What is GDPR and why does it matter to me?
•
2 likes•2,491 views
An introduction to the most radical changes to data protection in the last 10 years. Stephan Chandler-Garcia from Digital Catapult gives you an overview of the General Data Protection Regulation and how you can stay ahead of the curve as a Salesforce user. We will be looking at new ways of thinking about your customers data and new ways of managing consent.
Recommended
More Related Content
What's hot
What's hot (20)
Viewers also liked
Viewers also liked (20)
Similar to What is GDPR and why does it matter to me?
Similar to What is GDPR and why does it matter to me? (20)
More from Desynit
More from Desynit (8)
Recently uploaded
Recently uploaded (20)
What is GDPR and why does it matter to me?
- 1. What is GDPR and why does it matter to me? stephanwgarcia@gmail.com @sgarcia421 Stephan Garcia CRM Manager, Digital Catapult
- 2. So what is the GDPR… The General Data Protection Regulation 25th May, 2018 The GDPR is characterised as wide-sweeping data reform that brings power back into the hand of the individual. • Awareness • Consent • Control • Responsibility …and why does it matter?
- 3. Data Protection Data Protection Through the Years 1984 – Data Protection Act 1987 – Access to Personal Files Act 1995 – EU Data Protection Directive 1998 – Data Protection Act (DPA) 2001 – Windows XP 2003 – Privacy and Electronic Communications Regulations (EC Directive) 2008 - iPhone A Brief History (1997)
- 4. The BIG Difference B2B vs B2C Historically, it has come down to interpretation as the enforcement in the B2B world has always been lacking. Personal Data Personal data means data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Source: ico.co.uk
- 5. The Problem CRM is DRIVEN by Personal Data How do you fight the theory that “If it doesn't exist within salesforce, it doesn't exist” Customer Relationship Management As Salesforce Professionals, we must start changing the way that we think about data.
- 6. The Problem “Personal data shall be adequate, relevant and not excessive in relation to the purpose or purposes for which they are processed.” Customer Relationship Management
- 7. Awareness There are two things every website has in common, a Privacy Policy and Terms & Conditions It is imperative that your data processing is outlined in both of these! Salesforce is not exempt from this! Make sure that your customers know how and why you are using their data! When asked why you’re collecting any piece of information, you need must be able to provide a reasonable explication. What can I do? • Gather your stakeholders together and review your Privacy Policy & Terms & Conditions • Create a “Data Story” that enables you to explain the way that data travels through your organisation • BONUS TIP! Make sure that that this story has an ending! Transparency is Key!
- 8. Awareness Transparency is Key! More Info: http://bit.ly/DigicatPDR POC: Personal Data Receipts Treating personal data submissions as transactions • Increased visibility of data practice • Multi layered opt-in • Accessibility
- 9. Consent Pre-ticked checkboxes are a thing of the past This is defined in the regulation, you must have explicit consent from the individual Recording of Consent You must keep a thorough record of when/when consent was obtained What can I do? • Get rid of any pre-ticked checkboxes!!! • Make sure you store the source of the opt-in and date on every level of opt-in. • Review your data and make sure that you have a general idea of the source of opt-in as you aren’t required re-request this information as long as you are comfortable that it was not obtained illegally. “Explicit Consent”
- 10. Control The Right to Be Forgotten The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing. The Right to Be Forgotten
- 11. Control The Right to be Forgotten Any Individual has the right to have their data erased, without undue delay. This applies when the use of the data is complete(eg. ending of service agreement) or when was collected or processed unlawfully. Subject Access Requests Similar to the Freedom of Information Act, this requires you to promptly disclose any information you have on an individual. This must be via electronic communication and completed within 30 days. This has existed in the past, but was at a cost. What can I do? • Make sure you know where all personal data sits within Salesforce as well as discuss with your team where other data might sit around the business. • Create a checklist that enables you to track the deletion of data • Create an easy way for your customers to request their data and/or erasure The Right to Be Forgotten
- 12. Responsibility The Data Processor, eg. Salesforce, is equally responsible as the Controller(you) The processor must provide guidance and education to their users to make sure that best practice is being followed. Protection Impact Assessments The ICO has a right to request proof that an PIA has been completed Protection Impact Assessments Infringement of the following GDPR provisions are subject to administrative fines up to €20,000,000 or in the case of undertakings, up to 4% of global turnover, whichever is higher. “But Salesforce made me do it!!!”
- 13. Resources The ICO – 12 Steps to Prepare Yourself for the GDPR http://bit.ly/ico12steps ICO – Guidance for Consent (more to come) http://bit.ly/icoConsent ICO - GDPR Overview http://bit.ly/icoGDPRoverview Trust the ICO
- 14. Thank Y u