EU GDPR: What You Really Need to Know
Download as PPTX, PDF1 like487 views
The document discusses the challenges businesses face in complying with the EU's General Data Protection Regulation (GDPR), focusing on awareness, preparedness, and necessary processes for compliance. Key findings from polls indicate that many organizations lack full preparedness and need to start with foundational data protection practices. Additionally, it addresses the implications of GDPR on non-European countries and emphasizes the need for global consistency in data protection policies.
EU GDPR: What You Really Need to Know
- 1. EU GDPR: What You Really Need to Know
- 2. MEET THE PANEL VP, Product Marketing & Strategy, Blancco Technology Group Chris Merritt Partner, DLA Piper Giulio Coraggio Presenters
- 3. RESEARCH STUDY OVERVIEW EU GDPR: A Corporate Dilemma
- 4. WHAT WE’LL EXPLORE Awareness What are businesses’ levels of awareness surrounding Europe’s General Data Protection Regulation? Preparedness What are businesses’ levels of preparedness in relation to their awareness of GDPR? Timeline What sort of timeframe are businesses allowing to prepare for GDPR compliance by 2018? Process Which processes must businesses be considering and implementing in order to fulfill GDPR requirements? Applicability Can we expect the GDPR to be used as a model for non-European countries?
- 5. AWARENESS Webinar Audience Poll How do you rate your level of awareness of the GDPR? 36% 7% 57%
- 6. AWARENESS ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016 How do IT Professionals Around the World Rate Their Level of Awareness of the GDPR?
- 7. AWARENESS Technical Implications Legal Implications 1. Assess Current Capabilities Need to understand current gaps – technological and cultural 2. Identify Needed Updates Leverage standards and new technologies to address gaps 3. Gain Buy-in Create awareness in C-suite / Board, and across organization with peers 1. Volume of Required Changes Need for documented reorganization of product lines and of group structures 2. No Benefits of One-Stop Shop The possibility to deal with a single regulator will require internal reorganization 3. Potential Sanctions Privacy compliance cannot be considered as a commodity due to fines up to 4% of global turnover
- 8. PREPAREDNESS Webinar Audience Poll How would you rate your organization’s level of preparation to adhere to EU GDPR requirements ? Unprepared: Don’t know how or where to start On the right track: Currently researching/d eveloping processes Somewhat prepared: Still need to find Data Removal Software Fully Prepared: Est. Processes, policies & tech Don’t know 5%14% 48% 14% 19%
- 9. PREPAREDNESS 40% Admit to being less than fully prepared to comply with GDPR requirements ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
- 10. PREPAREDNESS 1. Start with the Basics Focus on data protection basics – both technologies and processes – which reach minimum standards 2. Explore New Technologies In addition, look at high-impact tech which raise the bar 3. Begin Pilot Projects Establish efficacy and gain buy-in within organization 1. Privacy and Security By Design The accountability principle and privacy and security by design will require a higher level of documented compliance 3. Liability for Data Breaches In the case of data breaches notification obligations apply to regulators and affected individuals 2. No Privacy Impact Assessment Privacy impact assessments shall be performed for projects which might be exposing individuals to enhanced privacy risks Technical Implications Legal Implications
- 11. TIMELINE Timeline Required for Organizations to Develop and Implement IT Processes & Tools to Pass a “Right to be Forgotten” Audit
- 12. TIMELINE Technical Implications Legal Implications 1. New Rights Individuals rights are considerably empowered 2. Need of Procedures Need to implement procedures to deal with exercise of ‘right to be forgotten’ and portability rights 3. Stringent Enforcement The appointed data protection officer shall monitor compliance with privacy law 1. Start Now Fully realizing improvements from tech takes longer than we think 2. Look Beyond Tech Revise existing / develop new processes to support changes in policy 3. Educate Ultimately everyone in the organization must understand the need for change – and their role in it
- 13. PROCESS Don’t have defined & documented processes/technology to remove outdated or irrelevant customer data 41% Types of Technology/Software Organizations Consider to Have the Most Value in Addressing “Right to be Forgotten” and Ensuring Compliance with EU GDPR
- 14. PROCESS 1. Potential Liabilities Data can no longer processed for an indefinite period of time Technical Implications Legal Implications 1. Look for Synergies Choose technologies that work together to meet your ultimate goal – better data protection 2. Consider End-to-End Process Map out data flows – from creation to usage to storage to deletion – and ensure complete coverage 3. Strive for Balance Develop a philosophy of “secure enablement” to meet both legal and business objectives 2. Actions to be Taken Continuous review of procedures and databases 3. Data Becomes a Risk Personal data is a resource but might become a source of major liabilities for the company
- 15. APPLICABILITY 65% of IT Professionals Believe Other Countries/ Regions Should Implement Data Protection Laws Similar to GDPR ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
- 16. 1. Think Globally Consider where your customers are, not only on where your offices are – and develop data-centric policies 2. Act Locally Implement consistent processes and supporting technologies across all locations and individuals 3. Engage All Stakeholders While data protection might be the focus of certain jobs, everyone should understand the importance and their role in making it a reality 1. Impact on non-EU Entities If there is offering of goods or services to individuals in the European Union 3. New Model of Business Extended scope might lead to changes in business strategy given the potential risks 2. Impact on Remote Monitoring If behavior occurring in the European Union is monitored Technical Implications Legal Implications APPLICABILITY
- 17. NEXT STEPS 04 01 03 02 Create Awareness “Business as Usual” is not sufficient, and everyone will play a part in required changes Policies and Processes Policies beget processes, and both will need to be updated based on new legal landscape Start with Baby Steps Close gaps using existing processes / technologies now, firming up your data protection foundations Upgrade Technologies Based on new policies and gap analysis, plug technology holes with tools that have big impacts
- 18. Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions. We help our clients’ customers test, diagnose, repair and repurpose IT devices with the most proven and certified software. Our clientele consists of equipment manufacturers, mobile network operators, retailers, financial institutions, healthcare providers and government organizations worldwide. The company is headquartered in Alpharetta, GA, United States, with a distributed workforce and customer base across the globe. DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake. Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies. DOWNLOAD EU GDPR RESEARCH STUDY DOWNLOAD FREE EVALUATION