Presentation is loading. Please wait.

Presentation is loading. Please wait.

Incentive Marketing Association And the GDPR

Published bySharlene Flowers Modified over 6 years ago

Similar presentations

Presentation on theme: "Incentive Marketing Association And the GDPR"— Presentation transcript:

1 Incentive Marketing Association And the GDPR
Brief introduction CL, how you know JG and Elevator Pitch JPH a leading employment lawyer re: understanding of and litigation of confidential data This is a participative post lunch session, so please pay attention JPH around for questions, and drinks afterwards.

2 PLEASE PAY ATTENTION – GDPR IS A STONKINGLY IMPORTANT SUBJECT FOR THE IMA
The real problem is the concept of “data” – it is numbers; it is payroll records; it is databases. It is BORING. RIGHT? Wrong! This is the lifeblood of what your businesses do: if you think that data, and the management of data, is boring then you either need to get a new job, or sell your businesses and get a new job. The GDPR is, in fact, shiny, new and important and like all shiny new and important things you need to understand it to get the best out of it. Key purpose: to increase and protect the rights of EU data subjects by creating clear lines of accountability over data processing. Key risk: significantly increased exposure to IMA members + More aware and litigious data users/consumers.

3 Here’s why GDPR matters to IMA members
It’s New: Data Protection Directive > Data Protection Bill (last week) > In force in May 2018. It’s Brexit Proof: ICO has confirmed this. The time for preparing is now: Contracts = money Fines can be huge: £20m (i.e. Euros) or 4% turnover Prescient timing of this event to coincide, precisely with the DP Bill. Well done Jonathan A single unifying DP law, across all member states Like all other things Brexit we are going to find that we will go through a helluva polava, to only to get back precisely where we started. For the international sharing of data, this is a blessed relief The time to start doing things about this is NOW – the commercial contracts that are affected by GDPR need to be negotiated now, before May 2018.

4 Some essential concepts (and Audience Participation)
Data Controllers are… Data Processors are… Data Subjects are… Definitions are broad e.g. “processing” and can have ET Effect Data Processors can be fined (big time) for the first time Underlying principle is CONSENT Fall-back position is a “legitimate interest.” PARTICIPATION TIME & PRIZE Who here thinks they are a Data Controller? A company which controls data relating to Data Subjects (e.g. employers) Who here thinks they are a Data Processor? The classic service provider (the IMA), acting on instructions of Data Controllers Who here thinks they are a Data Subject? – The Individual. Who here things they are all 3? Who here is a business owner? CONSENT – DPs and DCs are entitled to collect and use data where they demonstrate consent from the data subject.

5 Contract Negotiation: “Who wears the trousers?”
Data Controllers Are demanding indemnities from DPs re: liabilities Are demanding warranties from DPs that they are GDPR compliant Asking Data Processors to sign up to “model clauses” for data transfers It’s all about: “who owns the risk?” Data Processors Demand confirmation of CONSENT from DCs vis a vis workforces. Some DPs get CONSENT direct from workforces. A “legitimate interest” can be a 2nd line of defence, absent consent. Data Subjects can now pursue remedies against DPs and DCs Legitimate interest can be a viable alternative to consent as a lawful basis for processing data. Under GDPR employers will need to provide employees with sig. more information (including how long data is stored for, if it will be transferred to other countries, DSAR requests etc.)

6 Hacking and Mitigation
Hacking a massive risk All the more so because ICO can now impose massive fines on DPs Breaches to be reported to ICO within 72 hours, unless “de minimis” “Appropriate technical and organisational measure in place to ensure the security of data.” Reputational damage. Positive obligation to prove compliance for both DCs and DPs.

7 Top 5 “take-aways”… Create your own GDRP Plan: what do you use data for? Who uses it? Where are the risks/holes? Get someone to own the issue IT Security: Are you fit for purpose? (a) BYO? (b) retention? Commercial Contracts (a) with commercial partners – warranties, indemnities etc; (b) with data subjects – consent? Internal Procedures: For (a) policies/protocols; (b) reporting breaches Record a “legitimate interest:” another defence to “consent.” E.g. the recent Romanian Case Under the GDPR, employees will have increased rights to object to certain processing, to have data corrected or to restrict how data is used, and to be forgotten (i.e. to have their personal data deleted).   Under the new “right to be forgotten”, employees will be entitled to require their employer to erase personal data about them in certain circumstances. This may be the case where data is no longer necessary for the purpose for which it was originally collected, or where the employee has withdrawn his/her consent

8 John Hayes, Principal, Constantine Law
My Contact Details John Hayes, Principal, Constantine Law ; Link In with me @JohnHayesCLaw Prescient timing of this event to coincide, precisely with the DP Bill. Well done Jonathan A single unifying DP law Like all other things Brexit we are going to find that we will go through a helluva polava, to only to get back precisely where we started. For the international sharing of data, this is a blessed relief The time to start doing things about this is NOW – the commercial contracts that are affected by GDPR need to be negotiated now, before May 2018.

9

Download ppt "Incentive Marketing Association And the GDPR"

Similar presentations

3 Is there something I should know? Exercising our rights.

3 Is there something I should know? Exercising our rights.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
The Data Protection Act 1998 The Eight Principles.

The Data Protection Act 1998 The Eight Principles.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
The Data Protection Act 1998

The Data Protection Act 1998
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
The General Data Protection Regulation act (GDPR)

The General Data Protection Regulation act (GDPR)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
Data Protection The Current Regime

Data Protection The Current Regime
General Data Protection Regulation (GDPR

General Data Protection Regulation (GDPR

Similar presentations

Ads by Google