Uniting Expertise,Accelerating Ambitions

Uniting Expertise, Accelerating Ambitions

Big Data, Minute PrivacyBA4ALL Big Data & Analytics Insight 2016

Ester Verbylen – CC Legal ManagerGuy Van der Sande – CC BI Manager

USG ProfessionalsMain countries of operation: Benelux, France, Germany

90.000 flex workers at work every day

>40 years of experience

2.3 billion Eur

N°2 in the Netherlands and Belgium

What data do we share ?

Why do we share data ?

81% are comfortable sharing one or

more pieces of personal information

to get better recommendations

68% share to give people a better

sense of who they are and what

they care aboutEvery two years we generate

ten times as much data

91,4% is concerned about online privacy

73% of Android apps shares

personal information with third

parties47% of iOS apps shares geo-coordinates with third parties

93% of Android apps connects to a

mysterious domain

Customer analytics

Uber’s rides of glory

VTech hack

Presence Analytics @ Bobbejaanland

Legislation? • Current legislation goes back to the ‘90’s– Implemented differently in the Member States– New technologies

• Need for new legislation– Discussions started in 2011– General Data Protection Regulation (GDPR) adopted in April 2016– Will apply as from 25 May 2018

GDPR: what is new?– Enforced rights of the data subject, e.g.:• “the right to be forgotten”• “right to data portability”

– Obligation to maintain a record of processing activities• Exceptions e.g. enterprise < 250 persons

– Appointment of a data protection officer (DPO) in some cases

– Notification of data breaches– Obligations for data processors (and not only

for controllers)– …

GDPR: why should I care?

• As from 25 May 2018:– Data protection cases dealt with by a data

protection authority or a court– One-stop shop for individuals and business– Fines!

20 million OR 4% of global annual turnover

GDPR: What should I do before 25 May 2018?

• Gap analysis, e.g:– Audit of the data currently being processed– Do I have a clear overview of all data processing

activities performed by my business?– Is a data protection impact assessment (DPIA)

necessary?– Do I need to appoint a DPO?– Are there data subjects request response

procedures in place?– Do I have a data breach response plan (e.g. central

breach management unit)?• Make staff aware and set up trainings

USG Data Protection FrameworkWe un-complicate your business by applying our USG DPF

USG DPF = Guidance of specialists, working according by a specific set of guidelines, to assure compliancy to the European GDPR

• Perform the necessary GAP analysis• Define the desired level of compliancy• Setup a plan of action to implement the

necessary actions to get to this desired level• Follow-up to ensure you remain compliant

References• Text of the GDPR:

http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1462353523271&uri=CELEX:32016R0679

• More information about the GDPR:http://www.consilium.europa.eu/en/policies/data-protection-reform/

Guy Van der SandeCC BI ManagerGuy.VanderSande@ext.usgprofessionals.be@BICC_at_USG

Ester VerbylenCC Legal ManagerEster.Verbylen@usgprofessionals.be

Contactgegevens