The document discusses where organizations should be in preparing for the General Data Protection Regulation (GDPR) which takes effect in May 2018. It raises questions that organizations should consider such as engaging stakeholders to fund compliance, understanding the data being stored and its purposes, ensuring all breaches can be detected and reported, clarifying accountability, and maintaining momentum through and beyond the 2018 deadline. The document emphasizes that organizations need to understand their data, have accountable processes, and view GDPR as an opportunity to improve customer relationships and trust through appropriate data management.

1. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
The General Data Protection Regulation (GDPR)
Rebalancing Our Most Important Relationships
Where should you be right now?
1
It’s not about me,
It’s about you!

2. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Where should we be now?
16/06/2017
2
• How to engage key stakeholders and get sufficient funding to ensure
compliance by 25th May 2018?
• What does your target look like? Is it just meeting the requirements of GDPR or
are there broader objectives?
• Do you really know and understand the data that you store, e.g. purpose and
owners’ consent?
• Are all breaches detectable, let alone reportable?
• Who is accountable for what data? (and what does accountability mean?)
• Is your remit is wide enough (to identify and influence all programmes that
process personal data)?
• How to maintain momentum through to 25th May 2018 and beyond..

3. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Question 1. Do laws make for better customer relationships?
Will privacy laws improve customer relationships or damage them?
A) Privacy laws will impair customer relationships
B) Privacy laws will improve customer relationships
C) Privacy laws will have no impact on customer relationships
Me: Corporation with
Inappropriate information diet
You: Consumer suffering
from information abuse

4. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Question 2. Do laws make organisations more productive
Will privacy laws improve organisations productivity?
A) Privacy laws will impair productivity
B) Privacy laws will improve productivity
C) Privacy laws will have no impact on productivity
Me: Corporation with
Inappropriate information diet

5. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Laws and social change
16/06/2017
5
Drink driving laws
• Road Safety Act 1967
• 50 year campaign
• c2000, Public Health Campaign to change social
attitudes
2014 Department of Transport research
• 1979 half of male drivers and 2/3rds of young
males admitted to drink driving at least once a
week
• Now: 24% of people would rather admit to their
partner that they had a sexually transmitted
campaign than admit to a drink-driving conviction
• Now: 91% agreed drink-driving unacceptable

6. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Why is Breach Management important?
• Civilisation is based on structures we build:
• Political
• Physical
• The impact of breach to those structures can be
devastating:
• Hurricane Katrina in New Orleans 2005
• In the 21st Century our structures are
increasingly based on digital technology and
trusted networks:
• Banking
• Shopping
• Social media
Can you FEEL the impact a breach might have?

7. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Stakeholder Traction – Has the message got through?
Question:
“The GMB Union claim when this happened in 2015 the Terrorist Watch List could not be
accessed:”
Answer:
“No compromise of any data, passenger data or any list ……. No compromise of any
customer data……”
http://news.sky.com/story/ba-owner-iag-claws-back-early-losses-after-it-glitch-wipes-
163500m-off-value-10897421
Does GDPR have top management attention?
Sky News Tuesday 30th May 2017, 19:46 Minute
3:00 to 3:30
Interview with Alex Cruz, CEO, British Airways

8. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
What is your GDPR target?
16/06/2017
8
Unlucky or
negligent?
PI is contextual
and risk based
Continuing Process
• Who are your data subjects
• What data do you hold on them
• If it is breached what is the impact?
• What are you doing to mitigate the risk
Organisation
• Entire organisation ‘gets’ privacy
• People are accountable
• Processes in place
• Data governance operational and
integrated

9. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
What is your GDPR Programme?
16/06/2017
9
Multiple work-stream programmes
• Legal, Operations, Risk
• Customer facing
• Third parties
• Chief Data Office/IT/Data Management
Typical tasks
• Discovery/Inventory of PI
• Privacy impact assessments (PIA’s)
• Mapping, flow/lineage
• Process and controls review
• New process set up
Data/system assets involved
• People data, names, addresses
• Transactions
• Communications
• Data processes and controls
• Production systems, databases, reports

10. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Other programmes impact personal data too
16/06/2017
10
Item GDPR Customer
centric
Digital Age New law New strategy
Programme
complexity
High. Multiple
work-streams
High. Multiple
work-streams
Driver Legal/DPO Sales/marketing
Data sets All PI related All customer
related
Systems, processes
& accountabilities
All PI related All customer
related
Activities Upgrade, create
data, systems etc.
Upgrade, create
data, systems etc.
Deadline 25th May 2018 Market opportunity
All use common/overlapping personal data sets etc.
Should we manage programmes separately?
Item GDPR Customer
centric
Know your
customer
Management
Information
Digital Age New law New strategy Regional law
amendments
Productivity
improvement
Programme
complexity
High. Multiple
work-streams
High. Multiple
work-streams
High. Multiple
work-streams
High. Multiple
work-streams
Driver Legal/DPO Sales/marketing Compliance,
customer service
‘C’ suite/CFO
Data sets All PI related All customer
related
All customer
related
All customer
related
Systems, processes
& accountabilities
All PI related All customer
related
All customer
related
All customer
related
Activities Upgrade, create
data, systems etc.
Upgrade, create
data, systems etc.
Upgrade, create
data, systems etc.
Upgrade, create
data, systems etc.
Deadline 25th May 2018 Market opportunity Regulatory
deadline
ASAP

11. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Behaviour change delivers long term value
16/06/2017
11
Change your corporate mind set
Take information only with “purpose”
Implement your tools & framework
Enlist your whole organisation
New behaviour will
Deliver value to both
“ME” and “YOU”!
A fitter, more
productive,
organisation
Customers who
trust you with
private data
And a more balanced relationship that works for ME AND YOU!

12. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Where should we be now?
16/06/2017
12
• How to engage key stakeholders and get sufficient funding to ensure
compliance by 25th May 2018?
• What does your target look like? Is it just meeting the requirements of GDPR or
are there broader objectives?
• Do you really know and understand the data that you store, e.g. purpose and
owners’ consent?
• Are all breaches detectable, let alone reportable?
• Who is accountable for what data? (and what does accountability mean?)
• Is your remit is wide enough (to identify and influence all programmes that
process personal data)?
• How to maintain momentum through to 25th May 2018 and beyond..

13. GDPR Making it real: Where you should be right now
Copyright Digital Innovation Systems Ltd, 2017
Thank you!
Questions?