GDPR and Data Breach notifications
Download as PPTX, PDF2 likes302 views
The document discusses GDPR compliance, outlining a phased approach that includes understanding the regulations, assessing risks, implementing necessary measures, and demonstrating control over data management. It emphasizes the need for clear data retention policies, protocols for data breach notifications, and data protection impact assessments. Additionally, it highlights the importance of managing individual rights and obtaining employee consent for HR data processing.
GDPR and Data Breach notifications
- 4. Apps That Mobilise Lives 4 Public Health England Hackathon winners
- 16. @LibertyAppsUK@CYBERTALKLDN Phase 1: Need to understand
- 18. @LibertyAppsUK@CYBERTALKLDN Phase 2: Assess Risk (1 of 2)
- 19. @LibertyAppsUK@CYBERTALKLDN Phase 2: Assess Risk (2 of 2)
- 23. @LibertyAppsUK@CYBERTALKLDN Do we have a data retention policy? It is down to the board of directors to decide what that retention policy is, when and how will this approval be received? – data must not be kept for any longer than is deemed necessary.
- 25. @LibertyAppsUK@CYBERTALKLDN • How would we erase an individuals’ data? • What is our process for correcting individuals’ data? • Can we manage / remove consent for direct marketing and automated decision making?
- 26. @LibertyAppsUK@CYBERTALKLDN What will we do if a customer exercises their rights? How would we handle a request? What processes & policies do we have in place should we plan to refus What will our partners whom we share data with need to do? Do we have confidence that these partners are compliant and would no
- 29. @LibertyAppsUK@CYBERTALKLDN Employers can’t rely on employee consent to process HR data
- 30. @LibertyAppsUK@CYBERTALKLDN Employers can’t rely on employee consent to process HR data
- 33. @LibertyAppsUK@CYBERTALKLDN What will we do if there is a breach? How would we detect, report and investigate a breach? To manage effective & efficient investigation: Assess which types of data are held. Document which types fall within the notification requirement and the process to be followed if there is a breach.
- 35. @LibertyAppsUK@CYBERTALKLDN Optimal data breach notification timeline
- 42. @LibertyAppsUK@CYBERTALKLDN How would we implement an assessment in our organisation? Who would carry it out? Would it be run centrally or locally?
- 43. @LibertyAppsUK@CYBERTALKLDN A data protection impact assessment (DPIA) is a process to help you identify and minimise the data protection risks of a project. Data protection impact assessments (DPIA)
- 44. @LibertyAppsUK@CYBERTALKLDN Data protection impact assessments (DPIA)
- 48. @LibertyAppsUK@CYBERTALKLDN Control over processes that collect and use personal data?
- 51. @LibertyAppsUK@CYBERTALKLDN Records of what we do?
- 53. @LibertyAppsUK@CYBERTALKLDN Consent and individual rights management.
- 55. @LibertyAppsUK@CYBERTALKLDN Difficulty identifying and reporting a breach within 72 hours 2017 VERITAS GDPR REPORT https://www.veritas.com/content/dam/Veritas/docs/reports/gdpr-report-ch2-en.pdf
- 56. @LibertyAppsUK@CYBERTALKLDN Are former employees able to access company data? 2017 VERITAS GDPR REPORT https://www.veritas.com/content/dam/Veritas/docs/reports/gdpr-report-ch2-en.pdf
- 57. @LibertyAppsUK@CYBERTALKLDN The enemy within? 2017 Varonis Data Risk Report https://info.varonis.com/hubfs/docs/research_reports/2017-data-risk-report.pdf
- 58. @LibertyAppsUK@CYBERTALKLDN GDPR is an Evolutionary Process
- 60. @LibertyAppsUK@CYBERTALKLDN Questions?Questions? Steve@LibertyApps.co. uk @SteveHiltonCEO +44 0161 883 2450 LibertyApps.co.uk