@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR
Special category of data
Name, identification number, location data, an online identifier
Physical, physiological, genetic, mental, economic, cultural or social identity factors
@pl4n3th
#FemtoConf
#GDPR
Any piece of information that can identify a physical person
Data subject’s rights
@pl4n3th
#FemtoConf
#GDPR
Any person who’s physically inside EU
Single point of contact
EU company : Data Protection Authority
Outside EU company : Central Data Protection Authority + EU representative
@pl4n3th
#FemtoConf
#GDPR
What you can do with people’s data & what you can’t
@pl4n3th
#FemtoConf
#GDPR
collection
recording
organisation
structuring
storage
adaptation or alteration
retrieval
consultation
use
disclosure by transmission
dissemination or otherwise making available
alignment or combination
restriction
erasure or destruction
@pl4n3th
#FemtoConf
#GDPR
Data controller
Data processor
Technical specifications = article 32
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR
Marketing & customer relationship
Security
Functionalities
@pl4n3th
#FemtoConf
#GDPR
BEFORE THAT
European companies will ask for GDPR
People will ask for their rights
Stop collecting and/or processing personal data
@pl4n3th
#FemtoConf
#GDPR
Process & procedures
Record of processing activities
Privacy notice
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR
GDPR spans a lot of domains
@pl4n3th
#FemtoConf
#GDPR
Personal data from:
Clients & customers
Employees
Partners
Customers’ customers
@pl4n3th
#FemtoConf
#GDPR
You want to know the
Who?
What?
Where?
How long?
Why?
How?
@pl4n3th
#FemtoConf
#GDPR
Where?
Transfer to third contry
Adequacy decision
“Privacy Shield”
Standard data-protection clauses
Data Processing Agreement
How long?
@pl4n3th
#FemtoConf
#GDPR
Why?
Legal ground for processing
How?
Performance of a contract
Consent from data subject
Compliance with legal obigation
@pl4n3th
#FemtoConf
#GDPR
Identify when “it’s personal data“
Privacy by design & by default
Procedures for:
Marketing campaign
New users stories
Transfering list of contacts
@pl4n3th
#FemtoConf
#GDPR
Profiling, retargeting
Notification of personal data breach
@pl4n3th
#FemtoConf
#GDPR
What you’re doing with people’s data
How can people exercise their rights
@pl4n3th
#FemtoConf
#GDPR
Clearly distinguishable
Intelligible & easily accessible form
Clear & plain language
As easy to withdraw consent
@pl4n3th
#FemtoConf
#GDPR
https://pagefair.com/blog/2018/granular-gdpr-consent/
https://ico.org.uk/
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR
Access
Rectification
Erasure (‘right to be forgotten’)
Portability
Restriction of processing
@pl4n3th
#FemtoConf
#GDPR
People have already expressed their intent to exercise their rights.
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR
for help
&
ressources
@pl4n3th
#FemtoConf
#GDPR
@pl4n3th
#FemtoConf
#GDPR