Jeremy Lilley, Policy Manager, techUK, @JeremyLilley1 How Can Collaboration With Your Technical Suppliers On GDPR To Help Your Digital Transformation? Jeremy Lilley, Policy Manager, techUK, @JeremyLilley1

techUK – Who We Are techUK is the trade association for the technology industry in the UK We have roughly 950 members representing around 750,000 people working in the UK tech sector We are entirely member-run and speak independently on behalf of the industry We represent large, medium, small, software, hardware and all other types of tech companies techUK also has an active public sector programme which connects central, local government and health stakeholders with suppliers of all sizes to access innovative tech to transform public services. Collaboration is at the heart of our public sector work. Working with public sector and tech industry to create the environment that enables successful transformation.

GDPR – What Have We Done? techUK have been running a series of briefings and training courses to help our members become GDPR ready. We held an event with tech industry and councils on the Implications, compliance & opportunities for local government GDPR brings. The overarching message was that GDPR is ‘more than just a compliance issue.’ GDPR part of the transformation puzzle Opportunity to transform Leadership is key

Significant changes and new obligations on companies include: GDPR - What Does it Mean? Significant changes and new obligations on companies include: Joint liability of processors and controllers Right to data portability Right to erasure (Right to be forgotten) Expanded definition of personal data and introduction of sensitive personal data Data breach notification requirements Privacy impact assessments Changes to consent Mandatory data protection officers in some cases The list goes on…. Introduction of significant fines for non-compliance: 4 per cent global annual turnover or 20 million euros for some infringements and non-compliance 2 per cent global annual turnover or 10 million euros for other specified infringements

GDPR – Buyer ‘Data Controller’/Supplier ‘Data Processor’ Relationship Responsibility of ’data controller’ to carry-out due diligence on new suppliers to check their GDPR compliance. Engage suppliers early on GDPR compliance. Ask questions now, do not assume. Consider what other benefits could be derived from these changes for the organisation and with your suppliers.

The Opportunity Creating a culture of data trust. Working with suppliers to review what information your council holds and golden opportunity to create good data governance. Data sits at the heart of creating the environment for successful transformation and GDPR is a hook that can also help make the case for it at senior management level. Putting data and digital at the forefront of your councils agenda. GDPR is and should be a priority for the council’s senior leadership team. It can also be used as the hook to begin/accelerate digital transformation conversation with senior leadership team.

Conclusion GDPR is coming, and soon. Understand what data you hold and what you do with it – data audits are a useful first step for companies looking to get ready for GDPR Consider what internal processes might have to change given the new rules Engage suppliers as early on as possible. Thinking beyond May 2018! GDPR can help make the case for transformation and be the lever for creating a culture of data trust and confidence.

Jeremy.lilley@techuk.org @JeremyLilley1 Thank you Jeremy.lilley@techuk.org @JeremyLilley1