Operationele blik op GDPR

Slides:



Advertisements
Similar presentations
The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Advertisements

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Presentation Title Data Protection The new EU Regulation Insert your logo here.
The EU General Data Protection Regulation Frank Rankin.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
General Data Protection Regulation (EU 2016/679)
Contracts – the small print
Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR
Accountability & Structured Privacy Management
GDPR (General Data Protection Regulation)
Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
Museums + Heritage webinar, 30 November 2017
GDPR Readiness Project
GDPR Overview Gydeline – October 2017
General Data Protection Regulation: Turning the black into white
GDPR Overview Gydeline – October 2017
Data protection reform:
Radar Watchkeeping: Have you monitored your Communication department’s radar to avoid collisions with the new Regulation? 43rd EDPS-DPO meeting, 31 May.
Bob Siegel President Privacy Ref, Inc.
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
GDPR is There, Are you Ready?
GDPR 101 and ucsb’s response
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
The General Data Protection Regulation (GDPR)
State of the privacy union
Appropriate Data Sharing in Health and Social Care
G.D.P.R General Data Protection Regulations
The GDPR and research data
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.
GDPR Overview and Use Cases.
General Data Protection Regulation
Relocation CARNIVAL come one…come all
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
GDPR (General Data Protection Regulation)
GDPR For The Voluntary Sector
Bart van der Sloot Data Protection 2.0 The proposal for a General Data Protection Regulation Bart van.
GDPR Workshop MEU Symposium Prague 2018
Welcome!.
Data transfers to non-EU countries under the new GDPR
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
GDPR & Accountability ISACA Ireland Annual Conference 2018
Presentation privacy law
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
Data Protection: The new EU Regulation
Data Protection in Law Enforcement Area Chapter 9a of the draft law
Overview of the recommendations regarding approximation of the Law on personal data protection to the new EU General data protection regulation Valerija.
Session 4: Data Mapping and Data Subject Rights
Data Protection What can I do? GDPR Principles General Data Protection
General Data Protection Regulation (GDPR)
Session 4: Data Mapping and Data Subject Rights
General Data Protection Regulation “11 months in”
GDPR Workshop – Partnerships for Jewish Schools
Data Privacy and GDPR Jane Shvets
Presentation transcript:

Operationele blik op GDPR Mastermail, Wilsele, 19 September 2017

… I have an opt-in

Ceci n’est pas un consentement . … I have an opt-in Ceci n’est pas un consentement .

Conditions consent Freely given Specific Informed Unambiguous indication of wishes By statement or clear affirmative action Clearly distinguishable from other acts Withdrawable No unfair clauses Burden of proof

processing grounds “Processing shall be lawful only if and to the extent that at least one of the following applies” Consent Necessary for Performance contract Pre-contractual measures at request of data subject Legal obligation Protecting vital interests Performance of public interest or official authority Legitimate interest controller / third party

Purpose limitation

Purpose limitation

Data minimisation

Accuracy Are personal data correct and up to date? Address and postal code check Orphan accounts

Storage limitation

Confidentiality and integrity

Controller vs processor

Obligations of controllers and processors Subject to GDPR when established in the EU (art 3.1) Yes Subject to GDPR when established outside the EU subject to conditions Appoint representative if established outside EU and subject to GDPR (art 27) Respect quality principles (art 5: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality) No No processing without lawful basis (art 6 and 9) Honour data subject rights (Chapter III: information, access, rectification, erasure, restriction, portability and object) Ensure and demonstrate compliance (art 24: accountability) Data protection by design and by default (art 25) Agreement between joint controllers (art 26) Appoint processor (if any) with sufficient guarantees for GDPR compliance (art 28.1) Appoint subprocessor (if any) subject to authorization of controller (art 28.2) Enter into processor agreement (art 28.3) Assistance to controller in responding to data subjects exercising their rights (art. 28.3.e) Assistance to controller in complying with obligations regarding security, data breach and data protection impact assessment (art. 28.3.f) Delete or return all personal data after the end of the relationship controller-processor (art 28.3.g) Make available to controller all information necessary to demonstrate compliance with art. 28 (art. 28.3.h) Immediately inform controller if his instruction infringes GDPR or local/EU law (art. 28.3 in fine) Obey to instructions of controller (art 29) Keep records of processing (art 30) Ensure security of processing (art 32) Notify personal data breaches (art 33) If applicable, appoint a data protection officer (art 35) If applicable, conduct a data protection impact assessment (art 37) Ensure for adequacy when transferring personal data to third countries (art 44) Subject to supervising authority (art 56) Liability for compensation of damages and for administrative fines (art 82-83)

Personal data management

data Security

data subject’s rights Data Subject Rights Mgt

Proof GDPR compliance Database Website e-news subscription Name: Torfs First Name: Joke Email: joke@email.com PC: 2000 City Leuven DOB: 1 Jan 1985 Name: Joke First Name: Torfs Address: Elleveldeweg 8 PC: 2000 City Leuven DOB: 1/1/1985 Name: Torfs FN: : Joke @: J@email.com Gender: Female City: 3000 Leuven Website e-news subscription Order form & delivery Mobile delivery message joke@email.com Contact Elleveldeweg 8, 3000 Leuven Joke Torfs Date of Birth First Name, Name Gender 01/01/1985 Delivery Female J@email.com Database Checks done: Name / First Name Inversion check Address Standardisation and Verification Email Structure Check Opt-in mgt logging of changes in dbase

registerverplichting

GDPR: Is this still you?

wat nu EU General Data Protection Regulation An obligation. A strategic opportunity.

DE GEEST VAN DE WET Geef de controle van de persoonlijke data terug aan de mens

It was our pleasure… Gerrit Vandendriessche Claudine Knop gerrit.vandendriessche@altius.com Tour& Taxis Building Avenue du port 86 C, B414 1000 Brussels www.altius.com Claudine Knop claudine.knop@dbm.be Pegasus Park De Kleetlaan 12B 1831 Diegem www.dbm.be / www.ligato.be