SlideShare ist ein Scribd-Unternehmen logo

GDPR: Day 1 and beyond

Als PPTX, PDF herunterladen
NCVO - National Council for Voluntary Organisations
NCVO - National Council for Voluntary Organisations

Presentation slides from an NCVO webinar, presented by Gary Shipsey from Protecture, which took place on 15 March 2018. View the webinar recording: https://youtu.be/WxlyCKwsPzQ

Regierungs- und gemeinnützige Organisationen
1 von 26
GETTING READY FOR GDPR: DAY 1 AND BEYOND 15 MARCH 2018 GARY SHIPSEY MANAGING DIRECTOR, PROTECTURE
(1) WHAT IS THE GDPR? HOW DOES GDPR DIFFER FROM THE CURRENT LAW? 2
Same • Principles-based law (not rule based) • Principles • Key definitions • Risk 3 Greater emphasis • Transparency • Accountability • Fines shall be responsible for and be able to demonstrate compliance with the principles
(2) ACCOUNTABILITY WHAT DOES THE GDPR REQUIRE? 4
5 systematic monitoring public authority special categories / criminal convictions and offences. Core activities = large scale 1 2 3 Existing employee (if no conflict of interests) or contract out. Employer duties: • Reports > to highest management level. • Operates > independently • Adequate resources > so can meet their obligations. DPO
6 IT Fundraisi ng HR Service delivery DPO / DP Lead • Document internal analysis and position • If choose DPO = same requirements apply • “DP Lead” – ensure there is no confusion regarding their title, status, position & tasks Staff Volunteer s Supplie rs Partner s
7 Strategically accountable • Who is responsible at a senior level? Operational owner • Who drafts and updates the process / standard Tactical deliver •Which team(s) / role(s) are involved in the delivery of the process / standard
(3) WHAT IS YOUR RECORD OF PROCESSING ACTIVITY (ROPA) AND WHY IS IT KEY? 8
9 Record of Processing Activity: A record of why, and on what basis, your organisation handles personal information to meet its business objectives. The completed ROPA will be used by your organisation to: • Assist the delivery of individual rights – e.g. know where to search • Meeting transparency obligations – e.g. informing them of lawful basis for processing
10 • Provide information on the nature, scope, context and purposes of processing personal data, which is required for: • risk management with regards to your responsibilities as a Data Controller; • Data Protection by Design and by Default; • Data Protection Impact Assessments, and • risk-based decisions on information security
11 Purpose Lawful basis Transparenc y  How much to collect  Who needs to see it  Who to share it with  How long to keep it Processing activities Extent to which people can use / enforce their rights Inform people / fairness “… specified, explicit and legitimate purposes …
(4) HOW CAN YOU ACHIEVE TRANSPARENCY? IS IT AS SIMPLE AS UPDATING YOUR PRIVACY POLICY? 12
13 …user-centric rather than legalistic The practical (information) requirements are outlined in Art. 12 - 14 However, the quality, accessibility and comprehensibility of the information is as important as the actual content of the transparency information…” Article 29 Working Party Guidelines on transparency
14 ‘Privacy notice’ to describe all the privacy information you need to make available to people. It must: • Be more detailed and specific • Make notices understandable and accessible • Be audience specific • Use house-style language …still discretion for [you] to consider where the information… should be displayed in different layers of a notice.
15 Means of providing general privacy information Means of providing privacy information Baseline of specific privacy information (per Data Subject Category) Privacy Information AssessmentsUse to define how privacy information will be provide Three situations: A. Collected directly from an individual - e.g. via a form; verbally; in person. B. Come into the organisation from another source - e.g. a referral from another organisation; a public source. C. When existing personal data is to be used for a new purpose
(5) HOW DO YOU PREPARE FOR… • MANDATORY BREACH REPORTING • DATA PROTECTION BY DESIGN AND BY DEFAULT • HIGHER STANDARD CONSENT 16
17 Mandatory breach reporting • Training • Process • Decision making Higher standard consent • What have you got now? • Re-permission where needed (methods are critical) Data Protection by Design and by Default • Touch-points • Assessment
(6) WHAT DOES APPROPRIATE SECURITY LOOK LIKE? 18
19 Take into account:  state of the art + the costs of implementation  the nature, scope, context, purposes of processing  risk of varying likelihood  severity for the rights and freedoms of natural persons …the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…
(7) WHAT THE SIX STEPS TO TAKE TODAY 20
21 Objectives • Establish whether your need to appoint a formal DPO • Decide and document who will lead on managing data protection risk • The resources you are committing • Your approach to data protection training and awareness Output A record of who is leading on data protection for your organisation; the resources committed and approach to training and awareness.
22 Objectives Establish the extent to which your current procedures, policies and/or guidance deliver the GDPR’s key requirements, Make changes and/or create new procedures where required Output A set of policies, procedures and/or guidance that confirm how you will tactically deliver the key requirements of the GDPR. Objective Establish how you will monitor and report on compliance for each of the GDPR’s key requirements. Output Details of how you monitor and report on the key requirements of the GDPR.
23 Objective Establish how you will monitor and report on compliance for each of the GDPR’s key requirements. Output Details of how you monitor and report on the key requirements of the GDPR. Objective Confirm strategic accountability and operational ownership of each key GDPR requirement. Output Confirmation of who is strategically accountability for each key GDPR Requirement Framework, and who owns each one at an operational level.
24 Objective Create and maintain your Record of Processing Activity (ROPA) – the record of why, and on what basis, your organisation handles personal information to meet its business objectives. Output Your Record of Processing Activities (ROPA).
25 #1 - Readiness Assessments #2 - Management & Delivery Of Key GDPR Requirements #3 - Record Of Processing Activity #4 - Data Journeys #5 - Privacy Information Strategy #6 - Relationships #7 - Information Security Data Protection Policy Framewor k
GDPR: Day 1 and beyond

Empfohlen

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
Tinuiti
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 

Empfohlen

General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
DipanjanDey12
 
GDPR Presentation slides
GDPR Presentation slidesGDPR Presentation slides
GDPR Presentation slides
Naomi Holmes
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
IT Governance Ltd
 
California Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to ComplianceCalifornia Consumer Privacy Act (CCPA): Countdown to Compliance
California Consumer Privacy Act (CCPA): Countdown to Compliance
Tinuiti
 
Data Privacy Introduction
Data Privacy IntroductionData Privacy Introduction
Data Privacy Introduction
G Prachi
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
Cvent
 
GDPR for Dummies
GDPR for DummiesGDPR for Dummies
GDPR for Dummies
Caroline Boscher
 
Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
IT Governance Ltd
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
sp_krishna
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
Kimberly Simon MBA
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
Bozhidar Bozhanov
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
Miguel A. Amutio
 
Form 888 and Statutory Declarations for Australian Partner Visa applications
Form 888 and Statutory Declarations for Australian Partner Visa applicationsForm 888 and Statutory Declarations for Australian Partner Visa applications
Form 888 and Statutory Declarations for Australian Partner Visa applications
Fiona Chan
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
Shruthi48
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Seccuris Inc.
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
boldonjames
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
Justina Gee
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
FarhatParveen10
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
Owako Rodah
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
Komal Gadia
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
Vuzion
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
NCVO - National Council for Voluntary Organisations
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
MyComplianceOffice
 

Weitere ähnliche Inhalte

Was ist angesagt?

Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
Reza Kopaee
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
PECB
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
boldonjames
 

Was ist angesagt? (16)

Preparing for EU GDPR
Preparing for EU GDPRPreparing for EU GDPR
Preparing for EU GDPR
 
Privacy & Data Protection
Privacy & Data ProtectionPrivacy & Data Protection
Privacy & Data Protection
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
Data Loss Prevention
Data Loss PreventionData Loss Prevention
Data Loss Prevention
 
GDPR for developers
GDPR for developersGDPR for developers
GDPR for developers
 
European Cybersecurity Context
European Cybersecurity ContextEuropean Cybersecurity Context
European Cybersecurity Context
 
Form 888 and Statutory Declarations for Australian Partner Visa applications
Form 888 and Statutory Declarations for Australian Partner Visa applicationsForm 888 and Statutory Declarations for Australian Partner Visa applications
Form 888 and Statutory Declarations for Australian Partner Visa applications
 
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
Key Data Privacy Roles Explained: Data Protection Officer, Information Securi...
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials by QualsysGDPR: Training Materials by Qualsys
GDPR: Training Materials by Qualsys
 
Chapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.pptChapter 5 Planning for Security-students.ppt
Chapter 5 Planning for Security-students.ppt
 
Data Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective StrategiesData Loss Prevention: Challenges, Impacts & Effective Strategies
Data Loss Prevention: Challenges, Impacts & Effective Strategies
 
Boldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big DataBoldon James - How Data Classification can harness the power of Big Data
Boldon James - How Data Classification can harness the power of Big Data
 
Confidentiality
ConfidentialityConfidentiality
Confidentiality
 
HIPAA Complaince
HIPAA ComplainceHIPAA Complaince
HIPAA Complaince
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill An overview of the Indian Data Privacy Bill
An overview of the Indian Data Privacy Bill
 

Ähnlich wie GDPR: Day 1 and beyond

GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
MSpadea
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
MRS
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 
MRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair DataMRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair Data
MRS
 

Ähnlich wie GDPR: Day 1 and beyond (20)

GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
What does GDPR mean for your charity?
What does GDPR mean for your charity?What does GDPR mean for your charity?
What does GDPR mean for your charity?
 
Prepare Your Firm for GDPR
Prepare Your Firm for GDPRPrepare Your Firm for GDPR
Prepare Your Firm for GDPR
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
 
EU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection OfficerEU Data Protection Regulation: Role of the Data Protection Officer
EU Data Protection Regulation: Role of the Data Protection Officer
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
MRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational MeasuresMRS Operations Network: GDPR - Organisational Measures
MRS Operations Network: GDPR - Organisational Measures
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
MRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair DataMRS Code of Conduct 2019 - Changes to Fair Data
MRS Code of Conduct 2019 - Changes to Fair Data
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
UX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital ExperiencesUX & GDPR - Building Customer Trust with your Digital Experiences
UX & GDPR - Building Customer Trust with your Digital Experiences
 
GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)GDPR master class accountable research organisations (january 2018)
GDPR master class accountable research organisations (january 2018)
 

Mehr von NCVO - National Council for Voluntary Organisations

NCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance CodeNCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance Code
NCVO - National Council for Voluntary Organisations
 
Easing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staffEasing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staff
NCVO - National Council for Voluntary Organisations
 
Easing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staffEasing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staff
NCVO - National Council for Voluntary Organisations
 

Mehr von NCVO - National Council for Voluntary Organisations (20)

AGM 2022: Vision for Volunteering
AGM 2022: Vision for VolunteeringAGM 2022: Vision for Volunteering
AGM 2022: Vision for Volunteering
 
AGM 2022: Building networks
AGM 2022: Building networksAGM 2022: Building networks
AGM 2022: Building networks
 
AGM 2022: Membership
AGM 2022: MembershipAGM 2022: Membership
AGM 2022: Membership
 
AGM 2022: Time Well Spent
AGM 2022: Time Well SpentAGM 2022: Time Well Spent
AGM 2022: Time Well Spent
 
AGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace reviewAGM 2022: Undertaking a governace review
AGM 2022: Undertaking a governace review
 
National Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staffNational Volunteering Forum: Engaging volunteers and paid staff
National Volunteering Forum: Engaging volunteers and paid staff
 
Improving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to considerImproving organisational resilience: What trustees need to consider
Improving organisational resilience: What trustees need to consider
 
NCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance CodeNCVO webinar: An update on changes to the Charity Governance Code
NCVO webinar: An update on changes to the Charity Governance Code
 
Undertaking a governance effectiveness review
Undertaking a governance effectiveness reviewUndertaking a governance effectiveness review
Undertaking a governance effectiveness review
 
NCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentialsNCVO/Zurich webinar: Beyond cyber essentials
NCVO/Zurich webinar: Beyond cyber essentials
 
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyondNCVO/Zurich webinar: Safeguarding through covid-19 and beyond
NCVO/Zurich webinar: Safeguarding through covid-19 and beyond
 
Decision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and mergerDecision making in a crisis: Collaboration and merger
Decision making in a crisis: Collaboration and merger
 
Easing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staffEasing of lockdown practical considerations for managing and support staff
Easing of lockdown practical considerations for managing and support staff
 
How to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertaintyHow to manage operational change in a time of uncertainty
How to manage operational change in a time of uncertainty
 
Easing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staffEasing of lockdown – practical considerations for managing and supporting staff
Easing of lockdown – practical considerations for managing and supporting staff
 
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
NCVO webinar: Volunteering in a pandemic: Lessons from volunteering organisat...
 
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells usNCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
NCVO webinar: UK Civil Society Almanac 2020: What the latest data tells us
 
NCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to workNCVO Webinar: Legal and practical considerations for returning to work
NCVO Webinar: Legal and practical considerations for returning to work
 
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
NCVO Webinar: Board Leadership: Supporting your charity through the next phas...
 
NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...NCVO/CFG Webinar: Financial management and accessing government funding combi...
NCVO/CFG Webinar: Financial management and accessing government funding combi...
 

Kürzlich hochgeladen

Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Priya Reddy
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
kumargunjan9515
 
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Sareena Khatun
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
SERUDS INDIA
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Sareena Khatun
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
gajnagarg
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Namrata Singh
 
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery ServicePrivate Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
kumargunjan9515
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Delhi Call girls
 

Kürzlich hochgeladen (20)

Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In MumbaiVasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
Vasai Call Girls In 07506202331, Nalasopara Call Girls In Mumbai
 
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
Delivery in 20 Mins Call Girls Malappuram { 9332606886 } VVIP NISHA Call Girl...
 
74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx74th Amendment of India PPT by Piyush(IC).pptx
74th Amendment of India PPT by Piyush(IC).pptx
 
Lorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final PresentationLorain Road Business District Revitalization Plan Final Presentation
Lorain Road Business District Revitalization Plan Final Presentation
 
tOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTRtOld settlement register shouldnotaffect BTR
tOld settlement register shouldnotaffect BTR
 
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
Call Girls Koregaon Park - 8250092165 Our call girls are sure to provide you ...
 
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition PlansSustainability by Design: Assessment Tool for Just Energy Transition Plans
Sustainability by Design: Assessment Tool for Just Energy Transition Plans
 
sponsor for poor old age person food.pdf
sponsor for poor old age person food.pdfsponsor for poor old age person food.pdf
sponsor for poor old age person food.pdf
 
AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024AHMR volume 10 number 1 January-April 2024
AHMR volume 10 number 1 January-April 2024
 
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
Cheap Call Girls In Hyderabad Phone No 📞 9352988975 📞 Elite Escort Service Av...
 
An Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCCAn Atoll Futures Research Institute? Presentation for CANCC
An Atoll Futures Research Institute? Presentation for CANCC
 
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
Genuine Call Girls in Salem 9332606886 HOT & SEXY Models beautiful and charm...
 
9867746289 Independent Call Girls in Mumbai Airport 24/7 - Mumbai Escorts
9867746289 Independent Call Girls in Mumbai Airport 24/7 - Mumbai Escorts9867746289 Independent Call Girls in Mumbai Airport 24/7 - Mumbai Escorts
9867746289 Independent Call Girls in Mumbai Airport 24/7 - Mumbai Escorts
 
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
Top profile Call Girls In Haldia [ 7014168258 ] Call Me For Genuine Models We...
 
Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019Contributi dei parlamentari del PD - Contributi L. 3/2019
Contributi dei parlamentari del PD - Contributi L. 3/2019
 
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
Kolkata Call Girls Halisahar 💯Call Us 🔝 8005736733 🔝 💃 Top Class Call Girl ...
 
Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'Coastal Protection Measures in Hulhumale'
Coastal Protection Measures in Hulhumale'
 
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery ServicePrivate Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
Private Call Girls Bidar 9332606886Call Girls Advance Cash On Delivery Service
 
2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.2024 UN Civil Society Conference in Support of the Summit of the Future.
2024 UN Civil Society Conference in Support of the Summit of the Future.
 
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
Vivek @ Cheap Call Girls In Kamla Nagar | Book 8448380779 Extreme Call Girls ...
 

GDPR: Day 1 and beyond

  • 1. GETTING READY FOR GDPR: DAY 1 AND BEYOND 15 MARCH 2018 GARY SHIPSEY MANAGING DIRECTOR, PROTECTURE
  • 2. (1) WHAT IS THE GDPR? HOW DOES GDPR DIFFER FROM THE CURRENT LAW? 2
  • 3. Same • Principles-based law (not rule based) • Principles • Key definitions • Risk 3 Greater emphasis • Transparency • Accountability • Fines shall be responsible for and be able to demonstrate compliance with the principles
  • 4. (2) ACCOUNTABILITY WHAT DOES THE GDPR REQUIRE? 4
  • 5. 5 systematic monitoring public authority special categories / criminal convictions and offences. Core activities = large scale 1 2 3 Existing employee (if no conflict of interests) or contract out. Employer duties: • Reports > to highest management level. • Operates > independently • Adequate resources > so can meet their obligations. DPO
  • 6. 6 IT Fundraisi ng HR Service delivery DPO / DP Lead • Document internal analysis and position • If choose DPO = same requirements apply • “DP Lead” – ensure there is no confusion regarding their title, status, position & tasks Staff Volunteer s Supplie rs Partner s
  • 7. 7 Strategically accountable • Who is responsible at a senior level? Operational owner • Who drafts and updates the process / standard Tactical deliver •Which team(s) / role(s) are involved in the delivery of the process / standard
  • 8. (3) WHAT IS YOUR RECORD OF PROCESSING ACTIVITY (ROPA) AND WHY IS IT KEY? 8
  • 9. 9 Record of Processing Activity: A record of why, and on what basis, your organisation handles personal information to meet its business objectives. The completed ROPA will be used by your organisation to: • Assist the delivery of individual rights – e.g. know where to search • Meeting transparency obligations – e.g. informing them of lawful basis for processing
  • 10. 10 • Provide information on the nature, scope, context and purposes of processing personal data, which is required for: • risk management with regards to your responsibilities as a Data Controller; • Data Protection by Design and by Default; • Data Protection Impact Assessments, and • risk-based decisions on information security
  • 11. 11 Purpose Lawful basis Transparenc y  How much to collect  Who needs to see it  Who to share it with  How long to keep it Processing activities Extent to which people can use / enforce their rights Inform people / fairness “… specified, explicit and legitimate purposes …
  • 12. (4) HOW CAN YOU ACHIEVE TRANSPARENCY? IS IT AS SIMPLE AS UPDATING YOUR PRIVACY POLICY? 12
  • 13. 13 …user-centric rather than legalistic The practical (information) requirements are outlined in Art. 12 - 14 However, the quality, accessibility and comprehensibility of the information is as important as the actual content of the transparency information…” Article 29 Working Party Guidelines on transparency
  • 14. 14 ‘Privacy notice’ to describe all the privacy information you need to make available to people. It must: • Be more detailed and specific • Make notices understandable and accessible • Be audience specific • Use house-style language …still discretion for [you] to consider where the information… should be displayed in different layers of a notice.
  • 15. 15 Means of providing general privacy information Means of providing privacy information Baseline of specific privacy information (per Data Subject Category) Privacy Information AssessmentsUse to define how privacy information will be provide Three situations: A. Collected directly from an individual - e.g. via a form; verbally; in person. B. Come into the organisation from another source - e.g. a referral from another organisation; a public source. C. When existing personal data is to be used for a new purpose
  • 16. (5) HOW DO YOU PREPARE FOR… • MANDATORY BREACH REPORTING • DATA PROTECTION BY DESIGN AND BY DEFAULT • HIGHER STANDARD CONSENT 16
  • 17. 17 Mandatory breach reporting • Training • Process • Decision making Higher standard consent • What have you got now? • Re-permission where needed (methods are critical) Data Protection by Design and by Default • Touch-points • Assessment
  • 18. (6) WHAT DOES APPROPRIATE SECURITY LOOK LIKE? 18
  • 19. 19 Take into account:  state of the art + the costs of implementation  the nature, scope, context, purposes of processing  risk of varying likelihood  severity for the rights and freedoms of natural persons …the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk…
  • 20. (7) WHAT THE SIX STEPS TO TAKE TODAY 20
  • 21. 21 Objectives • Establish whether your need to appoint a formal DPO • Decide and document who will lead on managing data protection risk • The resources you are committing • Your approach to data protection training and awareness Output A record of who is leading on data protection for your organisation; the resources committed and approach to training and awareness.
  • 22. 22 Objectives Establish the extent to which your current procedures, policies and/or guidance deliver the GDPR’s key requirements, Make changes and/or create new procedures where required Output A set of policies, procedures and/or guidance that confirm how you will tactically deliver the key requirements of the GDPR. Objective Establish how you will monitor and report on compliance for each of the GDPR’s key requirements. Output Details of how you monitor and report on the key requirements of the GDPR.
  • 23. 23 Objective Establish how you will monitor and report on compliance for each of the GDPR’s key requirements. Output Details of how you monitor and report on the key requirements of the GDPR. Objective Confirm strategic accountability and operational ownership of each key GDPR requirement. Output Confirmation of who is strategically accountability for each key GDPR Requirement Framework, and who owns each one at an operational level.
  • 24. 24 Objective Create and maintain your Record of Processing Activity (ROPA) – the record of why, and on what basis, your organisation handles personal information to meet its business objectives. Output Your Record of Processing Activities (ROPA).
  • 25. 25 #1 - Readiness Assessments #2 - Management & Delivery Of Key GDPR Requirements #3 - Record Of Processing Activity #4 - Data Journeys #5 - Privacy Information Strategy #6 - Relationships #7 - Information Security Data Protection Policy Framewor k

Hinweis der Redaktion

  1. (1) what are the GDPR principles – what is changing, and what is staying the same? (2) what does accountability look like under GDPR? (3) what is your Record of Processing Activity (ROPA) – and why is it key (4) how can you achieve transparency – is it as simple as updating your privacy policy? (5) how do you prepare for mandatory breach reporting; Data Protection by Design and by Default and DPO role and the higher standard of consent? (6) what does appropriate security look like? (7) what the five key steps to take today.