Webinar - Datagraphic · Your Webinar Team Presenting today. Housekeeping 35 Minutes –...
Transcript of Webinar - Datagraphic · Your Webinar Team Presenting today. Housekeeping 35 Minutes –...
GDPR: Should you
be emailing employee
documents?
Webinar
Your Webinar Team
Presenting today.
Housekeeping
35 Minutes – presentation from our experts.
10 Minutes – for your questions.
Please use the Question feature to post questions at any time.
Mike Green
Chief Information
Security Officer
Karensa Maton
Multi-channel
Product Manager
Glyn King
Group Managing
Director
What is GDPR?
Key Facts
GDPR come into force 25th May 2018. Yes, despite Brexit GDPR will still apply to the UK.
GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens.
Enforcement for non-compliance is now backed by significant fines of up to €20m or 4% of group annual global turnover.
The General Data Protection Regulation (GDPR) will replace the Data Protection Act. In many ways it’s similar, but GDPR gives individuals better control over their personal data and requires organisations to put data privacy higher on the agenda.
The ICO’s 12 Steps to prepare for GDPR
Awareness Educating decision makers about GDPR and its impact
Data audit
Understanding the data you hold and process
Privacy
Reviewing privacy notices and making changes where needed
Individual rights
Understanding the rights individuals have
1
2
3
4
Subject access requests Develop procedures to handle requests within new timescales
5 Lawful processing
Identifying your right to process personal information
Consent Checking if consent is needed
to record, manage and store employee information?
Children checking if parental/guardian
consent is need to process info held on children.
Data breaches Designing procedures to
detect, report and investigate a personal data breach.
Data Protection Impact Assessments (PIA)
Understanding how and when to implement them.
Data Protection Officers Determining if you need a DPO
and recruiting one.
International
Learning what you need to do if operating in more than one
EU member state.
12
6
11
9
7
8
10
Why are you emailing employees documents?
The world will not end on 25th May 2018.
Let’s help you separate the fact from the fiction.
THE PDF BUBBLE IS ABOUT TO BURST!
Why emailing is being called in to question?
There is nothing in the GDPR that explicitly says you can’t email documents to employees.
So why all the fuss?
GDPR Says: Data controllers and processors are required to “implement appropriate technical and organizational measures” taking into account “the state of the art and the costs of implementation” and “the nature, scope, context, and purposes of the processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons.”
The GDPR provides specific suggestions for what kinds of security actions might be considered “appropriate to the risk.
Email origins
What protection does a password give?
Security through design
Retention periods
The Right to be Forgotten
Consequences
Why emailing is being called in to question?
45% of UK adults (19.5 million accounts) have ‘ghost’ email
accounts that are active but no longer used.
The responsibility of You and Your Data Sharing Partners.
In September 2017 the Information Commission’s Office (ICO) reported 46% increase in
breaches related to email.
Email was never designed to be secure and data lacks protection
in transit and at rest.
Are your email servers protected? Who has access to your data?
Where in the world is it stored?
Email encryption
Controller & Processor
Deleting data that is no longer required in the correct timeframes. 21% of consumers said they
will request for personal data to be removed from current or
previous employers.
GDPR
6 Principals of GDPR
1. Lawfulness, fairness and transparency
2. Purpose limitations
3. Data minimisation
4. Accuracy
5. Storage limitations
6. Integrity and confidentiality
The Options
Your Options
Least secure Most secure
Personal Intranet
Secure Purl
Secure Portal
Secure Email Password
Protected Email
Secure Purl
The secure alternative to emailing documents.
Secure Purl.
Putting information at their
fingertips.
No registration required
Users view their document with a pass
code created from memorable data .
Reliable hosting
We ensure the document is available
when your contact wants to view it – from
a secure personalised URL.
Controlled distribution.
You define how long a document is visible
and can withdraw it to comply with data
protection ‘right to be forgotten’ requests.
Tailored alerts
Receive alerts for users who haven’t
viewed your content: allowing you to
prioritise follow-ups for documents
needing an urgent response.
Secure Portal.
Employee communications done differently.
Secure Portal – Epay.
Giving employees access to payroll, HR, reward and pension information in different ways.
24/7 access.
Connect employees to their data around
the clock, every day of the year from any
Internet enabled device.
Increase employee engagement.
Update employees via the message
board. Choose if a message can be seen
by all or select groups.
Present multiple document types.
Host current and historical payslips, P60s,
P45s, reward and pension statements
and more.
Go mobile.
Get your information to employees at
work, home and on-the-go.
Epay.
Why online communications matter.
The Case for Change
Think mobile-first
60% of Epay users access from
mobile and tablet devices.
UK Adults are Internet users
82% use the Internet daily and usage
is strong in all age groups.
96%
98%
95%
89%
82%
47%
16-24
25-34
35-44
45-54
55-64
65+
Ag
e G
rou
p
Summary
+44 (0)1246 543000
datagraphic.co.uk
Take away Review what personal employee information you communicate.
Review how you communicate and store personal employee information.
Satisfy yourself you are using the most secure means of transmit and storing information.
Implement secure alternatives if required.