#COMPLY2018#COMPLY2018

GDPREMBRACE IT

VERONICA GONZALEZ AND KARIMA NOREN

#COMPLY2018#COMPLY2018

GDPR: IS YOUR ORGANIZATION REALLY READY?

KARIMANOREN

VERONICAGONZALEZ

#COMPLY2018

What can we achieve together in

30minutes?

#COMPLY2018

Why care?

How to care

#COMPLY2018

#COMPLY2018

Information is

POWER

#COMPLY2018

Power can be

DANGEROUS

#COMPLY2018

Personal information is

REALLYpowerful

#COMPLY2018

We

ALLhave personal information

#COMPLY2018

…and then we give it away

#COMPLY2018

leaving a

DATATRAIL

#COMPLY2018

#COMPLY2018

HOW SAFEDo you feel?

#COMPLY2018

The GDPR is there to

STOPThe grenades going

off and harming people like you and me

#COMPLY2018

by applying

the GDPRprinciples

#COMPLY2018

Lawfulness, fairness and transparency.Personal data must be processed lawfully, fairly and in a transparent manner.

Purpose limitation.Personal data must be collected only for specific, explicit and legitimate purposes.

Data minimisation.Personal data must be adequate, relevant and not excessive.

Accuracy.Personal data must be accurate and, where necessary, kept up-to-date.

Storage limitation.Personal data must not be kept longer than necessary.

Integrity and confidentiality.Personal data must be processed in a manner that ensures its appropriate security.

Accountability.The data controller is responsible for, and must be able to demonstrate, compliance with the other data protection principles.

#COMPLY2018

remind me:

How does this apply to

me?

#COMPLY2018

The General Data Protection Regulation (GDPR) is EU Law

It comes into force on 25 May 2018

It is NOT like Y2K. GDPR is a journey not a destination. It starts on 25 May...

It applies to any organisation that:● Offer goods or services to data subjects in the

EU irrespective of whether payment is received;● Monitors data subjects’ behaviour insofar as

their behaviour takes place within the EU.

It imposes the strictest regime when it comes to data protection. It is the new Gold Standard.

It is principle based.

#COMPLY2018

ANDyou need to

CAREabout privacy

#COMPLY2018

So why should

YOUcare?

(Apart from the grenade stuff)

#COMPLY2018

How can you

SHOWthat you care?

#COMPLY2018

#COMPLY2018

Building a SuccessfulPRIVACY PROGRAM

#COMPLY2018

BUILDING BLOCKS: The Team

25

• Don’t do this alone

• Quality of the team is the quality of the output

• Empower the team

#COMPLY2018

BUILDING BLOCKS: The Promises

26

1. Awareness. We know our privacy obligations.

2. Inventory. We know what personal data we have and what we do with it.

3. Transparency. We tell people what we do with their personal data.

4. Safe Sharing. We only share personal data with organizations /people we trust.

5. Rights of Individuals. We respect the rights of individuals.

6. Security. We keep personal data safe.

7. International. We only send personal data to safe places.

8. Privacy by Design. We build privacy into everything we do.

#COMPLY2018

BUILDING BLOCKS: The Plan

27

• Work against an actionable plan

• Iterate on the plan

• Document everything

#COMPLY2018

BUILDING BLOCKS: FOCUS

28

Keep going back to the mission

#COMPLY2018

STAY CALM AND PRIVACY ON

29

• Recognize it’s a journey, not a destination

• Privacy by design – not perfection

• Methodology to action the plan:- Quick wins

- Labor-intensive tasks

- Hard decisions

#COMPLY2018

THE HARD STUFF

30

• What’s hard for you is hard for everyone else

• Fix the past, but focus on future

• Don’t stall the program

• Collaborate with others in your industry

#COMPLY2018

CULTURAL SHIFT

31

• Make it relevant

• Make it accessible

• Don’t just focus on “compliance”

#COMPLY2018

NEXT 8 DAYS…

32

• Focus on visible compliance - Awareness- Privacy Policy- Be contactable and response to Subject Access

Requests

• Pause marketing emails to EU

• Document the overall plan of what you intend to do

#COMPLY2018

THANK YOU

33

Karima NorenCo-Founder, Privacy Compliance Hub

Veronica GonzalezVP, Global Head of Business & Legal AffairsOutbrain Inc.