
Accpac to QuickBooks Conversion Navigating the Transition with Online Account...PaulBryant58
This article provides a comprehensive guide on how to
effectively manage the convert Accpac to QuickBooks , with a particular focus on utilizing online accounting services to streamline the process.
Personal Brand Statement:
As an Army veteran dedicated to lifelong learning, I bring a disciplined, strategic mindset to my pursuits. I am constantly expanding my knowledge to innovate and lead effectively. My journey is driven by a commitment to excellence, and to make a meaningful impact in the world.
3.0 Project 2_ Developing My Brand Identity Kit.pptxtanyjahb
A personal brand exploration presentation summarizes an individual's unique qualities and goals, covering strengths, values, passions, and target audience. It helps individuals understand what makes them stand out, their desired image, and how they aim to achieve it.
Attending a job Interview for B1 and B2 Englsih learnersErika906060
It is a sample of an interview for a business english class for pre-intermediate and intermediate english students with emphasis on the speking ability.
Putting the SPARK into Virtual Training.pptxCynthia Clay
This 60-minute webinar, sponsored by Adobe, was delivered for the Training Mag Network. It explored the five elements of SPARK: Storytelling, Purpose, Action, Relationships, and Kudos. Knowing how to tell a well-structured story is key to building long-term memory. Stating a clear purpose that doesn't take away from the discovery learning process is critical. Ensuring that people move from theory to practical application is imperative. Creating strong social learning is the key to commitment and engagement. Validating and affirming participants' comments is the way to create a positive learning environment.
Discover the innovative and creative projects that highlight my journey throu...dylandmeas
Discover the innovative and creative projects that highlight my journey through Full Sail University. Below, you’ll find a collection of my work showcasing my skills and expertise in digital marketing, event planning, and media production.
Buy Verified PayPal Account | Buy Google 5 Star Reviewsusawebmarket
Buy Verified PayPal Account
Looking to buy verified PayPal accounts? Discover 7 expert tips for safely purchasing a verified PayPal account in 2024. Ensure security and reliability for your transactions.
PayPal Services Features-
🟢 Email Access
🟢 Bank Added
🟢 Card Verified
🟢 Full SSN Provided
🟢 Phone Number Access
🟢 Driving License Copy
🟢 Fasted Delivery
Client Satisfaction is Our First priority. Our services is very appropriate to buy. We assume that the first-rate way to purchase our offerings is to order on the website. If you have any worry in our cooperation usually You can order us on Skype or Telegram.
24/7 Hours Reply/Please Contact
usawebmarketEmail: support@usawebmarket.com
Skype: usawebmarket
Telegram: @usawebmarket
WhatsApp: +1(218) 203-5951
USA WEB MARKET is the Best Verified PayPal, Payoneer, Cash App, Skrill, Neteller, Stripe Account and SEO, SMM Service provider.100%Satisfection granted.100% replacement Granted.
Cracking the Workplace Discipline Code Main.pptxWorkforce Group
Cultivating and maintaining discipline within teams is a critical differentiator for successful organisations.
Forward-thinking leaders and business managers understand the impact that discipline has on organisational success. A disciplined workforce operates with clarity, focus, and a shared understanding of expectations, ultimately driving better results, optimising productivity, and facilitating seamless collaboration.
Although discipline is not a one-size-fits-all approach, it can help create a work environment that encourages personal growth and accountability rather than solely relying on punitive measures.
In this deck, you will learn the significance of workplace discipline for organisational success. You’ll also learn
• Four (4) workplace discipline methods you should consider
• The best and most practical approach to implementing workplace discipline.
• Three (3) key tips to maintain a disciplined workplace.
RMD24 | Retail media: hoe zet je dit in als je geen AH of Unilever bent? Heid...BBPMedia1
Grote partijen zijn al een tijdje onderweg met retail media. Ondertussen worden in dit domein ook de kansen zichtbaar voor andere spelers in de markt. Maar met die kansen ontstaan ook vragen: Zelf retail media worden of erop adverteren? In welke fase van de funnel past het en hoe integreer je het in een mediaplan? Wat is nu precies het verschil met marketplaces en Programmatic ads? In dit half uur beslechten we de dilemma's en krijg je antwoorden op wanneer het voor jou tijd is om de volgende stap te zetten.
Unveiling the Secrets How Does Generative AI Work.pdfSam H
At its core, generative artificial intelligence relies on the concept of generative models, which serve as engines that churn out entirely new data resembling their training data. It is like a sculptor who has studied so many forms found in nature and then uses this knowledge to create sculptures from his imagination that have never been seen before anywhere else. If taken to cyberspace, gans work almost the same way.
Improving profitability for small businessBen Wann
In this comprehensive presentation, we will explore strategies and practical tips for enhancing profitability in small businesses. Tailored to meet the unique challenges faced by small enterprises, this session covers various aspects that directly impact the bottom line. Attendees will learn how to optimize operational efficiency, manage expenses, and increase revenue through innovative marketing and customer engagement techniques.
Remote sensing and monitoring are changing the mining industry for the better. These are providing innovative solutions to long-standing challenges. Those related to exploration, extraction, and overall environmental management by mining technology companies Odisha. These technologies make use of satellite imaging, aerial photography and sensors to collect data that might be inaccessible or from hazardous locations. With the use of this technology, mining operations are becoming increasingly efficient. Let us gain more insight into the key aspects associated with remote sensing and monitoring when it comes to mining.
Affordable Stationery Printing Services in Jaipur | Navpack n PrintNavpack & Print
Looking for professional printing services in Jaipur? Navpack n Print offers high-quality and affordable stationery printing for all your business needs. Stand out with custom stationery designs and fast turnaround times. Contact us today for a quote!
Affordable Stationery Printing Services in Jaipur | Navpack n Print
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presentation
1. Why GDPR?
The issues with how organisations manage data at
present
What is GDPR and how will help protect
consumers?
What do businesses need to know?
4 steps to be GDPR compliant
Preparing for 25th May 2018
2. THE WORLD HAS CHANGED
Over 3 million
data records are lost or stolen
every day
Existing EU Directives are not enough to protect European Citizens
4. OVERVIEW OF EU GENERAL DATA PROTECTION
REGULATION
General Data Protection Regulation – enforced by EU
Expands on some parts of DPA/existing Directive;
creates other new requirements
Determines how personal data should be processed
and used
Comes into effect on 25 May 2018, regardless of
Brexit
What is GDPR?
5. SO WHAT?
Impacts every data controller and processor dealing
with data on subjects in Europe
79 times higher than previous fines
Potential fines of up to 4% of your organisation’s annual turnover or €20,000,000 – Whichever
is higher
Who? Means:
Data subject Any EU citizen who has entrusted a controller with
their personal data.
Customers, service users, employees
Data
controller
Who the data subject entrusts with their data.
Responsible for deciding how the data is handled.
Data
processor
Any entity that handles personal data on the data
controller's behalf.
7. What’s new?
Expanded definition of “personal data”
Transparency and consent
Enhanced rights for data subjects
Accountability
Data protection by design
Notifying subjects of data breaches
New rights you need to know
Rights
to
Be informed
Access
Rectification
Erasure
Restrict
Processsing
Data
Portability
Object
8. Personal data
Any form of automated data processing to analyse or predict:
Performance at work
Economic situation
Health
Personal preferences
Reliability
Behaviour
Location
Movements
Are you keeping, or planning to keep:
Personal or sensitive data such as
cookies, IP addresses, biometric data,
genetic data?
9. 4 Requirements for Your Data Protection Policy
1) Legal basis for processing
2) Legitimate interests (if any)
3) Right to lodge complaint
4) How long data will be retained
Clear, concise and accessible
10. Consent
Freely given, specific, informed and unambiguous
Clear affirmative action
Provided separately from other written agreements
Verifiable
As easily withdrawn as given
Hint!
Large and complex structured
organisations benefit from an
EQMS to manage policies and
procedures, approval workflows
and monitor compliance
activity.
Make employees accountable:
http://quality.eqms.co.uk/eqms
-datasheets-download
Get your policies and processes in order
11. Poor Passwords
Weak remote access
Unpatched flaws
Misconfigurations
Malicious Insider
http://www.computerworlduk.com/security/most-data-breaches-still-discovered-by-third-parties-3615783/
The average time between breach
and discovery is
188 DAYS
DATA BREACHES ARE USUALLY PREVENTABLE
Protect your reputation with proactive policies, employee training & robust systems
12. Notification of data breaches
Destroyed, lost, altered, disclosed to or accessed by
unauthorised people
Reported to:
Supervisory authority
Discrimination, reputational damage, financial loss,
confidentiality
Individual(s) affected
Same, but high risk
Report within 72 hours of breach
Accountability is key
Hint!
EQMS Workflow Manager
assigns responsibility and
manages incidents such as a
data breach through to
completion. Everyone knows
what they are doing, when.
Make employees accountable:
http://quality.eqms.co.uk/eqms
-software-demonstration
13. Accountability – Data protection by design
Must demonstrate compliance with GDPR - How?
Policies and procedures (audits, HR policies)
Staff training
Pseudonymisation
Data protection impact assessments
Appointing data protection officer
Robust systems to protect employees and customers
Hint!
EQMS provides a robust
framework for managing
business processes. Manage
policies, assign responsibility
and use the audit trail function
to demonstrate compliance
activity.
Read more:
http://quality.eqms.co.uk/eqms
-software-demonstration
14. Enhanced rights for data subjects
Right to:
Confirmation that data is being processed
Receive data
Rectify any inaccurate or incomplete data
‘Be forgotten’
Restrict processing of data
Obtain and re-use data for own purposes
Accountability is key
15. Example Timeline for GDPR Compliance Training
Workshop with high interest / high power stakeholders:
What data do we have?
What data are we planning to have?
How can we minimise risk? E.g. pseudonymisation.
Make department managers accountable for the data they capture:
Has each department manager completed a data protection impact assessment? (Use EQMS Audit
Manager & assign audit to be completed by each department manager.)
Are the policies sufficient?
Are controls in place to demonstrate opt-in?
Do we need to get permission to continue using this data?
Do we need a Data Protection Officer?
Roll out training Train employees on the new GDPR requirements - EQMS Training Record Manager
Employees aware & engaged with their GDPR requirements. (Use EQMS Training Manager training
matrix to easily manage which employees have outstanding training requriements)
Steps to getting GDPR-ready
18. Steps to compliance
Review data protection policies
Establish legal basis for processing
Identify how to demonstrate compliance
Consider whether to appoint DPO
19. 1) Review policies
Individuals told about right to object, at first communication
Understanding of what constitutes “data breach” – more than loss of data
Procedures for detecting, investigating and reporting breaches
Insurance coverage in case of breach
20. 2) Establish legal basis for processing
Be clear on grounds for lawful processing
If consent:
Obtained correctly, as mentioned earlier
Subjects informed of right to withdraw at any time, and given
simple methods to do so
21. 3) Demonstrate compliance
New policies – data protection by design
Regular audits
Staff training
Pseudonymisation
Review and update existing information notices
22. 4) Consider a data protection officer
Informs and advises on obligations
Monitors compliance – manages internal activities and audits, trains staff
First point of contact for supervisory authorities and data subjects
Compulsory that DPO:
Reports to board/directors
Independent, and not penalised for performing job
Has resources to meet obligations
Can be existing employee as long as compatible and no conflict of interest
No qualifications, but should have professional experience and knowledge of law
24. DOWNLOAD GDPR TOOLKIT
Q U A L I T Y . E Q M S . C O . U K / G D P R - G E N E R A L - D A T A - P R O T E C T I O N - R E G U L A T I O N - E U - T O O L K I T
Editor's Notes
General Data Protection Regulation
Today's presentation is about the General Data Protection Regulation (GDPR), a new data protection law.
First of all, bit of background information on the regulation – why it's being enforced and so on.
Then go into a little more detail about what it means for businesses – how businesses will be affected, what they'll need to do to make sure they comply.
Finish off by focusing on what it means for Qualsys in particular.
General Data Protection Regulation
General Data Protection Regulation
General Data Protection Regulation
It's the General Data Protection Regulation, and it's being enforced by the EU.
Broadly similar to the UK Data Protection Act, deals with things such as fairness, lawfulness, transparency, data security, and confidentiality. Data protection laws in force in most EU countries for about 20 years, so many organisations already have basics in place and won’t need to make too many adjustments.
It’s the first global data protection law in that any company worldwide that works with information relating to EU citizens MUST COMPLY. Not just limited to companies based in the EU.
Centred around the use of “personal data”, which has always been a fairly broad definition but has changed a little in regards to GDPR.
Comes into effect on 25 May 2018, regardless of Brexit.
General Data Protection Regulation
It's the General Data Protection Regulation, and it's being enforced by the EU.
Broadly similar to the UK Data Protection Act, deals with things such as fairness, lawfulness, transparency, data security, and confidentiality. Data protection laws in force in most EU countries for about 20 years, so many organisations already have basics in place and won’t need to make too many adjustments.
It’s the first global data protection law in that any company worldwide that works with information relating to EU citizens MUST COMPLY. Not just limited to companies based in the EU.
Centred around the use of “personal data”, which has always been a fairly broad definition but has changed a little in regards to GDPR.
Comes into effect on 25 May 2018, regardless of Brexit.
General Data Protection Regulation
General Data Protection Regulation
Businesses will already be complying with the Data Protection Act and the existing EU Directive. But what new requirements does GDPR enforce?
Expands definition of "personal data" – brings in some new categories of data that have mostly arisen due to the proliferation of the internet
Transparency and consent – new requirements around obtaining permission from individuals to use their personal data, and justifying why you're using it
Enhanced rights – GDPR gives data subjects several new rights, which we'll look at
Accountability – holding organisations accountable is a big part of the new regulation. Organisations expected to adopt significant new measures to demonstrate that they're complying with GDPR.
Expands definition set out in the DPA and the previous EU directive.
"Personal data" still means things like names, ID numbers and physical information, but now also covers location data and online identifiers such as IP addresses and cookies.
Data protection laws use the term "sensitive personal data" to cover things like race/ethnicity, politics, religious beliefs, sexual orientation etc. GDPR does the same, but also includes biometric and genetic data.
Biometric data = any data relating to a person's physical, physiological or behavioural characteristics which allows them to be identified.
Genetic data = any data relating to characteristics someone has inherited and which allows information about their health to be identified.
As most organisations keep only HR records, customer lists, contact details etc., the change should make little practical difference. Can assume that if you hold information that falls within the scope of the DPA, also falls within the scope of the GDPR.
General Data Protection Regulation
Organisations have a duty to tell individuals how their personal data is processed. And they must do so in a format which is clear, concise and easily accessible.
That information must include the legal basis for processing. For data processing to be legal under the GDPR, organisations must document why they're processing the data because this legal basis determines the individual's rights. If you're processing someone's data because they've explicitly given you their consent, for example, that person will generally have stronger rights.
Other legal bases for processing data might be:
Necessary to obey the law
Necessary to perform a task in the public interest
The information should also include details of any legitimate interests the organisation has for using the data. That could be direct marketing, preventing fraud, or making sure the IT networks are secure.
The data subject should be told what right they have to lodge a complaint about how their data is stored and used, and how long their data will be retained.
General Data Protection Regulation
GDPR refers to both ‘consent’ and ‘explicit consent’, but is unclear as to the difference given that both forms have to be freely given, specific, informed and an unambiguous indication of the individual’s wishes.
Consent under the GDPR requires some form of clear affirmative action, whether that's clicking a tick box or actively choosing a setting. Just because the person hasn't specifically said no doesn't mean they've said yes. And pre-ticked boxes are now banned.
Consent to processing must be distinguishable, clear, and not “bundled” in with other written agreements.
Consent must be verifiable. So some form of record must be kept of how and when the person gave their consent.
Individuals have a right to withdraw consent at any time, and doing this should be as easy as it was for them to give their consent.
General Data Protection Regulation
At present, the average time between data breach and discover is 188 days. Under the new GDPR rules, this is not going to be acceptable. More robust systems are required to protect your organisation, customer and suppliers.
General Data Protection Regulation
Under GDPR, all organisations have a duty to report certain types of data breach to the relevant authority, and in some cases to the individuals affected.
A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. For example, a hospital could be responsible for a personal data breach if a patient’s health record is inappropriately accessed due to a lack of appropriate internal controls.
So a breach is more than just losing personal data.
An organisation only has to notify the relevant supervisory authority of a breach where it is likely to put people's rights and freedoms at risk – so that might be causing discrimination, reputational damage, financial loss, or a loss of confidentiality.
Where a breach is likely to put people's rights and freedoms at high risk, the organisation must notify those concerned directly. So the threshold for notifying individuals is higher than for notifying the relevant supervisory authority.
A breach of this kind must be reported to the relevant supervisory authority within 72 hours of the organisation becoming aware of it. If the breach is serious enough to warrant notifying the public, the organisation must do so straight away.
Failing to give notice of a breach could lead to a fine of up to 10 million Euros or two per cent of the business's global turnover.
General Data Protection Regulation
Accountability has always been an important element of data protection law, but the GDPR gives it more significance.
"Data protection by design" means promoting privacy and data protection compliance from the start when beginning a new project (might be building a new IT system, or an initiative to share data with other organisations).
Under the Data Protection Act, it was always a recommendation rather than an obligation. Under GDPR, organisations must be able to demonstrate their compliance with the principles of the regulation.
How to do this? Could:
Build into policies and procedures – e.g. new HR policies, carrying out regular audits
Implement staff training programmes
Use pseudonymisation – which is processing personal data in such a way that it can no longer be attributed to a specific "data subject" without the use of additional information, which must be kept separately and subject to the same measures
If processing "high risk" data, now a formal requirement to carry out a data protection impact assessment to identify risks of non-compliance.
Assessment must include a description of how and why data is processed, the risks involved, and measures employed to mitigate those risks.
Any organisation can appoint a data protection officer (DPO) but public authorities, and organisations who process sensitive data or criminal records on a large scale or regularly monitor data subjects (e.g. tracking online behaviour), MUST do so.
General Data Protection Regulation
The GDPR gives data subjects a number of new rights when it comes to their personal data.
They're entitled to:
confirmation that their data is being processed, and to see a copy of that data
have their personal data rectified if it's inaccurate or incomplete
'be forgotten' – so they can ask for their data to be deleted or removed if there's no longer a compelling reason for it to be processed
restrict their personal data from being processed – for example, they might contest its accuracy, or need it for a legal claim. If processing is restricted, the organisation can store the data, just not process it
obtain and reuse their personal data as they see fit.
General Data Protection Regulation
Accountability has always been an important element of data protection law, but the GDPR gives it more significance.
"Data protection by design" means promoting privacy and data protection compliance from the start when beginning a new project (might be building a new IT system, or an initiative to share data with other organisations).
Under the Data Protection Act, it was always a recommendation rather than an obligation. Under GDPR, organisations must be able to demonstrate their compliance with the principles of the regulation.
How to do this? Could:
Build into policies and procedures – e.g. new HR policies, carrying out regular audits
Implement staff training programmes
Use pseudonymisation – which is processing personal data in such a way that it can no longer be attributed to a specific "data subject" without the use of additional information, which must be kept separately and subject to the same measures
If processing "high risk" data, now a formal requirement to carry out a data protection impact assessment to identify risks of non-compliance.
Assessment must include a description of how and why data is processed, the risks involved, and measures employed to mitigate those risks.
Any organisation can appoint a data protection officer (DPO) but public authorities, and organisations who process sensitive data or criminal records on a large scale or regularly monitor data subjects (e.g. tracking online behaviour), MUST do so.
General Data Protection Regulation
General Data Protection Regulation
General Data Protection Regulation
General Data Protection Regulation
Our data protection policies must ensure that we tell people, during our first contact with them, that they have a right to object to our processing their data.
All our staff will need to understand what constitutes a data breach, and that this is more than just a loss of data.
We'll need to have internal procedures in place for detecting, investigating and reporting breaches. This will help us to decide who we need to notify.
If there is a data breach and someone without the correct authority gets access to it, then the IT teams need to be able to implement appropriate measures to render the data unintelligible.
We might also need to review our insurance policies to assess the extent of our coverage in case of any data breaches.
General Data Protection Regulation
In Qualsys's case, our legal basis for processing is likely to be that we're doing so with the subject's consent. If other reasons apply, we'll need to have processes that allow us to demonstrate how we've reached decisions on how we use data.
If we're using consent as our basis for lawful processing, we need to make sure it's consent we've obtained correctly, in line with the provisions mentioned earlier. So clear affirmative action, consent given separately, and so on. We also need to ensure we make data subjects’ aware of the right to withdraw their consent at any time, and provide them with simple methods to do so.
General Data Protection Regulation
To demonstrate our compliance with GDPR, we’ll need to draw up a data protection policy. And if we do that from a data-protection-by-design standpoint, we can make sure we’re promoting privacy and data protection compliance from the very beginning.
We can also strengthen our compliance by building certain measures into the policy, so, for example, conducting regular audits, training staff in data protection principles, pseudonymisation and so on.
General Data Protection Regulation
If we decide to appoint a DPO, there are a number of things we need to do to make sure they can operate to the best of their ability.
As part of their role, the DPO would be:
informing and advising the company about our obligations to comply with GDPR and other data protection laws;
monitoring our compliance – including:
managing internal data protection activities
advising on data protection impact assessments
training staff, and
conducting internal audits; and
the first point of contact for supervisory authorities and for individuals whose data is processed (employees, customers etc.).
It’s compulsory that the DPO:
reports to the board/directors
operates independently and is not penalised for doing their job
has sufficient resources to meet their GDPR obligations
The DPO can be recruited from our existing pool of employees, but their duties would need to be compatible and avoid any conflict of interest. Whoever was chosen would not need any special qualifications, but should have professional experience and knowledge of data protection law.
General Data Protection Regulation
So, to finish, we know that in a year’s time there will be a new EU regulation that determines how businesses such as ours handle people’s personal data.
We know that:
the regulation gives people much stronger rights over their data
we’ll have to be more transparent about how we use people’s data, and
we’ll have a duty to demonstrate how we’re complying with the regulation overall.
To do that, we’ll need to:
review our policies and procedures
establish our legal basis for using people’s data, and
think about whether we need to appoint a data protection officer to do all the work for us.