Presentation is loading. Please wait.

Presentation is loading. Please wait.

The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th.

Published byNeal Sharp Modified over 8 years ago

Similar presentations

Presentation on theme: "The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th."— Presentation transcript:

1 The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th

2 ENGAGE AND COOPERATE Letter confirming the audit Average six week’s notice Triggered as random or subject to complaints Watch list in Ireland

3 Prepare! Key Considerations: Are you a Data Controller or Data Processor? Both? Do you need external help and advice? All focus is around the eight pillars of Data Protection Paper work and process Your knowledge/Employee knowledge DP Handbook

4 Consent: Should be Clear and Transparent Unambiguous consent (ODPC will endorse a consent process) Opt in for email, sms and mobile Opt out for postal and landline? Pre-ticked box is not sufficient Referring to a Privacy Policy or T&C’s is not sufficient Eventual data usage is relevant to original consent

5 Consent Statement endorsed by ODPC: ‘’ By ticking this box you understand and agree to all the terms and conditions and our privacy policy.terms and conditionsprivacy policy By registering with XYZ, you agree to be contacted by XYZ and by carefully selected third parties for marketing purposes and understand you can be contacted by telephone, mobile, email and postal. You can unsubscribe from such communications at any time.

6 UK Example - Fair Processing and Legitimate Consent Example in preparation for EU GDPR By ticking this box you agree to our terms and conditions and privacy policy and to receive information from [Brand Name] *terms and conditionsprivacy policy I agree that other companies in the retail, personal finance, insurance, travel or lifestyle sectors may contact me by post, email, telephone or SMS. I agree that they may contact me by: Post E-Mail Phone SMS You can opt-out of these messages at any time. For more details please see our Privacy Policy which also explains the types of companies who may contact you and the way they will use the information you have provided today as well as in the past. Be assured that any such parties will use your data in accordance with the UK Data Protection Act 1998 and other applicable law relating to privacy.Privacy Policy

7 Results - Learnings 1 ODPC are there to help, not act as a threat to the business Getting your organisation ready for ‘GDPR’ A Data Processor agreement is very important Self-assessment regularly to adapt and update your compliance process is now vital Train and educate your team to be compliant aware

8 Learnings - 2 Compliance is not difficult – Review your legacy data Data subject access requests currently 40 days to be reduced to 30 Don’t be afraid to ask ODPC the questions Experts are available in the ODPC to answer any question Over 120 staff - so call them! The 12 month rule Get ready now for the EU wide GDPR - two years to implement

9 Final Thoughts: Data Compliance in Ireland is one of the biggest barriers for Marketers to Direct Marketing It doesn’t have to be like this! We asked the ODPC: if a person is not on the NDD, could we include them in marketing ODPC said: ‘’ Yes. If a consumer is not on the NDD, a brand can call them. (There is also a requirement to ensure the consumer is not on the brand’s own DNC list).’’ We asked the ODPC: can we use SMS as a channel for marketing ODPC said: ‘’ Yes. SMS campaigns using mobile data are possible, providing the sender has the unambiguous consent of the phone owner for the sending of the marketing messages and that the consent is up to date (within the 12 month rule)’’

10 Creation Of National Suppression File - MPS - Objective Central file - consumers can register for free not to receive Direct Mail http://idma.ie/mps-form/http://idma.ie/mps-form/ - Currently 11k records grows by circa 20 to 30 per month - Rebuilt In late 2015 to allow consumers to register online and eircode will be the data match key - MPS Only available to IDMA members - Access through a secure log in process and can download data by date to screen against in house files - Seeking ODPC endorsement - 2016 Plan to extend to include deceased register and third party data feeds. for key data providers in Ireland Est scale: 100k to 300k records – It will become a National Screening File

11 Focus On

Download ppt "The Data Protection Audit How to prepare What to expect The end results Dublin Chamber of Commerce, March 24 th."

Similar presentations

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.

Principle 1 Principle 1 Processed fairly and lawfully + only with a legitimate basis There should be no surprises, so … inform data subjects why you are.
PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.

PIPA PRESENTATION PERSONAL INFORMATION PROTECTION ACT.
Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.

Privacy and the Right to Know Grayson Barber, Esq. Grayson Barber, LLC.
Data Protection.

Data Protection.
Www.nb2bc.co.uk Email Marketing: Comply with the Law 28 th February 2007 Liz Rowe.

Marketing: Comply with the Law 28 th February 2007 Liz Rowe.
The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.

The Do Not Call Register Act 2006 and The Spam Act 2003 Jane Cole Manager, Telemarketing Investigations Section Julia Cornwell McKean Manager, Anti Spam.
TEEC Company Confidential Call 01189880237 E-Marketing Backgrounder! Prepared by TEEC.

TEEC Company Confidential Call E-Marketing Backgrounder! Prepared by TEEC.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Audiences NI Data Protection Workshop

Audiences NI Data Protection Workshop
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Email Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.

Marketing - Best Practice from a Legal Point of View Yvonne Cunnane - Information Technology Law Group 30 November 2006.
Practical Information Management

Practical Information Management
Cookie compliance: your 5 day emergency action plan Claire Walker.

Cookie compliance: your 5 day emergency action plan Claire Walker.
Mobile Payments & Alert Communications: Changing Your Bottom Line Art Coutcher Utility Sales Manager direct: 1-602-443-5959

Mobile Payments & Alert Communications: Changing Your Bottom Line Art Coutcher Utility Sales Manager direct:
Spam Act 2003 Consumer Education and Awareness. About the ACA Independent government regulator Ensures industry compliance with legislation (Telecommunications.

Spam Act 2003 Consumer Education and Awareness. About the ACA Independent government regulator Ensures industry compliance with legislation (Telecommunications.
3 Opting out. Lesson 3 Opting out If you tick the box, what will happen?

3 Opting out. Lesson 3 Opting out If you tick the box, what will happen?
Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.

Data Protection STFC Presentation to PPD Senior Staff 26/11/2009 FoI/DP team.
The wonderful job at KIMEP High average salary range KIMEP tuition discounts for employees Trainings & seminars for your self-development Annual performance.

The wonderful job at KIMEP High average salary range KIMEP tuition discounts for employees Trainings & seminars for your self-development Annual performance.
Rules of Engagement Mark Dwyer. AGENDA 1.Spam and Consent 2.Privacy 3.Advice Warnings and Notices 4.Disclosures 5.Other Matters.

Rules of Engagement Mark Dwyer. AGENDA 1.Spam and Consent 2.Privacy 3.Advice Warnings and Notices 4.Disclosures 5.Other Matters.
Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Serving the Public. Regulating the Profession. CANADA’S ANTI-SPAM LEGISLATION (CASL) Training for Chapters Based on Guidelines for Chapters First published.

Similar presentations

Ads by Google