GDPR in 7 steps. Examples from client. implementations
|
|
- Damian Jefferson
- 6 years ago
- Views:
Transcription
1 GDPR in 7 steps Examples from client implementations
2 KEYRUS INTRODUCTION SPECIALIST IN VALUE ADDING CONSULTING AND TECHNOLOGIES +20 yrs experience 16 countries 5 continents Belgium Brazil Canada China Colombia France Israel Luxembourg Mauritius South Africa Spain Switzerland Tunisia UAE United Kingdom USA DATA INTELLIGENCE MANAGEMENT & TRANSFORMATION Corporate Performance Management Business Intelligence Information Management Big Data & Analytics Strategy & Innovation Performance Management Project Support employees 228m 2016 revenues DIGITAL EXPERIENCE Customer Intelligence Digital Strategy Digital Commerce SOME OF OUR AMBASSADORS Copyright Keyrus 2
3 GDPR IN 7 QUESTIONS 3 1 WHAT? What is GDPR? WHO? Who is impacted? WHY? What are the risks if you are not compliant? 4 Needs? What are the Key Requirements? Actions? What are the Actions to Take? 5 HOW? How to proceed to become compliant? YOUR KEY PARTNER? Why Keyrus can help you? Copyright 2015 Keyrus 3
4 1. WHAT IS GDPR? 1 New EU regulation on ( ) the protection of persons with regards to processing of personal data ( ) Simplify protection Unify & simplify protection & privacy within the European Union (EU) for personal data of EU citizens Timing Objectives Adapt to current world Strenghten citizen s right Strengthen citizens right and give them back control over their data Adapt data protection to new technological developments The regulation entered into force in May 2016 and its direct application will take effect after two years, meaning as from May 2018 Copyright 2015 Keyrus 4
5 1. WHAT IS GDPR? REASONS TO PROCESS PERSONAL DATA 1 Data Processing is any operation performed on personal data; i.e. creation, collection, storage, view, transport, use, modification, transfer, deletion, etc. Copyright 2015 Keyrus 5
6 2. WHO IS IMPACTED? 2 Within European Union Every Public or Private Organization, including subcontractors, processing personal data in the context of the activities establishment in EU Outside European Union Sub-contractors and/or Companies Outside Europe when the processing are related to: Offering of goods or services to persons in the European Union Monitoring of behaviour as far as behaviour takes place within the Union Copyright 2015 Keyrus 6
7 2. WHO IS IMPACTED? 2 Personal data is any information that relates to an identifiable natural person, whether he/she is an employee, a customer, or a prospect customer. Strategic business information Copyright 2015 Keyrus 7
8 2. WHO IS IMPACTED? 2 Client Exemple 1 For statistical purposes I am interested in linking birth dates and postal codes to products. I would like to know the percentage of people in a certain age group in a certain geographic region that has a specific product. I ask Celine, who has full access to source systems, to extract a list of birth dates linked to products to me. Is Celine, while making the extract, handling personal data? (a) Yes, she is. Even though she only needs birth dates, postal codes and products, she has full access to all information in source systems for every client, and can trace the information she extracts to an individual if she wants to. (b) No, she is not. She is not handling personal data because she ignores all information but birth dates, postal codes and products. (c) No, she is not, because in the source system one cannot link information to an individual s name, and without the name it is not personal data. Copyright 2015 Keyrus 8
9 2. WHO IS IMPACTED? 2 Client Exemple 1 For statistical purposes I am interested in linking birth dates and postal codes to products. I would like to know the percentage of people in a certain age group in a certain geographic region that has a specific product. I ask Celine, who has full access to source systems, to extract a list of birth dates linked to products to me. Is Celine, while making the extract, handling personal data? (a) Yes, she is. Even though she only needs birth dates, postal codes and products, she has full access to all information in source systems for every client, and can trace the information she extracts to an individual if she wants to. (b) No, she is not. She is not handling personal data because she ignores all information but birth dates, postal codes and products. (c) No, she is not, because in KL one cannot link information to an individual s name, and without the name it is not personal data. Copyright 2015 Keyrus 9
10 2. WHO IS IMPACTED? 2 Client Exemple 1 For statistical purposes I am interested in linking birth dates and postal codes to products. I would like to know the percentage of people in a certain age group in a certain geographic region that has a specific product. I ask Celine, who has full access to source systems, to extract a list of birth dates linked to products to me. Is Celine, while making the extract, handling personal data? (a) Yes, she is. Even though she only needs birth dates, postal codes and products, she has full access to all information in source systems for every client, and can trace the information she extracts to an individual if she wants to. (b) No, she is not. She is not handling personal data because she ignores all information but birth dates, postal codes and products. (c) No, she is not, because in KL one cannot link information to an individual s name, and without the name it is not personal data. Celine sends me the information I requested, and indeed I receive a list of birth dates, postal codes and products. Is this considered personal information? (a) No, it is not, because I could never link birth dates and postal codes to a natural person. (b) Yes, it is, because the information was extracted from an application that allows you to link the information to a natural person. (c) It may be, but only if I have a way of linking this information back to an individual. For example, if I can enter this information in an application that links geographic area and age to account numbers. Copyright 2015 Keyrus 10
11 2. WHO IS IMPACTED? 2 Client Exemple 1 For statistical purposes I am interested in linking birth dates and postal codes to products. I would like to know the percentage of people in a certain age group in a certain geographic region that has a specific product. I ask Celine, who has full access to source systems, to extract a list of birth dates linked to products to me. Is Celine, while making the extract, handling personal data? (a) Yes, she is. Even though she only needs birth dates, postal codes and products, she has full access to all information in source systems for every client, and can trace the information she extracts to an individual if she wants to. (b) No, she is not. She is not handling personal data because she ignores all information but birth dates, postal codes and products. (c) No, she is not, because in KL one cannot link information to an individual s name, and without the name it is not personal data. Celine sends me the information I requested, and indeed I receive a list of birth dates, postal codes and products. Is this considered personal information? (a) No, it is not, because I could never link birth dates and postal codes to a natural person. (b) Yes, it is, because the information was extracted from an application that allows you to link the information to a natural person. (c) It may be, but only if I have a way of linking this information back to an individual. For example, if I can enter this information in an application that links geographic area and age to account numbers. Copyright 2015 Keyrus 11
12 2. WHO IS IMPACTED? 2 Client Exemple 2 Jonathan has access to an application that does not give him client names or account numbers, but it does give him a combination of other information: street name, postal code, date of birth, gender, account balance, and telephone number (landline, not mobile). Is this personal data? (a) Yes, it is. A combination of all these categories allows him to identify an individual natural person. (b) No, it is not. A combination of all these categories does not allow him to identify an individual natural person with 100% assurance. For example, if same-sex twins live together, you would never know to which individual the information relates based upon this information. (c) No, it is not. Personal data is only personal data if it can be linked directly to an individual natural person, for example by adding a name or an account number. Copyright 2015 Keyrus 12
13 2. WHO IS IMPACTED? 2 Client Exemple 2 Jonathan has access to an application that does not give him client names or account numbers, but it does give him a combination of other information: street name, postal code, date of birth, gender, account balance, and telephone number (landline, not mobile). Is this personal data? (a) Yes, it is. A combination of all these categories allows him to identify an individual natural person. (b) No, it is not. A combination of all these categories does not allow him to identify an individual natural person with 100% assurance. For example, if same-sex twins live together, you would never know to which individual the information relates based upon this information. (c) No, it is not. Personal data is only personal data if it can be linked directly to an individual natural person, for example by adding a name or an account number. Note with correct response: It is true that there is no 100% assurance that you can link this information to an individual natural person. However, traceability is riskbased: even if the risk that one can link information to an individual is small, the fact that the risk exists, classifies the information as «personal data». Copyright 2015 Keyrus 13
14 2. WHO IS IMPACTED? 2 Client Exemple 3 Vincent works in the marketing department. Launching marketing campaigns can be quite stressful when deadlines approach and because Vincent does not have a VPN token he decides to send some customer name lists to his gmail address. This way he can continue working on the campaign in the evening. Why do you think Vincent s action violates not only security, but also privacy principles? (a) Gmail is a cloud-based provider. From a privacy perspective, using cloud-based services is the same as performing an international data transfer outside of white-listed countries. International data transfers in processes or projects are, in general, subject to a privacy impact assessment. (b) Sending personal data to a gmail address is not in line with the original processing purpose of the personal data in question, and can only be done with explicit consent from the data subject. (c) Both of the above Copyright 2015 Keyrus 14
15 2. WHO IS IMPACTED? 2 Client Exemple 3 Vincent works in the marketing department. Launching marketing campaigns can be quite stressful when deadlines approach and because Vincent does not have a VPN token he decides to send some customer name lists to his gmail address. This way he can continue working on the campaign in the evening. Why do you think Vincent s action violates not only security, but also privacy principles? (a) Gmail is a cloud-based provider. From a privacy perspective, using cloudbased services is the same as performing an international data transfer outside of white-listed countries. International data transfers in processes or projects are, in general, subject to a privacy impact assessment. (b) Sending personal data to a gmail address is not in line with the original processing purpose of the personal data in question, and can only be done with explicit consent from the data subject. (c) Both of the above Correct response: (a). Note that aside from violating the Clients Privacy Policy, sending confidential information also violates the Clients Security Policy. Copyright 2015 Keyrus 15
16 3. WHY: WHAT ARE THE RISKS IF YOU ARE NOT COMPLIANT? 3 Fines up to 20 Million or 4% of the Worldwide Annual Turnover, whichever is the highest Risk of damaging your company reputation due to Direct dissatisfaction of clients to exercise their rights Consequential impacts from bad news (e.g. press communications) Copyright 2015 Keyrus 16
17 3. WHAT ARE THE RISKS IF YOU ARE NOT COMPLIANT? Copyright 2015 Keyrus 17
18 3. WHAT ARE THE RISKS IF YOU ARE NOT COMPLIANT? BUSINESS CASE FOR OUR CLIENT IN THE FS SECTOR Copyright 2015 Keyrus 18
19 4. NEEDS: WHAT ARE THE KEY REQUIREMENTS? 4 Privacy by Design Security by Default Data Accountability Respect of Individual Rights Breach Notification Ensure technical and Minimize collected and Identify, document and Respect the data subjects Embed Breach Management organisational protection retained personal data justify any personal data rights : in the Information Security measures (native, permanent Limit Storage in time (no processing, also when to be informed Incident Management and monitored protection of longer than is necessary for recourse to external partner to access Ensure clear personal data against the purpose for which the Process data only for to rectify communication streams destruction, loss, personal data are processed) specified, explicit and to object with the data protection dissemination, alteration or Balance between the legitimate Business purpose to be forgotten authorities and stakeholders access) controller s interest and the and recipient to transfer Evaluate obligation to data subjects interest (Have Ask explicit consent (i.e. Stick to the specific and appoint a Data Privacy the fair, adequate, not «Opt-in» on a voluntary lawful purposes (i.e. for the Officer excessive and lawfulness basis from the consumer normal contract Put appropriate level of processing for purposes or rather than «Opt-out») performance) security according to the risk storage) and consider protection means (encryptions, pseudonymisation, ) Minimise data transfers and arrange them contractually Copyright 2015 Keyrus 19
20 4. NEEDS? THE CHALLENGE FOR ANOTHER CLIENT Sensitive personal data Certain personal data are more sensitive than others. This sensitivity is defined by law, and has been assessed by our Client. Surely most customers understand that the organisation wants to know their name and address. But they might not accept so easily that the organisation asks them for medical information. Below are some examples of personal data. Can you classify them correctly into the «standard categories» and «sensitive categories»? Copyright 2015 Keyrus 20
21 4. NEEDS? THE CHALLENGE FOR ANOTHER CLIENT Data Quality and MDM Personal data is a term that is subject to interpretation. Often personal data is not one piece of information in itself, but a combination. Your first name is probably not unique at all, nor is your last name. But a combination of your first and last name is often pretty unique. And combined with your date of birth, it can single you out as an individual. Likewise, when using information, be wary of the potential combinations it allows. Checking account balances in itself is not necessarily a consultation of personal information. But entering an account number and checking its account balance is, especially if the account number also yields the name of the customer on the same page.! In your domain of responsibility, where do you encounter or work with personal data? Do you have a good view on this? If asked, could you draft a flowchart of how personal data flows through your process, asset or application? Do you know exactly which types of personal data you process? Copyright 2015 Keyrus 21
22 4. NEEDS? THE CHALLENGE HOW PERSONAL DATA FLOWS THE INFORMATION LIFECYCLE Who enters data into the system? Who decides on updates? People & Organisation Who makes actual changes to the data? Who uses the information? Who sets the retention policy? Who archives the data? 6 What develops processes, business rules and standards? Apply Who deletes the data? Plan Obtain Store Dispose Maintain What triggers creation of a new records? How data are used? Business processes What triggers maintenance? How the data is entered into the system? How the information is secured? Copyright 2015 Keyrus 22 What are the interfaces between applications? How data is maintained? Technology & Systems How the information is accessed?
23 4. NEEDS? THE IMPACT FOR A CLIENT - PEOPLE Overview of topics relevant to each role Ref Topic Privacy Specialists,DPO Staff, POBs 1 Applicable laws & regulations X Copyright 2015 Keyrus 23 Project/asset managers, process owner, GS staff 2 DPP governance and framework X X 3 DPO functional standard X 4 Data documentation X X X 5 Legal grounds for personal data processing X X X 6 Personal data X X X 7 User consent X X X 8 Transparency, data integrity X X X 9 Subject access request X X 10 Privacy impact assessment X X 11 Privacy by design X X 12 Third party privacy management X 13 International data transfers X 14 Retention X X X 15 Data anonymization X X 16 The Data Protection Office X X X 17 Data Breach Management X X X Clientoriented (ZORO, DORs, Marketing, Sales)
24 4. NEEDS? THE CHALLENGE FOR ANOTHER CLIENT Département / nom Data Documentation One of those consequences concerns the way we need to document the personal data processed by the Client. There is a shift from the Declaration Principle ( where the client had to declare the different types of personal data used to the Privacy Commission, as well as their processing purposes) to the Audit Principle. This means that the burden of proof lies with the Client: the Client needs to be able upon simple request- to show what personal data they process and why. What does this imply for its employees? Everyone in the organisation handling personal data, has to maintain an overview of, amongst others: - The type(s) of personal data being processed - The processing purpose(s) - Retention periods - Data transfers to third parties or other countries Awareness and training employees Copyright 2015 Keyrus 24
25 4. NEEDS? THE IMPACT FOR A CLIENT PEOPLE & PROCESSES Governance structure Whom do you talk to if you have questions on personal data? Multiple answers can be selected. 1. The Data Protection Office 2. Your Privacy Officer Business 3. Compliance 4. The Project Manager of the project you are involved in 5. The Process Owner of your process 6. The Global Security Architect you happen to know Copyright 2015 Keyrus 25
26 4. NEEDS? THE IMPACT FOR A CLIENT PEOPLE & PROCESSES Governance structure Whom do you talk to if you have questions on personal data? Multiple answers can be selected. 1. The Data Protection Office 2. Your Privacy Officer Business 3. Compliance 4. The Project Manager of the project you are involved in 5. The Process Owner of your process 6. The Global Security Architect you happen to know! All of these responses are correct. Privacy is not restricted to a single team at the Client s. Instead it follows a transversal governance structure, and different stakeholders carry different responsibilities. Copyright 2015 Keyrus 26
27 4. NEEDS? THE IMPACT FOR A CLIENT - STRUCTURAL The Enterprise IT Environment/infrastructure -- Common Challenges: E.g. shared architecture within the Organisation, mergers and acquisitions; Customer-Facing Applications: Software-based notice and consent, (contractual) agreements; Identity and Access Management: E.g. role-based and user-based access controls, cross-enterprise authentication; For customers: customer authentication; For employees: Remote Access, Telecommuting, and Bring Your Own Devices; For partners: Third-Party Management: e.g. access to non-production environments for developers; Copyright 2015 Keyrus 27
28 4. NEEDS? THE IMPACT FOR A CLIENT - IT Data Encryption: Technological protection measures rendering personal data unintelligible to any person who is not authorised to access it; Regulations and standards; File and disk encryption, application or field encryption; Data loss prevention solutions; Technologies with privacy considerations: I.e. Cloud Computing, Video/Audio Surveillance Online privacy considerations: Usage of social media; Web browser, privacy (tracking, cookies); Copyright 2015 Keyrus 28
29 5. WHAT ACTIONS TO TAKE? 5 Embrace a philosophy of minimal personal data gathering AND freely and unambiguously given Consent Consider to appoint a Data Privacy Officer acting as a key point of contact to coordinate data protection activities Review Risk and Security across all Personal Data flows, third-party vendors included Companies are advised to undertake a set of actions Put Processes in place to be ready in satisfying clients request based on their rights to access, delete, or transfer their personal data Foresee a process to notify personal data breach to the supervisory authority Implement Technical and Organisational Measures in the context of processing Personal Data Demonstrate compliance with all those principles through appropriate documentation Copyright 2015 Keyrus 29
30 5. KEY TO THE SOLUTION - FINDINGS Message to the client management: The draft regulation has the potential (pending establishment of jurisprudence) to significantly drive up the costs of data collection and processing for organisations Digital future of organisation can only be build in trust. If people feel they are in control of their data and it is used for better serving them, sharing will be easier. Copyright 2015 Keyrus 30 30
31 6. HOW TO PROCEED TO BECOME COMPLIANT? ASSESS DECIDE IMPLEMENT CONTROL GDPR Compliancy FIT-GAP evaluation with 3focus on sensitive data, big data, decision automation Weight the risks and decide on corrective actions Take organizational & technical corrective actions Monitor & control current and future GDPR compliance Copyright 2015 Keyrus 31
32 INTERVIEWS PROPOSITION SCOPING EXERCISE Copyright 2015 Keyrus 32
33 OUR METHODOLOGY Scoping & Risk assessment User Stories & Risk backlog Copyright 2015 Keyrus 33
34 OUR METHODOLOGY Prioritisation output: the Risk backlog Each sprint implement the highest priority risks Each new risk is prioritized and added to the stack Risks may be prioritized at any time Risks may be removed at any time Risks Copyright 2015 Keyrus 34
35 ASSESSMENT DOMAINS A comprehensive view on the environment and ecosystem 6 Five assessment areas ECOSYSTEM Solution architecture & fit for requirements ENVIRONMENT Taking into account the maturity level of the organization towards GDPR Compliance and Data & Digital Transformation Environment Solutions for data management and GDPR compliance and their functional, technical and technological components Processes Governance & Strategy People & Organization Ecosystem All stakeholders involved in Data and the way they are organized and interact to create and maintain Data applications Information management Governance & Strategy A clearly documented plan that structures the journey to deploy and maintain solutions across the organization Copyright 2015 Keyrus 35
36 ASSESSMENT RESULTS SUMMARY Gap analysis: example of key outputs 6 Formalized vision on organization GDPR Compliance Data & Digital transformation Solution architecture and fit for requirements Roadmap aligned with business strategy Formalized GDPR Compliance and Data & Digital transformation processes: demand management, Processes Governance & Strategy People & Organization project delivery, information management, change management Solution design according to best practice Information Management Technology choice Governance & Strategy allowing proper Business and IT alignment Copyright 2015 Keyrus 36
37 Business value Roadmap & Delivery DEFINE ROADMAP high Complex 360 Customer View Priority Plot Map 4 1 Training Easy wins Data security by default & Individual rights management Breach Notification Production 3 Data privacy by design 2 Master Data Management & Documentation low Low priority Feasibility Nice to have high Copyright 2015 Keyrus 37
38 OUR METHODOLOGY PROJECT ROADMAP SAMPLE Project Roadmap Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7 Week 8 Week 9 Week 10 Scoping Study Sprint Zero Sprint backlog Sprint Sprint backlog Sprint Principal Consultant Senior Consultant Sprint backlog Sprint Data Analyst Copyright 2015 Keyrus 38
39 Data & Digital transformation APPROACH A GRADUAL APPROACH TAILORED TO YOUR NEED Change Plan & Decide Transform & Comply BEYOND Assess & Analyze Deep dive, Prioritize & Plan Xxx Weeks Initiate Assessment Awareness GDPR IN 7 QUESTIONS 2-3 days Who enters data into the system? What develops processes, business rules and standards? Who decides on updates? PEOPLE & ORGANIZATION Who makes actual changes to the data? Who uses the information? APPY PLAN OBTAIN STORE 1 Week Who sets the retention policy? Who archives the data? Who deletes the data? DISPOSE 1 WHAT? What is GDPR? 3 WHY? What are the risks if you are not compliant? 4 Needs? WHO? What are the Who is Key impacted? Requirements? 2 Actions? What are the Actions to Take? 5 HOW? How to proceed to become compliant? 6 YOUR KEY PARTNER? Why Keyrus can help you? 7 MAINTAIN What triggers creation of a new How the data is records? entered into the system? How data is What are the interfaces maintained? between applications? How data are used? BUSINESS PROCESSES How the information is secured? TECHNOLOGY & SYSTEMS How the information What triggers maintenance? is accessed? Data protection journey (incl. GDPR compliance) (monitored and evolutive) Copyright 2015 Keyrus 2 Compliance CAF KEYRUS CLIENT Copyright 2015 Keyrus 39
40 6. BECOMING COMPLIANT IMPLEMENTATION PRIORITIES Data Governance Domains Data Architecture & Design Management Composed of models, policies, rules or standards that govern which data is collected, and how it is stored, arranged, integrated, and put to use in data systems and in organizations MetaData Management Involves managing data about other data, whereby this "other data" is generally referred to as content data. Metadata management can be defined as the end-to-end process and governance framework for creating, controlling, enhancing, attributing, defining and managing a metadata schema Data Integration Management Combining data residing in different sources and providing users with a unified view of these data. Master Data & Reference Data Management Comprises the processes, governance, policies, standards and tools managing the critical organization data to provide a single point of reference. Data Security Management Viewed as a way to maintain the integrity of data and to make sure that the data is not accessible by unauthorized parties or susceptible to corruption of data. Data security is put in place to ensure privacy in addition of protecting this data. Data Quality Management Data Quality Management revolves around safeguarding the data to certify that the data is relevant, reliant and accurate. Incorporates the role establishment, responsibilities and processes with regard to the acquisition, maintenance, disposition and distribution of data. Data Compliance Management In addition to Data Security and Quality standards, Data Compliance are legal or regulatory frameworks defining data rules/principles to respond to internal or external hazards. Data Lifecycle management Viewed as a policy-based approach to managing the flow of an information system's data throughout its life cycle: from creation and initial storage to the time when it becomes obsolete and is deleted Data Warehousing & BI management Data warehouses integrate with all applications and databases, aggregate their data, categorize and manage the data according to rules and business criteria, BI allows analyse the data to find and define interrelationships, and present it back in various structures and/or formats to meet the needs of different users across the organization. Copyright 2015 Keyrus 40
41 6. BECOMING COMPLIANT IMPLEMENTATION PRIORITIES 6 Short term Focus & Priorities in Big Data Context Data Architecture & Design Management MetaData Management Data Integration Management OBJECTIVES: SUPPORT DELIVERY & TRUSTFULNESS OF INSIGHTS Master Data & Reference Data Management Data Quality Management Data Lifecycle management Metadata management PRIORITIES: Data Quality Data Security Management Data Compliance Management Data Warehousing & BI management Data Security & Access Data Compliance Copyright 2015 Keyrus 41
42 6. BECOMING COMPLIANT IMPLEMENTATION PRIORITIES 6 Long term Focus & Priorities in Big Data Context Data Architecture & Design Management Master Data & Reference Data Management MetaData Management Data Quality Management Data Integration Management Data Lifecycle management OBJECTIVES: PROPERLY GOVERNED SOLUTION INTEGRATED ACROSS TRADITIONAL AND BIG DATA PLATFORMS AND ORGANIZATION PRIORITIES: Data Security Management Data Compliance Management Data Warehousing & BI management Define Governance Zones: Highly Governed & Validated Metadata management Data Quality Data Security & Access Data Compliance Information integration Master Data & Reference Data Management Copyright 2015 Keyrus 42
43 OUR METHODOLOGY Benefits of Agile vs Traditional Waterfall Visibility Adaptability Shorter iteration delivery provide a better visibility to the business. Business Value Agile allows clients to re-evaluate their priorities and make changes at any stage of the project. Risk Business value is perceptible at the early stage of the project and consistently until the final delivery. Traditional development Copyright 2015 Keyrus 43 The risk is considerably reduced as mistakes can be corrected at early stages. Agile development
44 6. BECOMING COMPLIANT GOVERNANCE STRUCTURE 6 A Client decided to put the second line of defense concerning privacy with the compliance department (whereas the first line of the defense lies with the Data Protection Office of the Global Security Team). Why did they do so? Data Protection Office Data Protection Office (DPO): DPO Staff; a Compliance specialist; a network of Privacy Officers Business (POB); (a Legal specialist). (a) Because the applicable legislation says this is how it should be. (b) Certain aspects of the privacy function are closely linked to existing compliance functions, such as monitoring of the legal framework and second line control. (c) Both Copyright 2015 Keyrus 44
45 6. BECOMING COMPLIANT - GOVERNANCE STRUCTURE 6 A Client decided to put the second line of defense concerning privacy with the compliance department (whereas the first line of the defense lies with the Data Protection Office of the Global Security Team). Why did they do so? Data Protection Office Data Protection Office (DPO): DPO Staff; a Compliance specialist; a network of Privacy Officers Business (POB); (a Legal specialist). (a) Because the applicable legislation says this is how it should be. (b) Certain aspects of the privacy function are closely linked to existing compliance functions, such as monitoring of the legal framework and second line control. (c) Both Through this set-up, privacy has become a true transversal function at the Client s, which is essential. After all data protection and privacy is the responsibility of every single employee. Copyright 2015 Keyrus 45
46 6. BECOMING COMPLIANT BIG DATA COMPETENCY CENTER (BDCC) TO ENSURE TRANSFORMATION 6 Data Security & Compliance expert Take the lead on data security & compliance management aspects. Ensure conformity with internal security & compliance standards and local & global legislations. Ensure that data security policies are implemented, applied and monitored in the big data context. Advise on security concerns and make recommendations with regard to the security of data and systems to improve data security management. Report on information security incidents. Database / Hadoop Administrator Responsible for implementation and ongoing administration of Hadoop infrastructure. Set up Hadoop users. Cluster maintenance as well as creation and removal of nodes. Performance tuning of Hadoop clusters and Hadoop MapReduce routines. Monitor Hadoop cluster connectivity and security. Manage and review Hadoop log files. File system management and monitoring. HDFS support and maintenance. Data Scientist Contribute to the development of data models and protocols for mining production databases. Develop statistical analysis and create prediction models & algorithm Contribute to data mining architectures, modelling standards, reporting, and data analysis methodologies. Work with data acquisition expert & developers to extract data relevant for analysis. BIU Role IT Role Copyright 2015 Keyrus 46
47 6. BECOMING COMPLIANT BIG DATA COMPETENCY CENTER (BDCC) TO ENSURE TRANSFORMATION 6 General P01. Big Data Governance & Steering process P02. Big Data Knowledge & Training Management Architecture P03.Big Data Application Architecture Definition, Design & Compliance P04. Big Data Architecture Definition, Compliance & Documentation P05. Big Data Application Ownership & Performance Monitoring Demand Management P06. Big Data Demand & Release Management P91. Big Data Functional Solution Definition & Design process BDCC Operations Out of BDCC Scope Security management Compliance management P07. Big Data Security management P08. Big Data Compliance management Data Quality Management BAU P09. Big Data Quality Improvement process P92. Master Data Management P94. Big Data Operational Run & Control process P14. Big Data Support & Coaching P95. Big Data Application Life Cycle Mgt /Maintenance Delivery P10. Big Data Reporting Factory P11. Big Data Advanced Analytics Delivery P12. Big Data Program / Project Management P13. Big Data Application Delivery Quality Assurance P93. Big Data Project Delivery Copyright 2015 Keyrus 47
48 OUR APPROACH IN SUMMARY 7. KEYRUS CAN HELPS YOU IDENTIFYING CHALLENGES OF GDPR DESIGNATION OF A DPO DIGITAL TRANSFORMATION IDENTITY ACCESS MANAGEMENT SENSIBLE DATA INFORMATION SECURITY (ISO 27000) PERSONAL DATA TRAININGS FOR THE EMPLOYEES ACCOUNTABILITY DATA IS EVERYWHERE (BYOD, ) NECESSITY TO SECURE THE DATA Copyright 2015 Keyrus 48
49 7. WHY KEYRUS CAN HELP YOU? KEYRUS DNA FOR 20 YEARS Data Intelligence and Data Management is Keyrus DNA for more than 20 Years. Our expertise is your best asset to identify personal data, assess the current state of data security & privacy and to design & implement corrective actions. Copyright 2015 Keyrus 49 MORE THAN TRADITIONAL INTELLIGENCE Ensuring GDPR compliance requires a mix of skills outside traditional Data Intelligence. Keyrus has developed strong collaboration and partnership with specialized legal advisors and cutting edge technology vendors. EXPERIENCE & REFERENCES See our references on related topics; BI/IM Maturity assessment (Keyrus Maturity model), Data Governance, Data process reengineering, Data Management.
50 7 7. WHY KEYRUS CAN HELP YOU? A COMPREHENSIVE RESPONSE TO THE MAJOR CHALLENGES FACING ENTERPRISES 90% of the data in the world Innovation created in the last two years alone (source: IBM) DIGITAL TRANSFORMATION Agility & collaborative approaches Disruptive business models Profitability Growth & Sustainability 3.5 billion searches analyzed by Google each day (source: Google Search Statistics) 2/3 of organizations will have to drastically change, or even replace, their Business Model in order to survive by 2020 (source: Gartner) Copyright 2015 Keyrus 50
51 Data & Digital transformation 7 7. WHY KEYRUS CAN HELP YOU? A GRADUAL APPROACH TAILORED TO YOUR NEED Change Plan & Decide Transform & Comply BEYOND Assess & Analyze Deep dive, Prioritize & Plan Xxx Weeks Initiate Assessment Awareness GDPR IN 7 QUESTIONS 2-3 days Who enters data into the system? What develops processes, business rules and standards? Who decides on updates? PEOPLE & ORGANIZATION Who makes actual changes to the data? Who uses the information? APPY PLAN OBTAIN STORE 1 Week Who sets the retention policy? Who archives the data? Who deletes the data? DISPOSE 1 WHAT? What is GDPR? 3 WHY? What are the risks if you are not compliant? 4 Needs? WHO? What are the Who is Key impacted? Requirements? 2 Actions? What are the Actions to Take? 5 HOW? How to proceed to become compliant? 6 YOUR KEY PARTNER? Why Keyrus can help you? 7 MAINTAIN What triggers creation of a new How the data is records? entered into the system? How data is What are the interfaces maintained? between applications? How data are used? BUSINESS PROCESSES How the information is secured? TECHNOLOGY & SYSTEMS How the information What triggers maintenance? is accessed? Data protection journey (incl. GDPR compliance) (monitored and evolutive) Copyright 2015 Keyrus 2 Compliance CAF KEYRUS CLIENT Copyright 2015 Keyrus 51
52 Resource Involved UP-SKILLING PLANNING STAFF ALLOCATION & UP-SKILLING PLANNING Working on-site alongside client teams allows our consultants to transfer knowledge and skills throughout the project, allowing for phased reduction in our involvement and hand-over of maintenance and further development to client teams. Client autonomy and self- sufficiency are the product of joint implementation and knowledge transfer Upskilling Implementing Self-serving Analysing Keyrus Client Time & Knowledge Transfer Advice Training Implementing Servicing Copyright 2015 Keyrus 52
53 Copyright 2015 Keyrus 53
54 THANK YOU FOR YOUR ATTENTION To contact us
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance. Page 2 What is General Data Protection Regulation? What The general data protection
More informationSample Data Management Policy Structure
Sample Data Management Policy Structure This document has been produced by The Audience Agency. You are free to edit and use this document in your business. You may not use this document for commercial
More information1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction
Introduction On April 2016 the European Parliament approved the General Data Protection Regulation (GDPR). This new regulation, with mandatory implementation by Member States (MS) and businesses that have
More informationMore information at cventconnect.com/europe/mobileapp
Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General
More informationGDPR: What Every MSP Needs to Know
Robert J. Scott GDPR: What Every MSP Needs to Know Speaker Robert J. Scott Agenda Purpose GDPR Intent & Obligations Applicability Subject-matter and objectives Material scope Territorial scope New Rights
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationGDPR 7 questions you should ask technology vendors about GDPR
GDPR 7 questions you should ask technology vendors about GDPR Page 2 Introduction When selecting a technology platform, it is important to consider how the vendor will help your organization comply with
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationThe ecommerce Guide to GDPR. How to Ensure Compliance and a Competitive Edge
The ecommerce Guide to GDPR How to Ensure Compliance and a Competitive Edge 03 Table of Contents Executive Summary 03 What is the GDPR? 04 What Does the GDPR Mean to ecommerce? 06 Challenges to Overcome
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationGDPR: An Evolution, Not a Revolution
GDPR: An Evolution, Not a Revolution Disclaimer This article does not constitute legal advice, nor is this information intended to create or rise to the level of an attorney-client relationship. You should
More informationA PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018
A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018 1 PURPOSE OF THIS DOCUMENT 2 This document is to be used as a guide for advertisers on how they should work with their agencies,
More informationThe General Data Protection Regulation (GDPR)
Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR Contents Section Page What is the GDPR and what does it change? 01 Understanding the core
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationMind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic
Author Rakesh Sancheti Vice President and Business Head - Analytics, Europe and Nordic July 2017 The regulatory environment has become increasingly complex, with new regulations being introduced across
More informationEU General Data Protection Regulation in the digital age: Are you ready?
EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented
More informationThe General Data Protection Regulation (GDPR)
Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR September 2017 Contents Section Page What is the GDPR and what does it change? 01 Understanding
More informationThe General Data Protection Regulation (GDPR)
Risk Regulation The General Data Protection Regulation (GDPR) Cyber security Preparing your business for the GDPR September 2017 Contents What is the GDPR and what does it change? Section Page What is
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationWHITE PAPER EU General Data Protection Regulation Compliance
WHITE PAPER EU General Data Protection Regulation Compliance Table of Contents 1. SAP is ready for GDPR 04 1.1. Data Protection Processes 04 1.2. Data Protection Thresholds 05 1.3. Technical & Organizational
More information1. Understanding Big Data. Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview
Big Data and its Real Impact on Your Security & Privacy Framework: A Pragmatic Overview Erik Luysterborg Partner, Deloitte EMEA Data Protection & Privacy leader Prague, SCCE, March 22 nd 2016 1. Understanding
More informationPlanning for the General Data Protection Regulation
IBM Analytics White Paper Planning for the General Data Protection Regulation Protect, govern and know your data with help from IBM 2 Planning for the General Data Protection Regulation Overview Customer
More informationGDPR is coming in 108 days: Are you ready?
Charles-Albert Helleputte Partner, Brussels GDPR is coming in 108 days: Are you ready? Diletta De Cicco Legal Consultant, Brussels 6 February 2018 +32 2 551 5982 chelleputte@mayerbrown.com +32 2 551 5974
More informationTHE FIRST THREE STEPS TO GETTING GDPR READY
THE FIRST THREE STEPS TO GETTING GDPR READY GDPR 25 MAY 2018 Agile Solutions is a specialist Information Management and Data Analytics consultancy. We provide applications, technology and support services
More informationEU General Data Protection Regulation
Steve Norledge, UKI GDPR Leader Sol Barron, Information Governance Specialist February 2017 EU General Data Protection Regulation Getting Started with GDPR GDPR significantly extends EU member-state data
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) ServiceNow Governance, Risk, and Compliance Table of Contents What is the GDPR?...3 Key Requirements for the GDPR...4 Accountability, Policies,
More informationEU General Data Protection Regulation: Are you ready?
EU General Data Protection Regulation: Are you ready? Powered by Global Markets EY Knowledge Contents What do you need to know about the new EU General Data Protection Regulation? Are organisations ready
More informationEU General Data Protection Regulation: are you ready?
EU General Data Protection Regulation: are you ready? Contents What you need to know about the new EU General Data Protection Regulation Is your organization ready for the EU General Data Protection Regulation?
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationIn search of the Holy Grail?
In search of the Holy Grail? Our Clients Journey to the Data Lake André De Locht Sr Business Consultant Data Lake, Information Integration and Governance $ andre.de.locht@be.ibm.com ( +32 476 870 354 Data
More informationGDPR in SAP. June, Igor Gregurec
GDPR in SAP June, 2017 Igor Gregurec Agenda GDPR rules GDPR compliance approach Example SAP solutions for GDPR compliance Lifecycle of personal data Fines and trends 2 The New EU Data Protection Rules
More informationGDPR. Are you ready for the GDPR countdown?
Are you ready for the countdown? SOLUTIONS LOOK TO THE FUTURE There s more to than just compliance; find out how to use the new regulation as a springboard to unlocking greater business value from your
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationWhat you need to know. about GDPR. as a Financial Broker. Sponsored by
What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues
More informationGDPR: The devil is in the data
GDPR: The devil is in the data A recent newspaper article chose a revealing headline: GDPR: the new data-protection law giving watchdogs a mega-bite. 1 Much of the coverage of the EU s new General Data
More informationPERSPECTIVE. GDPR - An industry and geography agnostic regulation. Abstract
PERSPECTIVE GDPR - An industry and geography agnostic regulation Abstract As the deadline to comply with the General Data Protection Regulation (GDPR) draws near, many organizations are unaware of what
More informationIBM Collaboration Solutions Readiness for GDPR IBM Corporation
IBM Collaboration Solutions Readiness for GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationGeneral Data Protection Regulation (GDPR) Key considerations and implications for brokers
General Data Protection Regulation () Key and implications for brokers Contents at at 03 - did you know? 05 How to handle 07 Considerations for Broker Directors 08 General Data Protection Regulation ()
More informationPreparation Guide to the New European General Data Protection Regulation
Preparation Guide to the New European General Data Protection Regulation 1. Introduction 2. The Application of the Regulation to Businesses The General Data Protection Regulation (GDPR) is to protect citizens
More informationEuropean Union General Data Protection Regulation 25 th May 2018
European Union - General Data Protection Regulation External Frequently Asked Questions European Union General Data Protection Regulation 25 th May 2018 European Union General Data Protection Regulation
More informationAchieving GDPR Compliance with Avature
Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace
More informationGDPR: what you need to know
GDPR: what you need to know Getting to grips with the EU General Data Protection Regulation (GDPR) Introduction In May 2018, the European Union s (EU) GDPR ushers in unprecedented data protection for EU
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationGenera Data Protection Regulation and the Public Sector
Genera Data Protection Regulation and the Public Sector Tuesday 30 May 2017 @mhclawyers Welcome Edward Gleeson Partner & Head of Public & Administrative Law Mason Hayes & Curran GDPR for Public Bodies
More informationAgenda. What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance
Agenda What is the GDPR? Who does GDPR apply to? Implications of Non-Compliance The Road to GDPR Compliance What is the GDPR? The General Data Protection Regulation(GDPR) is a European-wide regulation
More informationData rich and regulation wary
Data rich and regulation wary Improving risk compliance in today s data rich environment kpmg.com Key highlights Expect regulatory and Increase data and security 1 policy focus 2 controls 3 Personal consumer
More informationThe General Data Protection Regulation
May 2017 The General Data Protection Regulation Are you ready? Amaze 2017 1 The GDPR - Are you ready? The General Data Protection Regulation (GDPR) is set to transform the UK and Europe s data protection
More informationSAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases
SAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases Dr. Neil Patrick Director COE GRC & Security (EMEA) 10 th May 2017 2017 SAP AG. All rights reserved. Internal, Named Partner 1 2017
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationGeneral Data Protection Regulation. Jim Sneddon GDPR-P, CISSP
General Data Protection Regulation Jim Sneddon GDPR-P, CISSP "The GDPR is actually already in force, it is just that Member States are not obligated to apply it until 25 May 2018. It s your job, it s your
More informationThe GDPR: What does it mean for executive search?
The GDPR: What does it mean for executive search? At Invenias, we are committed to working in partnership with our customers to ensure a streamlined journey to compliance. Our customers benefit from data
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationData Protection (internal) Audit prior to May (In preparation for that date)
Data Protection (internal) Audit prior to May 2018. (In preparation for that date) For employers without a dedicated data protection or compliance function, a Data Protection Audit can seem like an overwhelming
More informationYOU RE ONLY AS STRONG AS YOUR WEAKEST LINK
YOU RE ONLY AS STRONG AS YOUR WEAKEST LINK GDPR & THIRD PARTY RISK QUICK GUIDE GDPR Resistance is Futile The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC
More informationCelgene General Privacy Policy
Celgene General Privacy Policy 1. INTRODUCTION AND SUMMARY Our Privacy Commitment At Celgene we recognize the importance of, and are fully committed to protecting the privacy of, information related to
More informationA questionnaire for senior management
Getting ready for GDPR Part 2: Accountability - A questionnaire for senior management Accountability is more than simple compliance with the rules - it implies a culture change organisations and not Data
More informationCAPTIFY S GDPR READY POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT
CAPTIFY ON GDPR POSITION: + + EU REGULATION 25TH MAY 2018 UPDATE TO DPD PERSONAL DATA CONSENT + + The GDPR (General Data Protection Regulation) is going into effect on 25th May 2018. By providing enhanced
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationA COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS. April 19, 2017
A COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS April 19, 2017 The General Data Protection Regulation (GDPR) represents perhaps the most sweeping changes to the protection
More informationA Practical Guide to Data Protection for Information Professionals
A Practical Guide to Data Protection for Information Professionals Naomi Korn and Carol Tullo on behalf of NKCC NKCC 2018. All Rights Reserved. www.naomikorn.com The information contained within this document
More informationPrivacy governance survey. The state of privacy management in Belgian organisations
Privacy governance survey The state of privacy management in Belgian organisations January 2017 Welcome How are Belgian organisations performing when it comes to the protection of personal data? In November
More informationRobert Bond Partner 3/13/2015. EU Data Protection Officer: Roles and responsibilities
EU Data Protection Officer: Roles and responsibilities Robert Bond, CCEP Head of Data Protection and Cyber Security Law and DPO charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years'
More informationPraticamente GDPR Spike Reply PART 1
Agenda Praticamente GDPR Spike Reply PART 1 Do not call it a project! Top-5 priorities for getting ready Different points of view? 7 don ts you should know Get the Board involved 2 Do not call it a project!
More informationBrace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas
February 13, 2017 Brace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas The ICSA Annual Conference 2017 Stronger Boards, Better Governance ExCel, London, 4 July, 2017, 11:30 AM Our
More informationLaurens Vehmeijer Daniela Dandes
GDPR and Student Recruitment Laurens Vehmeijer Daniela Dandes Laurens Vehmeijer Who are we anyway? Analytics Consultant & Interim Data Protection Officer Background in Life Sciences Since 2015 data analytics
More informationSOLUTION BRIEF HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING ADDRESS GDPR CHALLENGES WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL ACROSS THE GLOBE The EU GDPR imposes interrelated obligations for organizations
More informationGeneral Data Protection Regulation
October 2017 Whitepaper General Data Protection Regulation What does it mean for you and your organization? Page 1 General Data Protection Regulation (GDPR) From May 2018, the General Data Protection Regulation,
More informationInsurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within
Insurance Analytics: Organizing Analytics capabilities to get value from Data Analytics solutions A Deloitte point of view on Data Analytics within the Dutch Insurance industry Insurance Analytics A Deloitte
More informationGDPR Checklist. O - Organisation. P - Processing. T - Technology. I - Information. N - Next OVERVIEW. Your Personal Data
OPTIN checklist OVERVIEW 1 GDPR Checklist This checklist sets out activities you will need to consider and act on by the compliance deadline of 25th May 2018. Use this to help you identify what support
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationPERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR
PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR The General Data Protection Regulation ( the GDPR ) significantly increases the obligations and responsibilities of organisations and
More informationGet ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie
Get ready A Guide to the General Data Protection Regulation (GDPR) elavon.ie The General Data Protection Regulation (GDPR) will regulate the privacy and handling of the personal data of individuals in
More informationCINCINNATI PUBLIC RADIO PRIVACY NOTICE FOR EU RESIDENTS
CINCINNATI PUBLIC RADIO PRIVACY NOTICE FOR EU RESIDENTS Cincinnati Public Radio ("CINCINNATI PUBLIC RADIO," "we" or "us") owns, operates, or provides access to cinradio.org and CINCINNATI PUBLIC RADIO's
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Operational Owner: Executive Owner: James Newby Data Protection Officer Sarah Litchfield Senior Information Risk Officer Effective date: 25 th May 2018 Review date: May 2021 Related
More informationDocument Ref: Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager
Policy Data Protection Policy Document Ref: 471.4 Issue Date: March 2018 Review Date: March 2020 Policy Lead: Stephanie Vasey, Data Governance Manager Data Protection Policy Entity This policy applies
More informationGDPR General Data Protection Regulation
GDPR General Data Protection Regulation Compliance Information Guide - May 2018 About this document Ticket Arena & Event Genius Disclaimer DISCLAIMER: This is a brief presentation for information purposes
More informationBROOKS PERSONAL TRAINING
BROOKS PERSONAL TRAINING Data Protection Policy Data Protection Policy Lent 2017 0 DATA PROTECTION POLICY Table of Contents: 1. Document Control... 2 2. Introduction... 3 3. General Statement of Scope...
More informationDrowning in data or diving into opportunity?
AN ENSIGHTEN STRATEGY BRIEF Drowning in data or diving into opportunity? The marketer s guide to complying with GDPR and understanding its benefits Introduction As the 25th May 2018 fast approaches, marketers
More informationBrochure. Information Management & Governance. Find and Control Enterprise Content. Micro Focus ControlPoint
Brochure Information Management & Governance Find and Control Enterprise Content Micro Focus ControlPoint Brochure Find and Control Enterprise Content Micro Focus ControlPoint: A Better Way to Manage Data
More informationA tool for assessing your agency s information and records management
A tool for assessing your agency s information and records management Copyright Commonwealth of Australia 2010 Updated on 14 June 2012 Copyright of Check-up 2.0 rests with the Commonwealth of Australia.
More informationPreparing for the GDPR
Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection
More informationResponsible Business Alliance. Data Privacy and GDPR Compliance Policy
Responsible Business Alliance Data Privacy and GDPR Compliance Policy 1. INTRODUCTION 1.1 As a global non-profit membership organisation, the Responsible Business Alliance ( RBA ) has a responsibility
More informationGDPR COMPLIANCE: HOW AUTOMATION CAN HELP
GDPR COMPLIANCE: HOW AUTOMATION CAN HELP September 2018 DISCLAIMER This white paper is a commentary on the GDPR, as Chef interprets it, as of the date of publication. We like to think we ve been thoughtful
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) The EU General Data Protection Regulation (GDPR) What is the GDPR? The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) was adopted on 27 April,
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationReady for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
SAP Database and Data Management Portfolio/SAP GRC Solutions Ready for the GDPR, Ready for the Digital Economy Fast-Track Your Midsized Business for the Digital Economy While Addressing GDPR Requirements
More informationGDPR Podbriefing Audio Transcript
GDPR Podbriefing Audio Transcript Title Hello my name is Geraldine Swanton, and I m a legal director with Shakespeare Martineau in their education team, and I m here today to talk to you about data protection.
More informationGDPR & SMART PIA. Wageningen University Feb 2017
GDPR & SMART PIA Wageningen University Feb 2017 Tips for Action: Anticipate on the new EU General Data Protection Regulation (GDPR) to determine the privacy standards GDPR has been adopted by EU Parliament
More informationConsulting Champions
Consulting Champions Get GDPR Ready with SOLA Consulting A bespoke GDPR compliance offering covering people, process, technology and data www.solagroup.com SOLA Consulting is part of SOLA Group Ltd Contents
More informationIntroduction to the General Data Protection Regulation (GDPR)
Introduction to the General Data Protection Regulation (GDPR) #CIPR / @CIPR_UK This guide is worth 5 CPD points Introduction to the General Data Protection Regulation (GDPR) / 2 Contents 1 Introduction
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationPRIVACY STATEMENT Date: 25 May 2018
PRIVACY STATEMENT Date: 25 May 2018 1 Introcution MULTI BELGIUM MANAGEMENT BVBA ( Multi ) process your personal data if you access our website and applications, if we provide products or services to you
More informationCNPD Training: Data Protection Basics
CNPD Training: Data Protection Basics The obligations of controllers and processors Esch-sur-Alzette Mathilde Stenersen 7-8 February 2018 Legal service Outline 1. Introduction 2. Basic elements 3. The
More information