The frequency of data-related incidents could change with the impending General Data Protection Regulation (GDPR) – the EU’s law that comes into effect in May. The major update to the previous EU data protection law aims to regulate the use and treatment of an individual’s personal data.
A new regulation means organisations that use data will need to be more careful and explicit with gaining consent. After May, companies that maintain poor data protection practices will not only be breaking the law, but could face a hefty €20 million fine or four per cent of a company’s annual turnover.
Needless to say, the GDPR is a pretty big deal with even bigger consequences. Still, no need to panic. Here's everything you need to know about the GDPR.
2. By the end of this
presentation, you’ll
understand:
• What the GDPR is
• How you can prepare
• Good data protection practices
3. Let’s get
personal
• Question: What do you think happens to your
personal data when you open a bank account,
join a social network, book a flight or sign up to
a newsletter?
8. • “Rapid technological developments and
globalisation have brought new
challenges for the protection of personal
data. The scale of the collection and
sharing of personal data has increased
significantly.”
• DIRECTIVE (EU) 2016/680 OF
THE EUROPEAN PARLIAMENT
AND OF THE COUNCIL of 27 April
2016
9. HMRC, 2007
• In 2007, two password-protected CDs containing
the records of 25 million child benefit claimant in
the UK (including every child in the country) went
missing in the post.
• The incident underlined how valuable data was
being handled by poorly trained employees.
10. UK government,
2012
• Civil servants in two government departments were
reprimanded for looking through medical records,
National Insurance numbers, even criminal records
over a 13-month period.
• This added up to 150 breaches of data security in
the Department for Work and Pensions and
Department of Health.
11. Tesco Bank, 2016
• Tesco Bank had to freeze its online operations after
an estimated 20,000 customers had money stolen
from their accounts.
• In total, 40,000 accounts had been compromised –
and half of those had money stolen from them.
12. Uber, 2016
• Hackers stole personal data of 57m Uber customers
and drivers in 2016.
• The firm paid $100,000 to delete data and keep
quiet about the massive global breach.
• Under California state law, companies are required
to notify state residents of any breach of
unencrypted personal information.
14. A new Regulation
and Directive
entered into force
May 2016, but it
shall apply and
become national law
by May 2018
15. Why we need to take
the GDPR seriously
• There are fines. BIG FINES.
16. Why we need to take
the GDPR seriously
• Under the GDPR, supervisory authorities will be able to impose
fines of:
• €20 million or 4% of annual global turnover for breaches of, for
example, the principles of processing and data subjects' rights
• €10 million or 2% of annual global turnover for breaches of
obligations including maintaining written records, implementing
technical and organisational measures and in relation to the
appointment of Data Protection Officers.
17. Why we need to take
the GDPR seriously
• Data processors (companies that collect data) are
just as liable as data owners (companies that
require the data).
• If one person gets in trouble, everyone gets in
trouble
18. It’s not just big
businesses at
risk, either
• It’s any organisation or individual that :
• collects or processes data
19. It’s not just big
businesses at
risk, either
• It’s any organisation or individual that :
• Is susceptible to a data breach (could you get hacked?
Could someone steal data? Do we know where our data
is?)
20. It’s not just big
businesses at
risk, either
• It’s any organisation or individual that :
• Fails to be compliant (do we let our e-mail subscribers how
we intend to use their data?)
24. How can you
prepare?
• Clean your current data so you only have the
data you need. Old data is a no-no.
25. How can you
prepare?
• Stick to a reputable and compliant Data
Processor, such as Mailchimp (However, if
Mailchimp was to have a data breach, you
could be liable for using them)
26. How can you
prepare?
• Implement a procedure to keep appropriate
records of your data processing activities. How
do you store and protect data? And who owns
this document? It should be password
protected to avoid any potential breaches.
27. • The GDPR will automatically become law in the
UK if we’re still in the EU on 25 May 2018 (which
is likely).
Finally, will Brexit
impact the GDPR?
28. • However, when the UK does officially leave the EU, the GDPR will
no longer be directly applicable into UK law.
• The UK government has proposed a new Data Protection Bill
(which is currently going through the parliamentary process) to
incorporate the provisions of the GDPR into domestic legislation,
so as to align the data protection laws in the UK with the EU
following Brexit.
Finally, will Brexit
impact the GDPR?
29. • Information Commissioner’s Office online - ico.org.uk
• Seven ways a small business can prepare for the GDPR -
www.hellosoutherly.com/prepare-for-gdpr
For more GDPR
guidance, visit:
30. We tell stories that engage your audience. We use words,
conversations, video and pictures to tell your story. We work
online, face to face and in print to create compelling content.
But really, the medium by which we tell your story doesn’t
matter, it’s how we tell it that makes the difference.
So how can we help tell your story?
020 3397 4971 - info@hellosoutherly.com - www.hellosoutherly.com