CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

GDPR – Threat, Overhead or Opportunity?
Telford, Sept 2017 - Doug Davidson

2Copyright © 2016 Capgemini and Sogeti. All Rights Reserved.
Securing the Journey to the Cloud | #CWIN16 Sept 2016
So what are the GDPR changes?
GDPR represents
the biggest change
to Data Privacy in
the modern age
Definitions of Personal data
have changed
Clear unambiguous need for consent,
Legal compliance or legitimate interests
Data portability
GDPR
Responsibility and accountability
to individuals
Geographical scope
Privacy by design and default
Mandatory Data Protection Impact
Assessments (PIA’s)
Data Protection Officer (DPO)
& Data Processor
Single set of rules across EU
Data Controllers and Data Processors..
Data breaches
Individual Rights (SAR’s)

Where to start? – Create a GDPR Programme
 Undertake a controlled lifecycle approach to addressing GDPR requirements
encompassing the following areas (as a minimum):
 Governance – Board awareness, ownership, organisation, roles,
responsibilities, policies and processes, oversight
 Business Processes – Review and revise existing business processes
to de-risk/de-scope risks and support compliance
 People – skills, knowledge, education and awareness, communication
 Data – Personally Identifiable Information (PII) and linked Meta Data that
you hold and its controls to support or enable business processes
 Security – the risk assessments, PIA’s, controls, policies and procedures
that you use to secure PII data for staff and external 3rd parties
GDPR
Services
Consultancy
support
Sustainability
Remediation
Discovery
The Capgemini GDPR Lifecycle

Discovery: Incorporate the ICO 12 Steps into your approach ..
Awareness
Information you hold
1
2
4
7
8
9
11
Communicating privacy
information
Individuals’ rights
Subject access
requests
Consent
Legal basis for processing
personal data
Children
Data breaches
Data Protection by Design
and Data Protection Impact
Assessments
Data Protection Officer (DPO)
International
3
5
6
10
12
Discovery
25th May
2018

Discovery: Creating a Baseline
Business Process 1: Internal Business Process
Business Process 2: External 3rd Party Process
PII Data
Business
Output
Undertake a GDPR Assessment of your business processes and data
holdings to identify your current exposure under GDPR..
 Board strategy and company’s
organisational knowledge of GDPR?
 Governance structures in place?
 Data Protection Officer (DPO) in place?
 A defined Programme to prepare for GDPR?
 Key Information Stakeholders identified and
aware of their responsibilities?
 Clear understanding of your legal right to
process PII data?, and current Consent
Management?
 Clear understanding of how PII data is
managed through-life?
 Are you prepared for Subject Access
Requests?
 Incident management processes, up to date
and effective?
Business
Output

Remediation: Starting the Journey to Compliance
PII Data
Business
Output
Business
Output
25th May
2018
Remediation
REMEDIATION
Data Handling Model: Data Management Lifecycle:
3rd Party Compliance
DPO & Governance
Structure
Consent & Rights Mgt:
Data Breach Mgt:
Education &
Awareness

Sustainability: Effective on-going GDPR Compliance
Ongoing GDPR Compliance must be retained and incorporated into the
DNA and “through life” assurance approach of the business ..
 Effective Governance structures and
Data Protection Officer (DPO) in place
 Data Lifecycle Management integrated
across all business and supply chain
services
 Integrated Business Unit supporting the
DPO and managing User Rights
processes, Incident reporting, (etc) as
part of the overarching Data security and
management approach
 “Security by design” Gateway
Processes ensuring all new business
services are GDPR compliant at release
 GDPR training aligned and integrated
into mainstream compliance education
and awareness processes and culture
GDPR Compliant
PII Data
Business
Output
Business
Output
25th May
2018
Sustainability

Contact information
Doug
Davidson
UK Cyber Security CTO
& UK Cyber GDPR Lead
doug.davidson@capgemini.com
Grange Central,
Telford
TF3 4ER
Insert contact picture

The information contained in this presentation is proprietary.
Copyright © 2016 Capgemini and Sogeti. All rights reserved.
Rightshore® is a trademark belonging to Capgemini.
www.capgemini.com
www.sogeti.com
About Capgemini and Sogeti
With more than 180,000 people in over 40 countries, Capgemini is a global leader in consulting, technology and outsourcing
services. The Group reported 2015 global revenues of EUR 11.9 billion. Together with its clients, Capgemini creates and
delivers business, technology and digital solutions that fit their needs, enabling them to achieve innovation and
competitiveness. A deeply multicultural organization, Capgemini has developed its own way of working, the Collaborative
Business Experience™, and draws on Rightshore®, its worldwide delivery model.
Learn more about us at www.capgemini.com.
Sogeti is a leading provider of technology and software testing, specializing in
Application, Infrastructure and Engineering Services. Sogeti offers cutting-edge
solutions around Testing, Business Intelligence & Analytics, Mobile, Cloud and Cyber
Security. Sogeti brings together more than 20,000 professionals in 15 countries and
has a strong local presence in over 100 locations in Europe, USA and India. Sogeti is
a wholly-owned subsidiary of Cap Gemini S.A., listed on the Paris Stock Exchange.

CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

Recommended

Recommended

More Related Content

What's hot

What's hot (16)

Similar to CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

Similar to CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson (20)

More from Capgemini

More from Capgemini (20)

Recently uploaded

Recently uploaded (20)

CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson

Editor's Notes