How to Collect and Process Data Under GDPR?

The D a ta Subject gives his d a ta to the D a ta Cont r olle r . The D a ta Cont r oller has to k eep r ecord o f the consent. WHO’S WHO OF THE D AT A C OLL E CTION PROCESS The D a ta Cont r oller passes the d a ta to the D a ta P r ocesso r . The D a ta P r ocessor can only use d a ta as instructerd by the D a ta Cont r olle r . The D a ta Cont r oller must r each the D a ta Subject and let him r eview new consent r equest and cor r ect his decision if he’d li k e to. R esources: The Final T ext o f the GDPR Including Recitals https://gdp r -i n fo.eu/ How Will GDPR Affect Y our W eb Analytics T racking? https://goo.gl/EHy3f7 5 GDPR Rights With Serious T echnical Consequences https://goo.gl/9HfHRa How to Ma k e Digital Analytics P r ocessing Lawful U nder GDPR and ePrivacy? https://goo.gl/5H3nZ6 Bird & Bird: Guide to the General D a ta P r otection Regul a tion https://goo.gl/kwwNqH The D a ta P r ocessor has to k eep a r ecord o f the p r ocessing activities and implement adequ a te security measu r es. The D a ta Cont r oller asks the D a ta Subject for consent. Be easy to understand, p r ominent and concise, Include the name o f your organis a tion and any third parties, Explain why you want the d a ta, Explain wh a t you will do with it, Remind D a ta Subject th a t he can withdraw consent a t any time, Be specific whe r ever possible, Be k ept under periodic r eviews, Explain how long will you k eep the d a ta, Explain wh a t d a ta a r e you collecting. And the consent r equest should N O T : Use p r e-tic k ed b ox es, opt-out b ox es or default settings. The consent r equest should: The D a ta Subject gives D a ta P r ocessing consent. The D a ta Cont r oller can analy z e the d a ta and use it for the purposes specified earlier in the consent r equest. Learn the k ey diffe r ences between D a ta Cont r ollers, D a ta P r ocessors and D a ta Subjects. Find out how to s a fely collect and analy z e d a ta while r especting D a ta Subject Rights and adhering to General D a ta P r otection Regul a tions. The D a ta Subject is using D a ta Cont r ollers service (e.g. visiting a website). If the D a ta Cont r oller wants to use the d a ta for a new purpose, he needs to r eceive another consent for p r ocessing for this new purpose. INSERT D AT A HERE ANA L Y TICS Y our compan y , the actual beneficia r y o f d a ta f r om web analytics. Y ou a r e cont r olling, r eviewing, comparing and agg r eg a ting web analytics d a ta. The company delivering the tools th a t you a r e using to collect the d a ta. The division between D a ta Cont r oller and D a ta P r ocessor ta k es place if you actually use s o ftwa r e supplied by a vendor which you don’t maintain. In case o f on-p r emise s o ftwa r e your company becomes both the Cont r oller and P r ocesso r . D a ta Subject D a ta Cont r oller D a ta P r ocessor E ve r y person is conside r ed a D a ta Subject and is entitled to access and cor r ect their d a ta, along with the ability to disallow p r ocessing o f their d a ta. EXAMPLE . C OM A C a t

Upload
piwik-pro
Category

Data & Analytics
view
60
download
2

Embed Size (px):

Transcript of How to Collect and Process Data Under GDPR?

Page 1: How to Collect and Process Data Under GDPR?

The Data Subject gives his data to the Data Controller.The Data Controller has to keep record of the consent.

WHO’S WHO OF THE DATA COLLECTION PROCESS

The Data Controller passes the data to the Data Processor. The Data Processor can only use data as instructerd by the Data Controller.

The Data Controller must reach the Data Subject and let him review new consent request and correct hisdecision if he’d like to.

Resources:The Final Text of the GDPR Including Recitals https://gdpr-info.eu/

How Will GDPR A�ect Your Web Analytics Tracking? https://goo.gl/EHy3f75 GDPR Rights With Serious Technical Consequences https://goo.gl/9HfHRa

How to Make Digital Analytics Processing Lawful Under GDPR and ePrivacy? https://goo.gl/5H3nZ6Bird & Bird: Guide to the General Data Protection Regulation https://goo.gl/kwwNqH

The Data Processor has to keep a record of the processing activities and implement adequate security measures.

The Data Controller asks the Data Subject for consent.

Be easy to understand, prominent and concise,

Include the name of your organisation and any third parties,

Explain why you want the data,

Explain what you will do with it,

Remind Data Subject that he can withdraw consent at any time,

Be specific wherever possible,

Be kept under periodic reviews,

Explain how long will you keep the data,

Explain what data are you collecting.

And the consent request should NOT:

Use pre-ticked boxes, opt-out boxes or default settings.

The consent request should:

The Data Subject gives Data Processing consent.

The Data Controller can analyze the data and use it for the purposes specified earlier in the consent request.

Learn the key di�erences between Data Controllers, Data Processors and Data Subjects. Find out how to safely collect and analyze data while respecting

Data Subject Rights and adhering to General Data Protection Regulations.

The Data Subject is using Data Controllers service (e.g. visiting a website).

If the Data Controller wants to use the data for a new purpose, he needs to receive

another consent for processing for this

new purpose.

INSERT DATAHERE

ANALYTICS

Your company, the actual beneficiary of data from web analytics. You are controlling, reviewing, comparing and aggregating web analytics data.

The company deliveringthe tools that you areusing to collect the data.

The division between Data Controller and Data Processor takes place if you actually use software supplied by a vendor which you don’t maintain. In case of on-premise software your company becomes both the Controller and Processor.

Data SubjectData ControllerData Processor

Every person is considered a Data Subject and is entitled to access and correct their data, along with the ability to disallow processing of their data.

EXAMPLE.COM

A Cat