Managing Personal Data in FM Environment - RSM Ireland Overview
Discover how RSM Ireland, a top professional services firm, excels in managing personal data in a facility management environment. Learn about their expert team, network coverage, and GDPR compliance roadmap.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
STRICTLY PRIVATE AND CONFIDENTIAL MANAGING PERSONAL DATA IN A FM ENVIRONMENT FM IRELAND 6 March 2018
Your presenter Terry McAdam Management Consulting Partner, RSM Ireland tmcadam@rsmireland.ie Mobile: +353 (86) 0474002 www.rsmireland.ie
INTRODUCING RSM IRELAND Network coverage map: Our firm s history goes back to 1987 and since then we have grown to become a top 8 professional services firms in Ireland specialising in providing advice to mid-market businesses and government agencies. Our 150 people, across all areas of the practice, provide clients with pragmatic, expert led, personalised advice and insight that helps them succeed, grow and prosper. Our firm is ideally placed to offer an unparalleled level of experience and expertise to our business partners in Ireland. About RSM International: RSM International is one of the fastest growing networks of audit, tax and consulting firms in the world We are the sixth largest with combined revenues of $5bn+; Our member firms operate out of more than 800 offices We are located in over 120 countries; and We have over 43,000 staff worldwide.
OUR PARTNERS Catherine Corcoran Management Consulting John Glennon Managing Partner Aidan Byrne International Tax ine Farrelly Management Consulting Pat Keegan Audit Damien O Sullivan Audit George Maloney Transaction Advisory Services Suzanne O Neill Tax Brian Hyland Transaction Advisory Services Niall May Audit Julian Caplin Transaction Advisory Services John Marks Private Clients 4
AGENDA Personal data in a FM environment Managing personal data successfully A GDPR compliance roadmap
DEFINITION OF PERSONAL DATA (GDPR ARTICLE 4.1) any information relating to an identified or identifiable natural person 7
THE SCOPE OF PERSONAL DATA o Article 29 Working Party opinion on the concept of personal data o data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated 8
CONTRASTING PERSONAL AND SENSITIVE DATA Sensitive data Personal data Sensitive personal data is a special category of personal data. Names Convictions The GDPR requires a higher standard of care be applied to such data. Medical condition Banking details Religion Addresses Criminal activity 9
PERSONAL DATA IN A FM BUSINESS Client / Operational data Employee data Marketing data 10
A RISK-BASED APPROACH TO COMPLIANCE GDPR Readiness Assessment - review activities where data involved, current policies etc. Prepare multi-phase GDPR compliance plan and populate your GDPR risk register Focus on key risks and seek to address, where possible, in Phase I by 25 May 2018 12
UNDERSTANDING YOUR DATA MODEL Privacy Impact Assessments (PIAs) represent key tool in helping organisations to assess risk that data subject s privacy may be impacted by current or proposed practice WHY? HOW? Deployed when change proposed in process or technology (subject to threshold test) WHERE? Process walkthrough will identify risks to data privacy present in current or target operating model and allow planned mitigation 13
UNDERSTANDING THE DATA YOU HOLD Create and maintain an information asset register Capture data elements held by process Record legal basis rely upon for holding data Record data owner to provide clarity re data governance 14
DEFINING YOUR CONTRACTUAL POSITION Take time to review contracts in light of GDPR, where you DATA CONTROLLER 1. control employee data 2. process data on behalf of controller 3. outsource activities to a data processor DATA PROCESSOR Much higher penalties in play so define your obligations in a GDPR compliant way 15
UPDATING YOUR KEY POLICIES Should give priority to updating relevant policies such as: Data Protection Policy Data Retention Policy Sections of Employee Handbook use of image, acceptable use policy 16
COMMUNICATING YOUR APPROACH Need to communicate your approach to data management as part of your compliance plan Clear and concise data privacy statement General staff awareness of key changes, dos and don ts Comprehensive training for line management to enable support of frontline staff 17
ASSESSING AND MANAGING A BREACH Data controllers are now under legal obligation to notify their local regulator within 72 hours if EU resident data is lost only exception is if data is encrypted organisations required to inform affected individuals if an adverse impact is determined from the breach 72 Need to create rapid and robust process to support internal identification, reporting, triage and documentation of potential breach leading to notification, if required. 18
DO YOU APPOINT A DATA PROTECTION OFFICER? DPO obligatory if entity involved in significant processing of personal data Office holder is operational lead re initial and ongoing compliance with GDPR Governance: unfettered access to Board, no conflict of interest Signal to market place re priority given to data protection within your organisation 19
A GDPR COMPLIANCE ROADMAP GDPR ROADMAP TO COMPLIANCE 21
Thank you for your time and attention.
