Loading…
17
Transcript
28th of February
GDPR
group №6
ABOUT
- Introduction to DPD vs GDPR
- Main differences
- Examples on companies cases
- Effect and solutions
- Preparation for companies
- Benefits
Introduction
- Data Protection Directive vs. General Data Protection Regulation
- Updates on 1995 Directive
- Directive vs. Regulation
- Data Controller Vs Data Processor
- New rights of the data subjects
The main differences between the DPD and the GDPR
DPD
VS
1. Personal Data Redefined
2. Individual Rights
3. Data Controllers vs. Data Processors
4. Information Governance and Security
5. Data Breach Notification and Penalties
GDPR
Personal Data
Personal Data
- GDPR applies to all companies processing the personal data of data subjects residing in the Union, regardless of the company’s location.
- It also applies to non-Eu companies who obtain the data of EU citizens
- GDPR reflects the changes in technology and the way that organizations collect data.
Individual Rights
Individual Rights
- Specific and unambiguous consent
- Short and straight to the point
- Separate consents
- Important right - “be forgotten”
Data Controllers vs. Data Processors
Data Controllers vs. Data Processors
- In GDPR data processors will have to create a specifically-worded contract with the data controller in which they will clearly state protection agreement.
- Both will have to keep all records and control documentation.
Information Governance and Security
Information Governance and Security
The GDPR has codified the privacy by design approach to data privacy. Privacy by Design stands for the principle that data privacy must be a default part of business operations.
Data Breach Notification and Penalties
Data Breach Notification and Penalties
- In GDPR if data breaches controller must notify authorities within 72 hours.
- Pressure and urgency on a controller
- Controller must notify individuals without any delays
Fines - companies could pay up to 20 Million Euros or 4% of their global turnover.
Cases
- Company case № 1 - M.A.C COSMETICS WEBSITE
- Company case № 2 - SOPH LASH AALBORG DK
Examples
M.A.C COSMETICS WEBSITE
- Website- cookies (Article 6 – Lawfulness of processing) & (Articles 7 - Conditions to Consent)
- Mailing list B2C customers (Articles 7)
- Media- PR (Article 7)
M.A.C
SOPH LASH AALBORG DK
- Booking Platform (Online Platform) (Article 6 & 7)
- Marketing & Mailing List (Article 7)
- GDPR Preparation (Chapter 3- Article 12-23)
SOPH LASH
DATA COLLECTION
DATA PERMISSION
DATA BREACH PLAN
- DESIGN DATA BREACH PLAN
Effect and solutions
- WEBSITES & WEBFORM
- CHECK BOX FOR MARKETING CONTENT ACCEPTANCE
- CLEAR CONSENT WORDING
- AGE VERIFICATION
- COUNTRY OF RESIDENCE
- REVIEW CURRENT MAILING LIST & DATA COLLECTION & HANDLING PROCEDURES
- SEND TO ACTIVE EU USERS REQUEST ON RE-VERIFICATION EMAIL ADDRESS & CONSENT
- RE AFFIRM MARKETING PLATFORM CONSENT
- NOTIFY CLIENT ON POLICY UPDATES
Preparing for the GDPR Checklist
Preparetion
- Broaden your definition of personal information
- Determine how you will handle collecting consent
- Update and simplify your user agreements
- Determine how you will handle requests
- Ensure that you have the proper protocols
- Determine whether you are a Data Processor or Data Controller
- Determine if you need to appoint a Data Protection Officer
- Determine how you will design your privacy protocols
- Discard personal data that is no longer being used
- Conduct an impact assessment
- Ensure you have a plan in place
in case of data breach
CRM
CONTENT MARKETING STRATEGY
Benefits
- Opt in Focus
- Customer-centric (cust.preferences)
- Platform Host Consumer Consent
- Transparency encourage consumer engagement