SlideShare ist ein Scribd-Unternehmen logo
1 von 46
Downloaden Sie, um offline zu lesen
GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
● Introduction: the fundamentals
● The 10 questions for marketeers, 1
year after
● To go further
● Q & A
Content
Introduction
The fundamentals
What is personal data?
Example: a name, a number, an email address, location
data, etc.
ANY information relating to an
identified or identifiable NATURAL
person.
“
Data processing basics
Consent
Legitimate interest
Contract
Legal obligations
Vital interests of the data subject
Public interest
10 questions for marketeers,
1 year after
Question 1
How to obtain consent?
“
How to obtain consent?
Consent must be expressed by simple and specific
means.
It must be:
● Freely given
● Specific
● Informed
● Unambiguous
Question 2
How to send commercial
solicitations electronically, without
violating privacy rights, in a B2C
relationship?
“
How to send commercial solicitations electronically,
without violating privacy rights, in a B2C relationship?
● The controller needs the prior consent of the consumer to receive such
messages (opt-in).
● The data subject can retrieve his consent anytime
● The controller is required by the GDPR to provide clear information for
both commercial and other forms of direct marketing.
How to send commercial solicitations electronically,
without violating privacy rights, in a B2C relationship?
Postal & Telephone = not necessary to obtain consent, as
long as the person has not exercised his or her right to
object.
Digital = need to obtain consent.
How to send commercial solicitations electronically,
without violating privacy rights, in a B2C relationship?
What uses should be excluded in commercial prospecting?
Avoid collecting email addresses of individuals on websites
or discussion forums.
Do not, NEVER, pre-ticked opt-in boxes.
Never make access to a service or the purchase of a good
conditional on the acceptance.
Question 3
And in a B2B relationship?
“
How to send commercial solicitations electronically in
a B2B relationship?
● Prior information is required
● Right to object (and it has to be simple and free)
● The subject of the solicitation must be related to
the profession of the data subject.
How to send commercial solicitations electronically in
a B2B relationship?
Can we still send marketing emails to info@,
contact@ addresses?
YES - They are not personal data.
Except if...
The address contains the first and last name of the
professional.
Question 4
In which cases you do not need to
obtain consent?
“
In which cases you do not need to obtain
consent?
If...
● Business email address
● Message subject is related to
the profession of the data
subject
If...
● Similar products or services
have been acquired previously
from the same company
B2B B2C
But…
● Information of the data subject
● Right to object
Question 5
Is it allowed to reuse collected
data for purposes other than those
for which they were initially
collected?
“
The purpose of data processing
No
1 consent ↔ 1 purpose
(consent is specific)
Examples:
Subscribe to a newsletter
VS Receive offers from partners
VS processing of data in the context of an online contest
...
Question 6
Can I transmit the collected data
to business partners?
“
Can I transmit the collected data to business partners?
● The person must give his or her consent before any transmission to
partners.
● Information about the identity of the partners must be provided to the
data subject.
● The person must be informed of changes and modifications to the list
of partners, in particular when it comes to the arrival of new partners.
● The consent that the company has obtained to collect data on behalf of
its partners is only valid for the latter.
Yes but..
Can I transmit the collected data to business partners?
Some essential information needs to be provided
● The name of the company that transmitted the data to the
partners
● The identity of the partners and an updated list of them
The purposes of the processing
● The rights of the data subjects.
The right to object shall be exercised either with the
partner or with the company initiating the initial
collection of data.
Question 7
What about Switzerland, the USA
and Brexit?
“
What about Switzerland, the USA and the UK?
Central point of the GDPR = the individual, the European
citizen.
...Therefore, the GDPR also applies beyond the EU, when
the processing of personal data concerns an EU
resident.
Switzerland
Adequacy decision = a third country provides a comparable
level of protection of personal data to that in the European
Union
Third countries that are concerned:
Switzerland, Andorra, Argentina, Canada, the Isle of Man,
Guernsey, Israel, Jersey, New Zealand, Uruguay and Japan.
What about Switzerland, the USA and the UK?
The United-States
No general data protection law but a self-certification
mechanism, better known as Privacy Shield.
Privacy Shield = "partial" adequacy decision because data transfer is
only facilitated for companies that are committed to the principles of
this Privacy Shield.
July 2018: the European Parliament discredited this system.
What about Switzerland, the USA and the UK?
The UK (and the Brexit)
● If the agreement with the EU is approved: There will be a
transitional period of 2 years.
● If no agreement: the UK will be considered a third country
from the 1st
of November 2019.
What about Switzerland, the USA and the UK?
Question 8
What about GDPR and social
media marketing?
“
GDPR and social media marketing
Collecte through a Facebook page
Wirtschaftakademie: the page owner is co-controller
The use of publicly available data
(and the example of election propaganda)
Question 9
Quick update on Security and
Data Retention: what are the best
practices?
“
Data security and retention
Physical security = locked closets.
IT security
Security passwords (regularly
changed) & a unique identifier per
person.
Data security and retention
Question 10
What about the Status of
sanctions?
“
What about the sanctions’ status?
The French Data Protection Authority sanctions both large companies,
such as Google and smaller ones, see the example of Grand Optical.
Examples:
● Google: fined €50 million for its lack of transparency and information.
● Real estate: approached owners of real estate properties for sale by
phone message without their consent.
● Facebook: £500.000 in the UK, €10 million in Italy, a bit more than a
million euros in Spain, €150.000 in Belgium and France.
Bonus Question 1
How to process information
retrieved during events?
“
How to process information retrieved during events?
● Retrieval of the list by the speaker
● Mobile apps
● Trade Show
Bonus Question 2
What will happen in terms of
GDPR and e-Privacy in the future?
“
What will happen in terms of GDPR and e-Privacy in the
future?
● New sanctions, especially in Belgium;
● Extend international trade with new agreements of the same type;
● E-privacy Regulation Proposal concerning the protection of personal
data and privacy in the electronic communications sector.
Bonus Question 3
How to motivate consumers to
share their personal data?
“
How to motivate consumers to share their personal
data?
● Monetize the sharing of personal data.
● Privacy policy: clear & transparent information.
To go further
The Qualifio platform
CREATE PUBLISH COLLECT DATA GET RESULTS SEGMENT &
MONETISE
The GDPR Toolbox
Goal: give the DPO a total control
over any data manipulation within
Qualifio
● Erasure
● Export
● Data protection texts
● Logs
● Advanced management of
access rights
● ...
Additional resources
qualifio.com/blog
Lex4u: experienced GDPR tutors
All our courses can be organised via Webinar or in your offices
Feel free to contact us:
info@lex4u.com
Adeline Balza
info@lex4u.com
Tabata Vossen
tabata@qualifio.com

Weitere ähnliche Inhalte

Was ist angesagt?

9 Practical Steps 2 GDPR Compliance
9 Practical Steps 2 GDPR Compliance9 Practical Steps 2 GDPR Compliance
9 Practical Steps 2 GDPR ComplianceAndreas Batsis
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyKate Chan
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsPost Media
 
General data protection
General data protectionGeneral data protection
General data protectionBrijeshR3
 
How to get email right in 2018
How to get email right in 2018How to get email right in 2018
How to get email right in 2018Mailjet
 
Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gerard Wilkinson
 
Legal aspects-of-doing-tourist-business-in-belarus
Legal aspects-of-doing-tourist-business-in-belarusLegal aspects-of-doing-tourist-business-in-belarus
Legal aspects-of-doing-tourist-business-in-belaruschuckluger
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regimeijtsrd
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection GuidelinesDavid Scanlon
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018TRA - Tax Representative Alliance
 

Was ist angesagt? (11)

9 Practical Steps 2 GDPR Compliance
9 Practical Steps 2 GDPR Compliance9 Practical Steps 2 GDPR Compliance
9 Practical Steps 2 GDPR Compliance
 
No Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data PrivacyNo Man is an Island: The Battle for Data Privacy
No Man is an Island: The Battle for Data Privacy
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
General data protection
General data protectionGeneral data protection
General data protection
 
How to get email right in 2018
How to get email right in 2018How to get email right in 2018
How to get email right in 2018
 
Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017Gdpr 2017 Hotel survey results 7 dec 2017
Gdpr 2017 Hotel survey results 7 dec 2017
 
Legal aspects-of-doing-tourist-business-in-belarus
Legal aspects-of-doing-tourist-business-in-belarusLegal aspects-of-doing-tourist-business-in-belarus
Legal aspects-of-doing-tourist-business-in-belarus
 
Cross-Border Internet Sales to Russia
Cross-Border Internet Sales to RussiaCross-Border Internet Sales to Russia
Cross-Border Internet Sales to Russia
 
GDPR A Privacy Regime
GDPR A Privacy RegimeGDPR A Privacy Regime
GDPR A Privacy Regime
 
Data Protection Guidelines
Data Protection GuidelinesData Protection Guidelines
Data Protection Guidelines
 
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
"The EU General Data Protection Regulation: GDPR" - TRA Annual Meeting 2018
 

Ähnlich wie GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio

GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketingSpotler
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in BerlinMailjet
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongLouise Owens
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownAgile PR
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Lauren Isaacs
 
GDPR training
GDPR training GDPR training
GDPR training ASL
 
How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019TechSoup Canada
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
Data privacy presentation
Data privacy presentationData privacy presentation
Data privacy presentationTravers Morgan
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burdenIRIS
 
The Marketing Guide to GDPR Compliance
The Marketing Guide to GDPR ComplianceThe Marketing Guide to GDPR Compliance
The Marketing Guide to GDPR ComplianceSteven Macdonald
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.jatharrison
 

Ähnlich wie GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio (20)

GDPR changes affect direct marketing
GDPR changes affect direct marketingGDPR changes affect direct marketing
GDPR changes affect direct marketing
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
 
How will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett LongHow will GDPR affect your business - Marketing Fox & Birkett Long
How will GDPR affect your business - Marketing Fox & Birkett Long
 
Jowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens ScownJowanna Conboye - Stephens Scown
Jowanna Conboye - Stephens Scown
 
Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?Cobb Digital Bitesize workshop - GDPR, are you compliant?
Cobb Digital Bitesize workshop - GDPR, are you compliant?
 
GDPR training
GDPR training GDPR training
GDPR training
 
How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019
 
Gdpr zilla
Gdpr zillaGdpr zilla
Gdpr zilla
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
B2: Fundraising in an age of GDPR
B2: Fundraising in an age of GDPRB2: Fundraising in an age of GDPR
B2: Fundraising in an age of GDPR
 
Data privacy presentation
Data privacy presentationData privacy presentation
Data privacy presentation
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
 
Opportunity or burden
Opportunity or burdenOpportunity or burden
Opportunity or burden
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
The Marketing Guide to GDPR Compliance
The Marketing Guide to GDPR ComplianceThe Marketing Guide to GDPR Compliance
The Marketing Guide to GDPR Compliance
 
Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.Who ownes the customer? Privacy in the connected age.
Who ownes the customer? Privacy in the connected age.
 
GDPR FAQ'S
GDPR FAQ'SGDPR FAQ'S
GDPR FAQ'S
 

Kürzlich hochgeladen

An introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditAn introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditSHRADDHA PANDIT
 
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfIslamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfNo One
 
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...Anadi Tewari
 
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...SHRADDHA PANDIT
 
The Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateThe Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateBTL Law P.C.
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Dr. Oliver Massmann
 
Patents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsPatents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsAurora Consulting
 
Classification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsClassification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsSyedaAyeshaTabassum1
 
xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.mike689707
 

Kürzlich hochgeladen (10)

An introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha PanditAn introduction to Indian Contract Act, 1872 by Shraddha Pandit
An introduction to Indian Contract Act, 1872 by Shraddha Pandit
 
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdfIslamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
Islamabad High Court Judges wrote a letter to Supreme Judicial Council.pdf
 
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
ArtificiaI Intelligence based Cyber Forensic Tools: Relevancy and Admissibili...
 
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
Women and the World of Climate Change- A Conceptual Foundation by Shraddha Pa...
 
The Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a TemplateThe Ultimate Guide to Drafting Your Separation Agreement with a Template
The Ultimate Guide to Drafting Your Separation Agreement with a Template
 
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
Corporate Sustainability Due Diligence Directive (CSDDD or the EU Supply Chai...
 
Patents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future SolutionsPatents and AI: Current Tools, Future Solutions
Patents and AI: Current Tools, Future Solutions
 
Classification of Contracts in Business Regulations
Classification of Contracts in Business RegulationsClassification of Contracts in Business Regulations
Classification of Contracts in Business Regulations
 
xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.xLran: Open source AI for legal hackers.
xLran: Open source AI for legal hackers.
 
Criminalizing Disabilities & False Confessions
Criminalizing Disabilities & False ConfessionsCriminalizing Disabilities & False Confessions
Criminalizing Disabilities & False Confessions
 

GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio

  • 2. ● Introduction: the fundamentals ● The 10 questions for marketeers, 1 year after ● To go further ● Q & A Content
  • 4. What is personal data? Example: a name, a number, an email address, location data, etc. ANY information relating to an identified or identifiable NATURAL person. “
  • 5. Data processing basics Consent Legitimate interest Contract Legal obligations Vital interests of the data subject Public interest
  • 6. 10 questions for marketeers, 1 year after
  • 7. Question 1 How to obtain consent? “
  • 8. How to obtain consent? Consent must be expressed by simple and specific means. It must be: ● Freely given ● Specific ● Informed ● Unambiguous
  • 9. Question 2 How to send commercial solicitations electronically, without violating privacy rights, in a B2C relationship? “
  • 10. How to send commercial solicitations electronically, without violating privacy rights, in a B2C relationship? ● The controller needs the prior consent of the consumer to receive such messages (opt-in). ● The data subject can retrieve his consent anytime ● The controller is required by the GDPR to provide clear information for both commercial and other forms of direct marketing.
  • 11. How to send commercial solicitations electronically, without violating privacy rights, in a B2C relationship? Postal & Telephone = not necessary to obtain consent, as long as the person has not exercised his or her right to object. Digital = need to obtain consent.
  • 12. How to send commercial solicitations electronically, without violating privacy rights, in a B2C relationship? What uses should be excluded in commercial prospecting? Avoid collecting email addresses of individuals on websites or discussion forums. Do not, NEVER, pre-ticked opt-in boxes. Never make access to a service or the purchase of a good conditional on the acceptance.
  • 13. Question 3 And in a B2B relationship? “
  • 14. How to send commercial solicitations electronically in a B2B relationship? ● Prior information is required ● Right to object (and it has to be simple and free) ● The subject of the solicitation must be related to the profession of the data subject.
  • 15. How to send commercial solicitations electronically in a B2B relationship? Can we still send marketing emails to info@, contact@ addresses? YES - They are not personal data. Except if... The address contains the first and last name of the professional.
  • 16. Question 4 In which cases you do not need to obtain consent? “
  • 17. In which cases you do not need to obtain consent? If... ● Business email address ● Message subject is related to the profession of the data subject If... ● Similar products or services have been acquired previously from the same company B2B B2C But… ● Information of the data subject ● Right to object
  • 18. Question 5 Is it allowed to reuse collected data for purposes other than those for which they were initially collected? “
  • 19. The purpose of data processing No 1 consent ↔ 1 purpose (consent is specific) Examples: Subscribe to a newsletter VS Receive offers from partners VS processing of data in the context of an online contest ...
  • 20. Question 6 Can I transmit the collected data to business partners? “
  • 21. Can I transmit the collected data to business partners? ● The person must give his or her consent before any transmission to partners. ● Information about the identity of the partners must be provided to the data subject. ● The person must be informed of changes and modifications to the list of partners, in particular when it comes to the arrival of new partners. ● The consent that the company has obtained to collect data on behalf of its partners is only valid for the latter. Yes but..
  • 22. Can I transmit the collected data to business partners? Some essential information needs to be provided ● The name of the company that transmitted the data to the partners ● The identity of the partners and an updated list of them The purposes of the processing ● The rights of the data subjects. The right to object shall be exercised either with the partner or with the company initiating the initial collection of data.
  • 23. Question 7 What about Switzerland, the USA and Brexit? “
  • 24. What about Switzerland, the USA and the UK? Central point of the GDPR = the individual, the European citizen. ...Therefore, the GDPR also applies beyond the EU, when the processing of personal data concerns an EU resident.
  • 25. Switzerland Adequacy decision = a third country provides a comparable level of protection of personal data to that in the European Union Third countries that are concerned: Switzerland, Andorra, Argentina, Canada, the Isle of Man, Guernsey, Israel, Jersey, New Zealand, Uruguay and Japan. What about Switzerland, the USA and the UK?
  • 26. The United-States No general data protection law but a self-certification mechanism, better known as Privacy Shield. Privacy Shield = "partial" adequacy decision because data transfer is only facilitated for companies that are committed to the principles of this Privacy Shield. July 2018: the European Parliament discredited this system. What about Switzerland, the USA and the UK?
  • 27. The UK (and the Brexit) ● If the agreement with the EU is approved: There will be a transitional period of 2 years. ● If no agreement: the UK will be considered a third country from the 1st of November 2019. What about Switzerland, the USA and the UK?
  • 28. Question 8 What about GDPR and social media marketing? “
  • 29. GDPR and social media marketing Collecte through a Facebook page Wirtschaftakademie: the page owner is co-controller The use of publicly available data (and the example of election propaganda)
  • 30. Question 9 Quick update on Security and Data Retention: what are the best practices? “
  • 31. Data security and retention Physical security = locked closets. IT security Security passwords (regularly changed) & a unique identifier per person.
  • 32. Data security and retention
  • 33. Question 10 What about the Status of sanctions? “
  • 34. What about the sanctions’ status? The French Data Protection Authority sanctions both large companies, such as Google and smaller ones, see the example of Grand Optical. Examples: ● Google: fined €50 million for its lack of transparency and information. ● Real estate: approached owners of real estate properties for sale by phone message without their consent. ● Facebook: £500.000 in the UK, €10 million in Italy, a bit more than a million euros in Spain, €150.000 in Belgium and France.
  • 35. Bonus Question 1 How to process information retrieved during events? “
  • 36. How to process information retrieved during events? ● Retrieval of the list by the speaker ● Mobile apps ● Trade Show
  • 37. Bonus Question 2 What will happen in terms of GDPR and e-Privacy in the future? “
  • 38. What will happen in terms of GDPR and e-Privacy in the future? ● New sanctions, especially in Belgium; ● Extend international trade with new agreements of the same type; ● E-privacy Regulation Proposal concerning the protection of personal data and privacy in the electronic communications sector.
  • 39. Bonus Question 3 How to motivate consumers to share their personal data? “
  • 40. How to motivate consumers to share their personal data? ● Monetize the sharing of personal data. ● Privacy policy: clear & transparent information.
  • 42. The Qualifio platform CREATE PUBLISH COLLECT DATA GET RESULTS SEGMENT & MONETISE
  • 43. The GDPR Toolbox Goal: give the DPO a total control over any data manipulation within Qualifio ● Erasure ● Export ● Data protection texts ● Logs ● Advanced management of access rights ● ...
  • 45. Lex4u: experienced GDPR tutors All our courses can be organised via Webinar or in your offices Feel free to contact us: info@lex4u.com