SlideShare uma empresa Scribd logo
1 de 59
Baixar para ler offline
DOTCONVERSE INFOGUIDES SERIES
GUIDE TO
THE GENERAL
DATA PROTECTION
REGULATION
Index
❖ Data Protection Vs Data Privacy
❖ What is GDPR?
❖ How GDPR Structure lookalike?
❖ Who does the GDPR apply to?
❖ Lawful Basis of Processing
❖ Which Information does the GDPR apply to?
❖ Key Components of GDPR
❖ 6 Steps to Become GDPR Compliant
Index
❖ Key Rights for Consumer(Data Subject)
❖ What can a company do to prepare?
❖ Develop a plan to tackle GDPR
❖ How GDPR impact Marketing?
❖ Who is most affected?
❖ Practical Tips on GDPR for Marketing
Data Protection VS. Data Privacy
❖ Data protection or Data security pertains to ‘protecting the
data’ against ‘unauthorized access’.
❖ However, authorised or unauthorised access can still breach
privacy.
❖ So Privacy and Security/Protection are 2 different things
Data Protection VS. Data Privacy
Protection Privacy
Ensures unauthorised access
is not permitted
Ensures privacy is not compromised
in event of unauthorised and importantly
even when there is authorised
access to data
The Background
❖ Data protection reforms were started in 2012 in EU.
❖ One of the key components of this reform is GDPR
(General Data Protection Regulation).
❖ Basically GDPR is a set of rules designed to give more
control to EU Citizens over their personal data.
What is GDPR
Under the terms of GDPR, not only will organisations have to ensure that
personal data is gathered legally and under strict conditions, but those
who collect and manage it will be obliged to protect it from misuse and
exploitation, as well as to respect the rights of data owners - or face
penalties for not doing so.
What is GDPR?
❖ Though this policy is primarily aimed at EU citizens it also covers those who are in possession
of EU-based personal data. Its focus is to ensure that consumers have rights such as:
❖ The right to erasure
❖ The right to restriction
❖ The right to object
❖ Information notices
Those who fail to comply with GDPR may be punished by fines at the equivalent of up to 4% of
their annual turnover or €20 million.
GDPR Application
GDPR applies to any organisation operating within the EU, as well as any organisations
outside of the EU which offer goods or services to customers or businesses in the EU.
That ultimately implies that almost every major corporation in the world will need to be ready
when GDPR comes into effect, and must start working on their GDPR compliance strategy.
GDPR Structure
Who does the GDPR apply to ?
❖ DATA CONTROLLER
A data controller is a central figure when it comes to protecting the rights of the data
subject (a.k.a. the individual or the organization).
Who does the GDPR apply to ?
❖ DATA PROCESSOR
Organizations that process the data on behalf of the data controller are called data
processors. For e.g. Facebook
Who does the GDPR apply to ?
❖ DATA SUBJECTS: The consumers
Lawful basis for processing
Data may not be processed unless there is at least one lawful basis to do so:
❖ Consent: the individual has given clear consent for you to process their personal data for a
specific purpose.
❖ Contract: the processing is necessary for a contract you have with the individual,
❖ Legal obligation: the processing is necessary for you to comply with the law
❖ Vital interests: the processing is necessary to protect someone’s life.
❖ Public task: the processing is necessary for you to perform a task in the public interest or for
your official work
❖ Legitimate interests: the processing is necessary for your legitimate interests or the legitimate
interests of a third party unless there is a good reason to protect the individual’s personal data
which overrides those legitimate interests.
What is consent?
You need to have a legal basis to process a EU citizen’s personal data. ‘Consent’
is one legal way to do so, as long as it is verifiable and specific.
Verifiable consent requires a written record of when and how someone agreed to
let you process their personal data.
Consent must also be unambiguous and involve a clear affirmative action. This
means clear language and no pre-checked consent boxes.
Which information does the GDPR apply
to?
❖ Personal data
The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person
who can be directly or indirectly identified in particular by reference to an identifier, e.g. IP
address, email IDs, User IDs, Photographs, etc.
❖ Sensitive personal data
The special categories specifically include genetic data, and biometric data where
processed to uniquely identify an individual. e.g. Racial, Political Opinions, Health data etc.
Key Components of GDPR
Six Steps to GDPR Compliant
❖ It is processed fairly, lawfully and transparently
❖ It is collected and processed for specific reasons and stored for specific
periods of time, and that it is not used for reasons beyond its original purpose
❖ Only the data necessary for the purpose it is intended is collected, and not
more
Six Steps to GDPR Compliance
❖ It is accurate and that reasonable steps are taken to ensure it remains accurate
❖ It is kept in a form that allows individuals to be identified only as long as is
necessary
❖ It is kept securely and protected from unlawful access, accidental loss or
damage
What are the Data Subject Rights
Data Subject Rights
❖ RIGHT TO BE INFORMED
When they are collecting data from you, organisations must properly inform you what data they
are collecting, what they are using for, how long they are keeping it and which organisations it
is being shared with.
Data Subject Rights
❖ THE RIGHT TO ACCESS
You have the right to contact an organisation and ask them to provide the data they hold on
you. This includes the data they hold, why they hold it, and what they are doing with it,
including which organisations it is shared with.
Data Subject Rights
❖ THE RIGHT TO RECTIFICATION
You have the right to ensure that information about you is correct, and to ensure that
information is corrected if found to be inaccurate.
Data Subject Rights
❖ THE RIGHT TO ERASURE
Also known as the “right to be forgotten”, this means you have the right to demand that
information a company holds about you is deleted, in part or entirely. This is not an absolute
right, and in some circumstances this request can be refused.
Data Subject Rights
❖ THE RIGHT TO RESTRICT PROCESSING
You have the right to deny consent for an organisation to process your data, even if you have
given consent for it to do so in the past. This right also is not absolute and can in some
circumstances be refused. But an organisation must be able to show you what it is doing with
your data so you can decide to restrict processing if you wish.
Data Subject Rights
❖ THE RIGHT TO DATA PORTABILITY
This right gives you the opportunity to take the data an organisation holds on you and extract it
for use elsewhere. A good example are the features that Facebook or Google offers that allow
you to download the profile information accumulated on the service. This is to promote
competition, so that users are not forcibly tied to an uncompetitive service due to the weight of
accumulated data.
Data Subject Rights
❖ RIGHT IN RELATION TO AUTOMATED DECISION MAKING
Finally, with the growth in profiling and the use of data to make automated, from targeted
advertising or content to credit decisions or job applications, this provides individuals with the
right to object to or appeal against automated decisions that affect them. This is particularly the
case where decisions have serious legal consequences or similar. All such processing
requires the explicit, informed consent of the individual.
Data Subject Rights
❖ THE RIGHT TO OBJECT
This allows you to demand that organizations stop using your data in ways you object to. For
example, sending direct marketing, or making nuisance commercial phone calls.
DOTCONVERSE INFOGUIDES SERIES
6 STEPS TO GDPR
COMPLIANCE
What can a company do to Prepare
Develop a Plan to Tackle GDPR
❖ Integrate your IT and marketing departments
Between the threat of cybercrime and the necessity for specific monitoring and
implementation strategies, your IT department will be your new best friend.
Develop a Plan to Tackle GDPR
❖ Hire a Data Protection Officer (DPO)
DPOs assist you to monitor internal compliance, inform and advise on your data
protection obligations, provide advice regarding Data Protection Impact
Assessments (DPIAs) and act as a contact point for data subjects and the
supervisory authority
Develop a Plan to Tackle GDPR
❖ Educate your Staff
Anyone who handles information needs to be educated about GDPR. This
includes staff that interacts with new customers or users, those that maintain CRM
systems, and even data entry personnel.
Develop a Plan to Tackle GDPR
❖ Create Tools Which Ensure Privacy
Every day there are more and more companies popping up with pseudonymization
solutions and other ways to keep compliant. Work with your DPO and your IT
department to find the solution that works best for you.
Develop a Plan to Tackle GDPR
❖ Do an Audit of your Current data security system
The best way to ensure compliance is to have an accurate assessment of your
current data processes. That way you can identify high-risk areas and fix any
potential problem areas before enforcement begins
Develop a Plan to Tackle GDPR
❖ Work with third-party providers who are GDPR-
compliant
This includes your email service provider, your CRM service and your marketing
and PR agencies. You can be held responsible for breaches made by processors
you work with. It’s important to ensure that all aspects of your data processing are
in compliance.
How Does the GDPR apply on the basis of Geolocation
Standpoint
❖ Sell or market goods or services to EU citizens (regardless of where they
live) or current EU residents.
❖ Employ EU citizens.
❖ Monitor the behavior of EU citizens or residents.
❖ Collect, process or hold the personal data of EU citizens or residents.
How Does the GDPR apply on the basis of Functional
Standpoint
❖ The technical answer is that you need to know whether you’re a processor
and/or a controller as defined by the GDPR.
❖ Controllers store personal data. A payment platform like PayPal is a good
example.
❖ Processors use that data for a specific purpose but don’t store it once that
purpose has been achieved. One example would be people who sell things
online and use PayPal to process payments. They use a buyer’s information for
shipping and payment purposes but don’t store that data after the transaction
has been completed.
How GDPR Impacts Marketing
❖ There are only 3 key areas that marketers need to worry about – data
permission, data access and data focus.
1. Data Permission
❖ Data permission is about how you manage email opt-ins –people who request
to receive promotional material from you.
❖ For example, instead of assuming that visitors who fill out a web form want to
receive marketing emails, organisations now need ask visitors to specifically
opt-in to newsletters by ticking the sign up box. This opt-in proof is necessary
to be stored and be available for any audits
Data Permission
2. Data Access
❖ The right to be forgotten has become one of the most talked about rulings in
EU Justice Court history. It gives people the right to have outdated or
inaccurate personal data to be removed and has, in some instances, already
been implemented by companies like Google, who were forced to remove
pages from its search engine results in order to comply.
2. Data Access
❖ As a marketer, it will be your responsibility to make sure that your users can
easily access their data and remove consent for its use.
❖ Practically speaking, this can be as straightforward as including an unsubscribe
link within your email marketing template and linking to a user profile that
allows users to manage their email preferences (as shown in the next slide).
2. Data Access
3. Data Focus
❖ As marketers, we can all be guilty of collecting a little more data from a person than
we actually need.
❖ Ask yourself, do I really need to know someone’s favorite movie before they can
subscribe to our newsletter?
❖ GDPR requires you to legally justify the processing of the personal data you
collect.
Who is affected most by GDPR in
marketing
❖ Email marketing managers
❖ Marketing automation specialists
❖ Public relations executive
9 Practical Tips on GDPR FOR
Marketing
❖ Start auditing your mailing list now
❖ Review the way you’re currently collecting personal data
❖ Educate your sales team about social selling techniques
9 Practical Tips on GDPR FOR
Marketing
❖ Start centralizing your personal data collection into a CRM system
❖ Understand the data you’re collecting in more detail.
❖ Try using push notifications
9 Practical Tips on GDPR FOR
Marketing
❖ Update your privacy statement
❖ Invite visitors to add themselves to your mailing list by launching a pop up on
your website
❖ Invest in a content marketing strategy by creating white papers, guides and
eBooks that visitors can access and download in exchange for them sharing their
contact information.
eMail- GDPR
❖ Forms on websites should have checkboxes for opt-in consent
❖ Explain how and why you would use this data
❖ You should double check if any integrations do not automatically add data to
your database (e.g. Facebook leads)
❖ Allow access to users to their personal profile stored at your end, so they can
update their data
GDPR and emailing
❖ Create a consent email campaign and send to all users to ask specific
consent
❖ Create an ‘Update Profile’ campaign and let users update their profiles
❖ Create a ‘segment’ of compliant users in your database/
Privacy Policy and GDPR
Please include the following details in your Privacy Policy:
▪ Who is collecting the data?
▪ What data is being collected?
▪ What is the legal basis for processing the data?
▪ Will the data be shared with any third parties?
▪ How will the information be used?
▪ How long will the data be stored for?
▪ What rights does the data subject have?
▪ How can the data subject raise a complaint?
Cookies & GDPR
❖ While cookie in a browser is just an ID, however when combined with other
data (IP address, device, Unique IDs, login IDs etc.) it may be used in
identifying a person, hence cookie data is termed as personal data.
Cookies & GDPR
Consent should be given by a clear affirmative act establishing a freely given, specific, informed
and unambiguous indication of the data subject's agreement to the processing of personal data
relating to him or her, such as by a written statement, including by electronic means, or an oral
statement. This could include ticking a box when visiting an internet website, choosing technical
settings for information society services or another statement or conduct which clearly indicates in
this context the data subject's acceptance of the proposed processing of his or her personal data.
Cookies & GDPR
❖ Just Agree and Not agree options are not enough
❖ Companies, ideally should, give users an idea about what type of cookies are
being used and allow them to choose the cookies they allow.
❖ Cookies and other files that may be stored in users’ browsers should also be
revealed in Privacy statements or consent forms descriptions
Types of Cookies & GDPR
❖ Essential Cookies- which are important for a website’s functioning (session
log in, add to favorites/cart etc.)
❖ Analytics Cookies- Not essential for functioning of website, but are important
for monitoring purposes. You may want to elaborate and give a choice to
users to accept or not accept these cookies
❖ Third Party Ads/Affiliates- Non essential.
Cookies & GDPR
1. Users should know how will
their data be used.
2. Can also allow users to choose
which cookies they want to accept
Please note
❖ This presentation is educative in purpose and not a legal advice. Please
consult your legal advisor on GDPR before proceeding further
DOTCONVERSE INFOGUIDES SERIES
Thank You!
www.dotconverse.com

Mais conteúdo relacionado

Mais procurados

GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsHarrison Clark Rickerbys
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leadersDeeson
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitjoshquarrie
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)RAKESH S
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulationFahad Ameen
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...Harrison Clark Rickerbys
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceSarah Fox
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials  by QualsysGDPR: Training Materials  by Qualsys
GDPR: Training Materials by QualsysQualsys Ltd
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. dan hyde
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR readyPremier EPOS
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Werksmans Attorneys
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Werksmans Attorneys
 

Mais procurados (18)

GDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business AdvisorsGDPR Breakfast Briefing for Business Advisors
GDPR Breakfast Briefing for Business Advisors
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
GDPR webinar for business leaders
GDPR webinar for business leadersGDPR webinar for business leaders
GDPR webinar for business leaders
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)EU GDPR(general data protection regulation)
EU GDPR(general data protection regulation)
 
General data protection regulation
General data protection regulationGeneral data protection regulation
General data protection regulation
 
GDPR FAQ'S
GDPR FAQ'SGDPR FAQ'S
GDPR FAQ'S
 
Gdpr in a nutshell
Gdpr in a nutshellGdpr in a nutshell
Gdpr in a nutshell
 
What does GDPR mean for your business?
What does GDPR mean for your business?What does GDPR mean for your business?
What does GDPR mean for your business?
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
GDPR Breakfast Briefing - For Business Owners, HR Directors, Marketing Direct...
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
 
GDPR: Training Materials by Qualsys
GDPR: Training Materials  by QualsysGDPR: Training Materials  by Qualsys
GDPR: Training Materials by Qualsys
 
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR. A Brave New World Of Data Protection. Ready? Counting down to GDPR.
A Brave New World Of Data Protection. Ready? Counting down to GDPR.
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
 
Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...Practical steps to take in preparation for the Protection of Personal Informa...
Practical steps to take in preparation for the Protection of Personal Informa...
 
Privacy Access Letter I Feb 5 07
Privacy Access Letter I   Feb 5 07Privacy Access Letter I   Feb 5 07
Privacy Access Letter I Feb 5 07
 
Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...Saying "I Don't": the requirement of data subject consent for purposes of dat...
Saying "I Don't": the requirement of data subject consent for purposes of dat...
 

Semelhante a GDPR- GENERAL DATA PROTECTION REGULATION

GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing MindsetNetworkIQ
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsElliot Reeman
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare IndustryEMMAIntl
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoDaniel Smith
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GreenRope
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRJenny Ferguson
 
GDPR Briefing for marketers
GDPR Briefing for marketersGDPR Briefing for marketers
GDPR Briefing for marketersSmart Insights
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...Harrison Clark Rickerbys
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting   the impacts of gdprCognizant business consulting   the impacts of gdpr
Cognizant business consulting the impacts of gdpraudrey miguel
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteSilverTech
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 

Semelhante a GDPR- GENERAL DATA PROTECTION REGULATION (20)

Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
GDPR Whitepaper
GDPR WhitepaperGDPR Whitepaper
GDPR Whitepaper
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
 
Key Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection RegulationKey Issues on the new General Data Protection Regulation
Key Issues on the new General Data Protection Regulation
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
GDPR Briefing for marketers
GDPR Briefing for marketersGDPR Briefing for marketers
GDPR Briefing for marketers
 
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
GDPR Breakfast Briefing for Business Owners, IT Directors, HR Directors & Ops...
 
Cognizant business consulting the impacts of gdpr
Cognizant business consulting   the impacts of gdprCognizant business consulting   the impacts of gdpr
Cognizant business consulting the impacts of gdpr
 
GDPR - what you need to know
GDPR -  what you need to know GDPR -  what you need to know
GDPR - what you need to know
 
Things to know about GDPR in 2018
Things to know about GDPR in 2018Things to know about GDPR in 2018
Things to know about GDPR in 2018
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 

Mais de Saurabh Pandey

GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONSaurabh Pandey
 
WORDPRESS MANUAL INSTALL ON GODADDY
WORDPRESS MANUAL INSTALL ON GODADDYWORDPRESS MANUAL INSTALL ON GODADDY
WORDPRESS MANUAL INSTALL ON GODADDYSaurabh Pandey
 
How Tyrone Systems Leveraged World Cup Cricket 2015
How Tyrone Systems Leveraged World Cup Cricket 2015How Tyrone Systems Leveraged World Cup Cricket 2015
How Tyrone Systems Leveraged World Cup Cricket 2015Saurabh Pandey
 
How We Made A Social Media Success Of A Gaming Event
How We Made A Social Media Success Of A Gaming EventHow We Made A Social Media Success Of A Gaming Event
How We Made A Social Media Success Of A Gaming EventSaurabh Pandey
 
Lemp Brewpub -ORM + Social Media Case Study
Lemp Brewpub -ORM + Social Media Case StudyLemp Brewpub -ORM + Social Media Case Study
Lemp Brewpub -ORM + Social Media Case StudySaurabh Pandey
 
4 social media lessons from sachin tendulkar!
4 social media lessons from sachin tendulkar!4 social media lessons from sachin tendulkar!
4 social media lessons from sachin tendulkar!Saurabh Pandey
 
Internet, domain name, worldwideweb
Internet, domain name, worldwidewebInternet, domain name, worldwideweb
Internet, domain name, worldwidewebSaurabh Pandey
 
Social Media and the New Workplace
Social Media and the New WorkplaceSocial Media and the New Workplace
Social Media and the New WorkplaceSaurabh Pandey
 
Social Media Marketing & New Age Communication
Social Media Marketing & New Age CommunicationSocial Media Marketing & New Age Communication
Social Media Marketing & New Age CommunicationSaurabh Pandey
 
How 'You' are changing the marketing paradigm!
How 'You' are changing the marketing paradigm!How 'You' are changing the marketing paradigm!
How 'You' are changing the marketing paradigm!Saurabh Pandey
 
Social Media Marketing & RoI
Social Media Marketing & RoISocial Media Marketing & RoI
Social Media Marketing & RoISaurabh Pandey
 
BLOG PERFORMANCE METRICS
BLOG PERFORMANCE METRICSBLOG PERFORMANCE METRICS
BLOG PERFORMANCE METRICSSaurabh Pandey
 

Mais de Saurabh Pandey (14)

GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
WORDPRESS MANUAL INSTALL ON GODADDY
WORDPRESS MANUAL INSTALL ON GODADDYWORDPRESS MANUAL INSTALL ON GODADDY
WORDPRESS MANUAL INSTALL ON GODADDY
 
How Tyrone Systems Leveraged World Cup Cricket 2015
How Tyrone Systems Leveraged World Cup Cricket 2015How Tyrone Systems Leveraged World Cup Cricket 2015
How Tyrone Systems Leveraged World Cup Cricket 2015
 
How We Made A Social Media Success Of A Gaming Event
How We Made A Social Media Success Of A Gaming EventHow We Made A Social Media Success Of A Gaming Event
How We Made A Social Media Success Of A Gaming Event
 
Lemp Brewpub -ORM + Social Media Case Study
Lemp Brewpub -ORM + Social Media Case StudyLemp Brewpub -ORM + Social Media Case Study
Lemp Brewpub -ORM + Social Media Case Study
 
4 social media lessons from sachin tendulkar!
4 social media lessons from sachin tendulkar!4 social media lessons from sachin tendulkar!
4 social media lessons from sachin tendulkar!
 
Internet, domain name, worldwideweb
Internet, domain name, worldwidewebInternet, domain name, worldwideweb
Internet, domain name, worldwideweb
 
Digital branding
Digital brandingDigital branding
Digital branding
 
Social Media and the New Workplace
Social Media and the New WorkplaceSocial Media and the New Workplace
Social Media and the New Workplace
 
Social Media Marketing & New Age Communication
Social Media Marketing & New Age CommunicationSocial Media Marketing & New Age Communication
Social Media Marketing & New Age Communication
 
How 'You' are changing the marketing paradigm!
How 'You' are changing the marketing paradigm!How 'You' are changing the marketing paradigm!
How 'You' are changing the marketing paradigm!
 
Digital Trends 2009
Digital Trends 2009Digital Trends 2009
Digital Trends 2009
 
Social Media Marketing & RoI
Social Media Marketing & RoISocial Media Marketing & RoI
Social Media Marketing & RoI
 
BLOG PERFORMANCE METRICS
BLOG PERFORMANCE METRICSBLOG PERFORMANCE METRICS
BLOG PERFORMANCE METRICS
 

Último

Dashboards y paneles - CP Home - Area de Operaciones
Dashboards y paneles - CP Home - Area de OperacionesDashboards y paneles - CP Home - Area de Operaciones
Dashboards y paneles - CP Home - Area de OperacionesLPI ONG
 
pitchdeck ORPC 2019 data info turine.pdf
pitchdeck ORPC 2019 data info turine.pdfpitchdeck ORPC 2019 data info turine.pdf
pitchdeck ORPC 2019 data info turine.pdflebob12
 
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckPitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckHajeJanKamps
 
How The Hustle Milestone Referral Program Got 300K Subscribers
How The Hustle Milestone Referral Program Got 300K SubscribersHow The Hustle Milestone Referral Program Got 300K Subscribers
How The Hustle Milestone Referral Program Got 300K SubscribersFlyyx Tech
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionRight Direction Aero
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxPaulBryant58
 
Mist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in EgyptMist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in Egyptopstechsanjanasingh
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography inalexademileighpacal
 
Young Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianYoung Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianCDEEPANVITA
 
10 Tips for Great Teams CSUN Conference 2024
10 Tips for Great Teams CSUN Conference 202410 Tips for Great Teams CSUN Conference 2024
10 Tips for Great Teams CSUN Conference 2024Nate Evans
 
Wallet Pitch for startup fintech and loan
Wallet Pitch for startup fintech and loanWallet Pitch for startup fintech and loan
Wallet Pitch for startup fintech and loansujat8807
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...BilalAhmed717
 
0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdfBloomerang
 
Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..ranjithapriya2
 
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...Reframing Requirements: A Strategic Approach to Requirement Definition, with ...
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...Jake Truemper
 
EPC Contractors aspects Presentation.pdf
EPC Contractors  aspects Presentation.pdfEPC Contractors  aspects Presentation.pdf
EPC Contractors aspects Presentation.pdfGiuseppe Tommasone
 
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi Tube
 
The 10 Most Influential Women Making Difference In 2024.pdf
The 10 Most Influential Women Making Difference In 2024.pdfThe 10 Most Influential Women Making Difference In 2024.pdf
The 10 Most Influential Women Making Difference In 2024.pdfInsightsSuccess4
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptendeworku
 
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfCORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfLouis Malaybalay
 

Último (20)

Dashboards y paneles - CP Home - Area de Operaciones
Dashboards y paneles - CP Home - Area de OperacionesDashboards y paneles - CP Home - Area de Operaciones
Dashboards y paneles - CP Home - Area de Operaciones
 
pitchdeck ORPC 2019 data info turine.pdf
pitchdeck ORPC 2019 data info turine.pdfpitchdeck ORPC 2019 data info turine.pdf
pitchdeck ORPC 2019 data info turine.pdf
 
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deckPitch Deck Teardown: SuperScale's $5.4M Series A deck
Pitch Deck Teardown: SuperScale's $5.4M Series A deck
 
How The Hustle Milestone Referral Program Got 300K Subscribers
How The Hustle Milestone Referral Program Got 300K SubscribersHow The Hustle Milestone Referral Program Got 300K Subscribers
How The Hustle Milestone Referral Program Got 300K Subscribers
 
We are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right DirectionWe are inviting you on board, to move forward together in the Right Direction
We are inviting you on board, to move forward together in the Right Direction
 
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptxStreamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
Streamlining Your Accounting A Guide to QuickBooks Migration Tools.pptx
 
Mist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in EgyptMist Cooling & Fogging System Company in Egypt
Mist Cooling & Fogging System Company in Egypt
 
Record of Module Forensic photography in
Record of Module Forensic photography inRecord of Module Forensic photography in
Record of Module Forensic photography in
 
Young Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya CherianYoung Woman Entrepreneur - Kaviya Cherian
Young Woman Entrepreneur - Kaviya Cherian
 
10 Tips for Great Teams CSUN Conference 2024
10 Tips for Great Teams CSUN Conference 202410 Tips for Great Teams CSUN Conference 2024
10 Tips for Great Teams CSUN Conference 2024
 
Wallet Pitch for startup fintech and loan
Wallet Pitch for startup fintech and loanWallet Pitch for startup fintech and loan
Wallet Pitch for startup fintech and loan
 
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
Project Work on Consumer Behavior in Fast Food Restaurants. Their behavior to...
 
0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf0311 National Accounts Online Giving Trends.pdf
0311 National Accounts Online Giving Trends.pdf
 
Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..Shravan Kumaran and sanjay kumaran.pdf..
Shravan Kumaran and sanjay kumaran.pdf..
 
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...Reframing Requirements: A Strategic Approach to Requirement Definition, with ...
Reframing Requirements: A Strategic Approach to Requirement Definition, with ...
 
EPC Contractors aspects Presentation.pdf
EPC Contractors  aspects Presentation.pdfEPC Contractors  aspects Presentation.pdf
EPC Contractors aspects Presentation.pdf
 
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptxAirOxi -  Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
AirOxi - Pioneering Aquaculture Advancements Through NFDB Empanelment.pptx
 
The 10 Most Influential Women Making Difference In 2024.pdf
The 10 Most Influential Women Making Difference In 2024.pdfThe 10 Most Influential Women Making Difference In 2024.pdf
The 10 Most Influential Women Making Difference In 2024.pdf
 
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities pptBus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
Bus Eth ch3 ppt.ppt business ethics and corporate social responsibilities ppt
 
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdfCORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
CORPORATE SOCIAL RESPONSIBILITY - FINAL REQUIREMENT.pdf
 

GDPR- GENERAL DATA PROTECTION REGULATION

  • 1. DOTCONVERSE INFOGUIDES SERIES GUIDE TO THE GENERAL DATA PROTECTION REGULATION
  • 2. Index ❖ Data Protection Vs Data Privacy ❖ What is GDPR? ❖ How GDPR Structure lookalike? ❖ Who does the GDPR apply to? ❖ Lawful Basis of Processing ❖ Which Information does the GDPR apply to? ❖ Key Components of GDPR ❖ 6 Steps to Become GDPR Compliant
  • 3. Index ❖ Key Rights for Consumer(Data Subject) ❖ What can a company do to prepare? ❖ Develop a plan to tackle GDPR ❖ How GDPR impact Marketing? ❖ Who is most affected? ❖ Practical Tips on GDPR for Marketing
  • 4. Data Protection VS. Data Privacy ❖ Data protection or Data security pertains to ‘protecting the data’ against ‘unauthorized access’. ❖ However, authorised or unauthorised access can still breach privacy. ❖ So Privacy and Security/Protection are 2 different things
  • 5. Data Protection VS. Data Privacy Protection Privacy Ensures unauthorised access is not permitted Ensures privacy is not compromised in event of unauthorised and importantly even when there is authorised access to data
  • 6. The Background ❖ Data protection reforms were started in 2012 in EU. ❖ One of the key components of this reform is GDPR (General Data Protection Regulation). ❖ Basically GDPR is a set of rules designed to give more control to EU Citizens over their personal data.
  • 7. What is GDPR Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners - or face penalties for not doing so.
  • 8. What is GDPR? ❖ Though this policy is primarily aimed at EU citizens it also covers those who are in possession of EU-based personal data. Its focus is to ensure that consumers have rights such as: ❖ The right to erasure ❖ The right to restriction ❖ The right to object ❖ Information notices Those who fail to comply with GDPR may be punished by fines at the equivalent of up to 4% of their annual turnover or €20 million.
  • 9. GDPR Application GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which offer goods or services to customers or businesses in the EU. That ultimately implies that almost every major corporation in the world will need to be ready when GDPR comes into effect, and must start working on their GDPR compliance strategy.
  • 11. Who does the GDPR apply to ? ❖ DATA CONTROLLER A data controller is a central figure when it comes to protecting the rights of the data subject (a.k.a. the individual or the organization).
  • 12. Who does the GDPR apply to ? ❖ DATA PROCESSOR Organizations that process the data on behalf of the data controller are called data processors. For e.g. Facebook
  • 13. Who does the GDPR apply to ? ❖ DATA SUBJECTS: The consumers
  • 14. Lawful basis for processing Data may not be processed unless there is at least one lawful basis to do so: ❖ Consent: the individual has given clear consent for you to process their personal data for a specific purpose. ❖ Contract: the processing is necessary for a contract you have with the individual, ❖ Legal obligation: the processing is necessary for you to comply with the law ❖ Vital interests: the processing is necessary to protect someone’s life. ❖ Public task: the processing is necessary for you to perform a task in the public interest or for your official work ❖ Legitimate interests: the processing is necessary for your legitimate interests or the legitimate interests of a third party unless there is a good reason to protect the individual’s personal data which overrides those legitimate interests.
  • 15. What is consent? You need to have a legal basis to process a EU citizen’s personal data. ‘Consent’ is one legal way to do so, as long as it is verifiable and specific. Verifiable consent requires a written record of when and how someone agreed to let you process their personal data. Consent must also be unambiguous and involve a clear affirmative action. This means clear language and no pre-checked consent boxes.
  • 16. Which information does the GDPR apply to? ❖ Personal data The GDPR applies to ‘personal data’ meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, e.g. IP address, email IDs, User IDs, Photographs, etc. ❖ Sensitive personal data The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual. e.g. Racial, Political Opinions, Health data etc.
  • 18. Six Steps to GDPR Compliant ❖ It is processed fairly, lawfully and transparently ❖ It is collected and processed for specific reasons and stored for specific periods of time, and that it is not used for reasons beyond its original purpose ❖ Only the data necessary for the purpose it is intended is collected, and not more
  • 19. Six Steps to GDPR Compliance ❖ It is accurate and that reasonable steps are taken to ensure it remains accurate ❖ It is kept in a form that allows individuals to be identified only as long as is necessary ❖ It is kept securely and protected from unlawful access, accidental loss or damage
  • 20. What are the Data Subject Rights
  • 21. Data Subject Rights ❖ RIGHT TO BE INFORMED When they are collecting data from you, organisations must properly inform you what data they are collecting, what they are using for, how long they are keeping it and which organisations it is being shared with.
  • 22. Data Subject Rights ❖ THE RIGHT TO ACCESS You have the right to contact an organisation and ask them to provide the data they hold on you. This includes the data they hold, why they hold it, and what they are doing with it, including which organisations it is shared with.
  • 23. Data Subject Rights ❖ THE RIGHT TO RECTIFICATION You have the right to ensure that information about you is correct, and to ensure that information is corrected if found to be inaccurate.
  • 24. Data Subject Rights ❖ THE RIGHT TO ERASURE Also known as the “right to be forgotten”, this means you have the right to demand that information a company holds about you is deleted, in part or entirely. This is not an absolute right, and in some circumstances this request can be refused.
  • 25. Data Subject Rights ❖ THE RIGHT TO RESTRICT PROCESSING You have the right to deny consent for an organisation to process your data, even if you have given consent for it to do so in the past. This right also is not absolute and can in some circumstances be refused. But an organisation must be able to show you what it is doing with your data so you can decide to restrict processing if you wish.
  • 26. Data Subject Rights ❖ THE RIGHT TO DATA PORTABILITY This right gives you the opportunity to take the data an organisation holds on you and extract it for use elsewhere. A good example are the features that Facebook or Google offers that allow you to download the profile information accumulated on the service. This is to promote competition, so that users are not forcibly tied to an uncompetitive service due to the weight of accumulated data.
  • 27. Data Subject Rights ❖ RIGHT IN RELATION TO AUTOMATED DECISION MAKING Finally, with the growth in profiling and the use of data to make automated, from targeted advertising or content to credit decisions or job applications, this provides individuals with the right to object to or appeal against automated decisions that affect them. This is particularly the case where decisions have serious legal consequences or similar. All such processing requires the explicit, informed consent of the individual.
  • 28. Data Subject Rights ❖ THE RIGHT TO OBJECT This allows you to demand that organizations stop using your data in ways you object to. For example, sending direct marketing, or making nuisance commercial phone calls.
  • 29. DOTCONVERSE INFOGUIDES SERIES 6 STEPS TO GDPR COMPLIANCE
  • 30. What can a company do to Prepare
  • 31. Develop a Plan to Tackle GDPR ❖ Integrate your IT and marketing departments Between the threat of cybercrime and the necessity for specific monitoring and implementation strategies, your IT department will be your new best friend.
  • 32. Develop a Plan to Tackle GDPR ❖ Hire a Data Protection Officer (DPO) DPOs assist you to monitor internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and the supervisory authority
  • 33. Develop a Plan to Tackle GDPR ❖ Educate your Staff Anyone who handles information needs to be educated about GDPR. This includes staff that interacts with new customers or users, those that maintain CRM systems, and even data entry personnel.
  • 34. Develop a Plan to Tackle GDPR ❖ Create Tools Which Ensure Privacy Every day there are more and more companies popping up with pseudonymization solutions and other ways to keep compliant. Work with your DPO and your IT department to find the solution that works best for you.
  • 35. Develop a Plan to Tackle GDPR ❖ Do an Audit of your Current data security system The best way to ensure compliance is to have an accurate assessment of your current data processes. That way you can identify high-risk areas and fix any potential problem areas before enforcement begins
  • 36. Develop a Plan to Tackle GDPR ❖ Work with third-party providers who are GDPR- compliant This includes your email service provider, your CRM service and your marketing and PR agencies. You can be held responsible for breaches made by processors you work with. It’s important to ensure that all aspects of your data processing are in compliance.
  • 37. How Does the GDPR apply on the basis of Geolocation Standpoint ❖ Sell or market goods or services to EU citizens (regardless of where they live) or current EU residents. ❖ Employ EU citizens. ❖ Monitor the behavior of EU citizens or residents. ❖ Collect, process or hold the personal data of EU citizens or residents.
  • 38. How Does the GDPR apply on the basis of Functional Standpoint ❖ The technical answer is that you need to know whether you’re a processor and/or a controller as defined by the GDPR. ❖ Controllers store personal data. A payment platform like PayPal is a good example. ❖ Processors use that data for a specific purpose but don’t store it once that purpose has been achieved. One example would be people who sell things online and use PayPal to process payments. They use a buyer’s information for shipping and payment purposes but don’t store that data after the transaction has been completed.
  • 39. How GDPR Impacts Marketing ❖ There are only 3 key areas that marketers need to worry about – data permission, data access and data focus.
  • 40. 1. Data Permission ❖ Data permission is about how you manage email opt-ins –people who request to receive promotional material from you. ❖ For example, instead of assuming that visitors who fill out a web form want to receive marketing emails, organisations now need ask visitors to specifically opt-in to newsletters by ticking the sign up box. This opt-in proof is necessary to be stored and be available for any audits
  • 42. 2. Data Access ❖ The right to be forgotten has become one of the most talked about rulings in EU Justice Court history. It gives people the right to have outdated or inaccurate personal data to be removed and has, in some instances, already been implemented by companies like Google, who were forced to remove pages from its search engine results in order to comply.
  • 43. 2. Data Access ❖ As a marketer, it will be your responsibility to make sure that your users can easily access their data and remove consent for its use. ❖ Practically speaking, this can be as straightforward as including an unsubscribe link within your email marketing template and linking to a user profile that allows users to manage their email preferences (as shown in the next slide).
  • 45. 3. Data Focus ❖ As marketers, we can all be guilty of collecting a little more data from a person than we actually need. ❖ Ask yourself, do I really need to know someone’s favorite movie before they can subscribe to our newsletter? ❖ GDPR requires you to legally justify the processing of the personal data you collect.
  • 46. Who is affected most by GDPR in marketing ❖ Email marketing managers ❖ Marketing automation specialists ❖ Public relations executive
  • 47. 9 Practical Tips on GDPR FOR Marketing ❖ Start auditing your mailing list now ❖ Review the way you’re currently collecting personal data ❖ Educate your sales team about social selling techniques
  • 48. 9 Practical Tips on GDPR FOR Marketing ❖ Start centralizing your personal data collection into a CRM system ❖ Understand the data you’re collecting in more detail. ❖ Try using push notifications
  • 49. 9 Practical Tips on GDPR FOR Marketing ❖ Update your privacy statement ❖ Invite visitors to add themselves to your mailing list by launching a pop up on your website ❖ Invest in a content marketing strategy by creating white papers, guides and eBooks that visitors can access and download in exchange for them sharing their contact information.
  • 50. eMail- GDPR ❖ Forms on websites should have checkboxes for opt-in consent ❖ Explain how and why you would use this data ❖ You should double check if any integrations do not automatically add data to your database (e.g. Facebook leads) ❖ Allow access to users to their personal profile stored at your end, so they can update their data
  • 51. GDPR and emailing ❖ Create a consent email campaign and send to all users to ask specific consent ❖ Create an ‘Update Profile’ campaign and let users update their profiles ❖ Create a ‘segment’ of compliant users in your database/
  • 52. Privacy Policy and GDPR Please include the following details in your Privacy Policy: ▪ Who is collecting the data? ▪ What data is being collected? ▪ What is the legal basis for processing the data? ▪ Will the data be shared with any third parties? ▪ How will the information be used? ▪ How long will the data be stored for? ▪ What rights does the data subject have? ▪ How can the data subject raise a complaint?
  • 53. Cookies & GDPR ❖ While cookie in a browser is just an ID, however when combined with other data (IP address, device, Unique IDs, login IDs etc.) it may be used in identifying a person, hence cookie data is termed as personal data.
  • 54. Cookies & GDPR Consent should be given by a clear affirmative act establishing a freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of personal data relating to him or her, such as by a written statement, including by electronic means, or an oral statement. This could include ticking a box when visiting an internet website, choosing technical settings for information society services or another statement or conduct which clearly indicates in this context the data subject's acceptance of the proposed processing of his or her personal data.
  • 55. Cookies & GDPR ❖ Just Agree and Not agree options are not enough ❖ Companies, ideally should, give users an idea about what type of cookies are being used and allow them to choose the cookies they allow. ❖ Cookies and other files that may be stored in users’ browsers should also be revealed in Privacy statements or consent forms descriptions
  • 56. Types of Cookies & GDPR ❖ Essential Cookies- which are important for a website’s functioning (session log in, add to favorites/cart etc.) ❖ Analytics Cookies- Not essential for functioning of website, but are important for monitoring purposes. You may want to elaborate and give a choice to users to accept or not accept these cookies ❖ Third Party Ads/Affiliates- Non essential.
  • 57. Cookies & GDPR 1. Users should know how will their data be used. 2. Can also allow users to choose which cookies they want to accept
  • 58. Please note ❖ This presentation is educative in purpose and not a legal advice. Please consult your legal advisor on GDPR before proceeding further
  • 59. DOTCONVERSE INFOGUIDES SERIES Thank You! www.dotconverse.com