A presentation from a dedicated webinar on GDPR with Carmel Granahan & Andrea Manning from OnePageCRM and special guest Data Protection and Privacy Law specialist Philipa Jane Farley.
Key areas of focus include:
- An overview of GDPR and what it means to your business
- How to utilize fields in OnePageCRM to enable you to implement better GDPR compliant processes
- How to do a legitimate interest assessment
and
- The most frequently asked GDPR questions.
1. GDPR, OnePageCRM and Your Business
Tackling GDPR - one bite at
a time
Please wait. The webinar will start shortly....
2. Carmel Granahan
Head of Customer
Success, OnePageCRM
Your speakers today….
Philipa Jane Farley
Data Protection and Privacy Law
Specialist
Andrea Manning
GDPR Lead, OnePageCRM
3. WE’VE SPENT A LOT OF TIME WITH GDPR AND LIKE TO THINK WE’VE BEEN THOUGHTFUL ABOUT
ITS INTENT AND MEANING. BUT THE APPLICATION OF GDPR IS HIGHLY FACT-SPECIFIC, AND
NOT ALL ASPECTS AND INTERPRETATIONS OF GDPR ARE WELL-SETTLED.
AS A RESULT, THIS PRESENTATION IS PROVIDED FOR INFORMATIONAL PURPOSES ONLY AND
SHOULD NOT BE RELIED UPON AS LEGAL ADVICE OR TO DETERMINE HOW GDPR MIGHT APPLY
TO YOU AND YOUR ORGANISATION. WE ENCOURAGE YOU TO WORK WITH A LEGALLY
QUALIFIED PROFESSIONAL TO DISCUSS GDPR, HOW IT APPLIES SPECIFICALLY TO YOUR
ORGANISATION, AND HOW BEST TO ENSURE COMPLIANCE.
DISCLAIMER
4. Welcome
Today’s Agenda
❏ An overview of GDPR, the roles, lawful processing of
data, consent v’s legitimate interest
❏ How to utilize fields in OnePageCRM to enable you to
implement better GDPR compliant processes (demo)
❏ How to do a legitimate interest assessment
❏ Most frequently asked GDPR questions
❏ Live Q & A
5. GDPR requirements and OnePageCRM
Individual rights
❏ The right to access information (subject access request) - Export
data
❏ The right to erasure - Delete the data from OnePageCRM (option in
bulk / individually) & also delete your account
❏ The right to data portability - Export data
❏ The right to rectification - Edit contact and update user profile
6. Lawful processing and OnePageCRM
1. Explicit consent (Marketing)
How to achieve with OnepageCRM? Webform > OnePageCRM (custom fields)
2. Performance of contract
How to achieve with OnepageCRM? (Status labels)
3. Legitimate interest
How to track with OnepageCRM? (Status labels, lead source, date created, custom fields)
8. WELCOME
DOES GDPR APPLY TO YOU?
▸ The GDPR is applicable to the processing of personal data by businesses
established in and operating outside the European Union (“the EU”). If your
company is established in the EU, the provisions of the GDPR are
applicable to your processing of personal data in the context of the activities
of your EU establishment(s).
▸ If your company is not established in the EU, the new law is applicable to
your processing of the personal data of individuals in the EU with
regard to the offering of goods or services (regardless of whether payment
is involved) and to the monitoring of an individual’s behaviour (in so far as
that behaviour takes place within the EU).
▸
10. GDPR AND YOU
ONEPAGECRM - YOUR PROCESSOR
1. Processor needs to be GDPR compliant
2. The data processor can’t bring in other data processors unless he has notified the Controller, and has permission to do so
3. There also must be a contract between the data processor and data controller that should clearly mention the subject-matter, duration, nature and purpose
of the involved data processing
3. Keep records of all processing and provide secure processing
4. Common duties and shared liability
5. Assist the Controller in meeting their responsibilities
13. GDPR AND YOU
TELL YOUR SALESPEOPLE
1. Gather only data you need and make
sure you have lawful grounds to
process this
2. Be open about your actions and
prepare for data subject requests
3. Keep the data safe and delete it when
you’re finished with it
15. TRANSPARENCY
6 Principles
▸ PURPOSE - Disclose your purpose for processing, current and future
▸ LEGITIMATE INTEREST - Disclose your grounds for legitimate interest
▸ RETENTION PERIODS - Disclose your expected data retention periods
▸ 3RD PARTY PROCESSORS - Disclose where you’re sending the data
▸ DATA SAFEGUARDS - Disclose the data safeguards you have in place to secure and protect your user’s data
▸ EASY OPT OUT - You must make it easy to opt out
16. TRANSPARENCY
RETENTION
PERIODS
▸ Disclose your
expected data
retention
periods
HOW
‣ PRIVACY POLICY
‣ ADD DATE FIELDS TO TRACK WHEN
CONTACT WAS ADDED, LAST
CONTACT
‣ BULK UPDATE FOR HOUSEKEEPING
‣ GENERAL GUIDELINE:
- CUSTOMERS = 12 MONTHS
- PROSPECTS = 3-6 MONTHS
19. TRANSPARENCY
LAWFUL
PROCESSING
1. Explicit consent for each purpose of
use
2. Performance of Contract
3. Legal Obligation
4. Vital Interest of Individual
5. Public Interest - Official Authority
6. Legitimate Interest
Article 6: Lawfulness of processing
20. TRANSPARENCY
CONSENT
1. Explicit consent for each purpose of use
2. Unambiguous
3. Freely Given
4. Informed
5. Clear affirmative action
6. As easy to withdraw as it is to provide
7. Maintained as proof that it was provided
Article 7: Conditions of Consent
25. TRANSPARENCY
INDIVIDUAL RIGHTS
ARTICLE 16: RIGHT TO RECTIFICATION
ARTICLE 17: RIGHT TO ERASURE
ARTICLE 18: RIGHT TO
RESTRICTION
ARTICLE 20: RIGHT TO PORTABILITYARTICLE 15: RIGHT OF ACCESS
29. THE GDPR STATES THAT THE
PROCESSING OF PERSONAL DATA FOR
DIRECT MARKETING PURPOSES MAY BE
CARRIED OUT FOR LEGITIMATE
INTEREST
With proviso’s…..
RECITAL 70
30. RECITAL 70
DIRECT MARKETING
▸ Have a relevant and appropriate relationship with them
▸ Show that there is a balance of interests between the
organisation and the person receiving the marketing.
▸ Tell them you are going to market to them
▸ Show them how to opt out of receiving marketing from you
34. SUMMARY
▸ LOG YOUR LEGAL BASIS
▸ GET CONSENT FOR MARKETING
▸ LOG THE DATE
▸ KEEP A REGISTER OF YOUR RATIONALISATIONS/DECISIONS
▸ LIMIT OR EXCLUDE STORING SENSITIVE DATA
▸ IF DOESN’T FEEL RIGHT, IT OFTEN ISN’T
▸ DELETE, DELETE, DELETE
35. Useful resources / links
▸ http://gdprandyou.ie
▸ https://gdpr-info.eu (official pdf of the regulation, neatly arranged as a
website)
▸ https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regul
ation-gdpr/
▸ https://philipajane.com
▸ https://www.onepagecrm.com/sales-resources/gdpr-cheat-sheet