TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

Size: px
Start display at page:

Download "TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION"

Transcription

1 TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA s Data Protection Officer International Contracts Rulebook

2 The rise of big data has immensely changed our lives and will continue to do so for the coming decades. With the explosion of available information and the technology to process vast amounts of data we see public opinion and governments getting to grips with the new world. And because information can be as dangerous as it can be helpful, privacy protection has never been so relevant as it is now. In reaction, the European Commission has made a clear stance with the General Data Protection Regulation. One set of rules to protect every European citizen that has serious consequences for all organisations. A lot has been written about it and many summaries have been made, but we experienced most parties have little notion on how to become GDPR compliant. Therefore, Adversitement made a pragmatic twelve step plan to help organisations prepare for the General Data Protection Regulation. 1. AWARENESS The General Data Protection Regulation is a big one, it will have a serious impact on your organization. Because information flows everywhere, it will reach far beyond the boundaries of the legal department. All stakeholders and decision makers in your organization need to be made aware of all new regulatory demands. These key figures need to assess the consequences of the General Data Protection Regulation on specific parts of the organization and decide on the next best actions. Expect a substantial impact on resources to become compliant and make effective use of the limited time until May 2018 when the law will become fully enforceable. 2. DATA STREAM MAP Not knowing what s going on isn t an option anymore. Start by building a Data Stream Map and document all (personal) data processed within your Data Infrastructure. The information audit will result in a good overview and provide the necessary legal documentation required by the authorities. This is not solely HR or CRM related; do not forget your digital channels and digital marketing tools! We advise using our Data Life Cycle as a guide to ask the right questions about how data streams through your organization (see appendix 1). 3. COMMUNICATION Transparency is no longer a luxury. With the General Data Protection Regulation you re obligated to provide information on all your data processing. This needs to be communicated in a clear and understandable way. Every data subject must be able to understand why you re using their personal data. Use your Data Stream Map to update your privacy statement with all data streams and explain the legitimate basis for the data processing, either via consent or as otherwise required by law.this is also mandatory for all your online endeavors, especially with the proposed European eprivacy Regulation. Information and transparency are key. 2

3 4. RIGHTS OF THE SUBJECT Along with the Data Stream Map, the rights of the subject will be the most complex and costly part of the General Data Protection Regulation. With the GDPR all European Data Subjects have the following rights: The right to be informed. The right of access. The right to rectification. The right to erasure (right to be forgotten) The right to restrict processing. The right to data portability. The right to object. Rights in relation to automated decision making and profiling. These rights propose a serious challenge for nearly all tools, systems and non-digital (dark) data. It is our experience that due to the many processors, sub-processors and cloud solutions operating altogether that the right to be forgotten is a key feature to implement. The way to get this right is to assess all your data processing parties and partners in your Data Stream Map. Demand from vendors to implement features that enable your organization to quickly stop data processing, correct data, transfer data, grant access and delete data. Without causing crippling delays and additional costs, we experience so often. It might even result in a change of vendor. Your organization simply cannot accept legal risks and liability by non-compliant partners or burden its resources by manually answering all data subject related requests. 5. LEGAL BASIS With the General Data Protection Regulation there must a legal basis for all processing of personal data. There are multiple conditions under which it is a legal obligation or requirement to process personal data. Your Data Stream Map should also mention the legal basis on which the processing is done for every activity. The Regulation notes the following conditions: Contractual necessity Legal obligation Vital interests (life-or-death scenario s. And no, marketing is not vital) Public interest Legitimate interest (such as fraud prevention) Services provided to a client or customer And of course explicit consent given by the data subject. 3

4 6. CONSENT It can be argued that the entire General Data Protection Regulation is about consent. A freely given, specific, informed and unambiguous indication of the data subjects agreement to the processing of personal data. This is how it protects European citizens and their privacy, and allows you to legally and transparently process their personal data. The General Data Protection Regulation requires data protection by design and data protection by default. Therefore silence, pre-ticked boxes or inactivity do not constitute consent. It has to be the a clear affirmative act of a well informed data subject. Consent should always be based on opt-in and not opt-out. The next best action to comply to the General Data Protection Regulation is to review the ways you ask, receive and register consent. In the end, you should be able to demonstrate that the data subject has given consent. 7. DATA BREACHES Data breaches happen. Mail attachments to the wrong recipients, passwords written on post-its, data sent to the wrong database, lost devices or even hackers gaining access, are unfortunately all too common examples of data breaches. With the General Data Protection Regulation your organization has obligations to be prepared for data breaches and must implement processes to; Find and identify personal data breaches, Notify the authority within 72 hours, Communicate with the data subject in case of a high risk breach. The documentation of these processes, responsibilities and ownership must be in place and demonstrate your organization has everything in place to swiftly and correctly comply with the regulation. Alongside your Data Stream Map we strongly advise a Data Governance Rule Book. This Rulebook is also an insurance necessity. Data breaches are very costly in terms of halted business and resources needed to respond and mitigate. In such cases you ll turn to your cyber insurance but without proper documentation proving you did everything right, insurances simply won t pay out. Which is quite a loss with an average cost for a data breach at around $4 million*. *2016 Costs of Data Breach Study: Global Analysis by IBM and Ponemon. 4

5 8. PRIVACY BY DESIGN AND PRIVACY IMPACT ASSESSMENTS With the General Data Protection Regulation it s time to get familiar with privacy by design or as the regulation calls it; the principles of data protection by design, by default, and privacy impact assessments (PIA). Privacy Impact Assessments must be done with the implementation of new systems, functionalities or innovations with personal data and profiling. The PIA will indicate the risk level of the data processing and give your organisation the ability to mitigate risk with appropriate measures and consultation with the authorities. Data protection by design constitutes a way of working that requires your organisation when developing, designing, or building their services and solutions, to think of minimising and pseudonymising personal data. Data protection by default requires that all options and settings your organisation offers in services or products have, by default, the strictest privacy protection selected. The data subject can change these settings and provide consent, so opt-in instead of opt-out. Make sure your organisation adopts the principles of data protection and Privacy Impact Assessments by training personel and making it part of your Data Governance Rule Book. 9. DATA PROTECTION OFFICER In some cases it s obligatory to appoint a Data Protection Officer, who will be responsible to uphold the General Data Protection Regulation within the organization and who also acts a representative towards the authorities. Your organization is obligated to appoint a DPO when; It s a public authority or body, or when it processes personal data on a large scale (there s no clear minimum threshold at the moment). 10. INTERNATIONAL When your organization is internationally active you need to determine the leading authority. In most cases this will be the authority of the country where your main establishment resides. Next to multiple authorities you should be aware of the local laws and legislations that might have additional obligations regarding the processing of personal data. 5

6 11. CONTRACTS It s safe to assume your organisation uses outsourced service providers such as cloud vendors or data experts for data processing. Or in legal terms, processors who carry out processing on behalf of you, the controller. It s advised to review all contracts and data processing agreements your organisation has with it s processors and sub-processors and what amendments are required. The Data Stream Map should provide ample information on all involved processers and sub-processors whose contracts must be reviewed. 12. RULE BOOK Establishing effective data governance to comply with the General Data Protection Regulation is not a one time exercise. All eleven previous steps must a be a continuous part of your data operations and the requirements, processes, responsibilities and ownership should be gathered in a Data Governance Rulebook, containing the: roles and responsibilities for Data governance and compliance to the General Data Protection Regulation. process of documenting all data processing in the Data Stream Map including the legal basis and consent. process of maintaining up to date communication with data subjects. process of executing the rights of the subject. process in case of Data breaches. operational requirements for Privacy by Design. process for execution of Privacy Impact Assessments. responsibilities and mandate of the Data Protection Officer. requirements for existing and new contracts with data processors. Want to know more about about the GDPR and getting compliant? Please contact: JANUS DE VISSER Senior Data Governance Consultant of Adversitement Hogehilweg 19, 1101 CB Amsterdam +31 (0)

7 APPENDIX 1. DATA LIFE CYCLE Define Generate Capture Transport Transform Store Discover Apply Repurpose Destroy Collect Process Utilize 7

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,

More information

GDPR factsheet Key provisions and steps for compliance

GDPR factsheet Key provisions and steps for compliance GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance

More information

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation

More information

GDPR Factsheet - Key Provisions and steps for Compliance

GDPR Factsheet - Key Provisions and steps for Compliance GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as

More information

General Data Protection Regulation - Explained

General Data Protection Regulation - Explained General Data Protection Regulation - Explained Bernard Cogan & Bobby Gould CUNA Mutual Group ACE Conference & AGM 2017 12 th May 13 3h May 2017 Copthorne Hotel (Birmingham) Are you familiar with GDPR Don't

More information

General Data Protection Regulation. Jim Sneddon GDPR-P, CISSP

General Data Protection Regulation. Jim Sneddon GDPR-P, CISSP General Data Protection Regulation Jim Sneddon GDPR-P, CISSP "The GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018. It s your job, it s your

More information

GDPR is coming in 108 days: Are you ready?

GDPR is coming in 108 days: Are you ready? Charles-Albert Helleputte Partner, Brussels GDPR is coming in 108 days: Are you ready? Diletta De Cicco Legal Consultant, Brussels 6 February 2018 +32 2 551 5982 chelleputte@mayerbrown.com +32 2 551 5974

More information

More information at cventconnect.com/europe/mobileapp

More information at cventconnect.com/europe/mobileapp Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General

More information

EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation

More information

A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018

A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 1 PURPOSE OF THIS DOCUMENT 2 This document is to be used as a guide for advertisers on how they should work with their agencies,

More information

Introduction to the General Data Protection Regulation (GDPR)

Introduction to the General Data Protection Regulation (GDPR) Introduction to the General Data Protection Regulation (GDPR) #CIPR / @CIPR_UK This guide is worth 5 CPD points Introduction to the General Data Protection Regulation (GDPR) / 2 Contents 1 Introduction

More information

GDPR for Charities. Tuesday 17 October 2017

GDPR for Charities. Tuesday 17 October 2017 GDPR for Charities Tuesday 17 October 2017 Welcome Edward Gleeson, Head of Charities GDPR for the Charity Sector Robert Haniver, Senior Associate Data protection reform General Data Protection Regulation

More information

Preparing for the GDPR

Preparing for the GDPR Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection

More information

How employers should comply with GDPR

How employers should comply with GDPR 02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact

More information

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The

More information

General Data Protection Regulation (GDPR) A brief guide

General Data Protection Regulation (GDPR) A brief guide General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner

More information

Brexit and the Future of Data Protection

Brexit and the Future of Data Protection Brexit and the Future of Data Protection Max Todd Information Compliance Team, Council Secretariat Tuesday 27 September 2016 General Data Protection Regulation (GDPR) Applies throughout EU from 25 May

More information

CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]

CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02] CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Legal02#67236978v1[RXD02] CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Notes: We recommend that any business looking to comply with the

More information

GDPR Compliance Checklist

GDPR Compliance Checklist GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May

More information

Data Protection (internal) Audit prior to May (In preparation for that date)

Data Protection (internal) Audit prior to May (In preparation for that date) Data Protection (internal) Audit prior to May 2018. (In preparation for that date) For employers without a dedicated data protection or compliance function, a Data Protection Audit can seem like an overwhelming

More information

GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey

GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?

More information

Guidance on the General Data Protection Regulation: (1) Getting started

Guidance on the General Data Protection Regulation: (1) Getting started Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1

More information

What does the GDPR mean for recruitment?

What does the GDPR mean for recruitment? What does the GDPR mean for recruitment? www.recruitment.software Contents 04 What is GDPR? In May 2018, Europe s new data protection rules will come into effect. 04 Who is responsible? 05 What are the

More information

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in

More information

Foundation trust membership and GDPR

Foundation trust membership and GDPR 05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection

More information

GDPR journey: from ready to compliant GDPR survey results

GDPR journey: from ready to compliant GDPR survey results GDPR journey: from ready to compliant GDPR survey results Readiness at a glance The General Data Protection Regulation (or GDPR ) took full effect on 25 May 2018. As a key data protection regulation,

More information

GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB}

GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB} contents. at a glance ICO Helpline Principles Privacy by design Lawful basis for processing Privacy Electronic Communications Regulations - PECR

More information

Preparing for the General Data Protection Regulation (GDPR)

Preparing for the General Data Protection Regulation (GDPR) Preparing for the General Data Protection Regulation (GDPR) ServiceNow Governance, Risk, and Compliance Table of Contents What is the GDPR?...3 Key Requirements for the GDPR...4 Accountability, Policies,

More information

General Data Protection Regulation (GDPR) Key considerations and implications for brokers

General Data Protection Regulation (GDPR) Key considerations and implications for brokers General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()

More information

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations

Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy

More information

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

GDPR Webinar : Overview & practical compliance steps. 23 October 2017 GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About

More information

WSGR Getting Ready for the GDPR Series

WSGR Getting Ready for the GDPR Series WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,

More information

GDPR & SMART PIA. Wageningen University Feb 2017

GDPR & SMART PIA. Wageningen University Feb 2017 GDPR & SMART PIA Wageningen University Feb 2017 Tips for Action: Anticipate on the new EU General Data Protection Regulation (GDPR) to determine the privacy standards GDPR has been adopted by EU Parliament

More information

Data Protection Policy

Data Protection Policy Data Protection Policy General Data Protection Regulations (GDPR) Document control Version control / history Note: This policy requires to be reviewed at least annually from the publication of the last

More information

Sample Data Management Policy Structure

Sample Data Management Policy Structure Sample Data Management Policy Structure This document has been produced by The Audience Agency. You are free to edit and use this document in your business. You may not use this document for commercial

More information

WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT

WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what

More information

Genera Data Protection Regulation and the Public Sector

Genera Data Protection Regulation and the Public Sector Genera Data Protection Regulation and the Public Sector Tuesday 30 May 2017 @mhclawyers Welcome Edward Gleeson Partner & Head of Public & Administrative Law Mason Hayes & Curran GDPR for Public Bodies

More information

What you need to know. about GDPR. as a Financial Broker. Sponsored by

What you need to know. about GDPR. as a Financial Broker. Sponsored by What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues

More information

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the

More information

A Practical Guide to Data Protection for Information Professionals

A Practical Guide to Data Protection for Information Professionals A Practical Guide to Data Protection for Information Professionals Naomi Korn and Carol Tullo on behalf of NKCC NKCC 2018. All Rights Reserved. www.naomikorn.com The information contained within this document

More information

Preparing for the General Data Protection Regulation (GDPR)

Preparing for the General Data Protection Regulation (GDPR) Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation

More information

General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR

General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT

More information

The Sage quick start guide for businesses

The Sage quick start guide for businesses General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing

More information

Brace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas

Brace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas February 13, 2017 Brace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas The ICSA Annual Conference 2017 Stronger Boards, Better Governance ExCel, London, 4 July, 2017, 11:30 AM Our

More information

GDPR: What Every MSP Needs to Know

GDPR: What Every MSP Needs to Know Robert J. Scott GDPR: What Every MSP Needs to Know Speaker Robert J. Scott Agenda Purpose GDPR Intent & Obligations Applicability Subject-matter and objectives Material scope Territorial scope New Rights

More information

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT

INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers

More information

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR September 2017 Contents What is the GDPR and what does it change? Section Page What is

More information

9 Ways Accountants Can Prepare for GDPR

9 Ways Accountants Can Prepare for GDPR 9 Ways Accountants Can Prepare for GDPR This guide contains nine ways Accountants can prepare for the arrival of The General Data Protection Regulation (GDPR) that is replacing the Data Protection Act

More information

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR Contents Section Page What is the GDPR and what does it change? 01 Understanding the core

More information

GDPR - Salon Guide Contents

GDPR - Salon Guide Contents GDPR for salons INTRODUCTION 1 GDPR - Salon Guide Contents GDPR - Salon Guide 1. INTRODUCTION 1 a. Already comply with Data Protection? 1 b. What is personal data? 4 c. Who controls the data? 4 d. What

More information

GDPR: An Evolution, Not a Revolution

GDPR: An Evolution, Not a Revolution GDPR: An Evolution, Not a Revolution Disclaimer This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should

More information

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features:

Presenting a live 90-minute webinar with interactive Q&A. Today s faculty features: Presenting a live 90-minute webinar with interactive Q&A Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now Revising Service Agreements and

More information

General Data Protection Regulation (GDPR) Frequently Asked Questions

General Data Protection Regulation (GDPR) Frequently Asked Questions General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or

More information

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents

TimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.

More information

General Data Privacy Regulation: It s Coming Are You Ready?

General Data Privacy Regulation: It s Coming Are You Ready? General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.

More information

Introduction. Ignoring the impact of the GDPR on your recruitment team is opening up your business to substantial risk.

Introduction. Ignoring the impact of the GDPR on your recruitment team is opening up your business to substantial risk. THE GDPR PLAYBOOK Introduction The GDPR requires you to do a number of things and with our GDPR Playbook, you can become a beacon of trust with an approach that is in line with the spirit of GDPR that

More information

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock

More information

The General Data Protection Regulation: What does it mean for you?

The General Data Protection Regulation: What does it mean for you? The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up

More information

The General Data Protection Regulation and associated legislation. Part 1: Guidance for Community Pharmacy. Version 1: 25th March 2018

The General Data Protection Regulation and associated legislation. Part 1: Guidance for Community Pharmacy. Version 1: 25th March 2018 The General Data Protection Regulation and associated legislation Part 1: Version 1: 25th March 2018 Introduction The General Data Protection Regulation and, when enacted, the Data Protection Act 2018

More information

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.

b. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law. Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679

More information

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )

RSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company ) RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:

More information

The EU General Data Protection Regulation. Coming to you 25 May 2018, wherever you may be...

The EU General Data Protection Regulation. Coming to you 25 May 2018, wherever you may be... The EU General Data Protection Regulation Coming to you 25 May 2018, wherever you may be... Supporting you to support your clients through the GDPR compliance maze Extra-territorial effect does the GDPR

More information

Ready for GDPR? Five steps to turn compliance into your advantage

Ready for GDPR? Five steps to turn compliance into your advantage Ready for GDPR? Five steps to turn compliance into your advantage 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Document Control History Title Data Protection Policy Version no. 1.0 Date of publication May 2018 Author(s) Amanda Cramb, HR Manager Next review date May 2021 Page 1 Introduction

More information

GDPR General Data Protection Regulation

GDPR General Data Protection Regulation GDPR General Data Protection Regulation Compliance Information Guide - May 2018 About this document Ticket Arena & Event Genius Disclaimer DISCLAIMER: This is a brief presentation for information purposes

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related

More information

December 28, 2018, New Delhi, INDIA

December 28, 2018, New Delhi, INDIA LexArticle December 28, 2018, New Delhi, INDIA GDPR COMPLIANCES BY INDIAN COMPANIES A BRIEF OVERVIEW GDPR COMPLIANCES BY INDIAN COMPANIES A BRIEF OVERVIEW If you have questions or would like additional

More information

Dealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016

Dealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016 Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:

More information

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak

Training Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak PROFESSIONAL INDEPENDENT ADVISERS LTD DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Training Manual Data Protection Officer is Mike Bandurak GDPR introduction

More information

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High

More information

Getting Ready for the GDPR

Getting Ready for the GDPR Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd

More information

Getting ready for GDPR. A guide to General Data Protection Regulations

Getting ready for GDPR. A guide to General Data Protection Regulations Getting ready for GDPR A guide to General Data Protection Regulations The General Data Protection Regulation (GDPR) Wherever information is stored, individuals and organisations need to be mindful of the

More information

GENERAL DATA PROTECTION REGULATION Guidance Notes

GENERAL DATA PROTECTION REGULATION Guidance Notes GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in

More information

What is GDPR and Should You Care?

What is GDPR and Should You Care? What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what

More information

EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) EU General Data Protection Regulation (GDPR) May 23, 2018 Dixie B. Baker, Ph.D. Agenda GDPR Basics Key Changes from Data Protection Directive Special Categories Consent Conditions and Elements HIPAA and

More information

NOT PROTECTIVELY MARKED

NOT PROTECTIVELY MARKED Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley

More information

A guide to GDPR the effect on all UK organisations

A guide to GDPR the effect on all UK organisations A guide to GDPR the effect on all UK organisations Personal Data Penalties Consent Data Breach Notification GDPR Right to Object Data Portability Right to be Forgotten A white paper from Eazipay Ltd October

More information

The ecommerce Guide to GDPR. How to Ensure Compliance and a Competitive Edge

The ecommerce Guide to GDPR. How to Ensure Compliance and a Competitive Edge The ecommerce Guide to GDPR How to Ensure Compliance and a Competitive Edge 03 Table of Contents Executive Summary 03 What is the GDPR? 04 What Does the GDPR Mean to ecommerce? 06 Challenges to Overcome

More information

General Data Protection Regulation. What should community energy organisations be doing to prepare?

General Data Protection Regulation. What should community energy organisations be doing to prepare? General Data Protection Regulation What should community energy organisations be doing to prepare? The implementation date of 25 May 2018 for the General Data Protection Regulation (GDPR) is fast approaching.

More information

Employee Privacy Notice T-Mobile (Medewerker privacyverklaring)

Employee Privacy Notice T-Mobile (Medewerker privacyverklaring) Privacy Requirements Employee Privacy Notice T-Mobile (Medewerker privacyverklaring) T-Mobile Netherlands B.V., T-Mobile Thuis B.V. en T-Mobile Finance B.V. Version: 1.0 Date: Ju n e 12 th, 2018 Statu

More information

The Marketing Pod s Guide to... GDPR

The Marketing Pod s Guide to... GDPR The Marketing Pod s Guide to... GDPR Q. What is GDPR? A. Game changing data protection rules you shouldn t ignore New legislation around data protection is coming, and it s something every business and

More information

Welcome. Chair s address Barry Warne, hlw Keeble Hawson. GDPR Seminar- Sarah Power, hlw Keeble Hawson

Welcome. Chair s address Barry Warne, hlw Keeble Hawson. GDPR Seminar- Sarah Power, hlw Keeble Hawson Welcome Chair s address Barry Warne, hlw Keeble Hawson GDPR Seminar- Sarah Power, hlw Keeble Hawson Cybersecurity and GDPR Dominic Ryles, Exertis UK GDPR: the steps you have to take, and how to take them

More information

The ICT Service:

The ICT Service: GDPR for schools 1 Intro and aims The ICT Service: support@theictservice.org.uk, 0300 300 00 00 Cambridgeshire County Council: Information and Records Team. Data.protection@cambridgeshire.gov.uk 01223

More information

1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction

1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction Introduction On April 2016 the European Parliament approved the General Data Protection Regulation (GDPR). This new regulation, with mandatory implementation by Member States (MS) and businesses that have

More information

The General Data Protection Regulation (GDPR)

The General Data Protection Regulation (GDPR) Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR September 2017 Contents Section Page What is the GDPR and what does it change? 01 Understanding

More information

EU General Data Protection Regulation in the digital age: Are you ready?

EU General Data Protection Regulation in the digital age: Are you ready? EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented

More information

General Data Protection Regulation. The changes in data protection law and what this means for your church.

General Data Protection Regulation. The changes in data protection law and what this means for your church. General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23

More information

Data Protection for Landlords. David Smith Anthony Gold Solicitors

Data Protection for Landlords. David Smith Anthony Gold Solicitors Data Protection for Landlords David Smith Anthony Gold Solicitors Why Protect Data at All? Personal data is key important in everyday life Internet allows information about people to be spread quickly

More information

GENERAL DATA PROTECTION REGULATION.

GENERAL DATA PROTECTION REGULATION. For the use of mortgage intermediaries and other professionals only. GENERAL DATA HALIFAX INTERMEDIARIES KEY CHANGES GUIDE MAY 2018 REGULATION >SELECT A TILE FOR MORE INFORMATION WHAT IS THE GDPR? KEY

More information

CAPTIFY S GDPR READY POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT

CAPTIFY S GDPR READY POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT CAPTIFY ON GDPR POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT + + The GDPR (General Data Protection Regulation) is going into effect on 25th May 2018. By providing enhanced

More information

The New EU General Data Protection Regulation 1

The New EU General Data Protection Regulation 1 The New EU General Data Protection Regulation 1 Dear clients and friends, On 14 April 2016 the EU Parliament formally approved the General Data Protection Regulation ( the Regulation ). The Regulation

More information

Preparing for the General Data Protection Regulation - inside an organisation

Preparing for the General Data Protection Regulation - inside an organisation Preparing for the General Data Protection Regulation - inside an organisation Version: V2.0 Date: 25/05/2017 Jackie Megahey GfK UK Director, Information Security &Data Protection GfK Regional Research

More information

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy

Responsible Business Alliance. Data Privacy and GDPR Compliance Policy Responsible Business Alliance Data Privacy and GDPR Compliance Policy 1. INTRODUCTION 1.1 As a global non-profit membership organisation, the Responsible Business Alliance ( RBA ) has a responsibility

More information

GDPR: A PRAGMATIC APPROACH

GDPR: A PRAGMATIC APPROACH GDPR: A PRAGMATIC APPROACH AUTHOR: KOEN CLAESSENS PARTNER - BDO RISK & ASSURANCE SERVICES INTRODUCTION Numerous information sessions have been held and publications issued about the whys and wherefores

More information

Session 1. Asset Management and Risk Control Forum. bvrla.co.uk

Session 1. Asset Management and Risk Control Forum. bvrla.co.uk Session 1 Asset Management and Risk Control Forum GDPR Threat or Opportunity? BVRLA Asset Management & Risk Control Forum 19 April 2018 Introduction Personal data is an invaluable asset and many organisations

More information

Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes

Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes 1 INTRODUCTION The General Data Protection Regulation (GDPR) comes into force in all EU Member States on 25.

More information

GDPR UNIQUEULOGY. Hello. If you re working in the funeral sector, this is what you need to know about the General Data Protection Regulations

GDPR UNIQUEULOGY. Hello. If you re working in the funeral sector, this is what you need to know about the General Data Protection Regulations UNIQUEULOGY GDPR If you re working in the funeral sector, this is what you need to know about the General Data Protection Regulations Hello. Celebrants, funeral directors, florists, coffin-makers, caterers...

More information

JOB DESCRIPTION: Hospitality Data Protection Officer

JOB DESCRIPTION: Hospitality Data Protection Officer EU General Data Protection Regulation (GDPR) Compliance Tools for the Hospitality Industry JOB DESCRIPTION: Hospitality Data Protection Officer This document highlights the role and qualities of a hospitality

More information

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents

Data Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection

More information

DATA PROTECTION POLICY VERSION 1.0

DATA PROTECTION POLICY VERSION 1.0 VERSION 1.0 1 Department of Education and Skills Last updated 21 May 2018 Table of Contents 1. Introduction... 4 2. Scope & purpose... 4 3. Responsibility for this policy... 5 4. Data protection principles...

More information