Scribd Logo
Hochladen

Willkommen bei Scribd!

  • GDPR Romania Presentation: Key Changes and Market Opportunities

    Hochgeladen von

    Antoneta Cote
    48 Ansichten18 Seiten
    gdpr

    Originaltitel

    The Business Model Canvas

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPT, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    gdpr

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    48 Ansichten18 Seiten

    GDPR Romania Presentation: Key Changes and Market Opportunities

    Hochgeladen von

    Antoneta Cote
    gdpr

    Copyright:

    © All Rights Reserved
    Als PPT, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 18

    GDPR- ROMANIA

    PRESENTATION

    2018
    CONTENTS

     Overview

     Consulting & Training Areas

     Key Takeaways

     Next Steps
    OVERVIEW

     2016 – PE 2016/679
    Regulation;
     Replaces 95/46/CE Directive translated into
    Romanian:
     Law 677/2001 regarding data protection and free circulation of data
     Order laying down specific measures and procedures to ensure a
    satisfactory level of protection of the rights of individuals whose
    personal data are being processed – 2002
     Law on the establishment, organisation and functioning of the National
    Authority for Overseeing Personal Data

     Date of start: 25 May 2018;


     Important changes to DP
    OVERVIEW
    Key Changes
     Consent: The consent rules will change, it will be explicitly and specifically binding for
    the processing operation - the consumer must act for the consent, the opposite - and at
    the same time limited / proportionate to the purpose of the processing (you can not ask
    for consent for any kind processing, it must be clear and limited / proportionate to the
    type of data / processing type). In principle, data controllers can not collect and process
    more data than what is needed for the declared and legal purpose of the processing.

     Validity of consent: Consent can be withdrawn, must be free, valid, informed and pro-
    active. GDPR brings a set of conditions for the validity of consent, including the lack of
    balance in positions.

     Children's consent: For people under the age of 16 (but not under 13 years of age), the
    direct consent can not be obtained.
    OVERVIEW
    Key Changes
     Profiling: If the consumer is subject to automated decisions without
    legal effect - or without a similar effect of legal effects (in the case of
    employment, insurance, etc.), the consumer must be able to oppose
    these decisions and obtain the intervention of a human operator. If the
    processing effects are legal or significant, processing for profiling must
    be based on the consumer's consent.

     Direct Marketing: GDPR allows processing for direct marketing as long


    as the consumer benefits from an opt-out system.

     Documentation: GDPR requires documentation of processing


    operations.
    OVERVIEW
    Key Changes
     Responsibilities: If the controller works with processors, the controller
    has the responsibility to ensure that the processors have the means to
    comply with the legal provisions.

    Data Protection Officer: If processing operations involve sensitive data


    processing, or where processing involves monitoring a large number
    of subjects, companies are required to appoint a data protection
    officer.

    Legitimate interest: One of the 6 legal bases for data processing is


    legitimate interest. It can also be used for processing by third parties.
    OVERVIEW
    Key Changes
     Risky processing: It is forbidden to process personal data revealing racial or
    ethnic origin, political opinions, religious confession or philosophical beliefs, or
    membership of trade unions and genetic data processing, biometric data to
    uniquely identify an individual, data on health or data on the sexual life or
    sexual orientation of a natural person. GDPR provides a number of scenarios
    where processing of such data is allowed with a number of precautions. In
    some cases, the data controller should even consult the public about the
    effect of the operations before processing the data.

    Codes of conduct: GDPR allows sites to use alternative information methods


    such as icons. At the same time, GDPR is based on codes of good practice
    that can be developed by industry associations .

    Breach notification: Operators are required to keep a log of incidents under


    the data (safety and integrity) could have been compromised. In some cases
    there is an obligation to report these incidents to authorities and consumers
    within 72 hours .
    OVERVIEW
    Key Takeaways
     All organizations are affected, since all need to know their data – data audit

     DPO should be trained and be in place

     It affects managers, IT, HR, legal and marketing in all businesses but
    everibody should know – people affected in all companies should be trained in
    the new GDPR

     Serious consequences in case of non-compliance (fines up until 4% of


    turnover and EUR 20 mln).
    CONSULTING&TRAINING
    FIELDS
    2018
    CONSULTING FIELDS
     GDPR Certification (EMAS in process of accreditation):
     Data audit (maybe free)
     Data compliance framework
     GDPR-compliance
     GDPR-certification

     GDPR for managers – general and advanced

     GDPR for legal& compliance- general and advanced

     GDPR for HR compliance – general & advanced

     GDPR for companies – general info – general and advanced

     GDPR for IT managers – specifics – basic and advanced

     Certification of DPOs
    TRAINING FIELDS
     GDPR for companies – general info – general and advanced

     GDPR for managers – general and advanced

     GDPR for legal& compliance- general and advanced

     GDPR for HR - general and advanced

     GDPR for IT managers – specifics – basic and advanced

     Training for DPOs


    KEY TAKEAWAYS

    2018
    Key Takeaways
     DATA – today’s currency and oil

     DATA Scientists – rare resources and highly paid

     DPOs- in almost every institutions

     GDPR compliance – in all institutions -> big


    consequences in case of non-compliance.
    KEY TAKEAWAYS
     GDPR compliance – mandatory for all legal entities – training courses (accredited) for
    700,000 entities in Romania
     Competition – other training companies

     GDPR compliance – mandatory. Certification process – as for ISO


     Competition – Deloitte so far (in process of accreditation) and other big 4, IT and marketing
    consulting companies;
     Theoretical market: all marketing and IT related institutions (about 125000 companies)+ all
    state legal entitites (city halls, etc) – cca 70,000 entities

     DPOs - in almost every institutions – theoretical market of about 700,000 people for
    training
     Competition – other training companies

     IT MANAGERS& people– 200,000 people (all people that work in Romania);


     Marketing people – 70,000 people
     HR Managers – 150,000 people
     LEGAL people – Lawyers&co.
    NEXT STEPS

    2018
    NEXT STEPS
     1. Overview EMAS capability

     2. Segment the market

     3. Strategy and positioning

     4. Devise courses and re-branding & PR campaign

     5. START ACITIVITY in the segment.

     6. Feedback and re-fine 1.-5.


    Contact: Antoneta Cote
    tel: 0741 133 550

    mail: antocote74@gmail.com
    skype.id: antoneta.cote
    THANK YOU!

    Das könnte Ihnen auch gefallen