Scribd Logo
Hochladen

Willkommen bei Scribd!

  • Subtitle or Presenter: Why Is Privacy Important For Our Company? - Awareness Presentation

    Hochgeladen von

    Robert Lindsey
    19 Ansichten20 Seiten
    The General Data Protection Regulation (GDPR) now applies to the whole of the European Union. It marks the biggest change to European privacy laws in 20 years.

    Originaltitel

    Why_is_privacy_important_for_our_company_awareness_presentation_EN

    Copyright

    © © All Rights Reserved

    Verfügbare Formate

    PPTX, PDF, TXT oder online auf Scribd lesen

    Stufen Sie dieses Dokument als nützlich ein?

    Sind diese Inhalte unangemessen?

    Dieses Dokument melden
    The General Data Protection Regulation (GDPR) now applies to the whole of the European Union. It marks the biggest change to European privacy laws in 20 years.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    19 Ansichten20 Seiten

    Subtitle or Presenter: Why Is Privacy Important For Our Company? - Awareness Presentation

    Hochgeladen von

    Robert Lindsey
    The General Data Protection Regulation (GDPR) now applies to the whole of the European Union. It marks the biggest change to European privacy laws in 20 years.

    Copyright:

    © All Rights Reserved
    Als PPTX, PDF, TXT herunterladen oder online auf Scribd lesen
    Markieren Sie unangemessene Inhalte
    von 20

    Why is privacy important for our

    company? -
    Awareness presentation
    • Subtitle or presenter
    The General Data Protection Regulation (GDPR)
    now applies to the whole of the European
    Union. It marks the biggest change to European
    privacy laws in 20 years.

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Content
    • GDPR at a glance
    • General processing principles
    • Processing conditions
    • Privacy notices
    • Record keeping and impact assessments
    • Data security and breach notification
    • Benefits for our company
    • Compliance details
    • Your role in the compliance project

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    GDPR at a glance
    • The GDPR primarily applies to businesses established
    in the EU.
    • It applies to businesses based outside the EU that
    offer goods and services to, or monitor, individuals in
    the EU.
    • Non-EU businesses need to appoint a representative
    in the EU.
    • All processing must comply with six general
    processing principles, which are similar to those in
    the Data Protection Directive.
    • Higher fines of up to 4% of a company`s turnover

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    General processing principles (1/2)
    • Lawfulness, fairness and transparency - personal
    data must be processed lawfully, fairly and in a
    transparent manner
    • Purpose limitation - personal data must be collected
    for specified, explicit and legitimate purposes
    • Data minimisation - personal data must be adequate,
    relevant and limited to what is necessary in relation
    to the purposes for which they are processed

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    General processing principles (2/2)
    • Accuracy - personal data must be accurate and,
    where necessary, kept up to date. Inaccurate personal
    data should be corrected or deleted.
    • Retention - personal data should be kept in an
    identifiable format for no longer than is necessary
    (with exceptions for public interest, scientific,
    historical or statistical purposes).
    • Integrity and confidentiality - personal data should
    be kept secure.

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Processing conditions

    The processing of personal data will only be lawful if it


    satisfies at least one of the following processing conditions:
    • Consent
    • Necessary for performance of a contract
    • Legal obligation
    • Vital interests
    • Public functions
    • Legitimate interests

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Privacy notices
    • The GDPR increases the amount of information you
    need to include in your privacy notices.
    • Telling individuals what you are doing with their
    personal data is a fundamental principle of the GDPR.
    • Notices must be concise and intelligible.
    • Privacy notices must be supplied by the Data
    Controller to the individuals at the time they provide
    their personal data.

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Record keeping and impact
    assessments (1/5)
    Controllers must keep a record of the following
    information:
    • Name and contact details and, where applicable, any
    joint controllers, representatives and data protection
    officers
    • The purposes of the processing
    • A description of the categories of data subjects and of
    the categories of personal data

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Record keeping and impact
    assessments (2/5)
    • The categories of recipients, including recipients in
    third countries
    • Details of transfers of personal data to third countries
    (where applicable)
    • Retention periods for different categories of personal
    data (where possible)
    • General description of the security measures
    employed (where possible)

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Record keeping and impact
    assessments (3/5)
    Processors must keep the following records:
    • Name and contact details and, where applicable,
    representatives and data protection officers
    • The name and contact details of each controller you
    act for including, where applicable, representatives
    and data protection officers

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Record keeping and impact
    assessments (4/5)
    • The categories of processing activities carried out on
    behalf of each controller
    • Details of transfers of personal data to third countries
    (where applicable)
    • General description of the security measures
    employed (where possible)

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Record keeping and impact
    assessments (5/5)

    • The GDPR makes Data Protection Impact Assessments


    mandatory for any new project that is likely to create
    “high risks” for individuals.
    • Where an assessment is needed, advice must be sought
    from the Data Protection Officer (if applicable).
    • The competent Supervisory Authority must be consulted
    if the assessment indicates the processing would be high
    risk in the absence of measures taken to mitigate the risk.

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Data security and breach
    notification (1/2)
    Controllers and processors need to take appropriate
    technical and organisational measures to protect
    personal data. Such measures may include:
    • The pseudonymisation and encryption of personal
    data
    • The ability to ensure the ongoing confidentiality,
    integrity, availability and resilience of information
    technology systems

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Data security and breach
    notification (2/2)
    • The ability to restore the availability and access to
    personal data in a timely manner in the event of a
    physical or technical incident
    • A process for regularly testing, assessing and
    evaluating the effectiveness of technical and
    organisational measures for ensuring the security of
    the processing
    • A process of detecting and notification of data
    breaches in a timely manner

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Benefits for our company

    Trust from
    Compliance with
    customers and
    a legal obligation
    partners

    Marketing edge Lower risk of fines

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Compliance details
    • Project manager: [insert name]
    • Project sponsor: [insert name]
    • Project duration: [insert number of months]

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Your role in the compliance project

    • Suggest which processes to document


    • Suggest changes in existing and new policies and
    procedures
    • Read all the new documents and attend awareness
    and training sessions
    • Comply with policies and procedures once they are
    published

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    The GDPR has brought real change. For many
    activities there is no clear right or wrong
    answer. Instead, they require a subjective
    assessment of the principles in the GDPR.

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.


    Kliknite ikonu da biste dodali sliku

    Thank you!
    Presenter’s name

    Copyright ©2019 Advisera Expert Solutions Ltd. All rights reserved.

    Das könnte Ihnen auch gefallen