This document provides an analogy to explain how the GDPR impacts companies. It likens a company to a bus that collects passenger data to take them to a destination. It outlines several key points regarding the GDPR journey: 1) Companies must be transparent about what data they collect, why they collect it, how they process it, and how long they store it. 2) Companies need consent to collect and process customer data, and they must respect privacy by default and keep data securely on the bus. 3) The GDPR gives customers rights to access their data, rectify inaccuracies, erase their data, restrict processing, and object to processing. Companies must be prepared to address these rights and securely

1. Data
Subjects
Your
company
=
controller
Prospects,
customers
Staff
Processors
GDPR rights
Be informed
Access
Rectify
Erase
Restrict
Object
GDPR impacts your inbound and
outbound marketing activities:
website trackers, cookies, forms,
cold calling, direct marketing,
news letters, etc…
Be aware and check!
What is your destination?
What data can you ask?
When do you need consent?
What is your story, purpose
and motivation. How do you
inform? Do you respect
Privacy by default? Are you
transparent?
Who?
What
data?
Where? How?
GDPR
compliancy
check &
contract
controlled
6 grounds
1.Consent
2.Contract
3.Legal
4.Health
5.Common
6.Legitimate
Dataleavingthebus
uncontrolled
72hrs to
report
DuringthejourneyUponarrival
Your retention
policy
discover, manage, protect, report
THE GDPR JOURNEY
Imagine your company is a bus. You want to get passengers and staff on board to bring them somewhere in a unqie and safe
way. During the trip and upon destination, some will leave some will stay…
Gettingpeopleonthebus
Inside the bus
Document what happens inside and outside the bus.
Who processes what data? Why is it processed? How and where
does it happen? What could go wrong? Will you know? Can you
meet subjects’ demands? How long do you store data? …
How to keep
passengers on
board?
Archiving
hans@thedataprotectionoffice.eu