SlideShare a Scribd company logo

GDPR Jan 2018 1

Download as PPT, PDF
Jason Chapman, profile picture
Jason Chapman

The General Data Protection Regulation (GDPR) comes into effect in May 2018 and will apply to all organizations that process personal data. It requires organizations to be accountable, transparent, and protect individuals' rights regarding their personal data. Organizations must have a lawful basis for processing personal data, obtain consent for marketing communications, and provide privacy notices describing how data will be handled. The GDPR also imposes requirements for security policies, data protection officers, impact assessments, and penalties for non-compliance.

Business
1 of 20
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
CHILTERN BUSINESS CONNECTIONS GOOD MORNING
ARE YOU READY FOR GENERAL DATA PROTECTION REGULATIONS (GDPR)?
GENERAL DATA PROTECTION REGULATIONS (GDPR) GDPR comes into effect May 2018 Initially EU ‘driven’ – set to become a worldwide standard - builds upon existing data protection rules Information Commissioner’s Office (ICO) is relevant U.K. ‘body’
GENERAL DATA PROTECTION REGULATIONS (GDPR) Prompted by the growth in data processing Evolution rather than revolution of the rules Not a new Millennium Bug Aim to achieve privacy by design and default
GENERAL DATA PROTECTION REGULATIONS (GDPR) Requires personal data (PD) to be respected - Accountability - Transparency - Individuals’ rights An obligation on all businesses/organisations Severe penalties for non- compliance
GENERAL DATA PROTECTION REGULATIONS (GDPR) Important in terms of client reassurance An opportunity to focus on client care Positive use of GDPR
GENERAL DATA PROTECTION REGULATIONS (GDPR) Organisations are required to have a legal basis to process 1. Contract 2. Consent 3. Vital Interest 4. Public Task 5. Comply with legal obligations 6. Legitimate Interests
GENERAL DATA PROTECTION REGULATIONS (GDPR) Segmentation appropriate i.e. - Contract basis for preparing wills/LPAs etc. - Consent basis for marketing communication A ‘granular‘ approach required - Consent cannot be ‘bundled’ Consent must be ‘active’
GENERAL DATA PROTECTION REGULATIONS (GDPR) Privacy statements to include: - Legal basis for processing data - What is to happen to the data - What a client does if there’s a problem On website and in terms of trading
GENERAL DATA PROTECTION REGULATIONS (GDPR) Imposes general obligation to implement technical and organisational measures to show that consideration has been given to data protection when processing.
GENERAL DATA PROTECTION REGULATIONS (GDPR) IOC checklist: Privacy Impact Assessment (PIA) Audit and log what PD held and how it flows Document who PD comes from - what you do with it - with whom you share it
GENERAL DATA PROTECTION REGULATIONS (GDPR) Identify and document lawful basis for processing PD Review and record how consent is obtained and recorded Establish means to record/manage ongoing consent
GENERAL DATA PROTECTION REGULATIONS (GDPR) Maintain registration with ICO Ensure privacy notices readily available Concise - easy to understand - identifies you – confirms how PD to be handled - with whom shared – how long to be retained
GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish right for individuals to access PD Establish process to keep PD accurate and up to date (relevant for wills/LPAs?) Provide for effective destruction of PD no longer required.
GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish procedure to respond to clients’ requests to restrict processing Allow individuals to copy/move their PD Reference to automated decision making (NA)
GENERAL DATA PROTECTION REGULATIONS (GDPR) Ensure data protection policy in place and review compliance periodically Provide data protection training for all staff Written contract with appropriately vetted ‘data processors’
GENERAL DATA PROTECTION REGULATIONS (GDPR) Clear security policies and procedures – regularly reviewed Ensure data protection is integrated into all activities Understand when and how Data Protection Impact Assessments (DPIAs) should be used.
GENERAL DATA PROTECTION REGULATIONS (GDPR) Nominate Data Protection Officer (DPO) Promote positive culture of data protection Develop and maintain an information security policy
GENERAL DATA PROTECTION REGULATIONS (GDPR) Special rules for any information transferred beyond the EEA Establish procedure to deal with identifying, reporting, managing and resolving PD breaches
GENERAL DATA PROTECTION REGULATIONS (GDPR) That’s all there is to it !

More Related Content

PPT
CBC GDPR April 2018
Jason Chapman
 
PPTX
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
PDF
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
Giulio Coraggio
 
PDF
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
PPTX
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
PDF
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
PDF
The Essential Guide to GDPR
Tim Hyman LLB
 
PPTX
Wearable technologies, privacy and intellectual property rights
Giulio Coraggio
 
CBC GDPR April 2018
Jason Chapman
 
EU GDPR - 12 Steps To Compliance
Tom Haynes
 
#Privacy Matters - Come il regolamento privacy europeo da un problema può div...
Giulio Coraggio
 
How privacy by design can be the key of your success at the time of the digit...
Giulio Coraggio
 
GDPR - 5 Months On!
BrightPay Payroll and Auto Enrolment Software
 
Come cambia la cybersecurity con il regolamento privacy europeo
Giulio Coraggio
 
The Essential Guide to GDPR
Tim Hyman LLB
 
Wearable technologies, privacy and intellectual property rights
Giulio Coraggio
 

What's hot (20)

PDF
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
PPTX
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
PPTX
Wearable technologies and remote patient remote monitoring system
Giulio Coraggio
 
PDF
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
PDF
Developer view on new EU privacy legislation (GDPR)
Exove
 
PPT
What changes for Internet of Things technologies with the EU Data Protection ...
Giulio Coraggio
 
PDF
Privacy by design
Michelangelo van Dam
 
PDF
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
 
PPTX
Training privacy by design
Tommy Vandepitte
 
PPTX
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
PPTX
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq
 
PPTX
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
PPTX
Gdpr action plan
Ulf Mattsson
 
PPTX
An Overview Of GDPR (General Data Protection Regulation)
Madhumita Mantri
 
PDF
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
PPTX
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
PPTX
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
PPTX
GDPR and evolving international privacy regulations
Ulf Mattsson
 
PDF
Convince your board - Ten steps to GDPR compliance
Dave James
 
PPTX
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
Quick Introduction to the EU GDPR by Sami Zahran
Dr. Sami Zahran
 
Wearable technologies and remote patient remote monitoring system
Giulio Coraggio
 
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
Developer view on new EU privacy legislation (GDPR)
Exove
 
What changes for Internet of Things technologies with the EU Data Protection ...
Giulio Coraggio
 
Privacy by design
Michelangelo van Dam
 
Csa privacy by design & gdpr austin chambers 11-4-17
Trish McGinity, CCSK
 
Training privacy by design
Tommy Vandepitte
 
GDPR The New Data Protection Law coming into effect May 2018. What does it me...
eHealth Forum
 
Ardoq in Edinburgh - Events - Building Resilience in a Post-GDPR World (14-au...
Ardoq
 
GDPR From the Trenches - Real-world examples of how companies are approaching...
Ardoq
 
Gdpr action plan
Ulf Mattsson
 
An Overview Of GDPR (General Data Protection Regulation)
Madhumita Mantri
 
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
New opportunities and business risks with evolving privacy regulations
Ulf Mattsson
 
GDPR and NIS Compliance - How HyTrust Can Help
Jason Lackey
 
GDPR and evolving international privacy regulations
Ulf Mattsson
 
Convince your board - Ten steps to GDPR compliance
Dave James
 
GDPR: Training Materials by Qualsys
Qualsys Ltd
 
Ad

Similar to GDPR Jan 2018 1 (20)

PPTX
Microsoft dynamics 365 for small and medium sized charities - session 2 gdpr
m-hance
 
PDF
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
PPTX
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
PDF
10 Key GDPR Requirements You Must Know to Protect Your Business
VISTA InfoSec
 
PDF
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
PDF
Gdpr for business full
Fionnuala Hendrick
 
PDF
A practical guide to GDPR preparation
Promapp Solutions
 
PDF
GDPR: how IT works
Morris Dorfer
 
PPTX
SCCE Processors and GDPR
Robert Bond
 
PDF
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
PPTX
Prepare Your Firm for GDPR
MyComplianceOffice
 
PDF
Horner Downey & Co Newsletter- GDPR
Jenny Ferguson
 
PDF
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
PPTX
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
PDF
How will GDPR affect small businesses?
AllBusinessTemplates
 
PPTX
GDPR: Your Journey to Compliance
Cobweb
 
PPTX
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
Harrison Clark Rickerbys
 
PPTX
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Microsoft dynamics 365 for small and medium sized charities - session 2 gdpr
m-hance
 
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
What does GDPR mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
Harrison Clark Rickerbys
 
10 Key GDPR Requirements You Must Know to Protect Your Business
VISTA InfoSec
 
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
GDPR Breakfast Briefing for Business Advisors
Harrison Clark Rickerbys
 
Gdpr for business full
Fionnuala Hendrick
 
A practical guide to GDPR preparation
Promapp Solutions
 
GDPR: how IT works
Morris Dorfer
 
SCCE Processors and GDPR
Robert Bond
 
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Prepare Your Firm for GDPR
MyComplianceOffice
 
Horner Downey & Co Newsletter- GDPR
Jenny Ferguson
 
GDPR: What does it mean for your business?
BrightPay Payroll and Auto Enrolment Software
 
General Data Protection Regulation (GDPR)
Extentia Information Technology
 
How will GDPR affect small businesses?
AllBusinessTemplates
 
GDPR: Your Journey to Compliance
Cobweb
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
Harrison Clark Rickerbys
 
GDPR Enforcement is here. Are you ready?
SecurityScorecard
 
Ad

More from Jason Chapman (20)

PPTX
Maths hub workgroup overview 2018 19
Jason Chapman
 
PPT
CBC – Wills and Lasting Powers of Attorney
Jason Chapman
 
PPTX
Ppt11 portfolio v2 slide share
Jason Chapman
 
PPTX
CBC GDPR – 1 month to go
Jason Chapman
 
PPTX
CBC GDPR The Physics
Jason Chapman
 
PPTX
Referrals
Jason Chapman
 
PPTX
CBC Referrals
Jason Chapman
 
PPTX
Rare design portfolio presentation 10
Jason Chapman
 
PPTX
Ppt9 portfolio
Jason Chapman
 
PPTX
CBC Presentation 22-May-2017
Jason Chapman
 
PPTX
Mind Keys
Jason Chapman
 
PPTX
Cma cbc overview 280217
Jason Chapman
 
PPTX
CBC Action Coach (Mind Body Heart Spirit Presentation)
Jason Chapman
 
PPTX
Rare portfolio dec16
Jason Chapman
 
PPTX
PPT7 portfolio
Jason Chapman
 
PPTX
PPT6 portfolio
Jason Chapman
 
PPTX
Rare Design Case Study Mead Open Farm
Jason Chapman
 
PPTX
Rare Design Case Study Vodafone
Jason Chapman
 
PPTX
Rare Case Study Ibicus
Jason Chapman
 
PDF
Ppt2 portfolio 3
Jason Chapman
 
Maths hub workgroup overview 2018 19
Jason Chapman
 
CBC – Wills and Lasting Powers of Attorney
Jason Chapman
 
Ppt11 portfolio v2 slide share
Jason Chapman
 
CBC GDPR – 1 month to go
Jason Chapman
 
CBC GDPR The Physics
Jason Chapman
 
Referrals
Jason Chapman
 
CBC Referrals
Jason Chapman
 
Rare design portfolio presentation 10
Jason Chapman
 
Ppt9 portfolio
Jason Chapman
 
CBC Presentation 22-May-2017
Jason Chapman
 
Mind Keys
Jason Chapman
 
Cma cbc overview 280217
Jason Chapman
 
CBC Action Coach (Mind Body Heart Spirit Presentation)
Jason Chapman
 
Rare portfolio dec16
Jason Chapman
 
PPT7 portfolio
Jason Chapman
 
PPT6 portfolio
Jason Chapman
 
Rare Design Case Study Mead Open Farm
Jason Chapman
 
Rare Design Case Study Vodafone
Jason Chapman
 
Rare Case Study Ibicus
Jason Chapman
 
Ppt2 portfolio 3
Jason Chapman
 

Recently uploaded (20)

PDF
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
PDF
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
PDF
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
PPTX
New Microsoft PowerPoint Presentation - Copy.pptx
itsmesumedh96
 
PPTX
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
PPTX
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
PDF
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
PDF
20250805_A. Stotz All Weather Strategy - Performance review July 2025.pdf
FINNOMENAMarketing
 
PPTX
5 Stages of group development guide.pptx
keerthanashanmugam201
 
PDF
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
PPTX
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
PPT
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 
PDF
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
DOCX
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
PPTX
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
PPTX
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
PDF
Chapter 5_Foreign Exchange Market in .pdf
sophatphoniu
 
PDF
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
PPTX
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
PDF
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 
COST SHEET- Tender and Quotation unit 2.pdf
MANJU N
 
Unit 1 Cost Accounting - Cost sheet
MANJU N
 
Stem Cell Market Report | Trends, Growth & Forecast 2025-2034
Claight Corporation
 
New Microsoft PowerPoint Presentation - Copy.pptx
itsmesumedh96
 
ICG2025_ICG 6th steering committee 30-8-24.pptx
AtiarRahaman5
 
HR Introduction Slide (1).pptx on hr intro
suhanidwivedi227
 
Laughter Yoga Basic Learning Workshop Manual
yeechensee
 
20250805_A. Stotz All Weather Strategy - Performance review July 2025.pdf
FINNOMENAMarketing
 
5 Stages of group development guide.pptx
keerthanashanmugam201
 
Types of control:Qualitative vs Quantitative
reshmaaslm06
 
job Avenue by vinith.pptxvnbvnvnvbnvbnbmnbmbh
kaniece
 
Data mining for business intelligence ch04 sharda
salmaalsaeed3
 
kom-180-proposal-for-a-directive-amending-directive-2014-45-eu-and-directive-...
nlusch08
 
Euro SEO Services 1st 3 General Updates.docx
AmirNazir49
 
AI-assistance in Knowledge Collection and Curation supporting Safe and Sustai...
Barry Hardy
 
Business Ethics - An introduction and its overview.pptx
Keerthana Chinnathambi
 
Chapter 5_Foreign Exchange Market in .pdf
sophatphoniu
 
MSPs in 10 Words - Created by US MSP Network
Mayur Gudka
 
Lecture (1)-Introduction.pptx business communication
HamzaGhani10
 
Dr. Enrique Segura Ense Group - A Self-Made Entrepreneur And Executive
Dr. Enrique Segura Ense Group
 

GDPR Jan 2018 1

  • 2. ARE YOU READY FOR GENERAL DATA PROTECTION REGULATIONS (GDPR)?
  • 3. GENERAL DATA PROTECTION REGULATIONS (GDPR) GDPR comes into effect May 2018 Initially EU ‘driven’ – set to become a worldwide standard - builds upon existing data protection rules Information Commissioner’s Office (ICO) is relevant U.K. ‘body’
  • 4. GENERAL DATA PROTECTION REGULATIONS (GDPR) Prompted by the growth in data processing Evolution rather than revolution of the rules Not a new Millennium Bug Aim to achieve privacy by design and default
  • 5. GENERAL DATA PROTECTION REGULATIONS (GDPR) Requires personal data (PD) to be respected - Accountability - Transparency - Individuals’ rights An obligation on all businesses/organisations Severe penalties for non- compliance
  • 6. GENERAL DATA PROTECTION REGULATIONS (GDPR) Important in terms of client reassurance An opportunity to focus on client care Positive use of GDPR
  • 7. GENERAL DATA PROTECTION REGULATIONS (GDPR) Organisations are required to have a legal basis to process 1. Contract 2. Consent 3. Vital Interest 4. Public Task 5. Comply with legal obligations 6. Legitimate Interests
  • 8. GENERAL DATA PROTECTION REGULATIONS (GDPR) Segmentation appropriate i.e. - Contract basis for preparing wills/LPAs etc. - Consent basis for marketing communication A ‘granular‘ approach required - Consent cannot be ‘bundled’ Consent must be ‘active’
  • 9. GENERAL DATA PROTECTION REGULATIONS (GDPR) Privacy statements to include: - Legal basis for processing data - What is to happen to the data - What a client does if there’s a problem On website and in terms of trading
  • 10. GENERAL DATA PROTECTION REGULATIONS (GDPR) Imposes general obligation to implement technical and organisational measures to show that consideration has been given to data protection when processing.
  • 11. GENERAL DATA PROTECTION REGULATIONS (GDPR) IOC checklist: Privacy Impact Assessment (PIA) Audit and log what PD held and how it flows Document who PD comes from - what you do with it - with whom you share it
  • 12. GENERAL DATA PROTECTION REGULATIONS (GDPR) Identify and document lawful basis for processing PD Review and record how consent is obtained and recorded Establish means to record/manage ongoing consent
  • 13. GENERAL DATA PROTECTION REGULATIONS (GDPR) Maintain registration with ICO Ensure privacy notices readily available Concise - easy to understand - identifies you – confirms how PD to be handled - with whom shared – how long to be retained
  • 14. GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish right for individuals to access PD Establish process to keep PD accurate and up to date (relevant for wills/LPAs?) Provide for effective destruction of PD no longer required.
  • 15. GENERAL DATA PROTECTION REGULATIONS (GDPR) Establish procedure to respond to clients’ requests to restrict processing Allow individuals to copy/move their PD Reference to automated decision making (NA)
  • 16. GENERAL DATA PROTECTION REGULATIONS (GDPR) Ensure data protection policy in place and review compliance periodically Provide data protection training for all staff Written contract with appropriately vetted ‘data processors’
  • 17. GENERAL DATA PROTECTION REGULATIONS (GDPR) Clear security policies and procedures – regularly reviewed Ensure data protection is integrated into all activities Understand when and how Data Protection Impact Assessments (DPIAs) should be used.
  • 18. GENERAL DATA PROTECTION REGULATIONS (GDPR) Nominate Data Protection Officer (DPO) Promote positive culture of data protection Develop and maintain an information security policy
  • 19. GENERAL DATA PROTECTION REGULATIONS (GDPR) Special rules for any information transferred beyond the EEA Establish procedure to deal with identifying, reporting, managing and resolving PD breaches
  • 20. GENERAL DATA PROTECTION REGULATIONS (GDPR) That’s all there is to it !