is your business gdpr ready
play

Is your business GDPR ready? 27/09 Richmond 28/09 Southampton - PowerPoint PPT Presentation

Is your business GDPR ready? 27/09 Richmond 28/09 Southampton BROUGHT TO YOU BY Welcome Moore Blatch, Carswell Gould and Sofigate recently joined forces for two GDPR breakfast briefings, in Richmond and Southampton. The three firms have


  1. Is your business GDPR ready? 27/09 Richmond 28/09 Southampton BROUGHT TO YOU BY

  2. Welcome Moore Blatch, Carswell Gould and Sofigate recently joined forces for two GDPR breakfast briefings, in Richmond and Southampton. The three firms have combined their know-how on the subject to deliver a unique insight into the legal, communication, IT challenges and opportunities presented by the GDPR. Our aim is to help you get GDPR ready! Is your business GDPR ready?

  3. www.carswellgould.co.uk We’re the south’s best connected creative communications agency. We start with the customer and focus on delivering measurable impact to exceed expectations. Our work spans a wide range of industries including professional services, education, culture and heritage, land and property, start-ups and marine. Our single minded aim is to help our clients’ businesses grow. Each of our core services of content, web development and creative design have all recently been recognised by leading industry bodies including three Hermes Creative Awards, twelve CIPR PRide Awards and we’ve been a finalist at the Wirehive 100 Awards on multiple occasions, so you know you are in good hands. www.mooreblatch.com We’re different because we believe the most important person in a legal team isn’t the lawyer, it’s you. So we give you more than other law firms. More expertise. More depth. More clarity. Whatever you face in life or in business, we won’t be just your lawyer, we’ll be your trusted friend and confidant as well. Our job is to listen and understand, and then use our expertise to find the best solution for you. You’ll find we are fast and efficient, with a team based approach and a relentless focus on quality. You’ll also find our prices are competitive, giving you excellent value for money. www.sofigate.com We work hand in hand with global clients to deliver transformational digital changes, shaping landscapes internally and externally by accelerating growth, reducing cost and cutting time to market. Our primary focus is on enabling through technology, allowing our clients to leverage existing digital competencies, exploring new technologies and transforming existing technologies, empowering them to seize opportunities both old and new. Our ways of working deliver tangible results that build on the business capabilities provided by technology, fostering sustainable and lasting positive change. Is your business GDPR ready?

  4. Presenters Ed Gould Dorothy Agnew Nick Russell Creative Director Partner Director Gareth Miller John Warchus Peter Truman Managing Director Partner Director Is your business GDPR ready?

  5. What is the GDPR? General Data Protection Regulation ● ● Replaces the UK Data Protection Act 1998 (DPA) ● Live from 25 May 2018 Will affect every organisation that collects or handles data relating to EU ● residents. Monitored by national supervisory authorities ● Is your business GDPR ready?

  6. It’s all about personal data The use of data will be subject to the GDPR where it involves processing personal data There are two types of processors of personal data: 1. Controllers - determine purpose and means of processing personal data Processors - process personal data on behalf of the controller 2. Is your business GDPR ready?

  7. Six principles of data processing Personal data must be processed in accordance with the following six principles: 1. Processed fairly and lawfully and in a transparent manner 2. Collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes 3. Adequate, relevant, limited to what is necessary 4. Accurate and, where necessary, kept up to date 5. Kept in a form which permits identification of data subjects for no longer than necessary 6. Processed in a manner that ensures appropriate security of the personal data Is your business GDPR ready?

  8. Six conditions of processing Processing is only lawful if at least one of these six conditions apply: 1. You have the data subject’s consent 2. Processing is necessary for the performance of a contract 3. Processing is necessary for compliance with a legal obligation of controller 4. Processing is necessary to protect the data subject’s vital interests 5. Processing is necessary to perform a task carried out in the public interest or the exercise of official authority 6. Processing is necessary for the purposes of the legitimate interest of the controller or third party, except where overridden by interests or fundamental rights/freedoms of data subject Is your business GDPR ready?

  9. New obligations on controllers ● To demonstrate compliance with the data protection principles To carry out impact assessments ● ● Appoint a data protection officer (DPO) ● Data protection by design and default ● Notification of breaches Keep a record of processing activities ● Is your business GDPR ready?

  10. New rights for data subjects ● Broader rights of subject access ● Right to be forgotten (erasure) Right to object to profiling for direct marketing purposes ● ● Data portability Is your business GDPR ready?

  11. Increased fines for non-compliance Controllers ● Fines up to (greater of) 4% of annual worldwide turnover of the preceding financial year or 20 million euros Processors ● Fines up to (greater of) 2% of annual worldwide turnover of the preceding financial year or 10 million euros Is your business GDPR ready?

  12. The GDPR and direct marketing Put someone in charge of GDPR in your business to: ● Update processes and communication for the collection, cleansing and storage of personal data ● Create/update your internal data policy Update ● ○ current terms and conditions ○ data protection policy ○ sign-up forms privacy notices ○ ● Invite and encourage your active customers and subscribers ● Enshrine solid and consistent deletion processes Is your business GDPR ready?

  13. Summary - Six key ‘takeaways’ about the GDPR 1. Live from 25 May 2018 2. Consent should be – freely given, specific, informed and unambiguous 3. Data portability 4. Right to erasure/Right to be forgotten 5. You may be required to appoint a data protection officer (DPO) 6. Fines of up to £20 million, or 4% of turnover Is your business GDPR ready?

  14. 10 steps to get in shape for GDPR 1. Promote awareness of GDPR with your team 2. Audit the data you hold and how it is collected 3. Check the privacy policies and procedures you have in place 4. Be prepared to provide information to individuals and allow for exercise of their other rights 5. Review processing of data based on consent and collect and store the evidence 6. Consider special procedures for dealing with children's data 7. Review and if necessary update security for data and prepare for possible data breaches 8. Implement “Data Protection by Design and Default” 9. Review appointment of a Data Protection Officer 10. Don’t ignore it! Is your business GDPR ready?

  15. Thank You BROUGHT TO YOU BY

Recommend


More recommend