[Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again!
-
Upload
aiim -
Category
Technology
-
view
271 -
download
1
Transcript of [Webinar Slides] Think Brexit Saves You From EU Data Regulations? Think Again!
Underwri(enby:
#AIIMInforma(onIsYourMostImportantAsset.LearntheSkillstoManageIt
ThinkBrexitSavesYoufromEUDataRegula(ons?ThinkAgain!
6StepstoPreparefortheDataProtec(onRevolu(on
Presented22ndSeptember,2016
6StepstoPreparefortheDataProtec(onRevolu(on
AnAIIMWebinarPresented22ndSeptember,2016
Underwri(enby:
Sco(SammonsCIPP/E,AMIRMS@PrivacyMinion
DominicJohnstoneHeadofInforma5onManagementServicesCrownRecordsManagement
Host:TheresaResekDirectorAIIM
Today’sSpeakers
Content
• Brexit and the General Data Protection Regulation (GDPR)
• What the GDPR says
• Immediate areas of focus & making the business case
• How information & records management can help you including
• Information Audits
• IG Frameworks
Brexit and the GDPR
• Approved by MEPs (Parliament) and Member States (Council) after 4 years of negotiation
• Brexit doesn’t affect it
• UK has a new Information Commissioner who took office in July 2016
• Current ICO guidance is to focus on 12 main areas, further guidance to come
Will become enforceable law in the UK & Ireland (and member states) on the 24th May 2018
What the GDPR says
05
The new principles
The new principles are that information is:
01 04
02
06 03
07
Processed fairly, lawfully & in a transparent manner
Collected for specific, explicit and legitimate purposes
Adequate, relevant and limited to what is necessary to meet the purpose
Accurate and up to date
Must not be kept for longer than is necessary
Kept secure to maintain integrity and confidentiality
Processed by controllers and processors able to demonstrate compliance
Name and
contact details
The envisaged
time limits for erasure data
Technical and organisational
security measures
Categories: - Data subjects - Personal data
Purposes of
processes
To whom personal data was disclosed
Transfers of personal
data
Each controller must maintain a record of
processing activities. That record must contain of the
following information:
Demonstrate compliance
GDPR Requirements
Governance & policy
Data inventory
Third party mgmt.
Information security
Risk mgmt.
Incident & breach
management Procedures & controls
- Marketing & Data collection (incl.Consent management) - Complaints & Data Subject’s Rights - Automated decision making & Risk profiling - Employment processing
Assurance
Data Subject’s
Rights
Fines
Inadequate processing of child data
Processing which does not require identification
Inadequate Data Protection by Design
Inadequate controller & processor management
Inadequate security controls
Non notification of breaches
Inadequate Data Protection Officer appointment
Breaches of Codes of Conduct and/or Certifications
Each supervisory authority shall have the power to issue administrative fines of up to 10 million euros for breaches of;
Fines
Breaches of the basic principles for processing including conditions for consent
Inadequate compliance with Data Subject rights
Inappropriate transfers outside of the EEA
Breaches of relevant member state law
Non-compliance with an order from the Supervisory Authority
Each supervisory authority shall have the power to issue administrative fines of up to 20 million euros for breaches of;
Good IRM could save your skin!
It assists with compliance requirements, making some elements of the GDPR less
burdensome (even add additional efficiency benefits
to the organisation)
By keeping accurate and robust records on your processing
activities and controls you can defend your position better with
a regulator or a data subject
It makes it easier to risk manage your
estate & infrastructure & investigate incidents
faster
Immediate areas of focus
What you have
Where it is
Where you are sending to
Why you have it
What form it is in
How long you need to keep it
Ultimately you need to know
How can you achieve this?
Understand what information you have and what you need: • Information lifecycle • Information management
platform • Policies and procedures
Begin with an information audit
We will create a score card to identify high risk areas
RAG Status
Asset Policy Governance
Process Efficiency
Business Critically
Issue Summary
C1 – Electronic documents
3 3 3 Document creation outside of the controlled document management system environment increases the risk of the development of large silos of unstructured data
C2 – Paper 3 2 3 The information audit has identified inefficient processes relating to both email and electronic documents that are increasing levels of paper creation. These processes are directly linked to the firm-wide practice of maintaining a paper matter file as the primary source of information
C3 – Incoming Email
4 1 2 The current process of printing emails to paper is costly and inefficient, whilst also eradicating the search and retrieval advantages that electronic information supports. Email folders are being used to store some electronic documents received by email
Create a remediation programme to deliver compliance with GDPR
For more information about GDPR please visit www.crownrms.com/gdpr
Contact
+44 (0)20 8443 6016 [email protected]
Underwri(enby:
#AIIMInforma(onIsYourMostImportantAsset.LearntheSkillstoManageIt
TakeyourskillstothenextlevelbylearninghowtocreateaninformaEonaccountabilityframeworkthatreducescosts,managesrisk,andopEmizesvaluewithAIIM’sInforma(onGovernancetrainingcourse.
Visit:AIIM.org/InfoGovTraining
Underwri(enby:
AIIMistheCommunityforInforma(onProfessionals
AIIMbelievesthatinforma(onisyourmostimportantasset.Learntheskillstomanageit.
OurmissionistoimproveorganizaEonal
performancebyempoweringacommunityofleaderscommi(edto
informaEon-driveninnovaEon.
Learnmoreatwww.aiim.org