EUGeneralDataProtectionRegulation
|
|
- Gillian Daniels
- 6 years ago
- Views:
Transcription
1 EUGeneralDataProtectionRegulation SMEDiscovery,AssessmentandPlanningService The Data Protection Act has now been in force for more than two decades and any organisation should see it as an integral part of their approach to dealing with personal data held in core systems, PCs and mobile devices. With the introduction of the European Union General Data Protection Regulation (GDPR) in May 2018, the rights of the individual (the data subject) and the responsibilities of your organisation to process data lawfully and for legitimate reasons with adequate protection will greatly increase. Failure to do so can have significant financial impact with fines up to 4% of annual global revenue or 20,000,000, whichever is higher. In some cases, the cost to your brand could be significantly more. With our experienced team, certified to industry-recognised qualifications including Certified EU General Data Protection Regulation Foundation and Practitioner (GDPR), we can guide you through compliance including your systems, infrastructure, processes and technology strategy.
2 There s a lot in the GDPR you ll recognise from the current law, but make no mistake, this one s a game changer for everyone. Elizabeth Denham Information Commissioner ICO Whilst probably no SME or larger organisation is perfect, the less prepared or poorly protected you are, undoubtedly the harsher the response you will receive from the UK Data Protection Authority (the ICO for the UK) if a breach occurs. This is emphasised in the State of the art article (SOTA) within the directive, which encourages organisations to implement appropriate technology solutions and develop good processes so that they always protect personal data in the best possible way. We recently discovered an employee of our international health insurance division had inappropriately copied and removed some customer information from the company. Around 108,000 international health insurance policies are affected. Sheldon Kenton MD of Bupa Global The ICO issued a 60,000 fine to Boomerang Video Ltd after it suffered a cyber attack. An investigation found the Berkshirebased company failed to take basic steps to stop its website being attacked. This cuts across all elements of your technology ranging from system security (including data access rights and compartmentalisation), infrastructure (such as firewall protection and device encryption), the appropriate processes controlling the use of the data and finally, the type of data staff and suppliers have access to (now, historic and future). Furthermore, add in the complexity of data subjects possibly requesting data portability, the right to be forgotten, the management of your third parties with access to the data and its movement or access across geographical boundaries, the task of managing personal data has become far more complicated and time consuming. Even after you have complied with the regulations, maintaining your compliance must become a standard approach in your organisation. Like many regulations, it is easy to ignore them and think it will never happen to you but if it does, you have no opportunity to take retrospective steps to either mitigate your argument to the ICO, appease your customers or protect your brand value. Like business continuity and disaster recovery planning, your GDPR approach must become an integral part of your overall technology, operations and human resources strategies. 2
3 Is there a tick list for reaching compliance? If a business can t show that good data protection is a cornerstone of their practices, they re leaving themselves open to a fine or other enforcement action that could damage bank balance or business reputation. Elizabeth Denham Information Commissioner ICO Unfortunately not. There are some things that you definitely should not do such as lose or abuse the personal data you hold and process. Also, you are now fully accountable for your service providers and partners that you share information with, the old answer of it wasn t us will not be acceptable. After that, it is about demonstrating that you understand the legislation across the different elements of your organisation, then putting in place the appropriate controls, systems and technology. Also recording that these measures are reviewed periodically to assess changing internal and external factors will demonstrate that you are actively taking your GDPR responsibilities seriously. You should also demonstrate that new projects and your change management activities incorporate assessment and implementation of the various GDPR requirements throughout their lifecycle. Every organisation is different but accountability must be held by your Data Protection Officer (if you require one under the new regulation), the management team and Board. Think before you press the button, both literally and metaphorically! An ICO investigation into Honda Motor Europe Ltd revealed the car company had sent 289,790 s aiming to clarify certain customers choices for receiving marketing. Even when you think you are doing the right thing, it could turn out to be the wrong thing as Honda Motor Europe Ltd discovered. By sending customers an to clarify their marketing preferences, they actually broke the rules. They believed that the s were not classed as marketing but instead were customer service s to help the company comply with data protection law. However, Honda could not provide evidence that the customers had ever given consent to receive this type of , and consequently received a fine by the ICO. So if you do not have a very clear mandate from your customers or staff etc to do something, do not do it without serious consideration and potentially legal advice. 3
4 So how can Great Benefit help you? Our sector experience includes distribution, health and social care, finance, media, retail and remote workforce sectors such as security, FM, cleaning and domiciliary care. Our background is managing and implementing customer technology projects for all sizes of organisations ranging from the small SME through to designing IT Strategies for 250m+ turnover multinationals. So rather than being a consultancy that works with the theoretical, we work in the real world, embedded with our customers to achieve success. Over the last 15 years, we have also forged many strong strategic partnerships including technology companies such as Microsoft, WatchGuard and Lenovo. We also work closely with a number of trusted partners that include telephony, data centres and desktop support providers. Taking that as our base, our Systems and Infrastructure Architects are certified EU General Data Protection Regulation Practitioners so we understand both the requirements and the technology involved in practice. Our service approach has three distinct phases to help you. 4
5 AWARENESSand PLANNING Discovery, Assessment and Planning Service Our first phase is to identify and document the various elements you have and then review them with you for GDPR readiness. All organisations are different and may already have some elements reviewed and documented. Because our service very quickly changes into a bespoke plan, we can incorporate any existing documentation and review work into the project scope. Data acquired through a combination of existing documentation and meetings (one to one or workshops) with key staff throughout the affected areas of the organisation. Outputs from the assessment include; Summary document of areas reviewed Risk Register High-level roadmap Draft policies and procedures Template documentation for the implementation phase The Discovery phase covers the six key areas affected; An application audit to document the data stored in each system and how it processes personal data. An infrastructure audit to document how you protect data from intrusions, device loss, data storage, and document storage. A review of the existing policies and procedures including other HR elements that may need inclusion. Full lifecycle Dataflow mapping including any terms and opt-in clauses that cover the storage, processing and use of personal data. This also includes data passed to or received from third parties or overseas operations. Capture of the existing Incident Management process and review of historic incidents. Data subject requests and how they are currently fulfilled. Once the different elements have been captured, the Assessment phase starts. Initially we review each area individually and then consolidate them where appropriate to show an overall status for the logical functions or clusters. Once this phase has completed, the risk register can be documented. This is the starting point for creating the highlevel roadmap for the required changes, incorporating any other affected projects occurring during
6 Managing your GDPR compliance programme may be seen by some senior managers as just an IT issue. It is not and for some organisations, it will change processes that have been operating for years or even decades. Understanding the findings from the Audit and Assessment phases must be a collaborative process between both our consultants and your organisation s project manager and the wider management team. The impact may potentially be far reaching and could change how you interact with customers, leads and employees. It may also change elements of your technology strategy or the priority of expenditure. Together we can work through addressing the key issues, creating appropriate documentation and building your highlevel roadmap for reaching compliance. IMPLEMENTATION At the end of the Awareness and Planning phase, you will understand the scale of change required and where they need to occur. They fall broadly into four categories; System changes that are required to cover areas such as data access, segmentation, anonymisation, audit controls and archiving. Infrastructure changes to control external firewall access, PC and mobile device encryption, data theft ( , memory stick, printing) or server security. Operational changes such as website data collection, data usage and marketing activities, proof of age and archiving policies. Staff Training to ensure that your employees understand the regulations, their responsibilities and attempt to mitigate the threat of internal data theft. Our consultancy services range from supplementing your existing resources through to implementing projects for you. We can also help you source new and appropriate solutions through our wide range of partners. 6
7 COMPLIANCE Once you have reached compliance, you must continue to reaffirm the GDPR principles within your organisation as a business as usual approach. New systems, interfaces, operations and business alliances should all face the same rigorous challenges as the previous work to maintain your compliance and appropriate data usage. WHEREDOISTART? Looking at the vast scope of the regulation, it can be easy to Better three hours too soon than a minute too late." William Shakespeare CALL US NOW ON TO KICK-START YOUR GDPR PROJECT. become overwhelmed by the sheer scale of the project ahead. As we mentioned earlier, we can help you build a pragmatic approach to your compliance project. The key to a successful GDPR project is the initial discovery and assessment. If you do not know the components, issues and interdependencies, you will not be able to build a coherent plan for the changes required. With our Discovery, Assessment and Planning service, we work with you to kick-start your project, identifying and documenting the various elements. Moving forward, once you have the assessment and highlevel road map completed, the project will naturally take shape. We can help you further with the subsequent stages including; Guidance on system upgrades and enhancements Infrastructure upgrades and implementation Staff awareness training Project, policy and procedure documentation Penetration testing Document management, policy/procure tracking and project portals with our Microsoft SharePoint tools Project and Programme Management We can tailor a bespoke project for you based on your needs, existing available resource and skills. To find out more about how we can help you, please contact us to discuss your current position in more detail. 7
8 ABOUTGREAT BENEFIT Founded in 2001, we have provided a wide variety of SMEs and large enterprises with strategic and operational technology consultancy and solutions. Whether helping our customers with discrete projects, interim IT leadership or implementing a full platform solution, we pride ourselves on working closely with our customers to understand both them and their sector demands. Often the final solutions are a combination of robust standard technologies supported by innovations that provide them with true market advantage. As well as being partners with some of the best technology manufactures such as Lenovo and WatchGuard, we are also a Microsoft Silver Development Partner and have our own unique products for document storage and application creation in Microsoft SharePoint. For more information about the wide range of services we can offer, please visit us at info@greatbenefit.co.uk or simply call us on. 8
Consulting Champions
Consulting Champions Get GDPR Ready with SOLA Consulting A bespoke GDPR compliance offering covering people, process, technology and data www.solagroup.com SOLA Consulting is part of SOLA Group Ltd Contents
More informationReady for GDPR? Five steps to turn compliance into your advantage
Ready for GDPR? Five steps to turn compliance into your advantage 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG
More informationGeneral Data Protection Regulation. Jim Sneddon GDPR-P, CISSP
General Data Protection Regulation Jim Sneddon GDPR-P, CISSP "The GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018. It s your job, it s your
More informationData Protection Policy
Data Protection Policy General Data Protection Regulations (GDPR) Document control Version control / history Note: This policy requires to be reviewed at least annually from the publication of the last
More informationGeneral Data Protection Regulation ( GDPR ) National Care Forum How Boards Manage GDPR Compliance & Risks. By Meena Lekhi, Associate
General Data Protection Regulation ( GDPR ) National Care Forum How Boards Manage GDPR Compliance & Risks By Meena Lekhi, Associate Agenda Background What are the risks? GDPR checklist Steps for trustees
More informationGDPR Compliance Services. Data Privacy and Security Management Services
GDPR Compliance Services About Data Privacy Services Data Privacy Services is a dedicated consultancy covering a range of professional services relating to the European Union s General Data Protection
More informationGeneral Data Protection Regulation - Explained
General Data Protection Regulation - Explained Bernard Cogan & Bobby Gould CUNA Mutual Group ACE Conference & AGM 2017 12 th May 13 3h May 2017 Copthorne Hotel (Birmingham) Are you familiar with GDPR Don't
More informationGDPR is coming in 108 days: Are you ready?
Charles-Albert Helleputte Partner, Brussels GDPR is coming in 108 days: Are you ready? Diletta De Cicco Legal Consultant, Brussels 6 February 2018 +32 2 551 5982 chelleputte@mayerbrown.com +32 2 551 5974
More informationData Protection Policy
Data Protection Policy Contents 1. Purpose and scope... 2 2. Background... 2 3. Principles... 2 4. Aims and commitments... 3 5. Roles and responsibilities... 3 6. Breaches of data privacy legislation...
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationEU General Data Protection Regulation in the digital age: Are you ready?
EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented
More informationYOU RE ONLY AS STRONG AS YOUR WEAKEST LINK
YOU RE ONLY AS STRONG AS YOUR WEAKEST LINK GDPR & THIRD PARTY RISK QUICK GUIDE GDPR Resistance is Futile The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC
More information5-Step Guide For GDPR Compliance
5-Step Guide For GDPR Compliance A Guide For Constructing Your Planning Timeline www.avr.co.uk This document provides a framework for all companies that have customers in Europe, as they have to prepare
More informationFind out about the General Data Protection Regulation (GDPR) and what your club will need to do to comply with the Law.
Find out about the General Data Protection Regulation (GDPR) and what your club will need to do to comply with the Law. This short guide will give you an introduction to the General Data Protection Regulation
More informationGet ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie
Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in
More informationEU General Data Protection Regulation: Are you ready?
EU General Data Protection Regulation: Are you ready? Powered by Global Markets EY Knowledge Contents What do you need to know about the new EU General Data Protection Regulation? Are organisations ready
More informationBUSINESS CONTINUITY AS A SERVICE
BUSINESS CONTINUITY AS A SERVICE CONFIDENCE IN CONTINUITY From the launch of the UK s first managed online backup services over 15 years ago, to our leading Disaster Recovery as a Service (featured in
More informationNOT PROTECTIVELY MARKED
Meeting Audit Committee Public Session Date and Time Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) SPA Preparedness Item Number 9.4 Presented By Catherine Topley
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationWhat does the GDPR mean for recruitment?
What does the GDPR mean for recruitment? www.recruitment.software Contents 04 What is GDPR? In May 2018, Europe s new data protection rules will come into effect. 04 Who is responsible? 05 What are the
More informationData Breach Policy and Procedure
Data Breach Policy and Procedure Every care is taken by the college to protect personal data from situations where a data protection breach could compromise security. This policy and procedure applies
More informationPOLICY. Data Breach Notification Policy. Version Version 1.0. Equality Impact Assessment Status. Date approved 23 rd May 2018
POLICY Document Title Data Breach Notification Policy Version Version 1.0 Equality Impact Assessment Status TBC Approved by Senior Management Team Date approved 23 rd May 2018 Effective date 25 th May
More informationGeneral Data Protection Regulation (GDPR): Is your business prepared? MWL Systems
General Data Protection Regulation (GDPR): Is your business prepared? MWL Systems www.mwlsystems.co.uk From May 2018 new data protection regulations will come into force which will significantly impact
More informationWHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT
WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationThe ICT Service:
GDPR for schools 1 Intro and aims The ICT Service: support@theictservice.org.uk, 0300 300 00 00 Cambridgeshire County Council: Information and Records Team. Data.protection@cambridgeshire.gov.uk 01223
More informationThe General Data Protection Regulation
May 2017 The General Data Protection Regulation Are you ready? Amaze 2017 1 The GDPR - Are you ready? The General Data Protection Regulation (GDPR) is set to transform the UK and Europe s data protection
More informationBe GDPR Ready. Irish Computer Society Data Protection Ireland s Only Complete Data Protection Solution. All courses accredited by
Be GDPR Ready Irish Computer Society Data Protection Ireland s Only Complete Data Protection Solution All courses accredited by 1 C o nte n ts We ve got the solution for you...1 European Certified Data
More informationA PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018
A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 1 PURPOSE OF THIS DOCUMENT 2 This document is to be used as a guide for advertisers on how they should work with their agencies,
More informationGDPR Service Information Sheet
GDPR Service Information Sheet What is GDPR? General Data Protection Regulation (GDPR) - is a policy that comes into effect from the 25th May 2018. Any business that processes the personal data of EU individuals,
More informationGDPR Compliance Benchmarking: Measuring Accountability
GDPR Compliance Benchmarking: Measuring Accountability Copyright 2017 by Nymity Inc. All rights reserved. All text, images, logos, trademarks and information contained in this document are the intellectual
More informationData Breach Notification Policy
Data Breach Notification Policy Agreed: At SMT 27 June 2018 To be reviewed May 2019 CONTENTS 1. SCOPE AND PURPOSE... 3 2. ACCOUNTABILITY... 3 3. DEFINITIONS... 3 4. WHAT IS A PERSONAL DATA BREACH... 4
More informationGDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB}
GDPR digest ARE YOU GDPR READY? {More than a MORTGAGE CLUB} contents. at a glance ICO Helpline Principles Privacy by design Lawful basis for processing Privacy Electronic Communications Regulations - PECR
More informationPERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR
PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR The General Data Protection Regulation ( the GDPR ) significantly increases the obligations and responsibilities of organisations and
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationThe EU General Data Protection Regulation. Coming to you 25 May 2018, wherever you may be...
The EU General Data Protection Regulation Coming to you 25 May 2018, wherever you may be... Supporting you to support your clients through the GDPR compliance maze Extra-territorial effect does the GDPR
More informationWHITEPAPER. GDPR and the Sales Team
WHITEPAPER GDPR and the Sales Team GDPR and the Sales Team Introduction A lot of businesses are either ignoring GDPR or feeling overwhelmed by it. This Whitepaper provides a rundown on how sales teams
More informationGENERAL DATA PROTECTION REGULATION
GENERAL DATA PROTECTION REGULATION (GDPR) What is General Data Protection Regulation (GDPR) What this means for GP Practices Replaces the Data Protection Act 1998 (DPA) Designed to match data privacy laws
More informationEU General Data Protection Regulation, a new era in data protection
EU General Data Protection Regulation, a new era in data protection The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way
More informationBARNSLEY METROPOLITAN BOROUGH COUNCIL
BARNSLEY METROPOLITAN BOROUGH COUNCIL This matter is not a Key Decision within the Council s definition and has not been included in the relevant Forward Plan Joint Report of the Executive Directors of
More informationGDPR: A PRAGMATIC APPROACH
GDPR: A PRAGMATIC APPROACH AUTHOR: KOEN CLAESSENS PARTNER - BDO RISK & ASSURANCE SERVICES INTRODUCTION Numerous information sessions have been held and publications issued about the whys and wherefores
More informationReady or Not: SMBs and the GDPR
Ready or Not: SMBs and the GDPR Introduction The deadline for General Data Protection Regulation (GDPR) compliance draws closer for organisations across the world. With fewer than 12 months to ensure compliance
More informationGDPR - Salon Guide Contents
GDPR for salons INTRODUCTION 1 GDPR - Salon Guide Contents GDPR - Salon Guide 1. INTRODUCTION 1 a. Already comply with Data Protection? 1 b. What is personal data? 4 c. Who controls the data? 4 d. What
More informationQuestions which state 'This question does NOT use the case study' do not use the case study, and may be answered without reference to it.
ITIL Qualification: MANAGING ACROSS THE LIFECYCLE (MALC) CERTIFICATE Case Study 1, version 1.1 CASE STUDY BOOKLET This booklet contains the case study upon which at least 8 of the 10 examination questions
More informationMastering Wellbeing & Compliance. Practical advice on how to protect people, reputations and revenues
Mastering Wellbeing & Compliance Practical advice on how to protect people, reputations and revenues Page 2 Introduction: Reputation is capital An organization s reputation is founded on trust. In a time
More information9 Ways Accountants Can Prepare for GDPR
9 Ways Accountants Can Prepare for GDPR This guide contains nine ways Accountants can prepare for the arrival of The General Data Protection Regulation (GDPR) that is replacing the Data Protection Act
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationA robust and systematic review.
Principal risks and uncertainties A robust and systematic review. The Board considers these to be the most significant risks faced by the Group that may impact the achievement of our six strategic drivers.
More informationThe General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2017
The General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2017 Part 1: Guidance for Community Pharmacies Version 1: April 2018 With thanks to the Community Pharmacy GDPR Working Party
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationGDPR. Applying the General Data Protection Regulation to your business
GDPR Applying the General Data Protection Regulation to your business Mediaburst SMS Guide Contents 1 Introduction 3 12 steps to take now 7 Who does it apply to? 8 What information does it apply to? 9
More informationGDPR General Data Protection Regulation
GDPR General Data Protection Regulation Compliance Information Guide - May 2018 About this document Ticket Arena & Event Genius Disclaimer DISCLAIMER: This is a brief presentation for information purposes
More informationReady for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
SAP Database and Data Management Portfolio/SAP GRC Solutions Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
More informationScottishPower Data Protection Policy
SCOTTISHPOWER CORPORATE SECURITY Nov / 2017 ScottishPower Data Protection Policy In accordance with the Scottish Data Protection Policy ( the policy ) and the Global Personal Data Protection Framework
More informationInformation Governance Clauses Clinical and Non Clinical Contracts
Information Governance Clauses Clinical and Non Clinical Contracts Policy Number Target Audience Approving Committee Date Approved Last Review Date Next Review Date Policy Author Version Number IG014 All
More informationWhile every organisation is different, we believe the following guidance will help you understand what GDPR is and how you can start to comply.
Introduction While every organisation is different, we believe the following guidance will help you understand what GDPR is and how you can start to comply. This guidance is split into two main parts Part
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationAccountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management? Alan Calder Founder & Executive Chairman IT Governance Ltd 19 January 2017 www.itgovernance.co.uk Introduction Alan Calder
More informationDATA BREACH NOTIFICATION POLICY. Last Updated: Review Date:
DATA BREACH NOTIFICATION POLICY Last Updated: Review Date: 38T 38T Data Breach Notification policy TABLE OF CONTENTS 1. OVERVIEW... 2 2. ABOUT THIS POLICY... 2 3. SCOPE... 2 4. DEFINITIONS... 2 5. WHAT
More informationThe Marketing Pod s Guide to... GDPR
The Marketing Pod s Guide to... GDPR Q. What is GDPR? A. Game changing data protection rules you shouldn t ignore New legislation around data protection is coming, and it s something every business and
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationGeneral Data Protection Regulation
General Data Protection Regulation Caroline Budde Vice President, Compliance, Global Privacy Officer Walgreens Boots Alliance Agenda Overview of global data protection The General Data Protection Regulation
More informationThe General Data Protection Regulation (GDPR) FAQ
The General Data Protection Regulation (GDPR) FAQ Introduction The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the May 25, 2018 in the European
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationThe General Data Protection Regulation (GDPR)
Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR September 2017 Contents Section Page What is the GDPR and what does it change? 01 Understanding
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationGDPR and Microsoft 365: Streamline your path to compliance
Streamline your path to compliance GDPR: an overview The General Data Protection Regulation (GDPR) is a new European Union (EU) privacy law that takes effect on May 25,. It is designed to give individuals
More informationOFFICIAL. Date 18 April 2018 Pacific Quay, Glasgow General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.
Meeting Date Location Pacific Quay, Glasgow Title of Paper General Data Protection Regulation (GDPR) Police Scotland Preparedness Item Number 11.2 Presented By ACC Alan Speirs Recommendation to Members
More informationSimple, Scalable, Real-time Protection
Data Sheet Simple, Scalable, Real-time Protection Practical Content Security With Egnyte Protect, companies can quickly find and safeguard the content that matters most. It is simple to use, requires almost
More informationReady for GDPR? Five steps to turn compliance into your advantage. KPMG International. kpmg.com
Ready for GDPR? Five steps to turn compliance into your advantage KPMG International kpmg.com 2 Ready for GDPR? Ready for GDPR? The biggest change to rules governing data protection for more than 20 years
More informationGeneral Data Protection Regulation (GDPR) Readiness
For External Distribution Canada Life UK General Data Protection Regulation (GDPR) Readiness Customers, Clients and Business Partners FAQ GDPR TP FAQ January 2018 Frequently Asked Questions (FAQ) Document
More informationRe: Implementation of the General Data Protection Regulation (GDPR)
Re: Implementation of the General Data Protection Regulation (GDPR) Dear Provider The purpose of this letter is to alert you to important changes arising from the General Data Protection Regulation which
More informationGDPR Checklist. O - Organisation. P - Processing. T - Technology. I - Information. N - Next OVERVIEW. Your Personal Data
OPTIN checklist OVERVIEW 1 GDPR Checklist This checklist sets out activities you will need to consider and act on by the compliance deadline of 25th May 2018. Use this to help you identify what support
More informationGearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau.
Gearing up for GDPR Compliance - Practical steps to ensure compliance with the revised data protection regulation. Chris Bernau October 2016 Agenda 1. What do we know about GDPR? 2. How should we approach
More informationPersonal Data Breach Notification Policy
Personal Data Breach Notification Policy TABLE OF CONTENTS 1. OVERVIEW... 3 2. ABOUT THIS POLICY... 3 3. SCOPE... 3 4. DEFINITIONS... 4 5. WHAT IS A PERSONAL DATA BREACH... 4 6. REPORTING A PERSONAL DATA
More informationMore information at cventconnect.com/europe/mobileapp
Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General
More informationDrowning in data or diving into opportunity?
AN ENSIGHTEN STRATEGY BRIEF Drowning in data or diving into opportunity? The marketer s guide to complying with GDPR and understanding its benefits Introduction As the 25th May 2018 fast approaches, marketers
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationISO whitepaper, January Inspiring Business Confidence.
Inspiring Business Confidence. ISO 31000 whitepaper, January 2015 Author: Graeme Parker enquiries@parkersolutionsgroup.co.uk www.parkersolutionsgroup.co.uk ISO 31000 is an International Standard for Risk
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationINFORMATION SECURITY AND DATA PROTECTION
INFORMATION SECURITY AND DATA PROTECTION I nformation S ecurity and d ata ProtectIon General Data Protection Regulation (GDPR) We have been working to demonstrate our commitment to GDPR, which is demonstrated
More information@Remote Effectively manage your output devices and reduce costs
@Remote Effectively manage your output devices and reduce costs When you have all the facts, it s easy to make intelligent decisions Wouldn t it be great if you knew exactly how all of your network MFDs
More informationThe GDPR The Clock is Ticking An industry report on GDPR preparedness
The GDPR The Clock is Ticking An industry report on GDPR preparedness The GDPR: the clock is ticking This report details just how prepared (or otherwise) British businesses are for the new regulations,
More informationGDPR SMART. The Neopost Guide to Managing GDPR. ermissions Personal Data Right of Access. nal Data Right of Access Consent Permissi
s Personal Data Right of Access l Data Right of Access Consent P f Access Consent Permissions Pe sent Permissions Personal Data Rig ions Personal Data Right of Access nal Data Right of Access Consent P
More informationGDPR: The devil is in the data
GDPR: The devil is in the data A recent newspaper article chose a revealing headline: GDPR: the new data-protection law giving watchdogs a mega-bite. 1 Much of the coverage of the EU s new General Data
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationA guide to GDPR the effect on all UK organisations
A guide to GDPR the effect on all UK organisations Personal Data Penalties Consent Data Breach Notification GDPR Right to Object Data Portability Right to be Forgotten A white paper from Eazipay Ltd October
More informationRecords Management Perspectives:
Records Management Perspectives: Unprepared, unaware, unmoved. Why companies must wake up to the challenges of the EU General Data Protection Regulation The power of memory www.crownrms.com The business
More informationWe re not just good on paper.
IT Services We re not just good on paper. You might know us as a print company. That s only part of the story. We re big on IT too, with products and services that can help your business thrive. ricoh.co.uk
More informationAPCC Policy Statement
Purpose APCC Internal Data Security Policy Statement: APCC Business 1. The APCC is committed to being transparent about how it collects and uses the personal data of its workforce and to meeting its data
More informationRealising the business value of IT optimisation and innovation
Secure your future with IT modernisation: Realising the business value of IT optimisation and innovation WHITEPAPER 1 / 15 Menu MENU 2 / 15 By the end of 2018, businesses are estimated to spend nearly
More informationBCM Lite a quick and easy guide to BCM for beginners and/or small businesses
BCM Lite a quick and easy guide to BCM for beginners and/or small businesses Some important definitions Business Continuity Planning The process leading to a clearly defined and documented plan for use
More informationPrepare for GDPR today with Microsoft 365
Prepare for GDPR today with Microsoft 365 2 Table of contents 01. 02. 03. 04. 05. Executive Sumary Landscape Assess and manage your compliance risk Protect your most sensitive data Closing 3 01. Executive
More informationHEAD OF MARKETING AND COMMUNICATIONS WESTERN BALKANS MARKETING AND COMMUNICATIONS WIDER EUROPE
. HEAD OF MARKETING AND COMMUNICATIONS WESTERN BALKANS MARKETING AND COMMUNICATIONS WIDER EUROPE DECEMBER 2017 www.britishcouncil.org 1 Head of MARKETING AND COMMUNICATIONS Western Balkans December 2017
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationThe Charities Property Association. The impact of the GDPR (including its affect on your direct marketing and fundraising activities)
The Charities Property Association The impact of the GDPR (including its affect on your direct marketing and fundraising activities) Mark Harvey, Consultant Jonathan McDonald, Senior Associate charlesrussellspeechlys.com
More informationJOB DESCRIPTION: Hospitality Data Protection Officer
EU General Data Protection Regulation (GDPR) Compliance Tools for the Hospitality Industry JOB DESCRIPTION: Hospitality Data Protection Officer This document highlights the role and qualities of a hospitality
More informationThe time is now The Deloitte General Data Protection Regulation Benchmarking Survey
The Deloitte General Data Protection Regulation Benchmarking Survey How are organizations facing the challenge of complying with the most radical overhaul of data protection laws in a generation? Contents
More informationREDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE
REDDISH VALE HIGH SCHOOL PRIMARY PRIVACY NOTICE Overview Reddish Vale High School is committed to ensuring that we re transparent about the ways in which we use your personal information and that we have
More information