GDPR

Seminar

26 April 2018 – Hogeschool Leiden

Agenda

• INTRODUCTION

• GDPR WORKFLOW

• CASE STUDY

• HOW WE CAN HELP

1

PIETER SCHERPENHUIJSENINDICA Founder, Technical Director & Lead Developer

2

STEPHAN IDEMAManager Forensic Technology at KPMG

GDPR Workflow

3

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

H company is a multinational company based in the Netherlands

H Company has 5000+ employees and 200+ business

partners worldwide

H Company has been gathering and maintaining

employee data for 25+ years

H Company is in possession of both

current & previous employee data

H Company is also in possession of

clients’ (B2B & B2C) data

Case Study- H Company

4

GDPR Workflow

5

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

Data Protect Impact Assessment (PIA)

6

Data Protect Impact Assessment (PIA) is necessary prior to the implementation of

data processing systems or activities that comply with the General Data

Protection Regulation (GDPR)

Describe the nature, scope, context and purposes of the processing01

Assess necessity, proportionality and

compliance measures02

Identify and assess risks to individuals03

Identify any additional measures to

mitigate those risks04

What about my data?

7

Structured Data

Unstructured Data

What about my data?

8

GDPR Workflow

9

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

10

CRM

File shares

Databases

Email

DMS

Data Landscape

Structured data is easy, but how to handle the unstructured data?

GDPR Workflow

11

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

Initial Report - Overview

12

The Overview page provides the real - time information about the personal data

stored in your company and shows your progress in resolving GDPR issues

Initial Report - Landscape

13

The Landscape page provides you with privacy risk map and illustrates the

personal data distribution across your company’s infrastructure

Initial Report - Issues

14

The Issues page contains a full list of privacy issues and the graphs on the right

side represents your total progress

GDPR Workflow

15

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

Assess Privacy Risks

Unlawful processing of

personal dataAuthorization risks Data Retention Risks

• Processing of personal data for

which there is no legal ground

• Processing of personal data

that does not align with the

original purpose of processing

• Processing sensitive personal

data where no consent is given

• Access to unstructured data is

not managed

• Unauthorized access to

personal data

• Access to personal data is

inconsistent with corporate

policy

• Personal data is stored after

the retention guidelines

• Processing of personal data

for which there is no legal

ground

16

GDPR Workflow

17

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

Mitigation

18

Unlawful processing of

personal dataAuthorization risks Data Retention Risks

Policies and Procedures with

regards to data processing

Awareness & Training of

Personnel

Data Monitoring &

Dashboarding

IAM Processes & ProceduresSetting up data retention

schemes

Implementing data

retention IT controls

REPEAT

19

(Procedures) (Data)

PIA Questionnaire

Data Landscape

Assess Privacy Risks

Mitigation

Scan,

Tag

& Report

Thank you!

INDICA Team

www.indica.nl

T. +31 30 227 0160E. info@indica.nl

INDICA NL B.V.Groest 106, 1211 EE HILVERSUM, The Netherlands