Recommended
More Related Content
What's hot
What's hot (20)
Similar to Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
Similar to Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance (20)
More from ElínAnna Jónasdóttir
More from ElínAnna Jónasdóttir (20)
Recently uploaded
Recently uploaded (19)
Odoo Experience 2018 - GDPR: How Odoo Can Help You with Complieance
- 1. GDPR • Platform & Security EXPERIENCE 2018
- 2. General Data Protection Regulation REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC
- 3. Hey, I'm not a lawyer ! 😉
- 4. ● ● ● ● ● ● : May 25, 2018 : 11 : 99 (88 p.) : 173 : up to €20M or 4% of global annual turnover Must be effective, dissuasive and proportionate!
- 5. ● ● ● ● ● : May 25, 2018 : 11 : 99 (88 p.) : 173 : up to €20M or 4% of global annual turnover Must be effective, dissuasive and proportionate!
- 6. Art. 2 - Material Scope: Applies to processing of personal data by or intended to be (excluding. personal/household activities) Art. 99: This Regulation shall be binding in its entirety and directly applicable in all Member States. Art. 3 - Territorial Scope: Applies to activities of any controller/processor . For controllers/processors , if related to , or monitoring EU subject behaviors. ➢ Anywhere EU law applies, directly or via internal law)
- 7. Defines the and of the processing. Usually " " the data. Is under GDPR Co-controlling is possible. Processes the data . Does not usually own the data. Is also under GDPR Both must implement Privacy & Security by design
- 8. ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person; 3 21
- 11. ➟ Many of these rights were already granted by the Data Protection Directive (1995)
- 13. How can Odoo help? Odoo can't make you GDPR compliant. But it can be very helpful if you put it to good use!
- 14. The critical first step to compliance is knowing where your data is and what you're doing with it.
- 15. data mapping Human Resources Management
- 18. ID Check Legitimacy Check Locate Data Request Type of request? Inform Subject Database Portal / CSV ExportAnswer
- 19. The screen gives you a quick overview of the Personal Data you have processed about someone
- 20. App is a perfect match for tracking Data Subject Requests. App works well too. - Email submission (privacy@yourcompany.com) - Autoresponders - Setup next activities automatically - Monitor SLA
- 23. directly via your Portal
- 24. ● Opt-out link in mass-mailing ○ Forum and mailing-list subscriptions ○ Global blacklist management added in Odoo 12 ● Email bounce processing ● Self-correction of data ● Anonymization = rename central contact, remove info + delete history on related documents
- 25. Obtaining with
- 27. ● Global Role-based Access Control ● Per-record access control ● Built-in audit log (chatter entries) ● Secure password storage ● Stronger privacy of HR personal data + Active community of Security Researchers!
- 28. ● Redundant, distributed backups [3 months] ● Disaster Recovery Plan, tested continuously ● Tier 3 data centers only [N+1 redundancy, full security] ● Customer isolation ● Grade-A SSL encryption ● Staff auditing and access control ● Acceptable Use enforcement For more info: www.odoo.com/security
- 29. ● Default website options for some consent ● Mark fields that will contain personal data identifiers (email, name, SSN) ● Global search tool on these fields for handling data subject requests ● Policy of deletion/anonymization