c18 - breakout sessions · we know our privacy obligations. 2. inventory. we know what personal...
TRANSCRIPT
#COMPLY2018#COMPLY2018
GDPREMBRACE IT
VERONICA GONZALEZ AND KARIMA NOREN
#COMPLY2018#COMPLY2018
GDPR: IS YOUR ORGANIZATION REALLY READY?
KARIMANOREN
VERONICAGONZALEZ
#COMPLY2018
What can we achieve together in
30minutes?
#COMPLY2018
Why care?
How to care
#COMPLY2018
#COMPLY2018
Information is
POWER
#COMPLY2018
Power can be
DANGEROUS
#COMPLY2018
Personal information is
REALLYpowerful
#COMPLY2018
We
ALLhave personal information
#COMPLY2018
…and then we give it away
#COMPLY2018
leaving a
DATATRAIL
#COMPLY2018
#COMPLY2018
HOW SAFEDo you feel?
#COMPLY2018
The GDPR is there to
STOPThe grenades going
off and harming people like you and me
#COMPLY2018
by applying
the GDPRprinciples
#COMPLY2018
Lawfulness, fairness and transparency.Personal data must be processed lawfully, fairly and in a transparent manner.
Purpose limitation.Personal data must be collected only for specific, explicit and legitimate purposes.
Data minimisation.Personal data must be adequate, relevant and not excessive.
Accuracy.Personal data must be accurate and, where necessary, kept up-to-date.
Storage limitation.Personal data must not be kept longer than necessary.
Integrity and confidentiality.Personal data must be processed in a manner that ensures its appropriate security.
Accountability.The data controller is responsible for, and must be able to demonstrate, compliance with the other data protection principles.
#COMPLY2018
remind me:
How does this apply to
me?
#COMPLY2018
The General Data Protection Regulation (GDPR) is EU Law
It comes into force on 25 May 2018
It is NOT like Y2K. GDPR is a journey not a destination. It starts on 25 May...
It applies to any organisation that:● Offer goods or services to data subjects in the
EU irrespective of whether payment is received;● Monitors data subjects’ behaviour insofar as
their behaviour takes place within the EU.
It imposes the strictest regime when it comes to data protection. It is the new Gold Standard.
It is principle based.
#COMPLY2018
ANDyou need to
CAREabout privacy
#COMPLY2018
So why should
YOUcare?
(Apart from the grenade stuff)
#COMPLY2018
How can you
SHOWthat you care?
#COMPLY2018
#COMPLY2018
Building a SuccessfulPRIVACY PROGRAM
#COMPLY2018
BUILDING BLOCKS: The Team
25
• Don’t do this alone
• Quality of the team is the quality of the output
• Empower the team
#COMPLY2018
BUILDING BLOCKS: The Promises
26
1. Awareness. We know our privacy obligations.
2. Inventory. We know what personal data we have and what we do with it.
3. Transparency. We tell people what we do with their personal data.
4. Safe Sharing. We only share personal data with organizations /people we trust.
5. Rights of Individuals. We respect the rights of individuals.
6. Security. We keep personal data safe.
7. International. We only send personal data to safe places.
8. Privacy by Design. We build privacy into everything we do.
#COMPLY2018
BUILDING BLOCKS: The Plan
27
• Work against an actionable plan
• Iterate on the plan
• Document everything
#COMPLY2018
BUILDING BLOCKS: FOCUS
28
Keep going back to the mission
#COMPLY2018
STAY CALM AND PRIVACY ON
29
• Recognize it’s a journey, not a destination
• Privacy by design – not perfection
• Methodology to action the plan:- Quick wins
- Labor-intensive tasks
- Hard decisions
#COMPLY2018
THE HARD STUFF
30
• What’s hard for you is hard for everyone else
• Fix the past, but focus on future
• Don’t stall the program
• Collaborate with others in your industry
#COMPLY2018
CULTURAL SHIFT
31
• Make it relevant
• Make it accessible
• Don’t just focus on “compliance”
#COMPLY2018
NEXT 8 DAYS…
32
• Focus on visible compliance - Awareness- Privacy Policy- Be contactable and response to Subject Access
Requests
• Pause marketing emails to EU
• Document the overall plan of what you intend to do
#COMPLY2018
THANK YOU
33
Karima NorenCo-Founder, Privacy Compliance Hub
Veronica GonzalezVP, Global Head of Business & Legal AffairsOutbrain Inc.