The new data regulation comes into force on May 25, 2018. While many companies fear the heavy fines they could face by ignoring the new rules, they still feel uncertain about the correct application of the GDPR (General Data Protection Regulation).
Plunet’s Head of Operations, Sufian Reiter, will provide you his insights about the regulation’s main principles and point out Plunet’s interpretation as well as implementation of it in an exclusive Summit session.
Plunet Summit 2018: Plunet’s approach to the new data regulation of the EU (GDPR)
1.
2. Disclaimer
• Self-Help: By attending this meeting, a property of Plunet, [hereinafter “Plunet”, “us”, “we”] you acknowledge, understand, and agree that Plunet is not a law firm, not providing legal services to you,
and is not acting as your legal counsel. Plunet only provides self-help information and slides you may use to navigate through the GDPR jungle
• No Legal Advice: We cannot and do not offer opinions, recommendations, or advice regarding your legal rights, obligations, and remedies; nor do we apply the law to the facts of your particular case or
dispute.
• No Attorney-Client Relationship: We are not offering or agreeing to represent you in any legal matter. Accessing or reviewing self-help information provided through Plunet does not create an (1)
attorney-client relationship or (2) attorney-client privilege between you and us. We do maintain a privacy policy, but you should not interpret anything in that policy as establishing attorney-client
confidentiality between the parties.
• Not a Substitute for an Attorney: The presentation provided by Plunet is not a substitute for an attorney’s advice or services. If you need legal advice for a particular problem or your issues are
confusing or complicated, you should consult with a licensed attorney in your area.
• References to Law Are Not Jurisdiction-Specific: This presentation content discussing general legal principles, laws, and procedures.
• Examples Are Only Examples: If an example of a legal matter is portrayed during this presentation, please note that the result described is dependent on the facts of that specific example and the
results will differ if based on different facts.
• No Guarantee of Accuracy or Completeness: Plunet cannot and does not guarantee that all information provided through the website or podcast is accurate, complete, or up-to-date. Laws,
regulations, rules, procedures, and case decisions are subject to revision, interpretation, or even nullification by courts and legislative bodies at any time. The information we provide may not reflect the
most current version of these materials. Do not rely on any information provided through Plunet without first doing your own research and investigation.
• No Liability: You agree to use the information provided through this presentation at your own risk. Plunet is not responsible for any injury, loss, or damage, under any tort or contract theory, related to
your use of this website, our podcast, or the content provided herein.
IN SHORT
Interpretation only —
no legal advice
3. »No, seriously — I can’t tell you my name until
You tell mewatcha gonna dowith that data«
4. • In force as of May 25, 2018
(wait … that’s eight hours from now)
• Fines for companies of 2% (or EUR 10m) or 4% (or EUR 20m)
of their worldwide turnover, respectively
Quick summary for smokers and people
who were planning to take a nap
5. • The new law will follow the principle of prohibition
with the reservation of permission
• The handling of personal data is generally forbidden,
unless there is a legal provision or the OK from the person concerned
Quick summary for smokers and people
who were planning to take a nap
6. What is considered personal data?
Name
Address
Localization
Health information
Income
Cultural profile
Online identifier
Including IP addresses!
10. • New entries to Plunet must receive notice that their
data is being processed
• We implemented a new template that is sent
automatically when a new contact is created
• New field added for all contacts: »Source of contact«
as proof and a way to log the notice e-mail
• New field »Promotion« (Yes/No) for all contacts
Plunet BusinessManager changes in Version 7.3
11. • Both customers and resources can access the
respective portals and review their data
• Vendors can also update their information
Plunet BusinessManager changes in Version 7.3
14. • General database infrastructure
• Governmental retention periods
• Data protection by default
• Keeping reporting data
General challenges with the right to erasure
16. These things are on you
• If you are planning to use multiple contact options for marketing, you need to
create a property to track consent for different communication channels
• File handling: You must have proper processes in place to secure personal data
in documents (e.g. file deletion after the retention period on the file server)
25. • Contracts: Check liability and data protection provisions in contracts
• Contracts for employees
• Contractual work for customers
• Contracts for third party providers (e.g. software providers)
• Set up new processes (e.g. reporting of data breaches, data protection impact assessment)
• Review documentation such as:
• Procedure directory
• Technical and organizational measures
• (Data protection impact assessment)
A bunch of paperwork
26. MANUAL POLL
How much time has your
company already spent on GDPR?
PLEASE RAISE YOUR HAND
27. As for the paperwork …
… you might be a little late …
28. MANUAL POLL
How much did you
approx. spend in legal fees?
PLEASE RAISE YOUR HAND