Achieve GDPR compliance without losing your mind
@pl4n3th
#FemtoConf
#GDPR
Protects Personal Data of persons inside EU
EU General Data Protection Regulation
@pl4n3th
#FemtoConf
#GDPR
Special category of data
Protects Personal Data of persons inside EU
Name, identification number, location data, an online identifier
Physical, physiological, genetic, mental, economic, cultural or social identity factors
@pl4n3th
#FemtoConf
#GDPR
Any piece of information that can identify a physical person
Data subject’s rights
Protects Personal Data of persons inside EU
@pl4n3th
#FemtoConf
#GDPR
Any person who’s physically inside EU
Single point of contact
EU company : Data Protection Authority
Outside EU company : Central Data Protection Authority + EU representative
Protects Personal Data of persons inside EU
@pl4n3th
#FemtoConf
#GDPR
Privacy
What you can do with people’s data & what you can’t
Protects Personal Data of persons inside EU
@pl4n3th
#FemtoConf
#GDPR
collection
recording
organisation
structuring
storage
adaptation or alteration
retrieval
consultation
use
disclosure by transmission
dissemination or otherwise making available
alignment or combination
restriction
erasure or destruction
Processing =
Security of processing
Protects Personal Data of persons inside EU
@pl4n3th
#FemtoConf
#GDPR
Joint responsability as
Data controller
Data processor
Technical specifications = article 32
Protects Personal Data of persons inside EU
@pl4n3th
#FemtoConf
#GDPR
Don’t mess with people’s data
@pl4n3th
#FemtoConf
#GDPR
Set of best pratices
Marketing & customer relationship
Security
Functionalities
@pl4n3th
#FemtoConf
#GDPR
Risks & penalties
Fines ... 😱
BEFORE THAT
European companies will ask for GDPR
People will ask for their rights
Stop collecting and/or processing personal data
@pl4n3th
#FemtoConf
#GDPR
KEEP CALM & DOCUMENT
Process & procedures
Record of processing activities
Privacy notice
@pl4n3th
#FemtoConf
#GDPR
Action plan
@pl4n3th
#FemtoConf
#GDPR
Put someone in charge
GDPR spans a lot of domains
@pl4n3th
#FemtoConf
#GDPR
Take inventory of your data
Personal data from:
Clients & customers
Employees
Partners
Customers’ customers
@pl4n3th
#FemtoConf
#GDPR
Take inventory of your data
You want to know the
Who?
What?
Where?
How long?
Why?
How?
@pl4n3th
#FemtoConf
#GDPR
Take inventory of your data
Where?
Transfer to third contry
Adequacy decision
“Privacy Shield”
Standard data-protection clauses
Data Processing Agreement
How long?
@pl4n3th
#FemtoConf
#GDPR
Take inventory of your data
Why?
Legal ground for processing
How?
Performance of a contract
Consent from data subject
Compliance with legal obigation
@pl4n3th
#FemtoConf
#GDPR
Train your team on privacy & security
Identify when “it’s personal data“
Privacy by design & by default
Procedures for:
Marketing campaign
New users stories
Transfering list of contacts
@pl4n3th
#FemtoConf
#GDPR
Train your team on privacy & security
Profiling, retargeting
Notification of personal data breach
@pl4n3th
#FemtoConf
#GDPR
Review information to people
What you’re doing with people’s data
How can people exercise their rights
@pl4n3th
#FemtoConf
#GDPR
Update your consent process
Clearly distinguishable
Intelligible & easily accessible form
Clear & plain language
As easy to withdraw consent
@pl4n3th
#FemtoConf
#GDPR
https://pagefair.com/blog/2018/granular-gdpr-consent/
https://ico.org.uk/
@pl4n3th
#FemtoConf
#GDPR
It’s a perfect marketing opportunity to improve the relationship with your customers
@pl4n3th
#FemtoConf
#GDPR
Implement data subjects’ rights
Access
Rectification
Erasure (‘right to be forgotten’)
Portability
Restriction of processing
@pl4n3th
#FemtoConf
#GDPR
implement data subjects’ rights
People have already expressed their intent to exercise their rights.
@pl4n3th
#FemtoConf
#GDPR
The key is intelligent use of data
@pl4n3th
#FemtoConf
#GDPR
gdpr4saas.eu
for help
&
ressources
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR