Presentation is loading. Please wait.

Presentation is loading. Please wait.

Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016.

Published byJonah Harmon Modified over 6 years ago

Similar presentations

Presentation on theme: "Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016."— Presentation transcript:

1 Introducing GDPR: How the General Data Protection Regulation transforms the world
Laura Mudd November 2016

2 Agenda What is Privacy? Why is it important? Introducing the GDPR:
What is it? What about Brexit and the wider world? What are the key changes? What does this mean for your organisation? Questions

3 1. What is Privacy? Privacy encompasses the rights and obligations of individuals and organisations with respect to the collection, use, retention, disclosure, and disposal of personal information.” Privacy Identity Cyber security The American Institute of Certified Public Accountants (AICPA)

4 2. Why is Privacy important?
By 2020, there are expected to be 7.3bn internet enabled devices 90% of data that exists today was produced within the last two years On average, 31.25m messages are sent and 2.77m videos viewed, on Facebook every minute By 2020, 1.7mb of data will be created every second for every human on the planet. This is equivalent to each person filling nine 16gb iPhones per day. By 2020 there is predicted to be 9bn mobile subscribers

5 3. GDPR What is the GDPR? 1 What are the headlines? 2
What about BREXIT? 3

6 What has changed? Fines Fines vary by jurisdiction (e.g. UK £500,000)
General data protection regulation What has changed? Fines Fines vary by jurisdiction (e.g. UK £500,000) Fines A fine of up to €10 million or 2% of global annual turnover Maximum fine of up to €20 million or 4% of global annual turnover Current law GDPR Data Protection Officer (DPO) Generally no requirement to appoint a DPO Data Protection Officer (DPO) DPO required for ‘government bodies’ and organisations conducting mass surveillance or mass processing of Special Categories of data

7 What has changed? (cont.)
General data protection regulation What has changed? (cont.) Inventory No requirement to maintain a personal information inventory Inventory Generally organisations will need a personal information inventory Current law GDPR Breach notification Generally there are no obligations to report breaches Breach notification Requirement to report Privacy breaches to the regulator within 72 hours and potentially to the Data Subject

8 What has changed? (cont.)
General data protection regulation What has changed? (cont.) Security Vague requirements around security (i.e. ‘adequate level’) Security Requirements around monitoring, encryption and anonymisation Current law GDPR Privacy Impact Assessments (PIAs) There is no mandated requirement to perform PIAs Privacy Impact Assessments (PIAs) Companies must perform PIAs if the activity is considered ‘high-risk’

9 What has changed? (cont.)
General data protection regulation What has changed? (cont.) Data subject’s rights Various rights, including right of access Data subject’s rights Rights extended to include Data Portability and the Right to Erasure Current law GDPR Sensitive personal data This includes religious beliefs, physical/mental health and ethnic origin amongst others Sensitive personal data Similar but extended to include biometric and genetic data

10 What has changed? (cont.)
General data protection regulation What has changed? (cont.) Consent Potential to rely on ‘implicit’ consent depending on jurisdiction Consent Requirement to gain unambiguous consent (i.e. explicit) Current law GDPR Data Processors (DP) Processors have limited regulator exposure for processing activities Data Processors (DP) Processors are also covered. Controllers must conduct due diligence into processors’ suitability

11 What has changed? (cont.)
General data protection regulation What has changed? (cont.) Control environment No general requirement to maintain ‘documentation’ Control environment General requirement to maintain certain ‘documentation’ Current law GDPR International transfers Personal Information cannot be transferred outside the EU unless appropriately legitimised International transfers Similar requirements but Safe Harbor no longer a valid mechanism

12 What does it mean for your organisation?

13 What does it mean for your organisation?
Factor in Privacy Understand Impact Plan Pragmatic and Risk based Senior Exec Awareness

14 Key Messages 1 Personal Information is valuable 2
Privacy will be a top 5 enterprise risk 3 Changes are complex and you must act now

15 Questions? ?

16 Thank you Laura Mudd KPMG Privacy Advisory
T: +44 (0) M: +44 (0) E:

17

Download ppt "Introducing GDPR: How the General Data Protection Regulation transforms the world Laura Mudd November 2016."

Similar presentations

The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.
Information Governance Support Information Governance Services

Information Governance Support Information Governance Services
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
TRUSTED | PROTECTED | SECURED

TRUSTED | PROTECTED | SECURED
Overview General Data Protection Regulation (GDPR)

Overview General Data Protection Regulation (GDPR)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR)
GDPR – What’s it all about???

GDPR – What’s it all about???
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know
General Data Protection Regulation (GDPR

General Data Protection Regulation (GDPR
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

Similar presentations

Ads by Google