GDPR in SAP. June, Igor Gregurec
|
|
- Mary Stokes
- 5 years ago
- Views:
Transcription
1 GDPR in SAP June, 2017 Igor Gregurec
2 Agenda GDPR rules GDPR compliance approach Example SAP solutions for GDPR compliance Lifecycle of personal data Fines and trends 2
3 The New EU Data Protection Rules Since May 2016, an EU Regulation and Directive governs the protection of personal data The Regulation entered into force on 24 May 2016, it shall apply from 25 May The Directive has entered into force on 5 May 2016 and EU Member States have to transpose it into their national law by 6 May 2018.
4 GDPR is one of the most far reaching pieces regulation, ever The following must be made provision for: Creation of an independent Data Protection Officer with compliance, cyber, business procedure oversight Purpose of data processing + lawful reason for doing it Data protection risk impact assessment, prior approval for high risks Data protection by design, by default Information notices, policy implementation Data breach notifications Data retention consent requirements, right to erasure Data profiling restrictions (especially automated) Data portability, machine readable format Data protection audits
5 1. Data Tagging, Delete, Retention & Blocked Access Personal information are safely deleted/stored after employees have left the company or following a consent request ILM: Tagging SAP data across environments, deletes, secure archives PowerDesigner PD: Tagging non-sap data across environments Tagging of personal data Deletion of SAP data, document the systems & procedures for deletion of non-sap data Archiving of SAP data, document the systems & procedures for non-sap data for legal purposes with retention periods Safe (separate, managed, blocked) storage of archived data Based on Information Lifecycle Management, PowerDesigner and Process Control
6 2. Processing and Storing of Personal Data, Data Privacy Rights - Lawful basis Data Privacy includes the following rights of the natural person (data subject): Their data can only be processed if one of the grounds on the left can be shown per process They have the right to request blocking of their data, and deleting of their data The risk associated with processing their data has to be assessed Their data is safeguarded, ensuring that only the defined and currently agreed processing in the required scope will take place (minimising to as little data as possible) The data is deleted as soon as all legal retention periods have passed, and the data is blocked during the time in which it is kept for legal reasons only They can get all relevant information on their data undergoing processing They have the right to get incorrect data corrected 10 Based on Process Control
7 3. Data Breaches Accidental or malicious GDPR: An accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data Processors must report breaches to controllers Controllers must report breaches to the supervisory authority (within 72 hours) and affected data subjects if at risk Failures can result in punitive fines per sensitive breach Breach Monitor configuration changes Consistently apply patches and updates Monitor logs for anomalies and attacks Review critical access and relevant transactions Govern access and manage identities Protect data inside / outside the application Ensure appropriate policies and training DLP IAM Mature from rigid preventive controls to agile detective controls Connecting with business partners and to equipment take into account state of the art. cost of implementation...appropriate technical measures.. 7
8 4. Data Protection Impact Assessment The DPIA GDPR requires: A formalised process to identify non-compliant risks PIA carried out on any high risk processing, before it is commenced A description of the processing activities and purpose an assessment of the need for and proportionality of the processing risks arising and mitigations are documented and dealt with especially safeguards and security measures to protect personal data and comply with GDPR Examples: large scale processing or profiling of any personal data. DPO s advice on carrying out a PIA must be sought. Authority must be consulted before processing is carried out on high unmitigated risk. Based on Risk Management and Process Control
9 5. Assist you with demonstrating your GDPR Certification Document governance requirements Favourable measures of demonstrating compliance would be operating a regular audit program including for example: Privacy by design Privacy impact assessments (and managed consequences) Engaging a DPO and giving them adequate resources and independence, Controller selection process, and regular review of service providers (data processors) for data processed Manage the use of sub-processors, vendors Use of e.g. pseudonymisation, encryption (so called state of the art technologies), access governance Certification of data processing (especially cloud where individual audits are not feasible) Regulator: Accountability, good governance, sustainable procedures..when in doubt, get a DPO Based on Process Control and Risk Management
10 Example GDPR Cockpit you might build
11 Example - GDPR Compliance Approach
12 Compliance Approach Phase 1 (1H2017) Audit and Gap Analysis: Where is my personal data, what is my baseline risk? Identify personal data locations stored or processed internally, or by 3 rd parties Determine lawful purposes processes touching data consent procedures & policy management Risk assess processes lawful user access to data, cyber security risk retention requirements and management Gap analysis, strategic direction, program of work Information Lifecycle Management* PowerDesigner Information Steward Celonis Process Control Risk Management
13 Compliance Approach Phase 2.1 (2H2017) Set up Business as Usual Program: Implement data & procedures management Tagging for consent, consent management erasure, porting & no-process retention archive & destroy Data security technology for DLP and IAM breach management incl. 3 rd parties data minimization, accuracy, unlawful viewing New processes & lawful purpose consent policy, risk assessments, data security 3 rd party contracts Data security, consent and procedure management Information Lifecycle Management* PowerDesigner Information Steward Celonis Process Control, AC, DAM, SSO/IDM Risk Management, CRM links Enterprise Threat Detection, RAL
14 Compliance Approach Phase 2.2 (1H2018) Embed DPO, Compliance Status: Accountability, governance, repeatable processes DPO engagement DPIA and compliance signoff DPO sanctions certification Governance process evidence accountability transparency policy Regulator communication procedures audit procedures breach notification policy (country, industry) Ready for Regulator Information Lifecycle Management* PowerDesigner Information Steward Celonis Process Control, AC, DAM, SSO/IDM Risk Management, CRM links Enterprise Threat Detection, RAL BI Cockpit, Audit Management
15 Core SAP Solutions for GDPR Compliance GDPR is so vast no single solution in the market can address all of it. Furthermore, there is no single most important area to focus on first. SAP have the unique advantage of best of breed solutions when used together to enable you to demonstrate your GDPR compliance: Process Control (PC): The single most important custodian of GDPR compliance, providing ongoing digital evidence to the supervising authority of for example breach management, compliant policies & privacy notices and procedures, lawful exclusions, DPIA results (and assessment), controls (with automated monitoring across SAP and non-sap systems), challenge responses, audit evidence (AM for full audits) and action management, lawful purpose per process, third party and contract management, processor/sub-processor management. Information Lifecycle Management (ILM)*, PowerDesigner (PD): ILM is A powerful SAP-only tool for tagging personal data across multiple environments and managing the procedures for deleting and archiving with defensible legal retention requirements. PD covers non-sap data tagging (not deleting). Information Steward: Mature data profiling and metadata management tool providing contiguous interrogation of the location of personal data across the estate for SAP and non-sap systems, as well as assisting in managing personal data accuracy and consistency. Celonis: Cutting edge HANA-powered process mining technology to understand and visualize which processes actually touch personal data, as opposed to the ones you think do, with real-time cross-platform big data surveillance for SAP and non-sap systems. Read Access Logging (RAL)* or Enterprise Threat Detection (ETD): Data Loss Prevention. RAL will monitor, log and categorise read access to personal data for SAP systems. HANA-powered ETD is a big-data real-time security event detection and management tool for application-level access processing and pattern analysis - provides real time breach, inappropriate access, investigation and remediation plus dashboarding. AC, DAM, IDM/SSO, HR: Id & Access Management. Managing lawful user access to personal data is a core requirement of GDPR either in active business systems, contracted processors, archives, as part of employee enrolment, or contract management. SAP provides robust best of breed solutions. Customer Relationship Management (CRM): Customer-facing solution to track and manage consent requests, regulator dialogues. BI for Cockpit: Develop a dashboard that provides the single place to go for real-time GDPR compliance status, with drill-through into topic details.
16 Example Personal Data in SAP Business Suite
17 Lifecycle of personal data handled 17
18 Last but not least The GDPR carries massive fines -- up to 20 million or 4% of your company's global gross revenue, for a single violation Say you re DPO at JetBlue. What happens to your company (and your career), when a DPA determines your team violated the GDPR and levies a fine of $256,000,000? (That s 4% of 2016 gross revenue.) Germany Enacts GDPR Implementation Bill Facebook received a $122 million fine from the European Union s antitrust regulators, who say the social media giant provided misleading information during its 2014 acquisition of the messenger app WhatsApp 18
19 Altima d.o.o. Horvatova 80A, HR Zagreb, Hrvatska T , F info@altima.hr
SAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases
SAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases Dr. Neil Patrick Director COE GRC & Security (EMEA) 10 th May 2017 2017 SAP AG. All rights reserved. Internal, Named Partner 1 2017
More informationReady for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
SAP Database and Data Management Portfolio/SAP GRC Solutions Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationWHITE PAPER EU General Data Protection Regulation Compliance
WHITE PAPER EU General Data Protection Regulation Compliance Table of Contents 1. SAP is ready for GDPR 04 1.1. Data Protection Processes 04 1.2. Data Protection Thresholds 05 1.3. Technical & Organizational
More informationwith Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting
with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting xada@gedapre.eu tel 0475-41.03.22 xavier.darmstaedter@dacota.eu Gent, 3 October 2017 4 facts 1. We are not really in control of our personal
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationSAP and SAP Ariba Solution Support for GDPR Compliance
Frequently Asked Questions EXTERNAL The General Data Protection Regulation (GDPR) SAP Ariba Source-to-Settle Solutions SAP and SAP Ariba Solution Support for GDPR Compliance The European Union s General
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationBROOKS PERSONAL TRAINING
BROOKS PERSONAL TRAINING Data Protection Policy Data Protection Policy Lent 2017 0 DATA PROTECTION POLICY Table of Contents: 1. Document Control... 2 2. Introduction... 3 3. General Statement of Scope...
More informationGDPR 7 questions you should ask technology vendors about GDPR
GDPR 7 questions you should ask technology vendors about GDPR Page 2 Introduction When selecting a technology platform, it is important to consider how the vendor will help your organization comply with
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationAccountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management? Alan Calder Founder & Executive Chairman IT Governance Ltd 19 January 2017 www.itgovernance.co.uk Introduction Alan Calder
More informationNissa Consultancy Ltd Data Protection Policy
Nissa Consultancy Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments (DPIA)
More informationGDPR & SMART PIA. Wageningen University Feb 2017
GDPR & SMART PIA Wageningen University Feb 2017 Tips for Action: Anticipate on the new EU General Data Protection Regulation (GDPR) to determine the privacy standards GDPR has been adopted by EU Parliament
More informationCHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]
CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Legal02#67236978v1[RXD02] CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Notes: We recommend that any business looking to comply with the
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationEU General Data Protection Regulation: Are you ready?
EU General Data Protection Regulation: Are you ready? Powered by Global Markets EY Knowledge Contents What do you need to know about the new EU General Data Protection Regulation? Are organisations ready
More informationPreparing for the GDPR
Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection
More informationPERSPECTIVE. GDPR - An industry and geography agnostic regulation. Abstract
PERSPECTIVE GDPR - An industry and geography agnostic regulation Abstract As the deadline to comply with the General Data Protection Regulation (GDPR) draws near, many organizations are unaware of what
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationThe GDPR and its requirements for implementing data protection impact assessments (DPIAs)
The GDPR and its requirements for implementing data protection impact assessments (DPIAs) Presented by: Alan Calder, founder and executive chairman, IT Governance 7 September 2017 Introduction Alan Calder
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationEU General Data Protection Regulation in the digital age: Are you ready?
EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented
More informationGeneral Data Protection Regulation
General Data Protection Regulation Caroline Budde Vice President, Compliance, Global Privacy Officer Walgreens Boots Alliance Agenda Overview of global data protection The General Data Protection Regulation
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) ServiceNow Governance, Risk, and Compliance Table of Contents What is the GDPR?...3 Key Requirements for the GDPR...4 Accountability, Policies,
More informationSAP experience Day Pronti per il GDPR? - 15 febbraio 2018
SAP experience Day Pronti per il GDPR? - 15 febbraio 2018 GDPR: sfide e opportunità. Gli strumenti EIM e GRC, essenziali per operare con successo nell era post-gdpr Silvio Arcangeli, Senior Director, Platform
More informationGDPR POLICY. This policy complies with the requirements set out in the GDPR, which will come into effect on
GDPR POLICY Sponsors Statement All The Bishop of Winchester Academy policies exist to support the Sponsors vision, Christian ethos and values that are embedded in the day-to-day and long term running of
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationAn Introduction to GDPR and How To Prepare
An Introduction to GDPR and How To Prepare Vincenzo Ardilio IRIS Data Protection Officer What We Will Highlight What you need to know first about GDPR Privacy notices Data subject rights The data controller/processor
More informationA COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS. April 19, 2017
A COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS April 19, 2017 The General Data Protection Regulation (GDPR) represents perhaps the most sweeping changes to the protection
More information1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction
Introduction On April 2016 the European Parliament approved the General Data Protection Regulation (GDPR). This new regulation, with mandatory implementation by Member States (MS) and businesses that have
More informationGDPR: A PRAGMATIC APPROACH
GDPR: A PRAGMATIC APPROACH AUTHOR: KOEN CLAESSENS PARTNER - BDO RISK & ASSURANCE SERVICES INTRODUCTION Numerous information sessions have been held and publications issued about the whys and wherefores
More informationA PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018
A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 1 PURPOSE OF THIS DOCUMENT 2 This document is to be used as a guide for advertisers on how they should work with their agencies,
More informationThe operational consequences of new EU data protection regulation In a SAP user access management context
The operational consequences of new EU data protection regulation In a SAP user access management context Application Integrity 01.06.2016 Agenda 08:30 09:00: Registration, coffee & breakfast 09:00 09:15:
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationGeneral Data Protection Regulation - Explained
General Data Protection Regulation - Explained Bernard Cogan & Bobby Gould CUNA Mutual Group ACE Conference & AGM 2017 12 th May 13 3h May 2017 Copthorne Hotel (Birmingham) Are you familiar with GDPR Don't
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationGeneral Data Protection Regulation
General Data Protection Regulation Sofie van der Meulen Axon seminar 21 February 2018 Why and when GDPR Essentials Guidance Data Protection Officer Lead Authority Data Portability Data Protection Impact
More informationWhat does the GDPR mean for recruitment?
What does the GDPR mean for recruitment? www.recruitment.software Contents 04 What is GDPR? In May 2018, Europe s new data protection rules will come into effect. 04 Who is responsible? 05 What are the
More informationData Protection (internal) Audit prior to May (In preparation for that date)
Data Protection (internal) Audit prior to May 2018. (In preparation for that date) For employers without a dedicated data protection or compliance function, a Data Protection Audit can seem like an overwhelming
More informationDocumenting data processing: The EDPS guide to ensuring accountability
Documenting data processing: The EDPS guide to ensuring accountability Accountability on the ground Unlawful data processing can have serious implications for the lives and rights of the individuals whose
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationMore information at cventconnect.com/europe/mobileapp
Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General
More informationGDPR Impacts on Digital Transformation
GDPR Impacts on Digital Transformation @leanandagile @engage_process @leanandagile @engage_process Is this another millennium bug? GDPR compliance will be an ongoing journey Unlike planning for the Y2K
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationGENERAL DATA PROTECTION REGULATION Guidance Notes
GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related
More informationGeneral Data Protection Regulation. Jim Sneddon GDPR-P, CISSP
General Data Protection Regulation Jim Sneddon GDPR-P, CISSP "The GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018. It s your job, it s your
More informationData Protection Policy
Preston and District Data Protection Policy The University of the Third Age Scope of the policy This policy applies to the work of Preston & District U3A (hereafter the U3A ). The policy sets out the requirements
More informationWHAT DOES THE GDPR MEAN FOR HR PROFESSIONALS?
WHAT DOES THE GDPR MEAN FOR HR PROFESSIONALS? The General Data Protection Regualtion An introduction The General Data Protection Regulation comes into effect in mid-2018 and will introduce a number of
More informationGenera Data Protection Regulation and the Public Sector
Genera Data Protection Regulation and the Public Sector Tuesday 30 May 2017 @mhclawyers Welcome Edward Gleeson Partner & Head of Public & Administrative Law Mason Hayes & Curran GDPR for Public Bodies
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationGDPR: Are You Ready? Mapping the Road to GDPR Compliance. March 2018
GDPR: Are You Ready? Mapping the Road to GDPR Compliance March 2018 Agenda GDPR Overview Should you appoint a DPO? Accountability checklist/documentation required When is consent appropriate and how do
More informationBulkington, Nuneaton & Bedworth (BNB) BNB U3A Data Protection Policy
Bulkington, Nuneaton & Bedworth (BNB) BNB U3A Data Protection Policy This policy applies to the work of BNB U3A. The policy sets out the requirements that BNB U3A has to gather information for membership
More informationACCENTURE BINDING CORPORATE RULES ( BCR )
ACCENTURE BINDING CORPORATE RULES ( BCR ) EXECUTIVE SUMMARY INTRODUCTION Complying with data privacy laws is part of Accenture s Code of Business Ethics (COBE). In line with our COBE, we implement recognized
More informationData Protection Policy. UK Policy May 2018
UK Policy May 2018 5 & 7 Diamond Court, Opal Drive, Eastlake Park, Fox Milne, Milton Keynes MK15 0DU, T: 01908 396250, F: 01908 396251 www.cognitaschools.co.uk Registered in England Cognita Limited No
More informationb. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.
Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679
More informationGDPR: What Every MSP Needs to Know
Robert J. Scott GDPR: What Every MSP Needs to Know Speaker Robert J. Scott Agenda Purpose GDPR Intent & Obligations Applicability Subject-matter and objectives Material scope Territorial scope New Rights
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation
More informationSOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL ACROSS THE GLOBE The EU GDPR imposes interrelated obligations for organizations
More informationEU GDPR: European Union General Data Privacy Regulation
EU GDPR: European Union General Data Privacy Regulation Panel @ HERUG 2018 Gudrun Buchholz Christoph Wall Farah Gonzales Freie Universität Berlin Freie Universität Berlin SAP Agenda EU GDPR: What is it
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationPrivacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd
Privacy Policy RSL Ireland Ltd & Refrigeration Products (1999) Ltd At RSL group we are very aware of the importance of managing the personal data that we hold, whether that is from a customer, a supplier
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationAmCham EU s Recommendations on GDPR Implementation
AmCham EU s Recommendations on GDPR Implementation Ensuring a balanced and forwardlooking data protection framework in Europe Executive summary AmCham EU s recommendations for the implementation of the
More informationPrivacy Policy 2018 VERSION 1.0
Introduction 1.1 We are committed to safeguarding the privacy of our website visitors and service users. 1.2 This policy applies where we are acting as a data controller with respect to the personal data
More informationKEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY
KEMBLE PRIMARY & SIDDINGTON CE PRIMARY SCHOOLS DATA PROTECTION & THE GENERAL DATA PROTECTION REGULATION (GDPR) POLICY Member of staff responsible Head teacher Governor responsible Chair of LGB & DPO Date
More informationEU General Data Protection Regulation
Steve Norledge, UKI GDPR Leader Sol Barron, Information Governance Specialist February 2017 EU General Data Protection Regulation Getting Started with GDPR GDPR significantly extends EU member-state data
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationGDPR is coming soon. Are you ready. Steven Ringelberg.
GDPR is coming soon. Are you ready. Steven Ringelberg steven@ringelberglaw.com 616 227 6403 Agenda Who am I Overview What data do you have that is covered and where is it? What rights do individual data
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationPensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes
Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes 1 INTRODUCTION The General Data Protection Regulation (GDPR) comes into force in all EU Member States on 25.
More informationWelcome. Chair s address Barry Warne, hlw Keeble Hawson. GDPR Seminar- Sarah Power, hlw Keeble Hawson
Welcome Chair s address Barry Warne, hlw Keeble Hawson GDPR Seminar- Sarah Power, hlw Keeble Hawson Cybersecurity and GDPR Dominic Ryles, Exertis UK GDPR: the steps you have to take, and how to take them
More informationGDPR-CERTIFIED ASSURANCE REPORT BASED PROCESSING ACTIVITIES
GDPR-CERTIFIED ASSURANCE REPORT BASED PROCESSING ACTIVITIES CERTIFICATION CRITERIA Working draft for public consultation - 29 May 2018 Abstract Document to the attention of organizations that want to obtain
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationReady for GDPR? Five steps to turn compliance into your advantage
Ready for GDPR? Five steps to turn compliance into your advantage 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG
More informationGetting ready for GDPR. A guide to General Data Protection Regulations
Getting ready for GDPR A guide to General Data Protection Regulations The General Data Protection Regulation (GDPR) Wherever information is stored, individuals and organisations need to be mindful of the
More informationThe General Data Protection Regulation and associated legislation. Part 1: Guidance for Community Pharmacy. Version 1: 25th March 2018
The General Data Protection Regulation and associated legislation Part 1: Version 1: 25th March 2018 Introduction The General Data Protection Regulation and, when enacted, the Data Protection Act 2018
More informationPrivacy Policy. To invest significant resources in order to respect your rights in connection with Personal Data about you:
Privacy Policy Last updated: May 17, 2018 This is the privacy policy (the Policy ) of the website www.experitest.com (the "Website") operated by Experitest Ltd., of 10 HaGavish St, 4250708 Poleg, Israel
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationCNPD Training: Data Protection Basics
CNPD Training: Data Protection Basics The obligations of controllers and processors Esch-sur-Alzette Mathilde Stenersen 7-8 February 2018 Legal service Outline 1. Introduction 2. Basic elements 3. The
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationPreparation Guide to the New European General Data Protection Regulation
Preparation Guide to the New European General Data Protection Regulation 1. Introduction 2. The Application of the Regulation to Businesses The General Data Protection Regulation (GDPR) is to protect citizens
More informationGet ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie
Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in
More informationINTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT
WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationA summary of the implications of the General Data Protection Regulations (GDPR)
Introduction A summary of the implications of the General Data Protection Regulations (GDPR) 1. The General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. Various implications
More information