Almost two months after the momentous GDPR ‘go live date’ of 25 May 2018, you might imagine that all interest in the topic had gone away. As a consumer, it certainly felt like GDPR peaked with the flurry of opt-in emails we all received at that time, only to disappear overnight again as though it had never been. Not so however - our customers still have questions. That’s why we invited Stephan along to talk at our recent Forcewest breakfast in Cheltenham. The question we had for him was simple....
‘So that was GDPR, now what?’
4. GDPR & Personal Data
Data
Processor
Data
Controller
Data
Subject
5. GDPR & Personal Data
Personal Data
any information relating to an identified or identifiable natural person;
Online Identifiers
IP Address
Cookies
RFID Tags
Direct Identifiers
Name
Contact Details
ID Number
Location Data
Indirect Identifiers
Physical
Physiological
Genetic
Mental
Economic
Cultural
Social Identity
6. GDPR & Personal Data
Processing
Any operation or set of operations which is performed on personal data or
on sets of personal data, whether or not by automated means, such as
collection, recording, organisation, structuring, storage, adaptation or
alteration, retrieval, consultation, use, disclosure by transmission,
dissemination or otherwise making available, alignment or combination,
restriction, erasure or destruction.
7. GDPR & Personal Data
Profiling
Any structured set of personal data which are accessible according to specific
criteria, whether centralised, decentralised or dispersed on a functional or
geographical basis.
8. GDPR & Personal Data
The Right
to
Rectification
The Right
of
Access The Right
to
Erasure
The Right
to be
Informed
The Right
to Restrict
Processing
The Right
to
Object
The Right
to Data
Portability
The Rights
In relation to
Automated
Decision
Making and
Processing
10. GDPR & Personal Data
Requirements
1. Consent
2. A Contract
3. Vital Interests
4. Legal Obligation
5. A Public Task
6. Legitimate Interest
Article 6
Lawfulness of
Processing
11. GDPR & Personal Data
Principles
1. Purpose Limitations
2. Storage Limitations
3. Data Minimisation
4. Accuracy
5. Right to Erasure
12. GDPR & Personal Data
The Right to Erasure
Individuals have a right to have personal data
erased in specific circumstances:
1. It is no longer necessary in relation to the purpose for which it was
originally collected/processed;
2. when the individual withdraws consent;
3. when the individual objects to the processing and there is no overriding
legitimate interest for continuing the processing;
4. when the personal data was unlawfully processed;
5. when the personal data has to be erased in order to comply with a legal
obligation; or
6. when the personal data is processed in relation to the offer of information
society services to a child.
13. How has this played out?
The calm before the storm
1. The media ‘frenzy’ was very short lived
2. Enhanced awareness
3. Temporary Solutions
14. Results
Companies spent months scrambling to prepare for this, what
has been the result?
1. Some acted on bad legal advice
2. Lots of lost data
3. Wait and see
15. Lawsuits
There have been a few big-name lawsuits filed already. What do
they actually mean?
1. The are mostly PR
2. Individuals do not have the right to press charges
16. Salesforce Changes
Platform Changes
Salesforce have made changes to their platform to aid compliance
1. The Individual Object… more on that shortly!
2. Internal Logging
3. Apex Method for User Deletion & more to come
17. Salesforce Changes
The Individual Object
A New Standard Object!
1. Must be Enabled
2. No Storage Limits
3. Related to Contact, Lead, Person Account, &
User by Default
19. Resources
Where can I find more information?
GDPR Superheroes - GDPRSuperheroes.com
Information Commissioner's Office - ico.org.uk
Data Privacy Manager - elements.cloud/dpm