SlideShare ist ein Scribd-Unternehmen logo

GDPR for Marketers - teaser

Lava Consult BVBA
Lava Consult BVBA

The document provides an overview of key aspects of the General Data Protection Regulation (GDPR). It defines important terms, outlines citizens' rights, and discusses the three main pillars of GDPR: informing and obtaining consent, responsibility, and accountability. It also examines requirements around data protection officers, impact assessments, fines for noncompliance, and the top 10 operational impacts of GDPR implementation, such as data security, consent, cross-border transfers, and vendor management. The presentation aims to help organizations understand and comply with GDPR.

Präsentationen & Vorträge
1 von 48
Downloaden Sie, um offline zu lesen
GDPR Teaser deck
KEY DEFINITIONS 10 Who’s what and what’s who PERSONAL DATA PROCESSING PROCESSOR DATA SUBJECT CONTROLLER CONSENT
KEY DEFINITIONS 11 Who’s what and what’s who DPO AVG FG DPA DPIA RTBF
CITIZEN’S RIGHTS 13 Key Points CLEARER RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN) RIGHT TO KNOW WHEN THEIR DATA HAS BEEN HACKED EASIER ACCESS TO THEIR DATA A NEWRIGHT TO DATA PORTABILITY
GDPR 14 3 MAIN PILLARS Interesting to know GDPR is active for everyone who processes personal data. GDPR does not make a difference between B2C or B2B. 3 1 2 INFORM & CONSENT RESPONSIBILITY ACCOUNTABILITY RIGHTS OF THE DATA SUBJECT
DO I NEED A DPO ? 16 The myth of the Data Protection Officer. Public Sector Are you a governmental body, public authority or institution? * Except for courts. Large Scale Monitoring Are you performing large scale observations or systematic monitoring of data subjects on a large scale? Numbers 5000 data subjects 250 employees ? ? ? ? ? Special Data Do you process mainly sensitive personal data?
DO I NEED A DPIA ? 17 Data Protection Impact Assessment Question is as simple as “Do I need insurance?” SMEs and independent contractors will probably not need a full blown data protection audit, but it won’t hurt to document your existing workflows. Needless to say, clients with GDPR compliance obligations will demand the same effort from your organisation, since their own compliance depends on the totality of their subcontractors. So yes, you’re probably involved, and it will be key to be proactive in this process.
ADMINISTRATIVE FINES 18 €10M / 2% €20M / 4% ➡ For infringements of the obligations of the controller (Articles 8, 11, 25 to 39, 42 and 43) ➡ For infringements of the obligations of the certification body (Articles 42 and 43) ➡ For infringements of the obligations of the monitoring body (Article 41) ➡ For infringements of the basic principles for processing, including conditions for consent (Articles 5, 6, 7 and 9) ➡ For infringements of the data subjects’ rights (Aricles 12 to 22) ➡ For infringements of the transfers of personal data to a recipient in a third country or an international organisation (Articles 44 to 49) ➡ For infringements of any obligations to Member State law ➡ For infringements of non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority or failure to provide access (Article 58)
STEPPED APPROACH 19 First violation won’t cost 20M.
OPERATIONAL IMPACTS Top 10 21
OPERATIONAL IMPACTS 22 Top 10 1 DATA SECURITY AND BREACH NOTIFICATION 3CONSENT 5 PROFILING 7VENDOR MANAGEMENT 2 THE MANDATORY DPO 4CROSS-BORDER DATA TRANSFERS 6 RTBF AND DATA PORTABILITY 8PSEUDONYMISATION 9 CONDES OF CONDUCT AND CERTIFICATIONS 10 CONSEQUENCES FOR GDPR VIOLATIONS
1 Data Security and Breach Notification 23 Top 10 Operational Impacts The GDPR separates responsibilities and duties of data controllers and processors, obligating controllers to engage only those processors that provide “sufficient guarantees to implement appropriate technical and organisational measures”, including: Pseudonymisation and encryption Ensure continuous confidentiality, integrity, availability and resilience of processing systems and services. Restoring access to personal data in a timely manner in the event of a physical or technical incident. An embedded process for testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring security. In the event of a data breach, data controllers must notify the supervisory authority without undue delay, and where feasible not later than 72 hours after becoming aware of the breach / incident. After that, controller must provide reasoned justification dor any delays.
2 The mandatory DPO 25 Top 10 Operational Impacts Data controllers and processors must appoint a DPO on “regular and systematic monitoring of data subjects on a large scale” or “large-scale processing of special categories of personal data”. Article 37 does not state precise credentials, but requires DPOs to have “expert knowledge of data protection law and practices”. Tasks include: Monitoring compliance, including managing internal data protection activities, training data processing staff, and conducting internal audits. Informing and advising controller and processor. Advising on DPIA when required (Article 35). Working and cooperating with the supervisory authority, serving as SPOC. Being available for inquiries from data subjects on issues relating to data protection practices, consent withdrawal, the right to be forgotten, …. These responsibilities mirror those of privacy professionals globally.
3 Consent 26 Top 10 Operational Impacts The definition of consent is significantly restricted. GDPR requires the data subject to signal agreement by “a statement or a clear affirmative action.” In addition, GDPR introduces restrictions on the ability of children to consent without parental authorization. Consent must be “freely given, specific, informed and unambiguous”. An affirmative action of consent may include ticking a box, “choosing technical settings for information society services,” or “another statement or conduct” that clearly indicates consent to the data processing. “Silence, pre-ticked boxes or inactivity,” however, is presumed inadequate. Article 7 gives data subjects the right to withdraw consent at any time, and “it shall be as easy to withdraw consent as to give it.” Consent is not freely given if there is “a clear imbalance between the data subject and the controller, in particular where the controller is a public authority. Consent must be specific to each purpose.
LAWFULLNESS OF PROCESSING 28 Art. 6 a. CONSENT b. CONTRACTUAL c. LEGAL OBLIGATION d. VITAL INTERESTS e. PUBLIC TASK f. LEGITIMATE INTEREST
4 Cross-Border Data Transfers 29 Top 10 Operational Impacts GDPR allows for data transfers to countries whose legal regime is deemed by the EC to provide for an “adequate” level of personal data protection. In the absence of an adequacy decision, transfers are also allowed outside non-EU states by use of standard contractual clauses or Binding Corporate Rules (BCRs). Standard contractual clauses, which before GDPR required prior notice to and approval by DPAs, may now be used without prior approval. Article 42 allows transfers based on certifications, provided that binding and enforceable commit- ments are made to apply appropriate safeguards*. GDPR also makes it clear that it is not lawful to transfer personal data out of the EU in response to a legal requirement from a third country. * Codes of Conduct, Certification mechanisms, BCRs and standard contractual clauses.
5 Profiling 30 Top 10 Operational Impacts GDPR restricts automated data processing, and gives data subjects significant rights to avoid profiling-based decisions. Some (notice, access) require procedures similar to non-profiling data processing, others will require specific processes for compliance (object, restrict, profiling, …). Data subjects have a right not necessarily to avoid profiling itself, but rather to avoid being “subject to a decision based solely on automated processing.” For decisions made based on a contract or consent, controller must still allow data subject to object. In case of profiling decisions, controller must inform a data subject at the time data is collected not only that profiling will occur, but also the logic involved, and the consequences of such processing. Even when profiling is lawful, a data subject always has the right to object (unless legitimate reason). Profiling also triggers a DPIA.
#WP29 & #ePrivacy
6 RTBF and Data Portability 35 Top 10 Operational Impacts RTBF allows individuals to request the deletion of personal data, and, where the controller has publicised the data, to require other controllers to also comply with the request. Where a data subject requests the erasure of data that has been made public, the controller must take “reasonable steps” to inform other controllers about the objection, unless it would require “disproportionate effort.” Any controller processing the data must then erase copies of it or links to it. Data portability requires controllers to provide personal data to the data subject in a commonly used format and to transfer that data to another controller if the data subject so requests. The right to data portability applies only when processing based on the user’s consent or on a contract. It does not apply to processing based on public interest or legitimate reason. These rights create a need to implement systems responsive to user requests concerning their data.
7 Vendor Management 37 Top 10 Operational Impacts GDPR expands significantly upon the controller’s responsibility for processing activities and sets out specific rules for allocating responsibility between the controller and processor. The burden for data protection still rests primarily with controllers. The controller decides on the processing activities, regardless of whether it actually carries out any processing operations. Controllers must implement appropriate technical and organisational measures not only to ensure compliance, but also to be able to demonstrate their security measures. Controllers are liable for the actions of the processors they select. Controllers must only use processors that provide sufficient guarantees of their abilities to meet the GDPR requirements. The controller should also consider carrying out a DPIA prior to selecting a processor. When non-compliance is established, the burden shifts to controllers and processors to prove they are not responsible for the damage in any way.
8 Pseudonymisation 39 Top 10 Operational Impacts GDPR does not apply to data that “does not relate to an identified or identifiable natural person or to data rendered anonymous in such a way that the data subject is no longer identifiable.” Pseudonymisation is the separation of data from direct identifiers so linkage is not possible without additional data held separately. Pseudonymisation significantly reduces the risks associated with data processing while maintaining the data’s utility, but is by itself not sufficient to exempt data from the scope of the GDPR. Pseudonymisation facilitates the processing of data beyond the original collection purposes. Pseudonymisation is an important safeguard for processing personal data for scientific, historical and statistical purposes. Peudonymisation is a central feature of data protection by design. Controllers can use pseudonymisation to help meet the GDPR’s data security requirements. Controllers do not need to provide access, rectification, erasure or data portability if they can no longer identify the data subject. GDPR encourages controllers to adopt codes of conduct that promote pseudonymisation.
9 Codes of Conduct and Certifications 41 Top 10 Operational Impacts GDPR authorises associations or other bodies representing controllers or processors” to draw up codes of conduct or amend existing ones. Such codes should address, among other things: Fair and transparent processing. The legitimate interests pursued by controllers in specific contexts. The collection of personal data. The pseudonymisation of personal data. The information provided to the public and to data subjects. The exercise of the rights of data subjects. Information provided to and the protection of children and the manner in which the parental consent is to be obtained. General data protection obligation of controllers, including privacy design and security measures. Notification of personal data breaches to supervisory authorities and communication of such personal data breaches to data subjects. Policy on transfer of personal data to third countries or international organisations. Dispute resolution procedures
10 Consequences for GDPR Violations 42 Top 10 Operational Impacts The GDPR creates two tiers of maximum fines depending on whether the controller or processor committed any previous violations and the nature of violation. The higher fine threshold is four percent of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. The lower fine threshold fine is two percent of an undertaking’s worldwide annual turnover or 10 million euros, whichever is higher. These amounts are the maximum, meaning supervisory authorities are empowered to assess lower but not higher fines. GDPR authorises a DPA to issue a reprimand in place of a fine in cases of a minor infringement where the fine would constitute a disproportionate burden on a natural person. Member States are required to implement a penalty system. One-stop-shop principle for multiMS organisations.
OPERATIONAL IMPACTS 43 Top 10 1 DATA SECURITY AND BREACH NOTIFICATION 3CONSENT 5 PROFILING 7VENDOR MANAGEMENT 2 THE MANDATORY DPO 4CROSS-BORDER DATA TRANSFERS 6 RTBF AND DATA PORTABILITY 8PSEUDONYMISATION 9 CONDES OF CONDUCT AND CERTIFICATIONS 10 CONSEQUENCES FOR GDPR VIOLATIONS
IT’S THE LAW
CUSTOMER SERVICE IS AN ATTITUDE
PEACE OF MIND IS A KPI 46
GDPR for Marketers - teaser
GDPR for Marketers - teaser

Empfohlen

GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Exove
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 

Empfohlen

GDPR: how IT works
GDPR: how IT worksGDPR: how IT works
GDPR: how IT worksMorris Dorfer
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdprCognizant business consulting the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
12 steps to prepare for GDPR
12 steps to prepare for GDPR12 steps to prepare for GDPR
12 steps to prepare for GDPRGary Chambers
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Exove
 
GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic Ermine Amies
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure Compliance[Presentation] GDPR - How to Ensure Compliance
[Presentation] GDPR - How to Ensure ComplianceAIIM International
 
Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences? How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences? Exove
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015Jan Dhont
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan Ulf Mattsson
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRBenjamin Dibble
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsExove
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 
GDPR
GDPRGDPR
GDPRGopi PD
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 

Weitere ähnliche Inhalte

Was ist angesagt?

Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanEquiGov Institute
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingErwin Otten
 
How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences? How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences? Exove
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleUlf Mattsson
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015Jan Dhont
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRBenjamin Dibble
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsExove
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Ulf Mattsson
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationIBM Security
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskTrustArc
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 

Was ist angesagt? (18)

Operational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbeanOperational impact of gdpr finance industries in the caribbean
Operational impact of gdpr finance industries in the caribbean
 
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering GegevensbeschermingMagento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
Magento checklist AVG / GDPR - Algemene Verordering Gegevensbescherming
 
How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences? How does GDPR affect the design of user experiences?
How does GDPR affect the design of user experiences?
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
2015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 050520152015-0318 GAC Presentation - BCR - 05052015
2015-0318 GAC Presentation - BCR - 05052015
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
How IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity LegislationHow IBM Supports Clients around GDPR and Cybersecurity Legislation
How IBM Supports Clients around GDPR and Cybersecurity Legislation
 
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalData Protection & Security Breakfast Briefing - Master Slides_28 June_final
Data Protection & Security Breakfast Briefing - Master Slides_28 June_final
 
How to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy RiskHow to Manage Vendors and Third Parties to Minimize Privacy Risk
How to Manage Vendors and Third Parties to Minimize Privacy Risk
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 

Ähnlich wie GDPR for Marketers - teaser

GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018Shane Gray
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRzayadeen2003
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPRDipanjanDey12
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)BenjaminShalevSalovi
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupThe Pathway Group
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingPromptCloud
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgCyber StratG
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?VILT
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfDaviesParker
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protectionJos Dumortier
 

Ähnlich wie GDPR for Marketers - teaser (20)

GDPR
GDPRGDPR
GDPR
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018The implications of gdpr for the solutions industry tatech 2018
The implications of gdpr for the solutions industry tatech 2018
 
My presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPRMy presentation- Ala about privacy and GDPR
My presentation- Ala about privacy and GDPR
 
Presentation on GDPR
Presentation on GDPRPresentation on GDPR
Presentation on GDPR
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)General Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR)
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
An Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway GroupAn Overview of GDPR by Pathway Group
An Overview of GDPR by Pathway Group
 
Impact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and ProcessingImpact of GDPR on Data Collection and Processing
Impact of GDPR on Data Collection and Processing
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratg
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
GDPR - Are you ready?
GDPR - Are you ready?GDPR - Are you ready?
GDPR - Are you ready?
 
Bahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdfBahrain-Personal-Data-Protection-Law.pdf
Bahrain-Personal-Data-Protection-Law.pdf
 
20131008 agoria big data vs data protection
20131008 agoria big data vs data protection20131008 agoria big data vs data protection
20131008 agoria big data vs data protection
 

Mehr von Lava Consult BVBA

Artificial Intelligence. The Good, The Bad and the Intelligent.
Artificial Intelligence. The Good, The Bad and the Intelligent.Artificial Intelligence. The Good, The Bad and the Intelligent.
Artificial Intelligence. The Good, The Bad and the Intelligent.Lava Consult BVBA
 
Artificially Intelligent Yogurt
Artificially Intelligent YogurtArtificially Intelligent Yogurt
Artificially Intelligent YogurtLava Consult BVBA
 
7 #socialmedia challenges for 2014
7 #socialmedia challenges for 20147 #socialmedia challenges for 2014
7 #socialmedia challenges for 2014Lava Consult BVBA
 
Rosenberg's Rules. A checklist to success.
Rosenberg's Rules. A checklist to success.Rosenberg's Rules. A checklist to success.
Rosenberg's Rules. A checklist to success.Lava Consult BVBA
 
Social Media for Small Business Owners
Social Media for Small Business OwnersSocial Media for Small Business Owners
Social Media for Small Business OwnersLava Consult BVBA
 
Social Media op de werkvloer
Social Media op de werkvloerSocial Media op de werkvloer
Social Media op de werkvloerLava Consult BVBA
 

Mehr von Lava Consult BVBA (8)

Artificial Intelligence. The Good, The Bad and the Intelligent.
Artificial Intelligence. The Good, The Bad and the Intelligent.Artificial Intelligence. The Good, The Bad and the Intelligent.
Artificial Intelligence. The Good, The Bad and the Intelligent.
 
Artificially Intelligent Yogurt
Artificially Intelligent YogurtArtificially Intelligent Yogurt
Artificially Intelligent Yogurt
 
GRAB
GRABGRAB
GRAB
 
7 #socialmedia challenges for 2014
7 #socialmedia challenges for 20147 #socialmedia challenges for 2014
7 #socialmedia challenges for 2014
 
Rosenberg's Rules. A checklist to success.
Rosenberg's Rules. A checklist to success.Rosenberg's Rules. A checklist to success.
Rosenberg's Rules. A checklist to success.
 
Social Media for Small Business Owners
Social Media for Small Business OwnersSocial Media for Small Business Owners
Social Media for Small Business Owners
 
Facebook graph
Facebook graphFacebook graph
Facebook graph
 
Social Media op de werkvloer
Social Media op de werkvloerSocial Media op de werkvloer
Social Media op de werkvloer
 

Kürzlich hochgeladen

Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyPooja Nehwal
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...Sheetaleventcompany
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AITatiana Gurgel
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Vipesco
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )Pooja Nehwal
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024eCommerce Institute
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesPooja Nehwal
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxNikitaBankoti2
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaKayode Fayemi
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubssamaasim06
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxmohammadalnahdi22
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Hasting Chen
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Chameera Dedduwage
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMoumonDas2
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...henrik385807
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024eCommerce Institute
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfhenrik385807
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Delhi Call girls
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Kayode Fayemi
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Pooja Nehwal
 

Kürzlich hochgeladen (20)

Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night EnjoyCall Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
Call Girl Number in Khar Mumbai📲 9892124323 💞 Full Night Enjoy
 
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
No Advance 8868886958 Chandigarh Call Girls , Indian Call Girls For Full Nigh...
 
Microsoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AIMicrosoft Copilot AI for Everyone - created by AI
Microsoft Copilot AI for Everyone - created by AI
 
Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510Thirunelveli call girls Tamil escorts 7877702510
Thirunelveli call girls Tamil escorts 7877702510
 
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
WhatsApp 📞 9892124323 ✅Call Girls In Juhu ( Mumbai )
 
George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024George Lever - eCommerce Day Chile 2024
George Lever - eCommerce Day Chile 2024
 
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara ServicesVVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
VVIP Call Girls Nalasopara : 9892124323, Call Girls in Nalasopara Services
 
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docxANCHORING SCRIPT FOR A CULTURAL EVENT.docx
ANCHORING SCRIPT FOR A CULTURAL EVENT.docx
 
If this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New NigeriaIf this Giant Must Walk: A Manifesto for a New Nigeria
If this Giant Must Walk: A Manifesto for a New Nigeria
 
Presentation on Engagement in Book Clubs
Presentation on Engagement in Book ClubsPresentation on Engagement in Book Clubs
Presentation on Engagement in Book Clubs
 
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptxMohammad_Alnahdi_Oral_Presentation_Assignment.pptx
Mohammad_Alnahdi_Oral_Presentation_Assignment.pptx
 
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
Re-membering the Bard: Revisiting The Compleat Wrks of Wllm Shkspr (Abridged)...
 
Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)Introduction to Prompt Engineering (Focusing on ChatGPT)
Introduction to Prompt Engineering (Focusing on ChatGPT)
 
Mathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptxMathematics of Finance Presentation.pptx
Mathematics of Finance Presentation.pptx
 
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
CTAC 2024 Valencia - Sven Zoelle - Most Crucial Invest to Digitalisation_slid...
 
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
Andrés Ramírez Gossler, Facundo Schinnea - eCommerce Day Chile 2024
 
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdfCTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
CTAC 2024 Valencia - Henrik Hanke - Reduce to the max - slideshare.pdf
 
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
Night 7k Call Girls Noida Sector 128 Call Me: 8448380779
 
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
Governance and Nation-Building in Nigeria: Some Reflections on Options for Po...
 
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
Navi Mumbai Call Girls Service Pooja 9892124323 Real Russian Girls Looking Mo...
 

GDPR for Marketers - teaser

  • 1.
  • 3.
  • 4.
  • 5.
  • 6.
  • 7.
  • 8.
  • 9.
  • 10. KEY DEFINITIONS 10 Who’s what and what’s who PERSONAL DATA PROCESSING PROCESSOR DATA SUBJECT CONTROLLER CONSENT
  • 11. KEY DEFINITIONS 11 Who’s what and what’s who DPO AVG FG DPA DPIA RTBF
  • 12.
  • 13. CITIZEN’S RIGHTS 13 Key Points CLEARER RIGHT TO ERASURE (RIGHT TO BE FORGOTTEN) RIGHT TO KNOW WHEN THEIR DATA HAS BEEN HACKED EASIER ACCESS TO THEIR DATA A NEWRIGHT TO DATA PORTABILITY
  • 14. GDPR 14 3 MAIN PILLARS Interesting to know GDPR is active for everyone who processes personal data. GDPR does not make a difference between B2C or B2B. 3 1 2 INFORM & CONSENT RESPONSIBILITY ACCOUNTABILITY RIGHTS OF THE DATA SUBJECT
  • 15.
  • 16. DO I NEED A DPO ? 16 The myth of the Data Protection Officer. Public Sector Are you a governmental body, public authority or institution? * Except for courts. Large Scale Monitoring Are you performing large scale observations or systematic monitoring of data subjects on a large scale? Numbers 5000 data subjects 250 employees ? ? ? ? ? Special Data Do you process mainly sensitive personal data?
  • 17. DO I NEED A DPIA ? 17 Data Protection Impact Assessment Question is as simple as “Do I need insurance?” SMEs and independent contractors will probably not need a full blown data protection audit, but it won’t hurt to document your existing workflows. Needless to say, clients with GDPR compliance obligations will demand the same effort from your organisation, since their own compliance depends on the totality of their subcontractors. So yes, you’re probably involved, and it will be key to be proactive in this process.
  • 18. ADMINISTRATIVE FINES 18 €10M / 2% €20M / 4% ➡ For infringements of the obligations of the controller (Articles 8, 11, 25 to 39, 42 and 43) ➡ For infringements of the obligations of the certification body (Articles 42 and 43) ➡ For infringements of the obligations of the monitoring body (Article 41) ➡ For infringements of the basic principles for processing, including conditions for consent (Articles 5, 6, 7 and 9) ➡ For infringements of the data subjects’ rights (Aricles 12 to 22) ➡ For infringements of the transfers of personal data to a recipient in a third country or an international organisation (Articles 44 to 49) ➡ For infringements of any obligations to Member State law ➡ For infringements of non-compliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority or failure to provide access (Article 58)
  • 20.
  • 22. OPERATIONAL IMPACTS 22 Top 10 1 DATA SECURITY AND BREACH NOTIFICATION 3CONSENT 5 PROFILING 7VENDOR MANAGEMENT 2 THE MANDATORY DPO 4CROSS-BORDER DATA TRANSFERS 6 RTBF AND DATA PORTABILITY 8PSEUDONYMISATION 9 CONDES OF CONDUCT AND CERTIFICATIONS 10 CONSEQUENCES FOR GDPR VIOLATIONS
  • 23. 1 Data Security and Breach Notification 23 Top 10 Operational Impacts The GDPR separates responsibilities and duties of data controllers and processors, obligating controllers to engage only those processors that provide “sufficient guarantees to implement appropriate technical and organisational measures”, including: Pseudonymisation and encryption Ensure continuous confidentiality, integrity, availability and resilience of processing systems and services. Restoring access to personal data in a timely manner in the event of a physical or technical incident. An embedded process for testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring security. In the event of a data breach, data controllers must notify the supervisory authority without undue delay, and where feasible not later than 72 hours after becoming aware of the breach / incident. After that, controller must provide reasoned justification dor any delays.
  • 24.
  • 25. 2 The mandatory DPO 25 Top 10 Operational Impacts Data controllers and processors must appoint a DPO on “regular and systematic monitoring of data subjects on a large scale” or “large-scale processing of special categories of personal data”. Article 37 does not state precise credentials, but requires DPOs to have “expert knowledge of data protection law and practices”. Tasks include: Monitoring compliance, including managing internal data protection activities, training data processing staff, and conducting internal audits. Informing and advising controller and processor. Advising on DPIA when required (Article 35). Working and cooperating with the supervisory authority, serving as SPOC. Being available for inquiries from data subjects on issues relating to data protection practices, consent withdrawal, the right to be forgotten, …. These responsibilities mirror those of privacy professionals globally.
  • 26. 3 Consent 26 Top 10 Operational Impacts The definition of consent is significantly restricted. GDPR requires the data subject to signal agreement by “a statement or a clear affirmative action.” In addition, GDPR introduces restrictions on the ability of children to consent without parental authorization. Consent must be “freely given, specific, informed and unambiguous”. An affirmative action of consent may include ticking a box, “choosing technical settings for information society services,” or “another statement or conduct” that clearly indicates consent to the data processing. “Silence, pre-ticked boxes or inactivity,” however, is presumed inadequate. Article 7 gives data subjects the right to withdraw consent at any time, and “it shall be as easy to withdraw consent as to give it.” Consent is not freely given if there is “a clear imbalance between the data subject and the controller, in particular where the controller is a public authority. Consent must be specific to each purpose.
  • 27.
  • 28. LAWFULLNESS OF PROCESSING 28 Art. 6 a. CONSENT b. CONTRACTUAL c. LEGAL OBLIGATION d. VITAL INTERESTS e. PUBLIC TASK f. LEGITIMATE INTEREST
  • 29. 4 Cross-Border Data Transfers 29 Top 10 Operational Impacts GDPR allows for data transfers to countries whose legal regime is deemed by the EC to provide for an “adequate” level of personal data protection. In the absence of an adequacy decision, transfers are also allowed outside non-EU states by use of standard contractual clauses or Binding Corporate Rules (BCRs). Standard contractual clauses, which before GDPR required prior notice to and approval by DPAs, may now be used without prior approval. Article 42 allows transfers based on certifications, provided that binding and enforceable commit- ments are made to apply appropriate safeguards*. GDPR also makes it clear that it is not lawful to transfer personal data out of the EU in response to a legal requirement from a third country. * Codes of Conduct, Certification mechanisms, BCRs and standard contractual clauses.
  • 30. 5 Profiling 30 Top 10 Operational Impacts GDPR restricts automated data processing, and gives data subjects significant rights to avoid profiling-based decisions. Some (notice, access) require procedures similar to non-profiling data processing, others will require specific processes for compliance (object, restrict, profiling, …). Data subjects have a right not necessarily to avoid profiling itself, but rather to avoid being “subject to a decision based solely on automated processing.” For decisions made based on a contract or consent, controller must still allow data subject to object. In case of profiling decisions, controller must inform a data subject at the time data is collected not only that profiling will occur, but also the logic involved, and the consequences of such processing. Even when profiling is lawful, a data subject always has the right to object (unless legitimate reason). Profiling also triggers a DPIA.
  • 31.
  • 32.
  • 33.
  • 35. 6 RTBF and Data Portability 35 Top 10 Operational Impacts RTBF allows individuals to request the deletion of personal data, and, where the controller has publicised the data, to require other controllers to also comply with the request. Where a data subject requests the erasure of data that has been made public, the controller must take “reasonable steps” to inform other controllers about the objection, unless it would require “disproportionate effort.” Any controller processing the data must then erase copies of it or links to it. Data portability requires controllers to provide personal data to the data subject in a commonly used format and to transfer that data to another controller if the data subject so requests. The right to data portability applies only when processing based on the user’s consent or on a contract. It does not apply to processing based on public interest or legitimate reason. These rights create a need to implement systems responsive to user requests concerning their data.
  • 36.
  • 37. 7 Vendor Management 37 Top 10 Operational Impacts GDPR expands significantly upon the controller’s responsibility for processing activities and sets out specific rules for allocating responsibility between the controller and processor. The burden for data protection still rests primarily with controllers. The controller decides on the processing activities, regardless of whether it actually carries out any processing operations. Controllers must implement appropriate technical and organisational measures not only to ensure compliance, but also to be able to demonstrate their security measures. Controllers are liable for the actions of the processors they select. Controllers must only use processors that provide sufficient guarantees of their abilities to meet the GDPR requirements. The controller should also consider carrying out a DPIA prior to selecting a processor. When non-compliance is established, the burden shifts to controllers and processors to prove they are not responsible for the damage in any way.
  • 38.
  • 39. 8 Pseudonymisation 39 Top 10 Operational Impacts GDPR does not apply to data that “does not relate to an identified or identifiable natural person or to data rendered anonymous in such a way that the data subject is no longer identifiable.” Pseudonymisation is the separation of data from direct identifiers so linkage is not possible without additional data held separately. Pseudonymisation significantly reduces the risks associated with data processing while maintaining the data’s utility, but is by itself not sufficient to exempt data from the scope of the GDPR. Pseudonymisation facilitates the processing of data beyond the original collection purposes. Pseudonymisation is an important safeguard for processing personal data for scientific, historical and statistical purposes. Peudonymisation is a central feature of data protection by design. Controllers can use pseudonymisation to help meet the GDPR’s data security requirements. Controllers do not need to provide access, rectification, erasure or data portability if they can no longer identify the data subject. GDPR encourages controllers to adopt codes of conduct that promote pseudonymisation.
  • 40.
  • 41. 9 Codes of Conduct and Certifications 41 Top 10 Operational Impacts GDPR authorises associations or other bodies representing controllers or processors” to draw up codes of conduct or amend existing ones. Such codes should address, among other things: Fair and transparent processing. The legitimate interests pursued by controllers in specific contexts. The collection of personal data. The pseudonymisation of personal data. The information provided to the public and to data subjects. The exercise of the rights of data subjects. Information provided to and the protection of children and the manner in which the parental consent is to be obtained. General data protection obligation of controllers, including privacy design and security measures. Notification of personal data breaches to supervisory authorities and communication of such personal data breaches to data subjects. Policy on transfer of personal data to third countries or international organisations. Dispute resolution procedures
  • 42. 10 Consequences for GDPR Violations 42 Top 10 Operational Impacts The GDPR creates two tiers of maximum fines depending on whether the controller or processor committed any previous violations and the nature of violation. The higher fine threshold is four percent of an undertaking’s worldwide annual turnover or 20 million euros, whichever is higher. The lower fine threshold fine is two percent of an undertaking’s worldwide annual turnover or 10 million euros, whichever is higher. These amounts are the maximum, meaning supervisory authorities are empowered to assess lower but not higher fines. GDPR authorises a DPA to issue a reprimand in place of a fine in cases of a minor infringement where the fine would constitute a disproportionate burden on a natural person. Member States are required to implement a penalty system. One-stop-shop principle for multiMS organisations.
  • 43. OPERATIONAL IMPACTS 43 Top 10 1 DATA SECURITY AND BREACH NOTIFICATION 3CONSENT 5 PROFILING 7VENDOR MANAGEMENT 2 THE MANDATORY DPO 4CROSS-BORDER DATA TRANSFERS 6 RTBF AND DATA PORTABILITY 8PSEUDONYMISATION 9 CONDES OF CONDUCT AND CERTIFICATIONS 10 CONSEQUENCES FOR GDPR VIOLATIONS