[Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again!
•
2 likes•495 views
The General Data Protection Regulations (GDPR) will apply to any company that collects or handles the personal data of EU citizens. Review these slides to learn the steps to prepare your organization for compliance. Learn even more how to protect your private data with AIIM's Information Government training: http://www.aiim.org/InfoGovTraining
Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to [Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again!
Similar to [Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again! (20)
More from AIIM International
More from AIIM International (20)
Recently uploaded
Recently uploaded (20)
[Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again!
- 3. Content • Brexit and the General Data Protection Regulation (GDPR) • What the GDPR says • Immediate areas of focus & making the business case • How information & records management can help you including • Information Audits • IG Frameworks
- 4. Brexit and the GDPR • Approved by MEPs (Parliament) and Member States (Council) after 4 years of negotiation • Brexit doesn’t affect it • UK has a new Information Commissioner who took office in July 2016 • Current ICO guidance is to focus on 12 main areas, further guidance to come Will become enforceable law in the UK & Ireland (and member states) on the 24th May 2018
- 5. What the GDPR says
- 6. 05 The new principles The new principles are that information is: 01 04 02 0603 07 Processed fairly, lawfully & in a transparent manner Collected for specific, explicit and legitimate purposes Adequate, relevant and limited to what is necessary to meet the purpose Accurate and up to date Must not be kept for longer than is necessary Kept secure to maintain integrity and confidentiality Processed by controllers and processors able to demonstrate compliance
- 7. Name and contact details The envisaged time limits for erasure data Technical and organisational security measures Categories: - Data subjects - Personal data Purposes of processes To whom personal data was disclosed Transfers of personal data Each controller must maintain a record of processing activities. That record must contain of the following information: Demonstrate compliance
- 8. GDPR Requirements Governance & policy Data inventory Third party mgmt. Information security Risk mgmt. Incident & breach management Procedures & controls - Marketing & Data collection (incl.Consent management) - Complaints & Data Subject’s Rights - Automated decision making & Risk profiling - Employment processing Assurance
- 10. Fines Inadequate processing of child data Processing which does not require identification Inadequate Data Protection by Design Inadequate controller & processor management Inadequate security controls Non notification of breaches Inadequate Data Protection Officer appointment Breaches of Codes of Conduct and/or Certifications Each supervisory authority shall have the power to issue administrative fines of up to 10 million euros for breaches of;
- 11. Fines Breaches of the basic principles for processing including conditions for consent Inadequate compliance with Data Subject rights Inappropriate transfers outside of the EEA Breaches of relevant member state law Non-compliance with an order from the Supervisory Authority Each supervisory authority shall have the power to issue administrative fines of up to 20 million euros for breaches of;
- 12. Good IRM could save your skin! It assists with compliance requirements, making some elements of the GDPR less burdensome (even add additional efficiency benefits to the organisation) By keeping accurate and robust records on your processing activities and controls you can defend your position better with a regulator or a data subject It makes it easier to risk manage your estate & infrastructure & investigate incidents faster
- 13. Immediate areas of focus What you have Where it is Where you are sending to Why you have it What form it is in How long you need to keep it Ultimately you need to know
- 14. How can you achieve this?
- 15. Understand what information you have and what you need: • Information lifecycle • Information management platform • Policies and procedures Begin with an information audit
- 16. We will create a score card to identify high risk areas RAG Status Asset Policy Governance Process Efficiency Business Critically Issue Summary C1 – Electronic documents 3 3 3 Document creation outside of the controlled document management system environment increases the risk of the development of large silos of unstructured data C2 – Paper 3 2 3 The information audit has identified inefficient processes relating to both email and electronic documents that are increasing levels of paper creation. These processes are directly linked to the firm-wide practice of maintaining a paper matter file as the primary source of information C3 – Incoming Email 4 1 2 The current process of printing emails to paper is costly and inefficient, whilst also eradicating the search and retrieval advantages that electronic information supports. Email folders are being used to store some electronic documents received by email
- 17. Create a remediation programme to deliver compliance with GDPR
- 18. For more information about GDPR please visit www.crownrms.com/gdpr Contact +44 (0)20 8443 6016 sales.uk@crownrms.com