The GDPR Are you ready?

Similar documents
Dealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016

THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

GDPR Compliance Checklist

MiFID II - Product Governance

What is GDPR and Should You Care?

Gender Pay Gap Reporting

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

EU GENERAL DATA PROTECTION REGULATION

Giving you clarity on your change programmes

EU General Data Protection Regulation (GDPR) Tieto s approach and implementation

EU General Data Protection Regulation

General Data Protection Regulation (GDPR) Meeting the new requirements

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

Guidance on the General Data Protection Regulation: (1) Getting started

EU data protection reform

EU General Data Protection Regulation (GDPR)

EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.

EU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory

GDPR. Guidance on Employee Personal Data

Breaking the myth How your marketing activities can benefit from the GDPR December 2017

The Sage quick start guide for businesses

The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,

PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER

The General Data Protection Regulation: What does it mean for you?

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

General Data Privacy Regulation: It s Coming Are You Ready?

Getting Ready for the GDPR

Data protection in light of the GDPR

How employers should comply with GDPR

Risk consulting. Conduct risk: Aligning product, customer and value. kpmg.ie

Can the public sector deliver a zero tolerance approach to corruption risk?

2017 IBM Corporation. IBM s Journey to GDPR Readiness

General Data Protection Regulation. The changes in data protection law and what this means for your church.

GDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry

The New EU General Data Protection Regulation 1

QuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready?

WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION

TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION

SOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER

Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications

GDPR Webinar : Overview & practical compliance steps. 23 October 2017

The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry

September 9, 2016 kpmg.ca

Introduction. Key points of the recent ODPC guidance, and the Article 29 working group guidance

The EU General Data Protection Regulation

New EU-GDPR: Challenges for Universities and Research Organisations

Data Flow Mapping and the EU GDPR

Committee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs

KPMG s Audit Committee Institute

ECDPO 1: Preparing for the EU General Data Protection Regulation

ARTICLE 29 DATA PROTECTION WORKING PARTY

THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE

General Data Protection Regulation (GDPR) Strategy

Comments on Chapter IV Part I Controller and processor 25/08/2015 Page 1

The General Data Protection Regulation An Overview

Guidelines on the protection of personal data in IT governance and IT management of EU institutions

GDPR. The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April

General Personal Data Protection Policy

Preparing for GDPR 27th September, Reykjavik

Audit Committee Reports External Audit Effectiveness

Hospitality Organization Flow Charts

Mind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic

GCC VAT implementation roadmap are you ready?

Contents. Introduction 1. Territorial scope 3. Supervisory authority 4. Data governance and accountability 5. Export of personal data 14

Set Sails Conference. 3 questions you need to answer to master the digital storm. Michael Pritzer, Alexander Jonke. Munich

Preparing for the General Data Protection Regulation (GDPR)

Organisational Readiness for the European Union General Data Protection Regulation (GDPR)

Energy Retail Markets. An International Review

A GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1

Preparing for the GDPR: Attaining and Demonstrating Compliance

Andrea ROSIGNOLI Partner KPMG

The New EU General Data Protection Regulation and its Consequences for IT Operations and Governance

New General Data Protection Regulation - an introduction

WSGR Getting Ready for the GDPR Series

PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR

Environmental, social and governance (ESG) materiality assessment

Digital Labor Analytics

Achieving GDPR Compliance with Avature

IT/BPO. Forensic services. Helping to protect your business from fraud, misconduct and non-compliance ADVISORY. kpmg.com/in

GDPR A Catalyst to Drive Real Action around Privacy and Security

KPMG s Dynamic Audit. Powered by Data+ Analytics. January kpmg.com

Third Party Risk Management ( TPRM ) Transformation

Strategy Group kpmg.ca

Migration Newsflash. Policy updates on employer sponsored visa reforms. 9 August 2017

Privacy governance survey. The state of privacy management in Belgian organisations

EU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant

GDPR Best Practices Implementation Guide. Transforming GDPR Requirements into Compliant Operational Behaviours

A recording of this webinar and the slides will be made available within a week of this event To listen in, please make sure the sound on your

Rexel Shredding. Why a paper security policy is integral to GDPR compliance.

EU General Data Protection Regulation

General Data Protection Regulation

Working toward GDPR compliance. Insights from a SAS survey and an end-to-end approach

PERSONAL DATA PROTECTION POLICY

The (Scheme) Actuary as a Data Controller

TEL: +44 (0)

UK Research and Innovation (UKRI) Data Protection Policy

2017 KPMG N.V., a Dutch limited liability company, is a member firm of the KPMG network of independent member firms affiliated with KPMG

Transcription:

The GDPR Are you ready? kpmg.ie

The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive. This regulation imposes new obligations and stricter requirements on all organisations involved in the processing of personally identifiable data, emphasising transparency, security and accountability. Objectives The primary objectives of the GDPR are to: Institute citizens rights in controlling their personal data Simplify the regulatory business environment by adopting a unified regulation across the EU Implications Failure to comply with the directive may result in: Fines of up to 20,000,000 or 4% of total annual global turnover (whichever is greater) Reputational risk Individuals are also empowered to bring private claims against organisations where their data privacy has been infringed THE GENERAL DATA PROTECTION REGULATION 1

The GDPR - Summary of key requirements GDPR contains 99 articles and 173 recitals. A summary of key requirements include: Personal data Extended definition now includes direct and indirect identification. Breach notification obligation Breach notification within 72 hours of identification. Accountability Mandatory accountability culture, privacy management activities and record keeping with enforcement policies. Privacy impact assessments Regular testing, assessment and evaluation of effectiveness of technical and organisational measures. Vendor Management Liability now includes both data controllers and data processors making vendor management a critical aspect. Expanded personal privacy rights Additional rights of access, notice, consent, portability, profiling and erasure. Data protection officer Under certain circumstances, requirement for an assigned and empowered DPO to steer compliance. Cross-border data transfer Requirement to know all of your data processors that are handing EU personal data. Privacy by design and default Embed privacy-related technical and organisational measures into design and by default only process personal data where necessary. 2 THE GENERAL DATA PROTECTION REGULATION

The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do you have interactions with individuals? e.g. via Sales, Procurement, Marketing, Human Resource and Payroll processes What is your Data Privacy strategy People/Process/Technology and Protect/Detect/Respond? Do you have a culture of Data Monitoring? Are your employees aware of the GDPR implications? Who is in charge of Data Privacy and Protection in the company? Do you know where your data is stored and who has access to it? Did you obtain the data on a lawful basis? Is it shared outside of the EU? Do you know how your third parties safeguard your data? 3 THE GENERAL DATA PROTECTION REGULATION THE GENERAL DATA PROTECTION REGULATION 3

How KPMG can help Implementing GDPR requires a multi-disciplinary team of subject matter experts. KPMG S unrivalled experience of large transformational change projects means we understand the challenges facing you and can assist you in addressing them. GDPR Readiness Management Consulting Forensic Services Legal Services Risk Consulting GDPR Readiness Assessment GDPR Programme Planning & Management Data Governance Process Design Change Management Data Discovery Where complexity requires a softwaredriven response Ongoing monitoring and control over your personal data storage Legitimate basis for Data Processing activities Privacy notices meet the GDPR requirements 3rd Party Contract Review Data Protection Risk, Process and Control Assessments Information Security & Controls Cyber Security 4 THE GENERAL DATA PROTECTION REGULATION

How KPMG can help We can offer you a full range of services which can be customised to suit your specific needs at any stage in your journey to GDPR readiness. ASSESS GDPR readiness assessment Create & collate personal data registers Start Now 1 IMPLEMENT Revised data governance structures Policies, procedures, notices & contract changes Staff training & awareness DESIGN Initiate GDPR readiness programme Design your data protection & governance framework 3 2 MONITOR Demonstrate ongoing compliance Regular testing, assessing & evaluation of security measures 4 GDPR 25 th May 2018 5 THE GENERAL DATA PROTECTION REGULATION THE GENERAL DATA PROTECTION REGULATION 5

Market Leading GDPR Consulting Provider Paul Toner Management Consulting Partner T. +353 1 410 1277 E. paul.toner@kpmg.ie Michael Daughton Risk Consulting Partner and Cyber Risk Lead T. +353 1 1 410 2965 E. michael.daughton@kpmg.ie David Collins Director, Management Consulting T. +353 1 700 4282 E. david.p.collins@kpmg.ie William O Brien Director, Forensics T. +353 1 700 4119 E. William.obrien@kpmg.ie Gordon Wade Manager, Legal Services T. +353 1 700 4806 E. Gordon.wade@kpmg.ie kpmg.ie 2017 KPMG, an Irish partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative ( KPMG International ), a Swiss entity. All rights reserved. Printed in Ireland. The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation. The KPMG name and logo are registered trademarks of KPMG International Cooperative ( KPMG International ), a Swiss entity. If you ve received this communication directly from KPMG, it is because we hold your name and company details for the purpose of keeping you informed on a range of business issues and the services we provide. If you would like us to delete this information from our records and would prefer not to receive any further updates from us please contact leona.crean@kpmg.ie or phone +353 1 700 4868. Produced by: KPMG s Creative Services. Publication Date: Sept 2017. (2980)

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback