EU-GDPR – Protecting not just your personal data, but your business future!

General Data Protection Regulation

"If you are processing data about EU citizens, you MUST comply with the EU GDPR"

Comes into force 24th May 2018
Brexit does not change this
Doc is 88 pages, 99 articles with 55,352 words of legal text!
Tough penalties
Fines up to
4% of annual global revenue
20 million euro – Which ever is greater
Each company must have a Data Protection Officer (DPO) – This person replies to DSAR
Breaches must be reported within 72 hours
ICO – Elizabeth Denham: Information Commissor
Information Commissioners Office can audit at any time and are now investigating new complaints by asking for replies within 28 days.
What can I do? (IT System Managers)
1 – Model the organisation data
(BT has just two Excel spreadsheets for model. 1 – Data classification & 2 volume of data)
Easy win – Put in an information retention policy and start deleting data
2nd Start looking down and increase security
Complex talk about models – See slides
Personal Data Definition (Almost everything!)
Data landscaping and the Enterprise Repository
Categories of data (Start with the highest)
Enterprise Repository (Map of system estate)
ER’s used to respond to DSARs
Personal Data Asset Prioritisation Framework
Create a Personal Data Risk Impact Score
Security – Show it is working (Audit fails bad)
!!! Get a Information retention policy
– Free form text (Notes field) is a mine field for personal data
– OneNote / Evernote can be a problem
Personal Right to be forgotten needs to be implemented too
Tokenisation is a large part of the solution

66 Responses to “EU-GDPR – Protecting not just your personal data, but your business future!”

Leave a Reply

  • (will not be published)

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>