SlideShare a Scribd company logo

How To Approach GDPR Preparation & Discovery

Gabriella Davis, profile picture
Gabriella Davis

The document discusses the General Data Protection Regulation (GDPR), which is set to take effect in May 2018, and emphasizes the responsibilities of data controllers and processors regarding the handling of personal data. It outlines key compliance requirements, such as appointing a data protection officer and implementing necessary organizational processes, while highlighting that companies outside the EU must also comply if they process data related to EU citizens. Furthermore, it addresses the importance of reviewing consent agreements and having processes for breach notification and user data rights.

Business
1 of 23
Downloaded 22 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
Philadelphia, April 26-27 2018 13 The Looming GDPR & You Gabriella Davis Technical Director, The Turtle Partnership IBM Lifetime Champion for Social Business gabriella@turtlepartnership.com
Gab Davis • Admin of all things and especially quite complicated things where the fun is • Working with the design, deployment and security of IBM technologies within global infrastructures • working with the real world security and privacy aspects of expanding data ecosystems • Stubborn and relentless problem solver • http://turtleblog.infohttps:// www.turtlepartnership.com • IBM Lifetime Champion
PLATINUM SPONSOR GOLD SPONSORS SILVER SPONSORS GOLD+ SPONSOR
Social Connections 13 Philadelphia, April 26-27 2018 13 Gab is not a lawyer You will want to speak to one to get advice on your legal exposure
Social Connections 13 Philadelphia, April 26-27 2018 • General Data Protection Regulation (GDPR) is a new EU directive that comes into effect May 2018 regulating the processing of personal data • Personal data is defined as any data that directly or indirectly identifies a data subject • Processing consists of any operation or set of operations that are performed on personal data
Social Connections 13 Philadelphia, April 26-27 2018 • Individuals have more ownership of information • Corporations bear more responsibility • This is a process challenge first and a technical one last • Yet lots of companies are offering technical GDPR solutions!
Social Connections 13 Philadelphia, April 26-27 2018 • Where Do You Start?
Social Connections 13 Philadelphia, April 26-27 2018 • I Know - It’s EXHAUSTING To Even Think About • But There Are No Shortcuts • You Can’t Just Hope You Are Too Small To Matter • A Possible Fine Of €20m or 4% of Your Global Turnover Is At Stake • Per Instance
Social Connections 13 Philadelphia, April 26-27 2018 Controllers and Processors • Data responsibility differs depending on whether you are considered a Controller or a Processor • Controllers determine the purpose and means of processing personal data • Processors actually perform the data processing • Your company may act in both guises but cannot avoid GDPR responsibility by offloading the processing to another entity • - you would still be considered the Controller
Social Connections 13 Philadelphia, April 26-27 2018 Controller Responsibilities • Article 5 applies responsibility for compliance with the principles of processing personal data including • lawfulness • fairness and transparency • data minimisation • storage limitation • Article 24 makes you responsibility for implementing technical and organisational processes to protect the information • Data breach notification
Social Connections 13 Philadelphia, April 26-27 2018 Processors Responsibilities • Article 28 makes the Controller responsible for ensuring the chosen processor abides by the requirements of GDPR • This includes ensuring organisational and technical processes are in place to protect the data
Social Connections 13 Philadelphia, April 26-27 2018 But Hey I’m In The US! • A company with a location in the EU must comply with GDPR if they are processing any data for EU citizens or within the EU regardless of where that processing occurs • If goods or services are marketed / sold to any part of the EU regardless of where the company is based, there is a requirement for GDPR • Any company gathering data on EU citizen behaviour • this includes both physical tracking and online tracking
Social Connections 13 Philadelphia, April 26-27 2018 ADMINISTRATIVE • Who is assigned the role of data protection officer and where do they sit in the organisation. • Who is the point of contact for the data protection authority • Privacy and consent agreements need to be reviewed and updated
Social Connections 13 Philadelphia, April 26-27 2018 Assigning A Data Protection Officer • Responsible for overall understanding and enforcing of GDPR alignment • Formal senior role within the organisational hierarchy • Contact point and decision maker for both internal policies and data requests
Social Connections 13 Philadelphia, April 26-27 2018 Data Protection Authority Contact • GDPR escalations are directed to the declared Data Protection Authority contact • Any suspected breaches must be reported along with a remediation plan • In theory within 72hrs of the breach but more likely within 72hrs of finding out about the breach
Social Connections 13 Philadelphia, April 26-27 2018 Review Existing Consent Agreements • For customers • For suppliers • For employees • For anyone whose data you process, consume or retain • Consent going forward is easier than permission to retain historical data • How to convey to people the services that can be lost if data isn’t maintained
Social Connections 13 Philadelphia, April 26-27 2018 PROCESSES • for notifying authorities and affected customers in the case of a breach • for approving new data storage and handling
Social Connections 13 Philadelphia, April 26-27 2018 Process For User Requests • Right to be forgotten • Right to have incorrect data updated / changed • Right to have visibility of data • Finding and cleaning all the information 
 • What needs to be kept for internal reasons
Social Connections 13 Philadelphia, April 26-27 2018 Process For Accessing Information • Auditable and traceable • Who can access what to complete their work • Granting and removing access
Social Connections 13 Philadelphia, April 26-27 2018 Process For Requesting Consent Going Forward • Gathering and retaining information is acceptable if it’s necessary to provide the service / product / relationship with the user • However the user must agree to that happening • It can be as simple as asking
Social Connections 13 Philadelphia, April 26-27 2018 DATA • What data is held , where and why • How is it secured • For how long • Who can access it • What is its purpose
Social Connections 13 Philadelphia, April 26-27 2018 • No-one knows how this will work • for that reason there’s huge potential for exposure • no technology will fix everything for you • putting some processes in place and having a plan shows understanding & positive intent
Social Connections 13 Philadelphia, April 26-27 2018 Questions • Remember once more: Gab is not a lawyer

More Related Content

PDF
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
KEY
The Cloud Security Rules
Kai Roer
 
PDF
Cloud computing: Legal and ethical issues in library and information services
e-Marefa
 
PDF
What's new in Exchange Online - Microsoft Office 365 - Atidan
David J Rosenthal
 
PPTX
Health Care Mobility: Staying Securely Connected
Gettins' Law LLC
 
PPT
Proxy
Proxies Rent
 
PPTX
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
Albert Hoitingh
 
PPTX
20110518-4 ARMA Central Iowa Records Management 2.0
Jesse Wilkins
 
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
The Cloud Security Rules
Kai Roer
 
Cloud computing: Legal and ethical issues in library and information services
e-Marefa
 
What's new in Exchange Online - Microsoft Office 365 - Atidan
David J Rosenthal
 
Health Care Mobility: Staying Securely Connected
Gettins' Law LLC
 
Proxy
Proxies Rent
 
aMS SouthEast Asia 2021 - Microsoft 365 Data Loss Prevention
Albert Hoitingh
 
20110518-4 ARMA Central Iowa Records Management 2.0
Jesse Wilkins
 

What's hot (20)

PPTX
Microsoft365 from a Hacker's Perspective
Benedek Menesi
 
PDF
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Benedek Menesi
 
PDF
Stealth Extranet for SharePoint_datasheet
Mark Stratman
 
PPT
Cloud computing legal issues
Adv Prashant Mali
 
PDF
Box Security Whitepaper
BoxHQ
 
PPTX
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
PDF
6 Most Surprising SharePoint Security Risks
Imperva
 
PDF
GDPR and technology - details matter
Exove
 
PPTX
Security v. Privacy: the great debate
David Strom
 
PDF
Wrong slides! Please check description for correct deck
Benedek Menesi
 
PPTX
SPFest Chicago - Information Management and Data Governance in Office 365
Joanne Klein
 
PPT
Proxy
Proxies Rent
 
PDF
Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Benedek Menesi
 
PDF
Legal ethics & cloud computing
Patrick Fowler
 
PDF
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 
PPT
Legal issues in cloud computing
movinghats
 
PPTX
Security and Compliance in Office 365
Joel Jeffery
 
PDF
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
PPTX
Introducing OpenAthens Cloud for content providers
OpenAthens
 
PPTX
Authentication cloud
vidhya dharmarajan
 
Microsoft365 from a Hacker's Perspective
Benedek Menesi
 
Office365 in today's digital threats landscape: attacks & remedies from a hac...
Benedek Menesi
 
Stealth Extranet for SharePoint_datasheet
Mark Stratman
 
Cloud computing legal issues
Adv Prashant Mali
 
Box Security Whitepaper
BoxHQ
 
SharePoint Conference 2018 - Securing Office 365 and SharePoint Online with A...
Scott Hoag
 
6 Most Surprising SharePoint Security Risks
Imperva
 
GDPR and technology - details matter
Exove
 
Security v. Privacy: the great debate
David Strom
 
Wrong slides! Please check description for correct deck
Benedek Menesi
 
SPFest Chicago - Information Management and Data Governance in Office 365
Joanne Klein
 
Proxy
Proxies Rent
 
Analyzing Microsoft Teams engagement & adoption: Why, What & How?
Benedek Menesi
 
Legal ethics & cloud computing
Patrick Fowler
 
BigID, OneTrust, IAPP Webinar: Bridging the Privacy Office with IT
BigID Inc
 
Legal issues in cloud computing
movinghats
 
Security and Compliance in Office 365
Joel Jeffery
 
Beginning your General Data Protection Regulation (GDPR) Journey
Microsoft Österreich
 
Introducing OpenAthens Cloud for content providers
OpenAthens
 
Authentication cloud
vidhya dharmarajan
 
Ad

Similar to How To Approach GDPR Preparation & Discovery (20)

PDF
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
PDF
[REPORT PREVIEW] GDPR Beyond May 25, 2018
Altimeter, a Prophet Company
 
PPTX
Associates quick guide to gdpr v 1.0
Aaron Banham
 
PPTX
GDPR in the Healthcare Industry
EMMAIntl
 
PPTX
GDPR Considerations for IBM Connections
LetsConnect
 
PPTX
How GDPR will change Personal Data Control and Affect Everyone
Thomas Goubau
 
PPTX
Gdpr action plan
Ulf Mattsson
 
PPTX
GDPR How to get started?
Peter Witsenburg
 
PDF
What does the GDPR mean for charity communicators? | Wales Networking Group |...
CharityComms
 
PDF
IAB Europe's GDPR Compliance Primer
IAB Europe
 
PPTX
GDPR: Where should you be right now? - Dennis Slattery, EDM Works
BCS Data Management Specialist Group
 
PDF
GDPR - Sink or Swim
Guy Griffiths
 
PDF
The Countdown to the GDPR Regulations
Elliot Reeman
 
PPT
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
PDF
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
PDF
Jowanna Conboye - Stephens Scown
Agile PR
 
PDF
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
PPTX
Ritz 4th-july-gdpr
Exponential_e
 
PDF
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu
 
PPTX
GDPR Practicalities - The Data Shed
Stewart Norriss
 
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
[REPORT PREVIEW] GDPR Beyond May 25, 2018
Altimeter, a Prophet Company
 
Associates quick guide to gdpr v 1.0
Aaron Banham
 
GDPR in the Healthcare Industry
EMMAIntl
 
GDPR Considerations for IBM Connections
LetsConnect
 
How GDPR will change Personal Data Control and Affect Everyone
Thomas Goubau
 
Gdpr action plan
Ulf Mattsson
 
GDPR How to get started?
Peter Witsenburg
 
What does the GDPR mean for charity communicators? | Wales Networking Group |...
CharityComms
 
IAB Europe's GDPR Compliance Primer
IAB Europe
 
GDPR: Where should you be right now? - Dennis Slattery, EDM Works
BCS Data Management Specialist Group
 
GDPR - Sink or Swim
Guy Griffiths
 
The Countdown to the GDPR Regulations
Elliot Reeman
 
The Countdown is on: Key Things to Know About the GDPR
Case IQ
 
#1NWebinar: GDPR and Privacy Best Practices for Digital Marketers
One North
 
Jowanna Conboye - Stephens Scown
Agile PR
 
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Ritz 4th-july-gdpr
Exponential_e
 
Jadu GDPR guide: A easy to follow guide for Digital Service Managers and Webs...
Jadu
 
GDPR Practicalities - The Data Shed
Stewart Norriss
 
Ad

More from Gabriella Davis (20)

PDF
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
PDF
Engage2022 - Domino Admin Tips
Gabriella Davis
 
PDF
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
PDF
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
PDF
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
PDF
60 Admin Tips
Gabriella Davis
 
PDF
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
PDF
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
PDF
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
PDF
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
PDF
An introduction to configuring Domino for Docker
Gabriella Davis
 
PDF
Brand Yourself
Gabriella Davis
 
PDF
Home Working
Gabriella Davis
 
PDF
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
PDF
The Imposter Syndrome
Gabriella Davis
 
PDF
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
PDF
An Introduction To Docker
Gabriella Davis
 
PDF
An Introduction To Docker
Gabriella Davis
 
PDF
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 
PDF
Embracing iot in the enterprise
Gabriella Davis
 
A Domino Admins Adventures (Engage 2024)
Gabriella Davis
 
Engage2022 - Domino Admin Tips
Gabriella Davis
 
. Design Decisions: Developing for Mobile - The Template Experience Project
Gabriella Davis
 
Domino Server Health - Monitoring and Managing
Gabriella Davis
 
Face Off Domino vs Exchange On Premises
Gabriella Davis
 
60 Admin Tips
Gabriella Davis
 
Adminlicious - A Guide To TCO Features In Domino v10
Gabriella Davis
 
An Introduction to Configuring Domino for Docker
Gabriella Davis
 
An Introduction To The DMARC SMTP Validation Requirements
Gabriella Davis
 
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...
Gabriella Davis
 
An introduction to configuring Domino for Docker
Gabriella Davis
 
Brand Yourself
Gabriella Davis
 
Home Working
Gabriella Davis
 
A Guide To Single Sign-On for IBM Collaboration Solutions
Gabriella Davis
 
The Imposter Syndrome
Gabriella Davis
 
What's New in Notes, Sametime and Verse On-Premises
Gabriella Davis
 
An Introduction To Docker
Gabriella Davis
 
An Introduction To Docker
Gabriella Davis
 
Setting Up a Hybrid Domino Environment to Ease your Way to the Cloud
Gabriella Davis
 
Embracing iot in the enterprise
Gabriella Davis
 

Recently uploaded (20)

PPTX
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
DOCX
Business Management - unit 1 and 2
anithak410
 
PDF
IFRS Notes in your pocket for study all the time
jjj81507
 
PDF
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
PDF
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
PDF
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
PDF
How to Get Funding for Your Trucking Business
Jake Thornhill
 
PPTX
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
PPTX
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
PDF
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
PPTX
Sales & Distribution Management , LOGISTICS, Distribution, Sales Managers
efranciscaantoinette
 
PDF
SIMNET Inc – 2023’s Most Trusted IT Services & Solution Provider
sidnik500
 
PDF
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
PDF
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
PDF
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
PPTX
3. HISTORICAL PERSPECTIVE UNIIT 3^..pptx
ZAMANYousufzai1
 
PDF
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
PDF
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
PDF
Module 2 - Modern Supervison Challenges - Student Resource.pdf
OmoobaOrun1
 
PPT
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 
CkgxkgxydkydyldylydlydyldlyddolydyoyyU2.pptx
DSAISUBRAHMANYAAASHR
 
Business Management - unit 1 and 2
anithak410
 
IFRS Notes in your pocket for study all the time
jjj81507
 
pdfcoffee.com-opt-b1plus-sb-answers.pdfvi
thaoonguyenn2311
 
Daniels 2024 Inclusive, Sustainable Development
CMassociates
 
Power and position in leadershipDOC-20250808-WA0011..pdf
meghavinikumar2006
 
How to Get Funding for Your Trucking Business
Jake Thornhill
 
DMT - Profile Brief About Business .pptx
AkhileshKumar724847
 
svnfcksanfskjcsnvvjknsnvsdscnsncxasxa saccacxsax
ergvedfvef sdvsfvdvd
 
Keppel_Proposed Divestment of M1 Limited
KeppelCorporation
 
Sales & Distribution Management , LOGISTICS, Distribution, Sales Managers
efranciscaantoinette
 
SIMNET Inc – 2023’s Most Trusted IT Services & Solution Provider
sidnik500
 
BsN 7th Sem Course GridNNNNNNNN CCN.pdf
ZAMANYousufzai1
 
Family Law: The Role of Communication in Mediation (www.kiu.ac.ug)
publication11
 
NISM Series V-A MFD Workbook v December 2024.khhhjtgvwevoypdnew one must use ...
RoopaSherkar
 
3. HISTORICAL PERSPECTIVE UNIIT 3^..pptx
ZAMANYousufzai1
 
Nidhal Samdaie CV - International Business Consultant
Nidhal Samdaie
 
How to Get Business Funding for Small Business Fast
Jake Thornhill
 
Module 2 - Modern Supervison Challenges - Student Resource.pdf
OmoobaOrun1
 
340036916-American-Literature-Literary-Period-Overview.ppt
carinaherdiles611
 

How To Approach GDPR Preparation & Discovery

  • 1. Philadelphia, April 26-27 2018 13 The Looming GDPR & You Gabriella Davis Technical Director, The Turtle Partnership IBM Lifetime Champion for Social Business gabriella@turtlepartnership.com
  • 2. Gab Davis • Admin of all things and especially quite complicated things where the fun is • Working with the design, deployment and security of IBM technologies within global infrastructures • working with the real world security and privacy aspects of expanding data ecosystems • Stubborn and relentless problem solver • http://turtleblog.infohttps:// www.turtlepartnership.com • IBM Lifetime Champion
  • 4. Social Connections 13 Philadelphia, April 26-27 2018 13 Gab is not a lawyer You will want to speak to one to get advice on your legal exposure
  • 5. Social Connections 13 Philadelphia, April 26-27 2018 • General Data Protection Regulation (GDPR) is a new EU directive that comes into effect May 2018 regulating the processing of personal data • Personal data is defined as any data that directly or indirectly identifies a data subject • Processing consists of any operation or set of operations that are performed on personal data
  • 6. Social Connections 13 Philadelphia, April 26-27 2018 • Individuals have more ownership of information • Corporations bear more responsibility • This is a process challenge first and a technical one last • Yet lots of companies are offering technical GDPR solutions!
  • 7. Social Connections 13 Philadelphia, April 26-27 2018 • Where Do You Start?
  • 8. Social Connections 13 Philadelphia, April 26-27 2018 • I Know - It’s EXHAUSTING To Even Think About • But There Are No Shortcuts • You Can’t Just Hope You Are Too Small To Matter • A Possible Fine Of €20m or 4% of Your Global Turnover Is At Stake • Per Instance
  • 9. Social Connections 13 Philadelphia, April 26-27 2018 Controllers and Processors • Data responsibility differs depending on whether you are considered a Controller or a Processor • Controllers determine the purpose and means of processing personal data • Processors actually perform the data processing • Your company may act in both guises but cannot avoid GDPR responsibility by offloading the processing to another entity • - you would still be considered the Controller
  • 10. Social Connections 13 Philadelphia, April 26-27 2018 Controller Responsibilities • Article 5 applies responsibility for compliance with the principles of processing personal data including • lawfulness • fairness and transparency • data minimisation • storage limitation • Article 24 makes you responsibility for implementing technical and organisational processes to protect the information • Data breach notification
  • 11. Social Connections 13 Philadelphia, April 26-27 2018 Processors Responsibilities • Article 28 makes the Controller responsible for ensuring the chosen processor abides by the requirements of GDPR • This includes ensuring organisational and technical processes are in place to protect the data
  • 12. Social Connections 13 Philadelphia, April 26-27 2018 But Hey I’m In The US! • A company with a location in the EU must comply with GDPR if they are processing any data for EU citizens or within the EU regardless of where that processing occurs • If goods or services are marketed / sold to any part of the EU regardless of where the company is based, there is a requirement for GDPR • Any company gathering data on EU citizen behaviour • this includes both physical tracking and online tracking
  • 13. Social Connections 13 Philadelphia, April 26-27 2018 ADMINISTRATIVE • Who is assigned the role of data protection officer and where do they sit in the organisation. • Who is the point of contact for the data protection authority • Privacy and consent agreements need to be reviewed and updated
  • 14. Social Connections 13 Philadelphia, April 26-27 2018 Assigning A Data Protection Officer • Responsible for overall understanding and enforcing of GDPR alignment • Formal senior role within the organisational hierarchy • Contact point and decision maker for both internal policies and data requests
  • 15. Social Connections 13 Philadelphia, April 26-27 2018 Data Protection Authority Contact • GDPR escalations are directed to the declared Data Protection Authority contact • Any suspected breaches must be reported along with a remediation plan • In theory within 72hrs of the breach but more likely within 72hrs of finding out about the breach
  • 16. Social Connections 13 Philadelphia, April 26-27 2018 Review Existing Consent Agreements • For customers • For suppliers • For employees • For anyone whose data you process, consume or retain • Consent going forward is easier than permission to retain historical data • How to convey to people the services that can be lost if data isn’t maintained
  • 17. Social Connections 13 Philadelphia, April 26-27 2018 PROCESSES • for notifying authorities and affected customers in the case of a breach • for approving new data storage and handling
  • 18. Social Connections 13 Philadelphia, April 26-27 2018 Process For User Requests • Right to be forgotten • Right to have incorrect data updated / changed • Right to have visibility of data • Finding and cleaning all the information 
 • What needs to be kept for internal reasons
  • 19. Social Connections 13 Philadelphia, April 26-27 2018 Process For Accessing Information • Auditable and traceable • Who can access what to complete their work • Granting and removing access
  • 20. Social Connections 13 Philadelphia, April 26-27 2018 Process For Requesting Consent Going Forward • Gathering and retaining information is acceptable if it’s necessary to provide the service / product / relationship with the user • However the user must agree to that happening • It can be as simple as asking
  • 21. Social Connections 13 Philadelphia, April 26-27 2018 DATA • What data is held , where and why • How is it secured • For how long • Who can access it • What is its purpose
  • 22. Social Connections 13 Philadelphia, April 26-27 2018 • No-one knows how this will work • for that reason there’s huge potential for exposure • no technology will fix everything for you • putting some processes in place and having a plan shows understanding & positive intent
  • 23. Social Connections 13 Philadelphia, April 26-27 2018 Questions • Remember once more: Gab is not a lawyer