1 / 51

GENERAL DATA PROTECTION REGULATION

GENERAL DATA PROTECTION REGULATION. Iain Garfield Partner Head of Commercial . WE WILL COVER. Data Protection Principles Lawful processing and consent Data subject rights Controller’s duties Business contracts Employment / HR Direct marketing Data breaches International transfers

morrison
Download Presentation

GENERAL DATA PROTECTION REGULATION

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. GENERALDATA PROTECTION REGULATION Iain Garfield Partner Head of Commercial

  2. WE WILL COVER • Data Protection Principles • Lawful processing and consent • Data subject rights • Controller’s duties • Business contracts • Employment / HR • Direct marketing • Data breaches • International transfers • Penalties

  3. TIMEFRAME

  4. GDPR IN CONTEXT

  5. GDPR IN CONTEXT 35,170

  6. GDPR IN CONTEXT 35,170 115,000

  7. DEFINITIONS

  8. DATA PROTECTION PRINCIPLES

  9. LAWFUL PROCESSING

  10. LAWFUL PROCESSING

  11. LAWFUL PROCESSING

  12. LAWFUL PROCESSING

  13. CONSENT

  14. CONSENT CHECKLIST

  15. 3.3 million emails to update customers’ marketing preferences / consents for GDPR • Emails sent to opt-out customers • £70,000 fine CONSENT GONE WRONG

  16. DATA SUBJECTS’ RIGHTS

  17. DATA SUBJECTS’ RIGHTS

  18. DATA SUBJECTS’ RIGHTS

  19. DATA SUBJECTS’ RIGHTS

  20. DATA SUBJECTS’ RIGHTS

  21. DATA SUBJECTS’ RIGHTS

  22. DATA SUBJECTS’ RIGHTS

  23. DATA SUBJECTS’ RIGHTS

  24. DATA SUBJECTS’ RIGHTS

  25. DATA SUBJECTS’ RIGHTS

  26. DATA SUBJECTS’ RIGHTS

  27. DATA SUBJECTS’ RIGHTS

  28. DATA SUBJECTS’ RIGHTS

  29. DATA SUBJECTS’ RIGHTS

  30. DATA SUBJECTS’ RIGHTS

  31. SECURITY

  32. SECURITY

  33. JOINT CONTROLLERS

  34. RECORD KEEPING

  35. RECORD KEEPING

  36. RECORD KEEPING

  37. RECORD KEEPING

  38. DATA PROTECTION OFFICER

  39. DATA PROCESSING CONTRACTS

  40. DATA PROTECTION CONTRACTS

  41. DATA PROTECTION CONTRACTS

  42. DATA BREACHES

  43. IMPACT ASSESSMENT

  44. CROSS-BORDER DATA TRANSFERS

  45. DATA PROCESSING: HR/EMPLOYMENT

  46. DATA PROCESSING: MARKETING

  47. WHY COMPLIANCE MATTERS • ICO can fine up to £18million, or 4% of total worldwide turnover • Joint and several liability for joint controllers • Adverse publicity and reputational damage • Missed opportunities and wasted resources • Increased scrutiny and powers from the ICO • Business interruption • Civil liability / other punitive damages for employment-related breaches • Criminal liability for directors and senior managers • Critical system delays and failures • Business continuity issues • Becoming embroiled in litigation and related time, effort and expense

  48. WHERE TO START??? • Data audit • External-facing privacy policy • Employee data protection policy (and changes to employment contracts) • Review of ‘consent’ procedure • Review of data processing contracts to include statutory wording • Data retention policy • Training sessions • Advice on direct marketing and ‘prospect databases’ • IT security measures • Data protection officer • Data impact assessments • Notifications to, and communications with, the Information Commissioner

More Related