A Brief Overview on GDPR

Note: This presentation is not a legal
advice for your company to use in
complying with EU data privacy laws
like the GDPR.

GDPR stands for
General Data Protection
Regulation.

Key Terms
1. Data
2. Data subject
3. Data Controllers
4. Data Processors

Understanding GDPR
and the Key Changes

Fines can add up to 4% of annual global
turnover or 20 Million Euros
€’000 → €’000,000
Previously fines were limited based on the size and the scope
of the impact.
GDPR fines will apply to both controllers and processors.
Key Changes of the GDPR

GDPR will cover more Territory
EU → World
GDPR will apply to all companies processing the
personal data of data subjects residing in the EU,
regardless of the company’s location.

Explicit and retractable consent
Must be provided in an intelligible and easily
accessible form, using clear and plain
language. It must be as easy to withdraw
consent as it is to give it.

Right to access and portability
Data subjects can request confirmation as to whether
or not personal data concerning them is being
processed, where and for what purpose. Further, the
controller shall provide a copy of the personal data,
free of charge, in an electronic format.

Breach notification within 72 hours
Now mandatory that breaches, which are likely to
“result in a risk for the rights and freedoms of
individuals”, are reported within 72 hours of first having
become aware of the breach.
72

Design privacy embedded systems
Now a legal requirement for the inclusion of data
protection from the onset of the designing of systems,
rather than a retrospective addition.

Right to be forgotten
Entitles the data subject to have the data controller
erase his/ her personal data, cease further
dissemination of the data, and potentially have third
parties halt processing of the data.
Your name
Last name
Age

Mandatory Data Protection Officers
A Data protection officer is mandatory for certain types of organizations.

All the different areas of your Organization
that will be affected by GDPR
● Legal and Compliance,
● Technology and
● Data

Legal & Compliance
● Many organizations will require to appoint a Data Protection Officer (DPO).
(refer article 37-39)
● There are estimates that there will be 28,000 new DPO’s in Europe alone.
● More emphasis is given on how organizations review their privacy policy
so that it is easier for visitors to understand

How the Legal & Compliance areas are affected
● With a fine as high as 4% of the overall income - there is a lot more
enforcement that will take place
● There will be more accountability requirements for organizations to prove
that they are GDPR compliant with regulators
● An increased demand for data officers will make it a challenge to find
qualified and competent professionals due to their short supply
● Organizations will have to provide more clarity and education
transparently to customers

From the Technology perspective
● When a security breach occurs, organizations will have 72 hours to report
it to regulators
● Individuals have the option to “opt-out” of being tracked and from having
their information being shared with third-party organizations and websites
● Even if organizations have encryption, they will still have to focus heavily
on how their data infrastructure is set up. This ultimately means that they
can’t be careless regardless of having encryption on their end
● There is more emphasis on “Privacy by Design” based on how new
technologies are deployed.

Data Storage Best Practices
● Organizations will have to demonstrate how they store their data, what
information is stored and how it is shared
● Data portability allows customers to request a copy of their data based on
a standardized format
● Customers have the right to be forgotten and can have their information
and data on them to be deleted
● There is more emphasis on the classification of data based on the
information being pseudo-anonymous

How to make sure that Your Organization is
compliant with GDPR
● Notify the key people in your organization about GDPR and the
compliance rules and regulations around it
● Assess your organization based on the above key points to verify what
needs to be done in order to make it GDPR compliant
● Put together the inventory of all the data collected, stored and with whom
that data is shared as well as how it is governed
● Implement GDPR by taking the approach on how data privacy is governed
and what are the associated roles and responsibilities

How to make sure that Your Organization is
compliant with GDPR (continued)
● Determine how compliance will be demonstrated, how your organization
will capture the consent of customers and how to make your privacy
policy more transparent in order to educate and inform customers
● Implement and deploy technology in order to comply with Privacy by
Design
● Make sure that your Organization has the right data governance policies
in place in order to respond effectively to the individual’s rights based on
GDPR
● Updating contracts with 3rd party tools that process customer data
● Cookie notification popup
● Keep a record of all European opt-ins
● Updating privacy policy and terms of services

Was I suppose to send a re-optin before May
25th?

Some Resources
1. Suzanne Dibble’s Facebook group -
https://www.facebook.com/groups/GDPRforonlineentrepreneurs/
2. GDPR Website https://gdpr-info.eu/chapter-2/
3. For Organizations https://ico.org.uk/for-organisations/guide-to-the-
general-data-protection-regulation-gdpr/
4. DELOITTE and GDPR / http://bit.ly/2JZIyYq
5. Hubspot and GDPR / http://bit.ly/gdprhubspot
6. Privacy Policy with GDPR by Termsfeed / http://bit.ly/gdprandprivacy

Neha Patel
www.web247.solutions
Email: neha@web247.solutions

A Brief Overview on GDPR

More Related Content

What's hot (20)

Similar to A Brief Overview on GDPR (20)

Recently uploaded (20)

A Brief Overview on GDPR