Achieve GDPR compliance without losing your mind

@pl4n3th

#FemtoConf

#GDPR

Protects Personal Data of persons inside EU

EU  General Data Protection Regulation

@pl4n3th

#FemtoConf

#GDPR

Special category of data

Protects Personal Data of persons inside EU

Name, identification number, location data, an online identifier 

Physical, physiological, genetic, mental, economic, cultural or social identity factors

@pl4n3th

#FemtoConf

#GDPR

Any piece of information that can identify a physical person

Data subject’s rights

Protects Personal Data of persons inside EU

@pl4n3th

#FemtoConf

#GDPR

Any person who’s physically inside EU 

Single point of contact

EU company : Data Protection Authority

Outside EU company : Central Data Protection Authority + EU representative

Protects Personal Data of persons inside EU

@pl4n3th

#FemtoConf

#GDPR

Privacy

What you can do with people’s data & what you can’t

Protects Personal Data of persons inside EU

@pl4n3th

#FemtoConf

#GDPR

collection
recording
organisation
structuring
storage
adaptation or alteration

retrieval

consultation
use
disclosure by transmission
dissemination or otherwise making available
alignment or combination
restriction
erasure or destruction

Processing =

Security of processing

Protects Personal Data of persons inside EU

@pl4n3th

#FemtoConf

#GDPR

Joint responsability as

Data controller

Data processor

Technical specifications = article 32

Protects Personal Data of persons inside EU

@pl4n3th

#FemtoConf

#GDPR

Don’t mess with people’s data

@pl4n3th

#FemtoConf

#GDPR

Set of best pratices

Marketing & customer relationship

Security

Functionalities

@pl4n3th

#FemtoConf

#GDPR

Risks & penalties

Fines ... 😱

BEFORE THAT

European companies will ask for GDPR 

People will ask for their rights

Stop collecting and/or processing personal data

@pl4n3th

#FemtoConf

#GDPR

KEEP CALM & DOCUMENT

Process & procedures

Record of processing activities

Privacy notice

@pl4n3th

#FemtoConf

#GDPR

Action plan

@pl4n3th

#FemtoConf

#GDPR

Put someone in charge

GDPR spans a lot of domains

@pl4n3th

#FemtoConf

#GDPR

Take inventory of your data

Personal data from:

Clients & customers
Employees
Partners
Customers’ customers

@pl4n3th

#FemtoConf

#GDPR

Take inventory of your data

You want to know the

Who?

What?

Where?

How long?

Why?

How?

@pl4n3th

#FemtoConf

#GDPR

Take inventory of your data

Where?

Transfer to third contry

Adequacy decision

“Privacy Shield”

Standard data-protection clauses

Data Processing Agreement

How long?

@pl4n3th

#FemtoConf

#GDPR

Take inventory of your data

Why?

Legal ground for processing

How?

Performance of a contract

Consent from data subject

Compliance with legal obigation

@pl4n3th

#FemtoConf

#GDPR

Train your team on privacy & security

Identify when “it’s personal data“

Privacy by design & by default

Procedures for:

Marketing campaign

New users stories

Transfering list of contacts

@pl4n3th

#FemtoConf

#GDPR

Train your team on privacy & security

Profiling, retargeting

Notification of personal data breach

@pl4n3th

#FemtoConf

#GDPR

Review information to people

What you’re doing with people’s data

How can people exercise their rights

@pl4n3th

#FemtoConf

#GDPR

Update your consent process

Clearly distinguishable

Intelligible & easily accessible form

Clear & plain language

As easy to withdraw consent

@pl4n3th

#FemtoConf

#GDPR

https://pagefair.com/blog/2018/granular-gdpr-consent/

https://ico.org.uk/

@pl4n3th

#FemtoConf

#GDPR

It’s a perfect marketing opportunity to improve the relationship with your customers

@pl4n3th

#FemtoConf

#GDPR

Implement data subjects’ rights

Access

Rectification

Erasure (‘right to be forgotten’)

Portability

Restriction of processing

@pl4n3th

#FemtoConf

#GDPR

implement data subjects’ rights

People have already expressed their intent to exercise their rights.

@pl4n3th

#FemtoConf

#GDPR

The key is intelligent use of data

@pl4n3th

#FemtoConf

#GDPR

gdpr4saas.eu

for help

&

ressources

@pl4n3th

#FemtoConf

#GDPR

@pl4n3th

#FemtoConf

#GDPR