what you need to · 2018-04-29 · 7. gdpr applies to any company ... marketing emails for years...
Post on 07-Jul-2020
0 Views
Preview:
TRANSCRIPT
What youneed toknow
Basicawarenessfor Teams
March 2018
1
GDPR
GDPRGENERAL
DATAPROTECTION
REGULATION
2
GDPR DATE
FRIDAY25 MAY 2018
I
3
DISCLAIMER
This slide deck –
• Is INFORMATION
• It is NOT LEGAL ADVICE
• Is a ‘taster’ of GDPR in 30 mins
• Is NOT comprehensive coverage
4
• A taster in 30 mins ~
GDPR - is a ‘momentous’ change
what do we need to learn ?
what to do NOW ?
want to learn more ?
THIS SLIDE DECK IS
5
RED TAPE CONSULTING’SGDPR INFOIs acquired through links with -
• Law & Accounting firms
• Tech & Digital firms
By seeking out key items -
• Academic, business, public sector
Through business & training events -
• Observe, learn, test/ evaluate, share
6
RED TAPE CONSULTING’SAPPROACH
Translate this learning
into
practical tips
for business leaders & teams
7
GDPRApplies to any company –
• based in the EU
• storing data in the EU
or
• handling the personal data of EUcitizens
• Brexit offers NO escape
8
GDPR BAR ISVERY HIGH
Consider
intent & principles
behind GDPR
“Where is my data?”
Most company execs would struggle toanswer (unlike “Where is my money?” )
9
GDPR BAR ISVERY HIGH
GDPR compliance journey requires -• Commercial awareness• People management• Strategic planning• Effective implementation
GDPR compliance –a journey with no destination…
10
DATA FLOWS
Then - hierarchy Now - network
11
DATA FLOWS –‘OLD’ VS. ‘NEW’
Data – then• held by few• command/ direct
• stays within thefirm
• staff ‘have to’ &are held toaccount
Data – now• used by many• share/ co-work
• can go beyond thefirm
• people engagewhen they ‘want to’
12
DATA
How we
usually think
of data –
• safely stored
• secure
• organised
13
DATA
But information
with personal
identifiers
is ‘data’
for GDPR
14
DATAYour firm needs to know –
• WHAT data do you hold?• WHERE did it come from• HOW is it held?• WHO is it shared with?
GDPR compliance –a journey with no destination…
15
GDPR KEY FEATURES
CONSENT
ACCOUNTABILITY
EVIDENCE
GOVERNANCE
COMMUNICATIONS
TRANSPARENCY
16
CONSENTHow does your firm
seek, record & manage consent?• Freely given ?• Specific ?• Informed ?• Unambiguous ?
GDPR compliance –a journey with no destination…
17
CONSENT
THINK:
from whose
point of view?
from whose
perspective?
18
GDPR GAMETrue or False?
OK to include
consent in
Terms &
Conditions?
19
GDPR GAME
False
Giving consentneeds to beexplicitIt can’t be buried inTerms &Conditions
20
GDPR GAME
True or False?
data gathered
for 1 purpose
in 1 part of thebusiness
can be used by
another part of thebusiness?
21
GDPR GAME
False
data gathered
for 1 purpose
cannot be used foranother purposeor
by another part ofthe business
22
GDPR GAME
True or False?
OK to have a
pre- ticked
tick box
to signify
consent?
23
GDPR GAME
False
Consent needs tobe explicit &freely given
Pre- ticked
Boxes to signify
consent are
unacceptable
24
GDPR GAME
True or False?
If existingconsents meet
GDPR standard,
no need to obtain
fresh consent?
25
GDPR GAME
True
If your existingconsents meet
GDPR standard,
there is no needto obtain freshconsent
26
GDPR GAME
True or False?Customer
getting your
marketing emailsfor years has
NOTunsubscribed
despitereminders?
27
GDPR GAME
False
Not unsubcribing
to your
marketing emailsdoes NOT signify
consent
28
DATA PROTECTION –OTHER ISSUESEthos/ style of the leader – supports GDPR
Culture – openness, learning, admitmistakes
Trust – source, authenticity
Resources – physical/ financial, social,intellectual , psychological, spiritual
29
CHECKRESOURCESPhysical/ financial – adequate?
Social – team energy behind GDPR?
Intellectual – reasoning, thinking through
Psychological – feeling safe, can criticize,admit mistakes (key to high-performingteams, per Google)
Spiritual – higher purpose; want to dowhat’s right
30
APPLE – “think different”
FACEBOOK – “move fast & break things”
think of a GDPR motto
which will work in YOUR firm
MOTTOS & MANTRAS
31
Discussion/ social connectionworks
14 x betterthan
- reading about it- following best practice guides- using toolkits
~ NickMilton.com/2014/10/why-knowledge-transfer-through.html
BEST WAY TO SPREADNEW KNOWLEDGE?
32
GDPR COMPLIANCE
33
34
REVIEWBUDGET
DECIDE
documentation
network
IT
evidence
negotiate
AUTHORISE
governance
data audit
PERSONNEL
compliance
COMMUNICATE
IMPACT !
governance
GDPR ACTIVITIES(red & blue itemsrarely mentioned)
plan
MONITOR
lead change
communications
motivate
35
Data mapping
Considerinsurance
Spread awarenessthroughout firm
Re-write policies
Appoint DataProtection Officer &
team
Revise contracts withfirms that process
your data
Renew olddatabases
SUGGESTEDMAIN ACTIONS(usual list has 40+
actions)
Ask customers toreaffirm their consent
Reviewdata
sharing
Simulate breach totest procedures
Create RiskRegister
too much? can’t cope? … (see next slide)
36
GDPR …
RED TAPE CONSULTINGHELP
37
RED TAPE CONSULTING HELP• Awareness –
seminar, overview• Audit –
fact-find, checklists, gather info• Assessment -
findings, gap analysis, report• Aftercare –
compliance support, monitoring
38
• A taster in 30 mins ~
Data protection - ‘momentous’ change
What’s changing?
How to ACHIEVE and PROVE compliance?
Want more?
THIS SLIDE DECK IS
39
Remember -
IMPORTANCE
of
CONSENT !
40
IF YOU REMEMBERONLY ONE THING …
Remember -
CONSUMERMUSTOPT-INONCONSENT !
41
IF YOU REMEMBERONLY ONE THING …
42
LET’S TALK ?
Pat Shroff
pat @RedTapeConsulting.co.uk
+44 (0)7855 351 116
www.RedTapeConsulting.co.uk
43
RED TAPE CONSULTING LTD
top related