At the end of May 2018 new EU legislation comes to to effect that affects all the data you have that enables an individual to be identified. This is called the General Data Protection Regulations (GDPR) and replaces the UK's Data Protection Act.
Brexit has no impact and it applies to all businesses
1. Get ready for GDPR 2018
1Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data
The world’s most valuable resource
2. Get ready for GDPR 2018
2Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
GDPR
Don’t get caught out
3. Get ready for GDPR 2018
3Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Cyber Crime - UK Govt. figures
● 2.9m (46%) UK businesses
suffered from a Cyber Attack or
Breach in 2016
○ 66% between 50 - 249
employees
○ 68% - more than 249
employees
● Total cost to the economy - £29.1Bn
○ Average Cost per SME - £1,570
○ Average Cost for larger companies - £19,600
4. Get ready for GDPR 2018
4Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Cyber Crime - UK Govt. figures
1. Phishing - 1,299,178 businesses
2. Virus attacks - 1,288,547 businesses
3. Hacking - 1,022,781 businesses
4. Ransomware - 388,858 businesses
5. Get ready for GDPR 2018
5Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Why replace the Data Protection Act?
○ Online Banking
○ Comparison websites
○ Online Accounting Packages
○ Cloud Storage
○ Cloud Processing
○ Social Media
○ Recruitment Portals
○ CMS’
Huge increase in the volume of
data & the way it’s used
6. Get ready for GDPR 2018
6Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Why replace the Data Protection Act?
● Big changes in the way we use data
● Lots of different ways to access data
7. Get ready for GDPR 2018
7Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
What is Data?
Personal Data - Anything that can uniquely identify an individual
● An “online identifier” - IP Address for example
● HR Records
● Customer Lists
● Contact Details
● Supplier Lists
● CCTV files
Special Categories
● Genetic Data
● Biometric Data (fingerprint, Iris scanners)
8. Get ready for GDPR 2018
8Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
● Ethnic origin
● Political opinions
● Religious beliefs
● Health data
● Criminal Convictions
● Offenses
What is Data - ‘Special categories’ of data
9. Get ready for GDPR 2018
9Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data
What have you got & what are you
gathering?
10. Get ready for GDPR 2018
10Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - What Do You Already Have?
11. Get ready for GDPR 2018
11Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
● Employee Records
● Customer Records
● Supplier Records
● Bid/Tender Records
● Contact Lists
● Marketing Lists
○ Email
○ Phone numbers
○ Mailshot
● HMRC Records
● Expired Customer Records
● Expired Supplier Records
● Recruitment Notes
● Newsletter Subscriptions
● etc…………………..
Data Audit - What Do You Already Have?
12. Get ready for GDPR 2018
12Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - Where do you obtain new data?
13. Get ready for GDPR 2018
13Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit
Where do you keep it?
14. Get ready for GDPR 2018
14Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - where do you store it?
15. Get ready for GDPR 2018
15Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - How/where do you store it?
Amazon Web Services
Box
DropBox
Google Drive
Mega
One Drive
pCloud
Vimeo
YouTube
current IT systems;
portable media devices;
mobile phones;
mobile data storage ie USBs and external hard drives;
network folders;
spreadsheets (and other such static documentation);
emails and archived inboxes;
other external communications;
social media postings;
microfiche;
back-up tapes;
secure drop boxes;
web sites;
16. Get ready for GDPR 2018
16Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - How/where do you store it?
Know WHERE your data is stored
Take adequate measures to protect personal data from
loss, alteration or unauthorised processing
Enter into a Data Processing Agreement with your Cloud
Provider
Ensure your Cloud Provider is GDPR complaint
Ensure you can audit their Data Processing
Ensure data is erased should you change Cloud supplier
and when people leave your platform
17. Get ready for GDPR 2018
17Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - How long do you store it?
For as long as it is required
and relevant
Destruction should occur as soon as possible
after this time
a. Paper Records - securely shredded
b. Digital data - deleted, not just abandoned
c. Cloud Data - erased
and NO LONGER
18. Get ready for GDPR 2018
18Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit
What do you do with it?
19. Get ready for GDPR 2018
19Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - What do you do with it?
Using it in any way is called Data Processing and includes
○ Payroll Processing
○ HR
○ Sales Processing
○ Order Processing
○ Contact lists
○ Marketing Lists
○ Christmas Card Lists
○ Banking Records
○ Insurance Details and Records
○ Data Mining
○ Loyalty Card Processing
○ CCTV Recording
○ etc………….
20. Get ready for GDPR 2018
20Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - How is it accessed?
21. Get ready for GDPR 2018
21Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - Who can access it?
22. Get ready for GDPR 2018
22Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - Who can access it?
Ensure people can ONLY access files relevant to their
requirements
23. Get ready for GDPR 2018
23Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Control Audit - Who oversees your Data Policy and use
■ If the processing is carried out by a ‘public authority’.
■ If the ‘core activities’ require regular and systematic monitoring of
data subjects on a ‘large scale’. (e.g. Banks, insurance Companies)
■ If ‘core activities’ involve ‘large scale’ processing of ‘Special
Categories’ of personal data and/or relate to criminal convictions
and offences.
You need a Data Protection Officer
24. Get ready for GDPR 2018
24Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
● Data Controller
Control Audit - Who oversees your Data Policy and use
Who processes (uses) your data?
● Data Processors
○ Internal and third party
○ If 3rd party, written contract REQUIRED
Who Manages your data?
25. Get ready for GDPR 2018
25Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Record Keeping
• Name and details of your organisation (and where applicable, of other controllers,
your representative and data protection officer).
• Purposes of the processing.
• Description of the categories of individuals and categories of personal data.
• Categories of recipients of personal data.
• Details of transfers to third countries including documentation of the transfer
mechanism safeguards in place.
• Retention schedules.
• Description of technical and organisational security measures.
You may be required to make these records available to the relevant supervisory authority for purposes
of an investigation.
26. Get ready for GDPR 2018
26Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Record Keeping
All businesses must provide comprehensive, clear and transparent privacy
policies
If you have more than 250 employees you also need to record activities
related to “higher risk processing” such as
• Processing Personal Data that could result in a risk to the rights and
freedoms of an individual
• Processing of “Special Categories” of data or criminal convictions and
offenses
27. Get ready for GDPR 2018
27Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
In the event of a breach or loss of data
In the event of a loss of data -
2. Where there's a high risk to the rights and freedoms of individuals you
must notify those concerned, directly
1. You must notify your Data Protection Officer
28. Get ready for GDPR 2018
28Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
1. Your Data Protection Officer may also need to notify the Information
Commissioner's Office -
a. Name and Contact details of DPO or other contact point
b. Description of likely consequences of the breach
c. Description of measures taken (or proposed) to deal with the personal
data breach, steps taken to mitigate any possible adverse effects and
measures to ensure that it isn’t repeated
In the event of a breach or loss of data
29. Get ready for GDPR 2018
29Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
In the event of a breach or loss of data
When should notification take place?
● Affected Individuals - without undue delay
● Relevant Supervisory Authority - Within 72 hours of the organisation
becoming aware of the breach
Failure to notify
Fine up to 10m EU or 2% of global T/O
30. Get ready for GDPR 2018
30Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - if it goes wrong
31. Get ready for GDPR 2018
31Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - if it goes wrong
32. Get ready for GDPR 2018
32Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Audit - if it goes wrong
33. Get ready for GDPR 2018
33Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
Data Subject Request
How do you respond to Data Subject Requests?
Requests must be fulfilled without delay and within 1 month at the latest.
● If complex or numerous, you can extend by 3 months but must inform the
individual within the 1st month as to the reason for the delay
·
There is no longer a “Subject Access Fee” that you can charge - unless
● a request is manifestly unfounded or excessive or repetitive, you can charge
● there is a request for multiple copies of the same information
Fees MUST be based on the administrative cost of providing the information
34. Get ready for GDPR 2018
34Enterprise Online Marketing Solutions < SEO > < PPC > < Social Media > < On-Line Marketing Solutions >
GDPR Audit Summary
● What have you already got?
● How did you get it?
● Who collects new data, how is it acquired?
● Why do you have it?
● Do you have consent to use it?
● How can it be accessed?
● Who can access it?
● How do you store it?
● How are you using it?
● How long do you need to keep it?
● How do you destroy it?
● How do you respond to “Data Subject Requests”?
Editor's Notes
Loyalty cards, data mining, Google ads
Social Media
Cloud Computing
Remote Access
Smart Phones and Tablets
Loyalty cards, data mining, Google ads
Social Media
Cloud Computing
Remote Access
Smart Phones and Tablets