The General Data Protection Regulation (GDPR) is a key focus for all involved in data, whether in the European Union or globally, and understanding the current thinking on this is crucial.
So if you are still wondering what it means for you and your business, we discuss GDPR’s key features and lookouts in this webinar.
3. What’s the weather like in your city?
Tell us where you’re dialling in from!
4. Want this deck?
It will be available for download shortly after
the webinar on: slideshare.net/socialogilvy
Ogilvy staff: It’s also on The Market!
themarket.ogilvy.com
5. Quick recap: What does the GDPR mean
for WPP?
● Increased Regulatory oversight: Regulators have made clear
there will be no grace period before enforcement of GDPR
begins in May 2018
● Increased Reputational risk: Major fines and enforcement
action will attract attention from industry, press and clients
● Need to focus on Privacy by Design: Embed good data
governance within your business practices and systems
● Privacy matters: The protection of personal data is everyone’s
problem – not just an issue for the IT community or lawyers
● Global approach: More and more countries now have privacy
laws – getting ready for GDPR will assist operating companies
in complying with other privacy laws
4%
Potential fines
as a percentage
of global
turnover
72
Hours given to
report a data
breach
28,000
Estimated number of
new Data Protection
Officers required in
Europe
(IAPP study 2016)
190+
Countries
potentially in
scope of the
regulation
80+
New
requirements
in the GDPR
250m
Cost of 4% fine
for a typical
FTSE 100
company
7
Core individual
rights afforded
under the
GDPR
6. Quick recap: What’s GDPR …
• Fines and enforcement:
• Expanded personal data definition:
• Broader territorial scope:
• Stricter rules on consent:
• Security Breach and Notification:
• Obligations on controllers and processors:
• Accountability:
• Requirement for Data Protection Officers:
• Increased rights for data subjects:
Fines against annual global turnover (4%) and other sanctions
Includes location data, cookies and other online identifiers
Applies even to players not established in the EU but whose activities
consist of targeting data subjects in the EU
Must be freely given, specific, informed and unambiguous, provided by
a statement or clear affirmative action
72 hours to notify
Processors now have direct obligations
Explicit obligation on controllers and processors to be able to
demonstrate their compliance with the GDPR
4 mandatory scenarios which require appointment of a DPO
Includes “right to be forgotten” and data portability as well as, access,
rectification, restriction, objection to processing; no
7. When is the GDPR in force…
NOW…
Enforced from May 25 2018…
It’s crucial that you can evidence to Regulators that you have:
● Reviewed GDPR
● Adopted a risk based approach to compliance, and
● Are working on a path to compliance
So doing nothing is not an option…
8. • Fines… really?
• Data processing agreements… help
• Security questionnaires… help
• Relevance of EU Personal Data…we don’t have any!
• What do I say to my client?
What’s worrying us?
9. 1. Need to understand what “personal data” is; and what personal
data are you collecting, processing and transferring
2. Need to understand consumer consent rules
3. Need to amend contracts with suppliers and clients to reflect
GDPR requirements
4. Need to understand the rights of EU citizens and think about
“privacy by design”
5. Need to understand the impact of Security Breaches
What to think about?
10. • Who’s at risk?
• What will the Regulators do?
• Do we stop?
• What if we aren’t ready?
What happens after 25 May?