GDPR: what you need to know

Similar documents
Easing the burden of data privacy compliance

EU General Data Protection Regulation: are you ready?

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

EU General Data Protection Regulation in the digital age: Are you ready?

EU General Data Protection Regulation: Are you ready?

Navigating the PSD2 and GDPR challenges faced by banks. Minds made for protecting financial services

Strengthening accountability in banking

EY LIC Solution. Powerful tool to support quick IFRS 9 implementation

Complex contracting made simple

How can a transparent and effective corporate governance culture support the governance framework?

Digital Passport. Transforming SME banking through customer-permissioned data exchange

Contacts. About EY Catalyst TM. EY Assurance Tax Transactions Advisory

executives Using health insurance exchanges to gain competitive advantage

The UK Modern Slavery Act What are the requirements and how should businesses respond?

Finance for Non- Finance Executives

Designing a finance function to meet tomorrow s challenges

Can the EU Directive on nonfinancial reporting give you a competitive advantage?

Cloudy skies. How to bring clarity to your cloud platform in order to optimize your investment. September 2016

How does treasury adapt to the finance function of the future?

DATA PROTECTION OFFICER (DPO) Maria Maxim Partner Bucharest October 25, 2017

The General Data Protection Regulation: What does it mean for you?

EY Alumni Network Portal. How to register

Complaint handling: under the spotlight. EY point of view

EU General Data Protection Regulation: Are you ready?

Delivering tomorrow s companies today. How global business services can transform your business. The CIO perspective

Go global: positioning your family business expansion across borders. Key considerations for accelerating your growth

The concept of capital in Integrated Reporting. Integrated Reporting Update

GDPR: A PRAGMATIC APPROACH

The future of assurance How technology is transforming the audit

Integrated Reporting Framework (IReF) & Banks Integrated Reporting Dictionary (BIRD)

Improving your finance function effectiveness

HR: taking the right steps. UK leaving the EU

What role could the finance function play in a 4.0 world?

Excellence in Operations. Getting the basics right in banking

Integrated reporting. Communicating sustainable value creation

Big data strategy to support the CFO and governance agenda

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting

The General Data Protection Regulation (GDPR)

GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges

BCBS 239 Risk data aggregation and reporting

Ready for review: Business Model Assessment

Information governance for the real world

Internal audit in insurance: market issues and trends

The dawn of a new partnership

Delivering tomorrow s companies today. How global business services can transform your business. The COO perspective

Is your business transforming its technology or is technology transforming your business?

Regulatory Reporting: Implementing the proposed MAS Notice 610. Navigating the regulatory reporting and data challenge

EMEIA service provider survey 2015 results. Building trust with your clients in an outsourced world

Oil and Gas services

With financial penalties of up to 4 percent of global annual turnover, are you up-to-date on the General Data Protection Regulation?

General Data Protection Regulation (GDPR) New regulation for the protection of data

Implementing and maintaining ISAE 3402

Accounting policy and governance

Ready for takeoff? Overcoming the practical and legal difficulties in identifying and realizing the value of data. Self-assessment guide

The General Data Protection Regulation (GDPR)

Finance forte. The future of finance leadership At a glance

Does a disrupted Internal Audit function mean a stronger strategic partner?

Why digital governance matters

RouteONE Helping enhance the real value from SAP GRC Risk Management

The General Data Protection Regulation (GDPR)

Customer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)

Deploying autonomous vehicles Commercial considerations and urban mobility scenarios

A PRACTICAL GUIDE FOR HOW AN ADVERTISER CAN PREPARE FOR GDPR JANUARY 2018

When bots are GBS co-workers, how do you manage change?

GENERAL DATA PROTECTION REGULATION REPORT

General Data Protection Regulation (GDPR)

Leveraging technology and data for cost effective risk management

IFRS 9 in a box. EY IFRS 9 recommendations for small-and medium-sized entities

Are you ready for a future outside of the European Union?

Making a fast start for your capital projects. Power and Utilities Maturity Model and Architecture

1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction

WHITE PAPER EU General Data Protection Regulation Compliance

Draft King IV TM Report. A Synopsis

CoE in a Box - Enablement and Controls. The key get rights vital to successful RPA CoE Program

Commodities Markets. Working with you to address your challenges in the commodities markets

IPO readiness. Save time and costs and increase transaction certainty by adopting a structured approach to your IPO journey

Supporting local public services through change. Getting more from strategic commissioning

EU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory

Getting the right robots Getting robots right

Supporting local public services through change. Getting more from strategic commissioning

Preparing Your Vendor Agreements for the General Data Protection Regulation

Bringing patients into focus

Peter Fuss Senior Advisory Partner Automotive Ernst & Young

Competition, coexistence or symbiosis? The DNA of C-suite sales and marketing leaders. The CCO perspective

Next-generation enterprise risk management

General Data Protection Regulation

MiFID II Extraterritorial Impacts. Product Manufacturing and Distribution

Are you ready for conflict minerals reporting?

Global supply chain benchmarking study for the tire industry Executive summary 1

GENERAL DATA PROTECTION REGULATION

Driving sustainable performance in the oil and gas sector. Supporting your health, safety, environmental and social goals

Robotic process automation. Automation s next frontier

EU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018

Excellence in financial communication. Meeting the needs of international investors by ensuring effective financial communication

Governing the cloud. insights for 5executives. Drive innovation and empower your workforce through responsible adoption of the cloud

Get ready. A Guide to the General Data Protection Regulation (GDPR) elavon.ie

The Business Model concept in Integrated Reporting

EY Center for Board Matters Boards and internal audit

The GDPR Are you ready?

Transcription:

GDPR: what you need to know Getting to grips with the EU General Data Protection Regulation (GDPR) Introduction In May 2018, the European Union s (EU) GDPR ushers in unprecedented data protection for EU residents, backed by fines of up to 20 million or 4% of global revenue, whichever is higher. The GDPR is a global game changer, the importance of which no organization can afford to underestimate. However, while working toward compliance, companies can also use it to gain a competitive advantage. The first step is to understand its impacts on citizens and companies.

Journey to compliance and competitive advantage 2016 Timeline 2018 Business case development GAP analysis Align business Design Implement Monitor What the GDPR means for citizens The main changes that the GDPR introduces for private individuals include: When an individual no longer wants their data to be processed, the data must be deleted (the right to be forgotten ). Individuals have the right to more information on how their data is processed, available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers. An individual has the right to know when their data has been breached. The aims of GDPR are to reinforce data protection rights of individuals, facilitate the free flow of personal data in the digital single market and reduce the administrative burden. The GDPR replaces the 1995 General Data Protection Directive and applies directly to each of the 28 EU Member States. What the GDPR means for companies and other organizations The GDPR distinguishes between data controllers and data processors, imposing a different set of obligations and liabilities on both. Companies need to clearly establish their identity as controller or processor to determine their responsibilities under the GDPR. If an organization decides on the purposes and means of data processing activities, alone or jointly with others, they are considered a data controller under the GDPR and need to comply with wider legal requirements. The main changes that the GDPR introduces for organizations include: Companies and organizations must notify their national supervisory authority within 72 hours of data breaches that put individuals at risk and communicate all high-risk breaches as soon as possible to the data subject. Data protection safeguards must be built into products and services (data protection by design and by default) from the earliest stage of development. Privacy-friendly default settings will be the norm, for example, on social networks and mobile apps. The GDPR introduces a statutory role of data protection officer (DPO), who will have a key role in ensuring compliance with the GDPR. For companies, which do not comply with EU rules, data protection authorities will be able to issue fines of up to 4% of global annual turnover or 20 million, whichever is greater. As part of the reform, companies based outside Europe will have to apply the same rules when they offer goods or services within the EU market. One pan European law for data protection replaces the current inconsistent patchwork of national laws, meaning that companies will now deal with one law, not 28. Companies will also have to deal with only one single supervisory authority, not 28, making it simpler and cheaper for companies to do business in the EU. The regulation, being technologically neutral, enables innovation to continue to thrive. Appointing a DPO For many organizations, one of the GDPR s biggest impacts is the need to appoint a DPO to take responsibility for GDPR compliance, organizational awareness, advice and decisionmaking with respect to data processing. Since this is a new role, organizations often struggle to incorporate the DPO into their existing organizational structures. EY can help your business navigate this change by supporting you in designing and implementing the new governance structures, as well as training or advising your newly appointed DPO to set them up for success in their new role. 2 GDPR: what you need to know

EY s GDPR-related services These include our personal data life cycle management service and privacy transformation program, both outlined below. EY can also provide a wide range of other services to help with the GDPR programs, such as: Privacy impact assessments (PIA) Personal information and inventory data flow Privacy assurance and certification Outsourced DPO Personal data life cycle management This service helps organizations gain a better understanding of the privacy, risk and compliance implications of the way personal data flows throughout their business. 5 Review of privacy expectations 1 Appropriate collection of data 4 Appropriate retention and disposal Personal data life cycle management 2 Relevant use of data 3 Managed disclosure GDPR: what you need to know 3

EY privacy transformation program An EY data protection and privacy transformation program supports you to understand and manage the impact of the GDPR throughout your organization, using our proven privacy transformation program methodology. 1. Understand 2. Assess 3. Define 4. Recommend 5. Run Why EY EY has a team of certified information privacy professionals (CIPPs) and privacy lawyers, who help organizations better understand their risks related to data privacy and compliance with GDPR. We draw on this global privacy team to deliver insights into legislations and regulations across the world. For over a decade, EY has assisted international organizations in understanding privacy and data protection risks, compliance and regulations, helping them manage the use of personal information effectively within their operations. We can help you provide and run privacy improvement programs by leveraging our senior stakeholder management knowledge, privacy framework, mature tools, methodologies and flexible resourcing models. 4 GDPR: what you need to know

EY contacts To find out more about any of our privacy-related services and how EY can help you use GDPR as a catalyst for change, beyond compliance, please contact: Erol Mustafa EMEIA Financial Services IT Risk & Assurance Leader Telephone: +44 20 7951 0700 Mobile: +44 7979 923 611 Email: emustafa@uk.ey.com Philippe Zimmermann EMEIA Financial Services Legal Leader Telephone: +41 58 286 3219 Mobile: +41 79 341 4571 Email: philippe.zimmermann@ch.ey.com Tony De Bos EMEIA Financial Services Data Protection & Privacy Leader Telephone: +31 88 407 2079 Mobile: +31 62908 4182 Email: tony.de.bos@nl.ey.com Konrad Meier EMEIA Financial Services Data Privacy Professional Telephone: +41 58 286 4327 Mobile: +41 79 227 2367 Email: konrad.meier@ch.ey.com GDPR: what you need to know 5

6

GDPR: what you need to know 7

EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com. 2017 EYGM Limited. All Rights Reserved. EYG no. 06244-174GBL EY-000044638.indd (UK) 11/17. Artwork by Creative Services Group London. ED None In line with EY s commitment to minimize its impact on the environment, this document has been printed on paper with a high recycled content. This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax or other professional advice. Please refer to your advisors for specific advice. ey.com

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback