what you need to · 2018-04-29 · 7. gdpr applies to any company ... marketing emails for years...

What youneed toknow

Basicawarenessfor Teams

March 2018

1

GDPR

GDPRGENERAL

DATAPROTECTION

REGULATION

2

GDPR DATE

FRIDAY25 MAY 2018

I

3

DISCLAIMER

This slide deck –

• Is INFORMATION

• It is NOT LEGAL ADVICE

• Is a ‘taster’ of GDPR in 30 mins

• Is NOT comprehensive coverage

4

• A taster in 30 mins ~

GDPR - is a ‘momentous’ change

what do we need to learn ?

what to do NOW ?

want to learn more ?

THIS SLIDE DECK IS

5

RED TAPE CONSULTING’SGDPR INFOIs acquired through links with -

• Law & Accounting firms

• Tech & Digital firms

By seeking out key items -

• Academic, business, public sector

Through business & training events -

• Observe, learn, test/ evaluate, share

6

RED TAPE CONSULTING’SAPPROACH

Translate this learning

into

practical tips

for business leaders & teams

7

GDPRApplies to any company –

• based in the EU

• storing data in the EU

or

• handling the personal data of EUcitizens

• Brexit offers NO escape

8

GDPR BAR ISVERY HIGH

Consider

intent & principles

behind GDPR

“Where is my data?”

Most company execs would struggle toanswer (unlike “Where is my money?” )

9

GDPR BAR ISVERY HIGH

GDPR compliance journey requires -• Commercial awareness• People management• Strategic planning• Effective implementation

GDPR compliance –a journey with no destination…

10

DATA FLOWS

Then - hierarchy Now - network

11

DATA FLOWS –‘OLD’ VS. ‘NEW’

Data – then• held by few• command/ direct

• stays within thefirm

• staff ‘have to’ &are held toaccount

Data – now• used by many• share/ co-work

• can go beyond thefirm

• people engagewhen they ‘want to’

12

DATA

How we

usually think

of data –

• safely stored

• secure

• organised

13

DATA

But information

with personal

identifiers

is ‘data’

for GDPR

14

DATAYour firm needs to know –

• WHAT data do you hold?• WHERE did it come from• HOW is it held?• WHO is it shared with?

GDPR compliance –a journey with no destination…

15

GDPR KEY FEATURES

CONSENT

ACCOUNTABILITY

EVIDENCE

GOVERNANCE

COMMUNICATIONS

TRANSPARENCY

16

CONSENTHow does your firm

seek, record & manage consent?• Freely given ?• Specific ?• Informed ?• Unambiguous ?

GDPR compliance –a journey with no destination…

17

CONSENT

THINK:

from whose

point of view?

from whose

perspective?

18

GDPR GAMETrue or False?

OK to include

consent in

Terms &

Conditions?

19

GDPR GAME

False

Giving consentneeds to beexplicitIt can’t be buried inTerms &Conditions

20

GDPR GAME

True or False?

data gathered

for 1 purpose

in 1 part of thebusiness

can be used by

another part of thebusiness?

21

GDPR GAME

False

data gathered

for 1 purpose

cannot be used foranother purposeor

by another part ofthe business

22

GDPR GAME

True or False?

OK to have a

pre- ticked

tick box

to signify

consent?

23

GDPR GAME

False

Consent needs tobe explicit &freely given

Pre- ticked

Boxes to signify

consent are

unacceptable

24

GDPR GAME

True or False?

If existingconsents meet

GDPR standard,

no need to obtain

fresh consent?

25

GDPR GAME

True

If your existingconsents meet

GDPR standard,

there is no needto obtain freshconsent

26

GDPR GAME

True or False?Customer

getting your

marketing emailsfor years has

NOTunsubscribed

despitereminders?

27

GDPR GAME

False

Not unsubcribing

to your

marketing emailsdoes NOT signify

consent

28

DATA PROTECTION –OTHER ISSUESEthos/ style of the leader – supports GDPR

Culture – openness, learning, admitmistakes

Trust – source, authenticity

Resources – physical/ financial, social,intellectual , psychological, spiritual

29

CHECKRESOURCESPhysical/ financial – adequate?

Social – team energy behind GDPR?

Intellectual – reasoning, thinking through

Psychological – feeling safe, can criticize,admit mistakes (key to high-performingteams, per Google)

Spiritual – higher purpose; want to dowhat’s right

30

APPLE – “think different”

FACEBOOK – “move fast & break things”

think of a GDPR motto

which will work in YOUR firm

MOTTOS & MANTRAS

31

Discussion/ social connectionworks

14 x betterthan

- reading about it- following best practice guides- using toolkits

~ NickMilton.com/2014/10/why-knowledge-transfer-through.html

BEST WAY TO SPREADNEW KNOWLEDGE?

32

GDPR COMPLIANCE

33

34

REVIEWBUDGET

DECIDE

documentation

network

IT

evidence

negotiate

AUTHORISE

governance

data audit

PERSONNEL

compliance

COMMUNICATE

IMPACT !

governance

GDPR ACTIVITIES(red & blue itemsrarely mentioned)

plan

MONITOR

lead change

communications

motivate

35

Data mapping

Considerinsurance

Spread awarenessthroughout firm

Re-write policies

Appoint DataProtection Officer &

team

Revise contracts withfirms that process

your data

Renew olddatabases

SUGGESTEDMAIN ACTIONS(usual list has 40+

actions)

Ask customers toreaffirm their consent

Reviewdata

sharing

Simulate breach totest procedures

Create RiskRegister

too much? can’t cope? … (see next slide)

36

GDPR …

RED TAPE CONSULTINGHELP

37

RED TAPE CONSULTING HELP• Awareness –

seminar, overview• Audit –

fact-find, checklists, gather info• Assessment -

findings, gap analysis, report• Aftercare –

compliance support, monitoring

38

• A taster in 30 mins ~

Data protection - ‘momentous’ change

What’s changing?

How to ACHIEVE and PROVE compliance?

Want more?

THIS SLIDE DECK IS

39

Remember -

IMPORTANCE

of

CONSENT !

40

IF YOU REMEMBERONLY ONE THING …

Remember -

CONSUMERMUSTOPT-INONCONSENT !

41

IF YOU REMEMBERONLY ONE THING …

42

LET’S TALK ?

Pat Shroff

pat @RedTapeConsulting.co.uk

+44 (0)7855 351 116

www.RedTapeConsulting.co.uk

43

RED TAPE CONSULTING LTD