Presentation is loading. Please wait.

Presentation is loading. Please wait.

Operationele blik op GDPR

Published byMiles Garrison Modified over 6 years ago

Similar presentations

Presentation on theme: "Operationele blik op GDPR"— Presentation transcript:

1 Operationele blik op GDPR
Mastermail, Wilsele, 19 September 2017

2 … I have an opt-in

3 Ceci n’est pas un consentement .
… I have an opt-in Ceci n’est pas un consentement .

4 Conditions consent Freely given Specific Informed
Unambiguous indication of wishes By statement or clear affirmative action Clearly distinguishable from other acts Withdrawable No unfair clauses Burden of proof

5 processing grounds “Processing shall be lawful only if and to the extent that at least one of the following applies” Consent Necessary for Performance contract Pre-contractual measures at request of data subject Legal obligation Protecting vital interests Performance of public interest or official authority Legitimate interest controller / third party

6 Purpose limitation

7 Purpose limitation

8 Data minimisation

9 Accuracy Are personal data correct and up to date?
Address and postal code check Orphan accounts

10 Storage limitation

11 Confidentiality and integrity

12 Controller vs processor

13 Obligations of controllers and processors
Subject to GDPR when established in the EU (art 3.1) Yes Subject to GDPR when established outside the EU subject to conditions Appoint representative if established outside EU and subject to GDPR (art 27) Respect quality principles (art 5: lawfulness, fairness and transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality) No No processing without lawful basis (art 6 and 9) Honour data subject rights (Chapter III: information, access, rectification, erasure, restriction, portability and object) Ensure and demonstrate compliance (art 24: accountability) Data protection by design and by default (art 25) Agreement between joint controllers (art 26) Appoint processor (if any) with sufficient guarantees for GDPR compliance (art 28.1) Appoint subprocessor (if any) subject to authorization of controller (art 28.2) Enter into processor agreement (art 28.3) Assistance to controller in responding to data subjects exercising their rights (art e) Assistance to controller in complying with obligations regarding security, data breach and data protection impact assessment (art f) Delete or return all personal data after the end of the relationship controller-processor (art 28.3.g) Make available to controller all information necessary to demonstrate compliance with art. 28 (art h) Immediately inform controller if his instruction infringes GDPR or local/EU law (art in fine) Obey to instructions of controller (art 29) Keep records of processing (art 30) Ensure security of processing (art 32) Notify personal data breaches (art 33) If applicable, appoint a data protection officer (art 35) If applicable, conduct a data protection impact assessment (art 37) Ensure for adequacy when transferring personal data to third countries (art 44) Subject to supervising authority (art 56) Liability for compensation of damages and for administrative fines (art 82-83)

14 Personal data management

15 data Security

16 data subject’s rights Data Subject Rights Mgt

17 Proof GDPR compliance Database Website e-news subscription
Name: Torfs First Name: Joke PC: 2000 City Leuven DOB: 1 Jan 1985 Name: Joke First Name: Torfs Address: Elleveldeweg 8 PC: 2000 City Leuven DOB: 1/1/1985 Name: Torfs FN: : Gender: Female City: 3000 Leuven Website e-news subscription Order form & delivery Mobile delivery message Contact Elleveldeweg 8, 3000 Leuven Joke Torfs Date of Birth First Name, Name Gender 01/01/1985 Delivery Female Database Checks done: Name / First Name Inversion check Address Standardisation and Verification Structure Check Opt-in mgt logging of changes in dbase

18 registerverplichting

19 GDPR: Is this still you?

20 wat nu EU General Data Protection Regulation
An obligation. A strategic opportunity.

21 DE GEEST VAN DE WET Geef de controle van de persoonlijke data terug aan de mens

22 It was our pleasure… Gerrit Vandendriessche Claudine Knop
Tour& Taxis Building Avenue du port 86 C, B Brussels Claudine Knop Pegasus Park De Kleetlaan 12B 1831 Diegem /

Download ppt "Operationele blik op GDPR"

Similar presentations

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
DATA PROTECTION and Research University Research Ethics Committee – 08.05.2006 David Cauchi Office of the Data Protection Commissioner.

DATA PROTECTION and Research University Research Ethics Committee – David Cauchi Office of the Data Protection Commissioner.
Property of Common Sense Privacy - all rights reserved 01875340890 THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.

Property of Common Sense Privacy - all rights reserved THE DATA PROTECTION ACT 1998 A QUESTION OF PRINCIPLES Sheelagh F M.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.

Draft EU Privacy Regulation Corporate Privacy Forum January 26, 2012.
1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.

1 Role of the Data Protection Officer Donald Henderson Information Compliance Manager 30 September 2010.
Presentation Title Data Protection The new EU Regulation Insert your logo here.

Presentation Title Data Protection The new EU Regulation Insert your logo here.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
Www.clarkholt.com Clark Holt Limited (Co. No. 8774683), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.

Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.

Data Protection Laws in the European Union John Armstrong CMS Cameron McKenna.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Contracts – the small print

Contracts – the small print
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulations: what you really need to know

General Data Protection Regulations: what you really need to know

Similar presentations

Ads by Google