Understanding GDPR: Key Concepts and Readiness
Learn about the origins, objectives, and key concepts of the EU General Data Protection Regulation (GDPR), including how organizations can ensure compliance and protect personal data in accordance with GDPR principles. Prepare your organization for GDPR readiness and understand the importance of data protection.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
TOPICSCOVERED WE ONLY HAVE 10 MINUTES Where did GDPR come from? What is GDPR? Who does it apply to? Why should you care? Details of a follow on event Like it, or not, European citizens are getting more insight into the collection and use of their personal data 2
WHERE DID GDPR COME FROM? BRIEF HISTORY Was adopted April 27, 2016 Applies directly to all Member States of the European Union ( EU ) to serve as a single, overarching regulation Repeals its predecessor, the EU Data Protection Directive 95/46/EC Introduced to advance and uphold the fundamental data protection and privacy rights of individuals 3
WHAT IS GDPR? THE EU S GENERAL DATA PROTECTION REGULATION The objective of the GDPR is harmonization of EU regulations to enhance the rights of EU citizens to govern the privacy of their personal information and ensure organizations provide the right protections. The GDPR applies to EU and non-EU organizations that: (i) offer goods or services to EU residents; (ii) monitor the behavior of EU residents The GDPR effective date: May 25, 2018 Penalties: Up to 20,000,000 EUR or 4% worldwide revenue from the previous fiscal year (Article 83). Fines are determined by the Data Protection Authority (Supervisory Authority). 4
GDPR OVERVIEW KEY CONCEPTS Principles, privacy, and protection represent the core focus for GDPR readiness. Organizations must focus on adhering to principles, implementing processes to satisfy privacy rights of the individual, and securing data. Principles Principles Data processed lawfully, fairly, and transparently Only collect personal data needed Accuracy of personal data must be maintained Minimize the time data is kept in a form to identify data subjects Privacy Privacy (rights of data subjects) Transparent information, communication and modalities for the exercise of the rights of the data subject Information to be provided where personal data are collected from the data subject Right of access by the data subject Right to rectification Right to erasure ( right to be forgotten ) Right to restriction of processing Right to data portability Maintain the confidentiality and integrity of personal data Protection Protection (controllers and processors) Data Protection Officer (DPO) Data protection by design Records of processing activities Security of processing Notification of a personal data breach to the supervisory authority Communication of a personal data breach to the data subject Data protection impact assessment Code of conduct 5
GDPR OVERVIEW KEY CONSIDERATIONS GDPR readiness can be complex for some organizations. Leadership should begin to prepare the organization for the journey. 1. Key is establishing the DPO role, as required (internal or external) 2. Understand GDPR relevant processing activities 3. Gain clarity on the organization s responsibility and risk 4. Complying with rights of the individual is not trivial business processes, service desk, and technology impacts. Factor effort into 2018 budget resource impact is key consideration (assuming good security practices). 5. Processor assessment is key liability isn t shifted to the processor 6. Certification is not defined and is not required. DPA (supervisory authority) will assign certification bodies and certification guidelines. Move forward with readiness while tracking DPA guidance. 6
GDPR OVERVIEW MISPERCEPTIONS Understanding GDPR requirements can be complex. There are several common misperceptions that should be clarified. 1. A Data Protection Officer is required for all organizations 2. Each GDPR incident will carry a fine equivalent to the greater of 20 mil Euro or 4% annual worldwide revenue 3. Consent is always required for processing of personal data 4. Parental consent is always required when collecting personal information from a child 5. Individuals have the absolute right to be forgotten 6. Biometric data is sensitive data 7. Controllers do not require processing agreements with processors GDPR takes care of this 7
MORE INFORMATION EVENT & WHITEPAPER GDPR Readiness Workshop GDPR Readiness Workshop March 23, 11;30 - 4:30 Boston College Club More info & register at www.schellman.com/GDPR-boston Whitepaper Whitepaper - - GDPR Available at http://www.satoriconsulting.com/gdpr-readiness.html GDPR A Guide to Readiness A Guide to Readiness GDPR Readiness Workshop GDPR Readiness Workshop gdpr@satoriconsulting.com 8
