GDPR Practical Approach

Transcription

1 GDPR Practical Approach Ram Kundnani 27 March Mobile: Linkedin: Website:

2 Agenda What is GDPR? Why GDPR? Who is GDPR for? Department requiring GDPR compliance GDPR principles GDPR Practical Approach GDPR Roadmap Impact for an organisation being GDPR non-compliant

3 General Data Protection Regulation FOUNDATION An Opportunity to gain, maintain and enhance customer trust, interaction and future business 3

4 What is GDPR? EU regulation replacing Data Protection Act 1998 on 25 May 2018 Applicable to personally identifiable data of EU citizens alive Encompasses much wider scope of personal data New roles Controller, Processor and Data Protection Officer Much greater rights to data subjects Increased penalties Governance

5 Why GDPR? 1998 Paper Form or Post or phone Sources of Collecting Personal Data 2018 Paper Form Post Online Social Media Mobile 2020 All current methods + IOT

6 Who is GDPR for? Corporate Organisations Micro, Small and Medium Size Business Education Sector Nursery to University Health Sector GP, Dentist, Hospital Charity Sector

7 Departments requiring GDPR compliance Marketing Online and Offline Finance Sales Business Human Resources

8 ICO (Information Commissioners Office) 12 Principles 1 AWARENESS 2 INFORMATION YOU HOLD 7 CONSENT 3 COMMUNICATION PRIVACY INFOMRATION 8 CHILDREN 4 INDIVIDUALS RIGHTS 9 DATA BREACHES 5 SUBJECT ACCESS REQUESTS 10 DATA PROTECTION BY DESIGN & DATA IMPACT ASSESSMENTS 6 LAWFUL BASIS FOR PROCESSING PERSONAL DATA Source: ICO Preparation for the General Data Projection Regulation DATA PROTECTION OFFICERS INTERNATIONAL

9 Organisation and Data Protection Government Customers / Students / Patients / Tenants / Guests / Passengers Local Authority and Police Crime, Anti Social Behaviour Associate / Partner University / organisation Organisation Home Office Social Media Employers

10 Steps for GDPR compliance Roles Controller, Processor, DPO Review legal contracts Data Protection GDPR Compliance Define / amend Privacy Statement / Terms and Conditions Business Process Review Design and execute Consent Form

11 Consent Standard and Explicit

12 Data Protection User Cloud Data Protection Business Application Database

13 Business Process Evaluation: 1. GDPR focusses on security and protection of personal data throughout data journey of data subject Legal Contracts: 1. Each organisation needs to review all their legal contracts for data protection, security and GDPR compliance 2. In order to establish data journey and understand points of potential data leakage, it is important to review business processes. 2. Ideally, solicitor firm / legal team of an organisation should review them 3. An organisation may provide business process documentation to be reviewed for GDPR Compliance and GDPR Consultancy can deliver businesses as service 3. If organisation does not has its own legal team / solicitor to help them, GDPR Consultancy will get contracts reviewed by solicitors at very competitive prices 4. GDPR Consultancy will impartially review them and submit report for enhance security (if required). 5. If an organisation has no business process documents, GDPR Consultancy will use expert Business Analyst/s to create business processes, submitting report for approval

14 Example: Effort Estimates for SMEs Registration with ICO Easy Gap Analysis Implementation Training Contract Review 5-15 days Minimum 1 day Minimum 1 day Minimum 3 days Consent Effort intensive

15 Key steps: From now to 24 May 2018 Educate Senior Management GDPR Roadmap Gap Analysis Risk Register GDPR Consent Form Sign off legal contracts Employee Training Customer Facing Documents

16 Impact if organisation is not GDPR compliant Stress, Fear and Anxiety Potential Revenue Loss Potential Penalties in case of data breach Potential Reputational Risk

17 Questions and Answers Mobile: Linkedin: Website: