What is - mrkto.b2bmarketing.netmrkto.b2bmarketing.net/rs/085-VAB-435/images/Insight...
Transcript of What is - mrkto.b2bmarketing.netmrkto.b2bmarketing.net/rs/085-VAB-435/images/Insight...
All rights reserved.
What is GDPR?
3
What is GDPR?
CIO
COO
CSO
CTO
CEO
CAO
CRO
CBO
CDO
CMO
CFO
What is
the Penalty
What is
GDPR
Why
GDPR Who is the
Data Controller Who is the
Data Processor
Who is the
Data User
WHAT?
WHY? WHEN?
HOW?
The EU General
Data Protection
Regulation (GDPR)
was designed to
harmonize data
privacy laws across
Europe, to protect
and empower all
EU citizens data
privacy and to
reshape the way
organizations
across the region
approach data
privacy.
Key aspects -
Minimize
personal data
collection.
Delete unused
personal data.
Restrict access
to personal data.
Secure the
collected data.
All rights reserved. 4
What are the fundamental principles?
There are Seven Principles (Article 5)
1 Lawfulness, fairness and transparency.
2 Purpose limitation.
3 Data minimisation.
4 Accuracy.
5 Storage limitation.
6 Integrity and confidentiality.
7 Accountability and compliance.
All rights reserved. 5
The broad picture of GDPR
A comprehensive approach to
data security.
Regulation to protect individual’s
data within EU.
Addresses export of personal
data outside EU.
Citizens get control of their
personal data.
Ability to invoke data protection
rights on behalf of individuals by
privacy groups.
Simplifies international business
regulatory environment.
Replaces old Data Protection
Directive of 1995.
What is GDPR?
Obtain consent for collecting
personal data.
Consent age to collect
individual’s data - 16 years.
Delete data if not used for the
purpose collected.
Delete data if individual revokes
data holding consent.
Single national office monitoring
and handling complaints.
Appoint a Data Protection
Officer.
Updated rights to claim
compensation.
Big fines.
‒ €10 mil or 2% Global Turnover.
‒ €20 mil or 4% of Global
Turnover.
What does it cover?
25th May, 2018.
When does it come in
implementation?
Data Controllers, Data Processors
and Data Users.
Organizations that use, store,
manage data.
‒ Of EU residents.
‒ On behalf of Data Controller
and/or Data Users.
Non-EU firms collecting or
processing personal data of EU
residents.
Who does it impact?
All rights reserved. 6
The broad picture of GDPR
Warning.
Reprimand.
Suspension of data processing.
Fine.
What are ICO
Enforcement Actions?
E-Privacy Directive is looking at
amending PECR.
PECR will fall in line with GDPR.
All B2B marketers should be
GDPR compliant too.
How does
EU GDPR affect PECR?
Right to information.
Right to access.
Right to rectification.
Right to be forgotten.
Right to restriction of
processing.
Right to notification.
Right to data portability.
Right to object.
Right to appropriate decision
making.
What are
individuals rights?
Processing operations which require
regular monitoring of data subjects.
Processing on a large scale of special
categories of data (Article 9).
The DPO must appraise the
organisation of the accountability
principle.
DPO must be independent
Report to the highest level of
organization.
What is the
New DPO Role?
All rights reserved. 7
Why GDPR?
z
Mainframe
Microsoft
PC UseNet
WWW eBay
Google Salesforce
iPhone
Big Data
Internet
of things
Pervasiveness
of Information
Technology
Relevance of
Data Protection
1970 1980 1990 2000 2010 2020
t
1970
First DP Law
of the world
in Hessen,
Germany 1983
Right of
informational
self-determination
proclaimed by
highest court
in Germany
1995
EU directive
on data
protection.
2000
Safe
Harbor
2001
September
attacks
9/11
Frequent
Data
Breaches
National
DP laws
tightening
Mass
surveillance
disclosures
2015
Safe Harbor
declared invalid
2018
GDPR
in effect?
1985
Treaty signed
for protection
of individuals.
The European Data
Protection Directive
95/46/EC was created
as an essential element of
EU privacy and human rights law.
2009 Article 29
Working Party released the
“Future of Privacy” paper for personal
data protection.
2010 EU commission sets out strategy on protecting
individual’s data in all policy areas.
2011 European Commission plans to implement a Regulation applicable to all EU Member States.
2012 EU
commission proposed a
comprehensive reform of EU’s
1995 data protection rules to strengthen online privacy
rights.
2016
GDPR adopted? The 47 countries of the Council of Europe celebrated the Council of Europe's Convention108.
47 members of
the Council of
Europe ratified the
Treaty, except Turkey.
DPA was based on a
Directive.
DPD is over 20 years
old and could not
predict new
technologies.
Member state could
interpret the rules as
they saw fit.
The EU GDPR is an
agreed Regulation.
It recognises the value
of personal
information.
Examples include –
Cyber theft, big data,
predictive behaviour,
automated-decision
making.
GDPR
All rights reserved.
Obligations
Fairness
Transparency
Consent
Accuracy
Impact assessments
Security
Purpose
Proportionality
Risk
Correction
8
How GDPR impacts you?
GDPR
Data
Processors
activities
Provision
of an
appropriate
level of
security
Data breach
notifications
to buyers
Assign DPO
Record-
keeping of
consent
Direct liability
to pay
compensation Buyer’s
compliance
with it’s
security
obligations
Impact
assessments
and prior
consultations
with data
protection
authorities
Third parties
like cloud
providers are
responsible
for breach
Data
Users
activities
Provision
of an
appropriate
level of
security
Must specify
if they intend
to transfer
the user’s
data out of
the EU Non-EU data
processors
also be
captured
Must specify
the level
of data
protection
out of the EU
Obligation
to appoint
a DPO
Data
Controllers
activities
Written data
processing
agreements
are
compulsory
Data
processing
activity
records to
be kept up-
to-date
Non-EU
Data
Processors
Are
included
Restrictions
on cross-
border data
transfers
Obligation
to appoint a
DPO
Data security
obligations &
Data breach
reporting is
mandatory
Data
Processors
are equally
responsible
DPO – Data Protection Officer
Obligations Determine GDPR exposure Understand penalties Establish controls Determine opt-in statement specifics Prior consent / Opt-In Explicit double opt-in Buy targeted lists and opt-in Store record of consent message Check privacy and cookie consent Storing system security Retrieval process Disclosure process Erasing process (RtbF)
All rights reserved. 9
Marketers guide
Prior consent / Opt-In.
Double opt-in.
A record of the consent message stored.
Secured data storing system.
Data retrieval process in line with GDPR.
Disclosure process to be in line with GDPR.
The erasing process to be followed as per GDPR guidelines.
Marketers Obligations
Determine your exposure under EU GDPR.
Understand the penalties.
Start planning today! You have less than 12 months.
Establish what controls you need in place such as opt-in services.
Get the specifics of your opt-in statement right.
Check privacy and cookie consent.
Get explicit double opt-in consent from your contacts.
Buy targeted lists now and get them to opt-in to your communications.
Marketers Checklist
All rights reserved. 10
Roadmap to compliance
Begin Successful
Journey
Obtain
Senior
Management
approval
Undertake data audit
(Data Mapping/
Flows) (POTI)
Privacy Impact
Assessments (PIA)/
Risk treatments/
Risk exposure
Plan for ongoing
assessments / training
Setup a
formal
project
Conduct research
of similar industries
Communication
& awareness
Engage suppliers/
consult widely
within organisation
Identify various
departments and
data flow
Identify controls
(technical / administrative)
Define scope of
the project / SoA
Resourcing
Develop
security policies
ISO27001 /
27003
Thank You
US: +1 571 281 0707
EU: +44 2030 265 330
IND: +91 22 26771 2001
Peter Thiel
Marc Andreessen
John Lagerling
David Wehner
Lori Goler
Jan Koum
Sheryl Sandberg
Alex Stamos
Timothy Campos
Dan Rose
Elliott Schrage
Amin Zoufonoun
Mark Zuckerberg
Erskine Bowles
Colin Stretch
Mike Schroepfer
Reed Hastings
Christopher Cox
Y Combinator
Asana
Slide
Geni.com
Votizen
Founders Fund Thiel Foundation
Mithril Capital Management
Vator
Palantir Technologies
In-Q-Tel
Big Think
Booktrack Nanotronics
Imaging Practice Fusion Legendary Entertainment
Yammer
Rypple
Valar Ventures
Zenefits IronPort
TransferWise Powerset
Clarium Capital
Rapleaf
Stripe
MetaMed
Yelp Inc.
Quora
Friendster
Varian Medical Systems
Regina Dugan
MTG Zynga
GitHub
CollabNet
AOL Kno
Netscape Communications
Mosaic Communications Corporation
Hewlett Packard Enterprise
Groupon Andreessen Horowitz
Qik Jawbone
Bump Technologies
Loudcloud
Anki
Oculus VR
Opsware
Foursquare TinyCo.
Twitter Skype
University of Illinois
Regina Dugan
eBay
Revcube
DePaul University Brad Smallwood
Dan Levy David Fischer
Ernst & Young
w00w00 San Jose State University Lisa Nakashoji
PwC
University of Southern Queensland
Starbucks
Indiana University
European SMB
Brookings Institution
Ad Council
Courtney Abernathy
Rick Kelley
Lean In Foundation
Diageo
Bartle Bogle Hegarty
Grey Communications Group
University of Leeds
University of Navarra
Siemens AG
Center for Global Development
Javier Olivan
Women for Women International
Women in Economics and Government
US Secretary of the Treasury
SAP Software AG
Susan Desmond-Hellmann Genentech
Affymetrix
UCSF
Biotechnology Innovation Organization
California Academy of Sciences
University of Nevada
Bristol-Myers Squibb Pharmaceutical Research Institute
Synopsys
State University of New York College at Potsdam
Field Ops
Booz & Company
Justin Osofsky Jason Taylor
Unknown
Federal Reserve Bank of San Francisco
Bill & Melinda Gates Foundation
Procter & Gamble
Steve Ruggiero
Hari Pudusseri
Dennis Peddecord
Anil Wilson
Shant Oknayan
Heather Freeland
Christina Smedley
Sona Iliffe-Moon
DDB Digital University at DDB Paris
Institut d'Etudes Politiques of Paris
Macalester College
Levi Strauss & Co.
White House
General Motors
DonorsChoose.
Morgan Stanley
Carousel Capital
University of North Carolina
National Commission on Fiscal Responsibility and Reform
University of North Carolina at Chapel Hill
Norfolk Southern
North Carolina Mutual Life Insurance Company Swarthmore College
Infoscape
Cisco Systems
Cambridge University
Mozilla
Mark Rabkin
Atlassian
Akamai Technologies
Ning
Virginia Polytechnic Institute
Jay Parikh Brian Boland
Washington University
Verizon Enterprise Solutions
Comcast
New York University
Blank Mosseri
TokBox University of Geneva
EdVoice.net
Bowdoin College
George Washington University Najam Ahmad
Haiping Zhao Netflix
Pure Software
DreamBox Learning
California State Board of Education NewSchools.org
Pacific Collegiate School Aspire Public Schools
Adam Mosseri Erick Tseng
HEC Paris
PayPal
David Marcus
Zong
Fidji Simo
Stanford University
Microsoft Vector Marketing
Andrew Bosworth
Carolyn Everson
Dartmouth College
Kellogg Huber Hansen Todd Evans & Figel
Richard Allan
Richard Williamson
Benjamin Lequertier
Gilt
Rebecca Van Dyck
Apple
Tom Stocky
Columbia University
MIT
Santa Clara University School of Law
Hertz Global
Amazon
Artemis Internet
University of California, Berkeley
Kenneth Bishop
Diego Dzodan
Harvard
Walt Disney Co.
KLA-Tencor
Miranda Kalinowski
Yahoo
BACK
Nicola Mendelsohn