You're about to create your best presentation ever

Gdpr Powerpoint Template

Create your presentation by reusing a template from our community or transition your PowerPoint deck into a visually compelling Prezi presentation.

GDPR

Transcript: Rule of Thumb: If something can be used to identify an individual by the controller then it can be used by anyone! Personal data? Data Privacy PI Personal data means data which relate to a living individual who can be identified – (a) from those data, or (b) from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller, and includes any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. Personal Data Sensitive PI Sensitive personal data means personal data consisting of information as to - (a) the racial or ethnic origin of the data subject, (b) his political opinions, (c ) his religious beliefs or other beliefs of a similar nature, (d) whether he is a member of a trade union (within the meaning of the Trade Union and Labour Relations (Consolidation) Act 1992), (e) his physical or mental health or condition, (f) his sexual life, (g) the commission or alleged commission by him of any offence, or (h) any proceedings for any offence committed or alleged to have been committed by him, the disposal of such proceedings or the sentence of any court in such proceedings. Sensitive Data Metadata https://ico.org.uk/media/for-organisations/documents/1554/determining-what-is-personal-data.pdf Anything that can single out an individual.... Metadata (individual) Content metadata Devices (types, id's), IMEIs, SIM, Mac-Addresses, Ip-addresses, Behaviuoral data, Biographical date Descriptive metadata The tall, elderly man with a dachshund who lives and number 15 and drives a Porsche Cayenne... The job add and applicant... The real estate agency and the neighbourhood photo... The CCTV system and the physical characterisitics.... Data Breach ASSUME BREACH Theft Hacking Carelessness Mikael Vingaard Mikael Tanner data? Where's you're Cross Border Transports Alexander Hanff - Use Prezi :) authority Privacy by design Privacy by design Data Minimisation Data Processing Data Transfer Data Storage Data Classification Data Separation Know the data Logging Backup... Data retension... Access control Nicklas Fernström More defintions needed... Basically get all your data out! Data Protability Data portability data minimisation data separation control the data movement... encrypt everything? data anonymization

GDPR

Transcript: GDPR 17-12-12017 I AM A FINANCIAL ADVISOR WHAT SHOULD I KEEP IN MIND?? General Data Protection Regulation SUMMARY SUMMARY The GDPR will replace the Data Protection Directive 95/46/EC and therefore the Data Protection Act 1998 in the UK. GDPR what is it? The EU have got together, Britain included and agreed over the last 4 years to implement new regulation to protect EU citizens’ personal data. The legislation is known as the General Data Protection Regulation … GDPR for short. It was approved in April 2016 and has a two-year transition period which means time for implementation is running out. The enforcement date i.e. the date upon which you as a business must comply is 25th May 2018. It is going to replace the Data Protection Act and despite Brexit the UK government has said it will adopt the legislation[1] as UK had a key hand in drafting it and if you want to do business with any EU citizen you need to comply whether we’re in the EU or not. GDPR what is it? JOURNEY TO COME The GDPR tightens these regulations but also puts much greater onus on Data Processors to maintain records of personal data and processing activities. It also makes both Data Processors and Data Controllers liable for incorrect handling of personal data and the penalties are enormous. Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million[2]. So not doing anything is probably not a wise decision. WHY SHOULD I CARE? GDPR AT A GLANCE GDPR AT A GLANCE 01 01 Individuals It puts individuals back in control of their personal data Customers and employees have more power to control how businesses use their data. You could be required to report on, move or dispose of personal data if requested and you must have the capabilities to do this. Your options for using personal data are restricted. 02 02 Data must be easily portable and forgettable You must be able to provide individuals with their personal data in a structured, commonly used and machine readable form. Your systems and processes will have to let you truly ‘forget and delete’ data upon request from the individuals including long term archives. 03 03 How you use data will be more transparent The rules on consent are getting tougher, and individuals can withdraw consent at any time. You’ll be required to articulate all of the ways in which you use personal data, and make it clear to individuals what their data is being used for and who you have shared it with. 04 04 Third parties could put you at risk You will remain responsible for individuals’ personal data throughout the entire data lifecycle. You will have to assure that data you pass to third parties is handled in a manner compliant with GDPR. 05 05 Fines are getting bigger, and the timelines are getting shorter Fines for non-compliance can be as severe as 4% of annual global turnover or 20m EUR – whichever is higher, enforceable from May 2018. You will be under legal obligation to notify data protection authorities within 72 hours of a data breach, and individuals without delay. You will have to keep records of your data processing activities, undertake privacy impact assessments and appoint a Data Protection Officer (DPO). IN DEPTH IN DEPTH Under GDPR, if you are subjected to a cyber attack and data on individuals is breached, you will have 72 hours to report this breach to the regulator – and in most cases, to each individual affected. How will you identify attacks and appropriately report them? Furthermore, the ramifications for advice businesses are multifarious. Not only will breaches have to be reported, but they will also be made public. According to consumer research by Intelliflo, 82% of investors would seek to change, or not appoint in the first place, an adviser that has been hacked. Cyber attack and data on individuals is breached Cyber attack and data on individuals is breached GDPR will have an impact on how you approach potential clients and communicate with existing clients. In order to email prospects and clients, under GDPR, firms must have a double opt in from the people that they are contacting Marketing side Marketing side In short, this means that people whose email addresses you have, must have clicked to suggest that they are happy to hear from you, like they do currently, but then further opt in to receive communication from a company upon receipt of a confirmation email Current - Clients Current - Clients NEW CLIENTS This means that your first email correspondence with a prospect will be an email asking them to confirm that they are happy to receive further emails from you. It will no longer be sufficient to simply offer recipients an unsubscribe option – they must have opted in to your correspondence in the first place NEW CLIENTS DARKSIDE DARK SIDE ????? How will I get caught out? It will only take one complaint to land you in hot water. If you can’t prove that the disgruntled recipient of your marketing efforts has opted in to your correspondence, or that the other

GDPR

Transcript: 28th of February GDPR ABOUT ABOUT Introduction to DPD vs GDPR Main differences Examples on companies cases Effect and solutions Preparation for companies Benefits group №6 Introduction Data Protection Directive vs. General Data Protection Regulation Updates on 1995 Directive Directive vs. Regulation Data Controller Vs Data Processor New rights of the data subjects VS DPD GDPR 1. Personal Data Redefined 2. Individual Rights 3. Data Controllers vs. Data Processors 4. Information Governance and Security 5. Data Breach Notification and Penalties The main differences between the DPD and the GDPR Personal Data Personal Data GDPR applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location. It also applies to non-Eu companies who obtain the data of EU citizens GDPR reflects the changes in technology and the way that organizations collect data. Individual Rights Individual Rights Specific and unambiguous consent Short and straight to the point Separate consents Important right - “be forgotten” Data Controllers vs. Data Processors Data Controllers vs. Data Processors In GDPR data processors will have to create a specifically-worded contract with the data controller in which they will clearly state protection agreement. Both will have to keep all records and control documentation. Information Governance and Security The GDPR has codified the privacy by design approach to data privacy. Privacy by Design stands for the principle that data privacy must be a default part of business operations. Information Governance and Security Data Breach Notification and Penalties Data Breach Notification and Penalties In GDPR if data breaches controller must notify authorities within 72 hours. Pressure and urgency on a controller Controller must notify individuals without any delays Fines - companies could pay up to 20 Million Euros or 4% of their global turnover. Cases Examples Company case № 1 - M.A.C COSMETICS WEBSITE Company case № 2 - SOPH LASH AALBORG DK M.A.C M.A.C COSMETICS WEBSITE Website- cookies (Article 6 – Lawfulness of processing) & (Articles 7 - Conditions to Consent) Mailing list B2C customers (Articles 7) Media- PR (Article 7) SOPH LASH SOPH LASH AALBORG DK Booking Platform (Online Platform) (Article 6 & 7) Marketing & Mailing List (Article 7) GDPR Preparation (Chapter 3- Article 12-23) Effect and solutions DATA PERMISSION DATA COLLECTION DATA BREACH PLAN REVIEW CURRENT MAILING LIST & DATA COLLECTION & HANDLING PROCEDURES SEND TO ACTIVE EU USERS REQUEST ON RE-VERIFICATION EMAIL ADDRESS & CONSENT RE AFFIRM MARKETING PLATFORM CONSENT NOTIFY CLIENT ON POLICY UPDATES WEBSITES & WEBFORM CHECK BOX FOR MARKETING CONTENT ACCEPTANCE CLEAR CONSENT WORDING AGE VERIFICATION COUNTRY OF RESIDENCE DESIGN DATA BREACH PLAN Preparetion Preparing for the GDPR Checklist Broaden your definition of personal information Determine how you will handle collecting consent Update and simplify your user agreements Determine how you will handle requests Ensure that you have the proper protocols Determine whether you are a Data Processor or Data Controller Determine if you need to appoint a Data Protection Officer Determine how you will design your privacy protocols Discard personal data that is no longer being used Conduct an impact assessment Ensure you have a plan in place in case of data breach Benefits CRM CONTENT MARKETING STRATEGY Platform Host Consumer Consent Transparency encourage consumer engagement Opt in Focus Customer-centric (cust.preferences) THANK YOU FOR YOUR ATTENTION! THANK YOU FOR YOUR ATTENTION!

GDPR

Transcript: General Data Protection Regulation The General Data Protection Regulation (GDPR) puts regulatory teeth into longstanding governmental guidance about how EU member states handle personally identifiable information. DEFINICTION Definiction SCOPE * organisation collects data from EU residents * data controller which is based in the EU EXCEPTIONS The following cases are not covered by the regulation: • Lawful interception, national security, the army, the police, justice • Statistical and scientific analysis • Employer-employee relationships • Processing of personal data by a natural person in the course of a purely personal or household activity * Basic identity information such as name, address and ID numbers * Web data such as location, IP address, cookie data and RFID tags * Health and genetic data *Biometric data *Racial or ethnic data *Political opinions * Sexual orientation What types of privacy data does the GDPR protect? TYPES OF DATA Who will be responsible for compliance in the comapny? data controller data processor data protection officer (DPO) The data controller defines how personal data is processed and the purposes for which it is processed. The controller is also responsible for making sure that outside contractors comply. DATA CONTROLLER Data controller Data processors may be the internal groups that maintain and process personal data records or any outsourcing firm that performs all or part of those activities. DATA PROCESSOR Data processor DPO • Informing and advising the organization • Monitoring compliance with the GDPR • Being the first point of contact for supervisory authorities and individuals DPO- DATA PROTECTION OFFICER Data Subject Rights - in all member states where a data breach is likely to “result in a risk for the rights and freedoms of individuals” - should be done within 72 hours of first having become aware of the breach Breach Notification 1 confirmation as to whether or not personal data is being processed, where and for what purpose provide a copy of the personal data in an electronic format Right to Access 2 a right to erase personal data, cease further dissemination of the data, and potentially have third parties halt processing of the data Right to be Forgotten 3 transmit the personal data which have been previously provided to another controller Data Portability 4 Privacy by design as a concept has existed for years now, but it is only just becoming part of a legal requirement with the GDPR. At it’s core, privacy by design calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition. Privacy by default simply means that the strictest privacy settings automatically apply once a customer acquires a new product or service. Privacy by design and by default 5 a warning in writing in cases of first and non-intentional noncompliance regular periodic data protection audits a fine up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater, if there has been an infringement of the following provisions (Article 83, Paragraph 4) the obligations of the controller and the processor pursuant to Articles 8, 11, 25 to 39, and 42 and 43 the obligations of the certification body pursuant to Articles 42 and 43 the obligations of the monitoring body pursuant to Article 41 SANCTIONS: a fine up to €10 million or up to 2% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater, if there has been an infringement of the following provisions: (Article 83, Paragraph 5 & 6) the basic principles for processing, including conditions for consent, pursuant to Articles 5, 6, 7, and 9 the data subjects' rights pursuant to Articles 12 to 22 the transfers of personal data to a recipient in a third country or an international organisation pursuant to Articles 44 to 49 any obligations pursuant to member state law adopted under Chapter IX noncompliance with an order or a temporary or definitive limitation on processing or the suspension of data flows by the supervisory authority pursuant to Article 58 or failure to provide access in violation of Article 58 SANCTIONS:

Now you can make any subject more engaging and memorable