EU GDPR: What You Really Need to Know
18
EU GDPR: What You Really Need to Know
-
Upload
blancco-technology-group -
Category
Law
-
view
1.290 -
download
1
Transcript of EU GDPR: What You Really Need to Know
MEET THE PANEL
VP, Product Marketing & Strategy, Blancco Technology Group
Chris MerrittPartner, DLA Piper
Giulio Coraggio
Presenters
RESEARCH STUDY OVERVIEW
EU GDPR: A Corporate Dilemma
WHAT WE’LL EXPLOREAwarenessWhat are businesses’ levels of awareness surrounding Europe’s General Data Protection Regulation?
PreparednessWhat are businesses’ levels of preparedness in relation to their awareness of GDPR?
TimelineWhat sort of timeframe are businesses allowing to prepare for GDPR compliance by 2018?
ProcessWhich processes must businesses be considering and implementing in order to fulfill GDPR requirements?
ApplicabilityCan we expect the GDPR to be used as a model for non-European countries?
AWARENESS
Webinar Audience PollHow do you rate your level of awareness of
the GDPR?
36% 7% 57%
AWARENESS
‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
How do IT Professionals Around the World Rate Their Level of Awareness of the
GDPR?
AWARENESS
Technical Implications
Legal Implications
1. Assess Current CapabilitiesNeed to understand current gaps – technological and cultural
2. Identify Needed UpdatesLeverage standards and new technologies to address gaps
3. Gain Buy-inCreate awareness in C-suite / Board, and across organization with peers
1. Volume of Required Changes Need for documented
reorganization of product lines and of group structures
2. No Benefits of One-Stop ShopThe possibility to deal with a
single regulator will require internal reorganization
3. Potential SanctionsPrivacy compliance cannot be
considered as a commodity due to fines up to 4% of global
turnover
PREPAREDNESS
Webinar Audience PollHow would you rate your organization’s
level of preparation to adhere to EU GDPR requirements ?
Unprepared: Don’t
know how or where to
start
On the right track:
Currently researching/developing processes
Somewhat prepared: Still need to
find Data Removal Software
Fully Prepared:
Est. Processes, policies &
tech
Don’t know
5%14%
48%
14%
19%
PREPAREDNESS
40%
Admit to being less than fully
prepared to comply with
GDPR requirements ‘EU GDPR: A Corporate Dilemma’, Blancco Technology Group, 2016
PREPAREDNESS
1. Start with the BasicsFocus on data protection basics – both technologies and processes – which reach minimum standards
2. Explore New TechnologiesIn addition, look at high-impact tech which raise the bar
3. Begin Pilot ProjectsEstablish efficacy and gain buy-in within organization
1. Privacy and Security By DesignThe accountability principle and
privacy and security by design will require a higher level of
documented compliance
3. Liability for Data BreachesIn the case of data breaches
notification obligations apply to regulators and affected
individuals
2. No Privacy Impact AssessmentPrivacy impact assessments shall
be performed for projects which might be exposing individuals to
enhanced privacy risks
Technical Implications
Legal Implications
TIMELINE
Timeline Required for Organizations to Develop and Implement IT Processes & Tools to Pass a “Right to be Forgotten”
Audit
TIMELINE
Technical Implications
Legal Implications
1. New Rights Individuals rights are considerably
empowered
2. Need of ProceduresNeed to implement procedures to deal
with exercise of ‘right to be
forgotten’ and portability rights
3. Stringent EnforcementThe appointed data protection officer
shall monitor compliance with
privacy law
1. Start NowFully realizing improvements from tech takes longer than we
think
2. Look Beyond Tech Revise existing /
develop new processes to
support changes in policy
3. Educate Ultimately
everyone in the organization must
understand the need for change – and their role in it
PROCESS
Don’t have defined & documented
processes/technology to remove outdated
or irrelevant customer data
41%Types of Technology/Software
Organizations Consider to Have the Most Value in Addressing “Right to be Forgotten” and
Ensuring Compliance with EU GDPR
PROCESS
1. Potential LiabilitiesData can no longer processed for
an indefinite period of time
Technical Implications
Legal Implications
1. Look for SynergiesChoose technologies that work together to meet your ultimate goal – better data protection
2. Consider End-to-End ProcessMap out data flows – from creation to usage to storage to deletion – and ensure complete coverage
3. Strive for BalanceDevelop a philosophy of “secure enablement” to meet both legal and business objectives
2. Actions to be TakenContinuous review of procedures
and databases
3. Data Becomes a RiskPersonal data is a resource but
might become a source of major liabilities for the company
APPLICABILITY
65% of IT Professionals Believe Other Countries/ Regions Should Implement Data Protection Laws Similar to GDPR‘EU GDPR: A Corporate
Dilemma’, Blancco Technology Group, 2016
1. Think GloballyConsider where your customers are, not only on where your offices are – and develop data-centric policies
2. Act LocallyImplement consistent processes and supporting technologies across all locations and individuals
3. Engage All StakeholdersWhile data protection might be the focus of certain jobs, everyone should understand the importance and their role in making it a reality
1. Impact on non-EU EntitiesIf there is offering of goods or services to individuals in the
European Union
3. New Model of BusinessExtended scope might lead to changes in business strategy
given the potential risks
2. Impact on Remote MonitoringIf behavior occurring in the
European Union is monitored
Technical Implications
Legal Implications
APPLICABILITY
NEXT STEPS
04
01
03
02
Create Awareness“Business as Usual” is not sufficient, and everyone will play a part in required changes
Policies and ProcessesPolicies beget processes, and both will need to be updated based on new legal landscape
Start with Baby StepsClose gaps using existing processes / technologies now, firming up your data protection foundations
Upgrade TechnologiesBased on new policies and gap analysis, plug technology holes with tools that have big impacts
Blancco Technology Group is a leading, global provider of mobile device diagnostics and secure data erasure solutions. We help our clients’ customers test, diagnose, repair and repurpose IT devices with the most proven and certified software. Our clientele consists of equipment manufacturers, mobile network operators, retailers, financial institutions, healthcare providers and government organizations worldwide. The company is headquartered in Alpharetta, GA, United States, with a distributed workforce and customer base across the globe.
DLA Piper is a global law firm with lawyers in the Americas, Asia Pacific, Europe, Africa and the Middle East, positioning us to help companies with their legal needs around the world. We strive to be the leading global business law firm by delivering quality and value to our clients. We achieve this through practical and innovative legal solutions that help our clients succeed. We deliver consistent services across our platform of practices and sectors in all matters we undertake.Our clients range from multinational, Global 1000, and Fortune 500 enterprises to emerging companies developing industry-leading technologies. They include more than half of the Fortune 250 and nearly half of the FTSE 350 or their subsidiaries. We also advise governments and public sector bodies.
DOWNLOAD EU GDPR RESEARCH STUDY DOWNLOAD FREE EVALUATION
