SlideShare una empresa de Scribd logo

2018 Client Briefing GDPR

Carsted Rosenberg Advokatfirma
Carsted Rosenberg Advokatfirma

This document provides an overview of the steps businesses need to take to comply with the new General Data Protection Regulation (GDPR) which takes effect on May 25, 2018. It outlines key aspects of the new law including definitions of personal data, who it applies to, examples of penalties for non-compliance, and individual rights. It then lists 5 steps businesses should take including conducting a data audit, reviewing privacy policies and notices, appointing a data protection officer, training employees, and establishing procedures to handle requests and security breaches. Taking these steps will help businesses avoid penalties and ensure they are ready for the new regulations.

Derecho
1 de 6
Descargar para leer sin conexión
CLIENT BRIEFING GDPR – IS YOUR BUSINESS READY? BY EMMA VANGO-BROWN CARSTED ROSENBERG ADVOKATFIRMA
CLIENT BRIEFING MAY 2018 GDPR – IS YOUR BUSINESS READY? By Emma Vango-Brown Carsted Rosenberg Advokatfirma It is important to ensure your business is prepared for the changes and that the right people fully understand the implications. This may seem daunting but a methodical and practical approach will help you ensure that your company is ready in time.  Understanding what your business needs to do, and then to putting in place the appropriate procedures, supported by up-to-date policies and agreements will ensure your business is ready for the 25th May. This short and concise client briefing is intended to provide an overview over the matters to consider and the necessary steps a business must undertake to ensure compliance with GDPR and avoid financial penalties.  The new General Data Protection Regulations (GDPR) come into force on the 25th May this year. Are you ready to deal with the changes for your business?
CLIENT BRIEFING MAY 2018 Examples of personal data Personal data can include individuals names, email addresses, bank details, telephone numbers, photographs, credit card information, posts on social networking websites, medical information, or a computer IP addresses. What are the penalties for non-compliance? Companies can be fined up to 4% of annual global turnover or EUR 20 million for breaching GDPR, depending on the type and level of the breach. What is personal data? Personal data is any information an individual or ‘Data Subject’ shares with a business by which they can be identified.  Who does the GDPR apply to? GDPR applies to all organisations that collect any personal information about individuals residing in the European Union, including customers or employees, regardless of whether that company is located within the EU or not.
CLIENT BRIEFING MAY 2018 STEPS TO TAKE BEFORE 25 MAY 2018 1. RAISE AWARENESS AND DEVELOP A PRIVACY  STRATEGY Make sure everyone in the organisation who handles personal data is aware that the law is changing, particularly the decision makers and key members of the business.  Consider what levels of risk your organisation is prepared to accept and which aspects of GDPR are most critical to your business and your customers.  2. DATA AUDIT AND DATA MAPPING Your business should conduct a thorough internal review of all data it holds and consider the following questions: What? How? Who? Where? 3. PRIVACY NOTICES AND DOCUMENTATION Review your current privacy notices both online and internally to ensure GDPR requirements are met, including: Consider whether the following documentation is necessary: Third Party Diligence and Contracts:  You need to have an understanding of how your supply chain handles any data you transfer. You will be required to have explicit privacy clauses in contracts, which should include a retention period, and the right to audit.  4. PROCEDURES AND PLANNING Appoint a data protection officer or someone to take responsibility for data protection compliance. Your data protection officer will then need to consider the following steps and procedures: What information is being collected?  What risks are posed by it?  What is the lawful basis of the data being held? How is it collected?  How is it being processed?  How will it be used? Who is collecting it?  Who are the data subjects?  Who will it be shared with? Where has the data come from?  Where is the data being shared?  Is data being shared cross-border (to another EU country or outside the EU) if so is there adequate protection of that data?  concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge.   Data Privacy Impact Assessments and Auditing. Data Privacy Policies – for data relating to customers and for data relating to employees. Website Privacy & Cookie Policies. Privacy Notices. Data Processing Agreements. Data Subject Access Requests – toolkit for dealing with subject access requests.
CLIENT BRIEFING MAY 2018 STEPS TO TAKE BEFORE 25 MAY 2018 Individual Rights:  Put procedures in place to protect the rights granted under GDPR, including: Subject Access Requests:  Put procedures in place to manage requests from data subjects. Plan how to handle such requests. You will have 30 days to comply with each request. Requests will be free under the GDPR so you may receive a lot more of them. Data Security, Breaches and Incident Management:   Sensitive Personal Data: Is there any sensitive data being held, including: children’s data, biometric or genetic data, medical data? If so, are the correct standards being met to collect, process and store it? Training:  Ensure that your employees understand how GDPR applies to them and that they are aware of the impact of GDPR. High risk areas for example HR or marketing teams will need focused training on their obligations under GDPR. Managing Consent: Review how consent is currently obtained and refresh if GDPR standards are not met. Consider whether you use tick-boxes and opt-ins, and if the way you obtain consent may need to change. In relation to children, how do you verify customer ages? How do you obtain consent from a child’s parents/guardians? 5. DON'T PANIC! There is still time to ensure your business is compliant with GDPR, and Carsted Rosenberg is on call to help. NEXT STEPS Raise awareness and develop a privacy strategy. Data audit and data mapping. Privacy notices and documentation. Procedures and planning. Don’t panic! right to be informed; right of access; right to rectification; right to be forgotten; right to restrict processing and withdraw consent; right to data portability; and right to object/complain. Ensure procedures are in place to detect, report and investigate personal data breaches.  Consider how secure the data is and if encryption or pseudonymisation will be required to protect the personal data held.  Ensure network and information security, preventing unauthorised access to e- communication networks and stop damage to computer and e-communication systems. Be aware of reporting requirements – reporting breaches to regulator.
CLIENT BRIEFING MAY 2018 CONTACT IMPRESSUM CARSTED ROSENBERG ADVOKATFIRMA GMBH HR-NR. CH-140.4.003.142-6 UID NR. CHE-114.437.705 BAHNHOFPLATZ 4, POSTFACH 825, CH-6060 SARNEN 2, SWITZERLAND PHONE: +41 (0) 79 901 3713 EMAIL: INFO@CARSTEDROSENBERG.COM CONTACT: ADVOKAT AND SOLICITOR MICHAEL CARSTED ROSENBERG For more information please contact: Emma Vango-Brown at eb@carstedrosenberg.com T: +45 91 11 19 44 Carsted Rosenberg Advokatfirma Bredgade 3 DK-1260 Copenhagen K Denmark Mainzer Landstrasse 18 D-60325 Frankfurt am Main Germany T: +49 (0)69 3650 654 58 Carsted Rosenberg is an international law firm based in Frankfurt and Copenhagen that specialises in cross-border banking & finance, capital markets, mergers & acquisitions and corporate and commercial matters. Our clients rely on us for pragmatic advice and transactional excellence. Uniquely we can advise our clients on both Danish and English law. At Carsted Rosenberg we pride ourselves on combining the highest global standards with local expertise. Accordingly, we work closely with the leading international law firms and financial institutions to provide a multi-jurisdictional transaction team as their dedicated local counsel for Denmark. We are used to working in multi-practice, multi-jurisdictional teams combining our local counsel skills with our partner firm’s international network to deliver the best possible results for our clients. This publication does not necessarily deal with every important topic or cover every aspect of the topics with which it deals. It is not designed to provide legal or other advice. It shall not be used as a substitute for legal advice, but is only intended for general information on matters of interest. While we endeavour to represent the information as accurately and correctly as possible, we cannot accept any responsibility for any errors or omissions.  For more information please do visit our website: www.carstedrosenberg.com 

Recomendados

Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?
Gareth Miller
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018
Fraser Hay
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
Employee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPREmployee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPR
GDPR Course
 

Recomendados

Is your business GDPR ready?
Is your business GDPR ready?Is your business GDPR ready?
Is your business GDPR ready?
Gareth Miller
 
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
"GDPR - All You Need To Know" presentation from event Nov 16th in Berlin
Mailjet
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018
Fraser Hay
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
GDPR
GDPRGDPR
GDPR
Sebastian Dramburg
 
Employee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPREmployee Training is Key to GDPR Compliance: GDPR
Employee Training is Key to GDPR Compliance: GDPR
GDPR Course
 
The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
Elliot Reeman
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
MediaPost
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
Integrate
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
MediaPost
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
Siddharth Ram Dinesh
 
GDPR: Keep Your Website Out of Legal Trouble
GDPR: Keep Your Website Out of Legal TroubleGDPR: Keep Your Website Out of Legal Trouble
GDPR: Keep Your Website Out of Legal Trouble
Mickey Mellen
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
SilverTech
 
GDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US BusinessesGDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US Businesses
Jessica Clark
 
How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019
TechSoup Canada
 
The GDPR for B2B Marketers
The GDPR for B2B MarketersThe GDPR for B2B Marketers
The GDPR for B2B Marketers
Demandbase
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
GreenRope
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for Ops
Kamil Rextin
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
Saurabh Pandey
 
GDPR Affects Email Worldwide
GDPR Affects Email WorldwideGDPR Affects Email Worldwide
GDPR Affects Email Worldwide
SparkPost
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
Datamatics Business Solutions Ltd.
 
GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
GDPR: The most frequently asked questions, one year after | Lex4u & QualifioGDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
Qualifio
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
Ulf Mattsson
 
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
Daniel Smith
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
Visitor Analytics
 

Más contenido relacionado

La actualidad más candente

Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
Integrate
 
How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019
TechSoup Canada
 
The GDPR for B2B Marketers
The GDPR for B2B MarketersThe GDPR for B2B Marketers
The GDPR for B2B Marketers
Demandbase
 

La actualidad más candente (20)

The Countdown to the GDPR Regulations
The Countdown to the GDPR RegulationsThe Countdown to the GDPR Regulations
The Countdown to the GDPR Regulations
 
GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?GDPR Is Coming – Are Search Marketers Ready?
GDPR Is Coming – Are Search Marketers Ready?
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
 
Preparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must KnowPreparing for GDPR: What Every B2B Marketer Must Know
Preparing for GDPR: What Every B2B Marketer Must Know
 
GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?GDPR Is Coming – Are Emailers Ready?
GDPR Is Coming – Are Emailers Ready?
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
GDPR: Keep Your Website Out of Legal Trouble
GDPR: Keep Your Website Out of Legal TroubleGDPR: Keep Your Website Out of Legal Trouble
GDPR: Keep Your Website Out of Legal Trouble
 
How the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your WebsiteHow the EU-GDPR May Affect Your Website
How the EU-GDPR May Affect Your Website
 
GDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US BusinessesGDPR Explained - A Quick Guide for US Businesses
GDPR Explained - A Quick Guide for US Businesses
 
How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019How to be CASL & GDPR Compliant for the New Year 2019
How to be CASL & GDPR Compliant for the New Year 2019
 
The GDPR for B2B Marketers
The GDPR for B2B MarketersThe GDPR for B2B Marketers
The GDPR for B2B Marketers
 
GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant? GDPR: Are you EU Compliant?
GDPR: Are you EU Compliant?
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
General Data Protection Regulation for Ops
General Data Protection Regulation for OpsGeneral Data Protection Regulation for Ops
General Data Protection Regulation for Ops
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
GDPR Affects Email Worldwide
GDPR Affects Email WorldwideGDPR Affects Email Worldwide
GDPR Affects Email Worldwide
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
GDPR: The most frequently asked questions, one year after | Lex4u & QualifioGDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
GDPR: The most frequently asked questions, one year after | Lex4u & Qualifio
 
IoT - Attacks and Solutions
IoT - Attacks and SolutionsIoT - Attacks and Solutions
IoT - Attacks and Solutions
 

Similar a 2018 Client Briefing GDPR

GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
Visitor Analytics
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
Hannah Flynn
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
Srijan Technologies
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
Spain-Holiday.com
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
Acquia
 

Similar a 2018 Client Briefing GDPR (20)

GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith DooghenoGDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
GDPR + Sales & Marketing A practical guide by Dan Smith Doogheno
 
GDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free DownloadGDPR & Data Privacy Guide - Free Download
GDPR & Data Privacy Guide - Free Download
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
GDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To KnowGDPR & Demand Generation: What Your Team Needs To Know
GDPR & Demand Generation: What Your Team Needs To Know
 
Data Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptxData Privacy and Security in UAE.pptx
Data Privacy and Security in UAE.pptx
 
Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit Janrain Identity Cloud GDPR Assessment Kit
Janrain Identity Cloud GDPR Assessment Kit
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
 
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
[Srijan Wednesday Webinars] Is Your Business Ready for GDPR
 
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersGDPR & the Travel Industry: Practical recommendations for holiday rental owners
GDPR & the Travel Industry: Practical recommendations for holiday rental owners
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)Understanding the EU's new General Data Protection Regulation (GDPR)
Understanding the EU's new General Data Protection Regulation (GDPR)
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
MMV Webinar 1. GDPR Perspectives. November 2017
MMV Webinar 1. GDPR Perspectives. November 2017MMV Webinar 1. GDPR Perspectives. November 2017
MMV Webinar 1. GDPR Perspectives. November 2017
 
GDPR - Sink or Swim
GDPR - Sink or SwimGDPR - Sink or Swim
GDPR - Sink or Swim
 
GDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATIONGDPR- GENERAL DATA PROTECTION REGULATION
GDPR- GENERAL DATA PROTECTION REGULATION
 
2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 

Más de Carsted Rosenberg Advokatfirma

Securitisation law in Denmark
Securitisation law in DenmarkSecuritisation law in Denmark
Securitisation law in Denmark
Carsted Rosenberg Advokatfirma
 

Más de Carsted Rosenberg Advokatfirma (13)

Acquisition finance in Denmark
Acquisition finance in DenmarkAcquisition finance in Denmark
Acquisition finance in Denmark
 
Signing documents remotely - a quick guide
Signing documents remotely - a quick guide Signing documents remotely - a quick guide
Signing documents remotely - a quick guide
 
Securitisation law in Denmark
Securitisation law in DenmarkSecuritisation law in Denmark
Securitisation law in Denmark
 
Client briefing danish bill of exchange law
Client briefing danish bill of exchange lawClient briefing danish bill of exchange law
Client briefing danish bill of exchange law
 
2019 client briefing danish real estate law
2019 client briefing danish real estate law2019 client briefing danish real estate law
2019 client briefing danish real estate law
 
Carsted Rosenberg Advokatfirma Presentation
Carsted Rosenberg Advokatfirma PresentationCarsted Rosenberg Advokatfirma Presentation
Carsted Rosenberg Advokatfirma Presentation
 
2018 Client Briefing on the Danish Mortgage System
2018 Client Briefing on the Danish Mortgage System2018 Client Briefing on the Danish Mortgage System
2018 Client Briefing on the Danish Mortgage System
 
Client Briefing Danish Banking Law
Client Briefing Danish Banking LawClient Briefing Danish Banking Law
Client Briefing Danish Banking Law
 
Clifford chance berät permira fonds beim erwerb der jet aviation gruppe
Clifford chance berät permira fonds beim erwerb der jet aviation gruppeClifford chance berät permira fonds beim erwerb der jet aviation gruppe
Clifford chance berät permira fonds beim erwerb der jet aviation gruppe
 
Shadow Directors and Equitable Subordination - Carsted Rosenberg Advokatfirma
Shadow Directors and Equitable Subordination - Carsted Rosenberg AdvokatfirmaShadow Directors and Equitable Subordination - Carsted Rosenberg Advokatfirma
Shadow Directors and Equitable Subordination - Carsted Rosenberg Advokatfirma
 
Præsentation Banking & Finance Law Carsted Rosenberg LLP Advokatfirma
Præsentation Banking & Finance Law Carsted Rosenberg LLP AdvokatfirmaPræsentation Banking & Finance Law Carsted Rosenberg LLP Advokatfirma
Præsentation Banking & Finance Law Carsted Rosenberg LLP Advokatfirma
 
Template Appointment of Process Agent in Germany - Carsted Rosenberg
Template Appointment of Process Agent in Germany - Carsted RosenbergTemplate Appointment of Process Agent in Germany - Carsted Rosenberg
Template Appointment of Process Agent in Germany - Carsted Rosenberg
 
Iflr 100 denmark 2010 country report
Iflr 100 denmark 2010 country reportIflr 100 denmark 2010 country report
Iflr 100 denmark 2010 country report
 

Último

一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
bd2c5966a56d
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
James Watkins, III JD CFP®
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
Airst S
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
ss
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
Aurora Consulting
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
Airst S
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
Airst S
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
Airst S
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
Airst S
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
mahikaanand16
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
SUHANI PANDEY
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
e9733fc35af6
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
bd2c5966a56d
 

Último (20)

一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
一比一原版(UC毕业证书)堪培拉大学毕业证如何办理
 
The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...The Active Management Value Ratio: The New Science of Benchmarking Investment...
The Active Management Value Ratio: The New Science of Benchmarking Investment...
 
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
一比一原版(JCU毕业证书)詹姆斯库克大学毕业证如何办理
 
Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.Cyber Laws : National and International Perspective.
Cyber Laws : National and International Perspective.
 
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
一比一原版(RMIT毕业证书)皇家墨尔本理工大学毕业证如何办理
 
CAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction FailsCAFC Chronicles: Costly Tales of Claim Construction Fails
CAFC Chronicles: Costly Tales of Claim Construction Fails
 
一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理一比一原版伦敦南岸大学毕业证如何办理
一比一原版伦敦南岸大学毕业证如何办理
 
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation StrategySmarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
Smarp Snapshot 210 -- Google's Social Media Ad Fraud & Disinformation Strategy
 
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptxAnalysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
Analysis of R V Kelkar's Criminal Procedure Code ppt- chapter 1 .pptx
 
Navigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptxNavigating Employment Law - Term Project.pptx
Navigating Employment Law - Term Project.pptx
 
一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理一比一原版埃克塞特大学毕业证如何办理
一比一原版埃克塞特大学毕业证如何办理
 
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
一比一原版(ECU毕业证书)埃迪斯科文大学毕业证如何办理
 
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdfNavigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
Navigating the Legal and Ethical Landscape of Blockchain Investigation.pdf
 
Shubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptxShubh_Burden of proof_Indian Evidence Act.pptx
Shubh_Burden of proof_Indian Evidence Act.pptx
 
一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理一比一原版曼彻斯特城市大学毕业证如何办理
一比一原版曼彻斯特城市大学毕业证如何办理
 
Contract law. Indemnity
Contract law. IndemnityContract law. Indemnity
Contract law. Indemnity
 
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
Independent Call Girls Pune | 8005736733 Independent Escorts & Dating Escorts...
 
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
$ Love Spells^ 💎 (310) 882-6330 in Utah, UT | Psychic Reading Best Black Magi...
 
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
一比一原版(纽大毕业证书)美国纽约大学毕业证如何办理
 
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
一比一原版(QUT毕业证书)昆士兰科技大学毕业证如何办理
 

2018 Client Briefing GDPR

  • 1. CLIENT BRIEFING GDPR – IS YOUR BUSINESS READY? BY EMMA VANGO-BROWN CARSTED ROSENBERG ADVOKATFIRMA
  • 2. CLIENT BRIEFING MAY 2018 GDPR – IS YOUR BUSINESS READY? By Emma Vango-Brown Carsted Rosenberg Advokatfirma It is important to ensure your business is prepared for the changes and that the right people fully understand the implications. This may seem daunting but a methodical and practical approach will help you ensure that your company is ready in time.  Understanding what your business needs to do, and then to putting in place the appropriate procedures, supported by up-to-date policies and agreements will ensure your business is ready for the 25th May. This short and concise client briefing is intended to provide an overview over the matters to consider and the necessary steps a business must undertake to ensure compliance with GDPR and avoid financial penalties.  The new General Data Protection Regulations (GDPR) come into force on the 25th May this year. Are you ready to deal with the changes for your business?
  • 3. CLIENT BRIEFING MAY 2018 Examples of personal data Personal data can include individuals names, email addresses, bank details, telephone numbers, photographs, credit card information, posts on social networking websites, medical information, or a computer IP addresses. What are the penalties for non-compliance? Companies can be fined up to 4% of annual global turnover or EUR 20 million for breaching GDPR, depending on the type and level of the breach. What is personal data? Personal data is any information an individual or ‘Data Subject’ shares with a business by which they can be identified.  Who does the GDPR apply to? GDPR applies to all organisations that collect any personal information about individuals residing in the European Union, including customers or employees, regardless of whether that company is located within the EU or not.
  • 4. CLIENT BRIEFING MAY 2018 STEPS TO TAKE BEFORE 25 MAY 2018 1. RAISE AWARENESS AND DEVELOP A PRIVACY  STRATEGY Make sure everyone in the organisation who handles personal data is aware that the law is changing, particularly the decision makers and key members of the business.  Consider what levels of risk your organisation is prepared to accept and which aspects of GDPR are most critical to your business and your customers.  2. DATA AUDIT AND DATA MAPPING Your business should conduct a thorough internal review of all data it holds and consider the following questions: What? How? Who? Where? 3. PRIVACY NOTICES AND DOCUMENTATION Review your current privacy notices both online and internally to ensure GDPR requirements are met, including: Consider whether the following documentation is necessary: Third Party Diligence and Contracts:  You need to have an understanding of how your supply chain handles any data you transfer. You will be required to have explicit privacy clauses in contracts, which should include a retention period, and the right to audit.  4. PROCEDURES AND PLANNING Appoint a data protection officer or someone to take responsibility for data protection compliance. Your data protection officer will then need to consider the following steps and procedures: What information is being collected?  What risks are posed by it?  What is the lawful basis of the data being held? How is it collected?  How is it being processed?  How will it be used? Who is collecting it?  Who are the data subjects?  Who will it be shared with? Where has the data come from?  Where is the data being shared?  Is data being shared cross-border (to another EU country or outside the EU) if so is there adequate protection of that data?  concise, transparent, intelligible and easily accessible; written in clear and plain language, particularly if addressed to a child; and free of charge.   Data Privacy Impact Assessments and Auditing. Data Privacy Policies – for data relating to customers and for data relating to employees. Website Privacy & Cookie Policies. Privacy Notices. Data Processing Agreements. Data Subject Access Requests – toolkit for dealing with subject access requests.
  • 5. CLIENT BRIEFING MAY 2018 STEPS TO TAKE BEFORE 25 MAY 2018 Individual Rights:  Put procedures in place to protect the rights granted under GDPR, including: Subject Access Requests:  Put procedures in place to manage requests from data subjects. Plan how to handle such requests. You will have 30 days to comply with each request. Requests will be free under the GDPR so you may receive a lot more of them. Data Security, Breaches and Incident Management:   Sensitive Personal Data: Is there any sensitive data being held, including: children’s data, biometric or genetic data, medical data? If so, are the correct standards being met to collect, process and store it? Training:  Ensure that your employees understand how GDPR applies to them and that they are aware of the impact of GDPR. High risk areas for example HR or marketing teams will need focused training on their obligations under GDPR. Managing Consent: Review how consent is currently obtained and refresh if GDPR standards are not met. Consider whether you use tick-boxes and opt-ins, and if the way you obtain consent may need to change. In relation to children, how do you verify customer ages? How do you obtain consent from a child’s parents/guardians? 5. DON'T PANIC! There is still time to ensure your business is compliant with GDPR, and Carsted Rosenberg is on call to help. NEXT STEPS Raise awareness and develop a privacy strategy. Data audit and data mapping. Privacy notices and documentation. Procedures and planning. Don’t panic! right to be informed; right of access; right to rectification; right to be forgotten; right to restrict processing and withdraw consent; right to data portability; and right to object/complain. Ensure procedures are in place to detect, report and investigate personal data breaches.  Consider how secure the data is and if encryption or pseudonymisation will be required to protect the personal data held.  Ensure network and information security, preventing unauthorised access to e- communication networks and stop damage to computer and e-communication systems. Be aware of reporting requirements – reporting breaches to regulator.
  • 6. CLIENT BRIEFING MAY 2018 CONTACT IMPRESSUM CARSTED ROSENBERG ADVOKATFIRMA GMBH HR-NR. CH-140.4.003.142-6 UID NR. CHE-114.437.705 BAHNHOFPLATZ 4, POSTFACH 825, CH-6060 SARNEN 2, SWITZERLAND PHONE: +41 (0) 79 901 3713 EMAIL: INFO@CARSTEDROSENBERG.COM CONTACT: ADVOKAT AND SOLICITOR MICHAEL CARSTED ROSENBERG For more information please contact: Emma Vango-Brown at eb@carstedrosenberg.com T: +45 91 11 19 44 Carsted Rosenberg Advokatfirma Bredgade 3 DK-1260 Copenhagen K Denmark Mainzer Landstrasse 18 D-60325 Frankfurt am Main Germany T: +49 (0)69 3650 654 58 Carsted Rosenberg is an international law firm based in Frankfurt and Copenhagen that specialises in cross-border banking & finance, capital markets, mergers & acquisitions and corporate and commercial matters. Our clients rely on us for pragmatic advice and transactional excellence. Uniquely we can advise our clients on both Danish and English law. At Carsted Rosenberg we pride ourselves on combining the highest global standards with local expertise. Accordingly, we work closely with the leading international law firms and financial institutions to provide a multi-jurisdictional transaction team as their dedicated local counsel for Denmark. We are used to working in multi-practice, multi-jurisdictional teams combining our local counsel skills with our partner firm’s international network to deliver the best possible results for our clients. This publication does not necessarily deal with every important topic or cover every aspect of the topics with which it deals. It is not designed to provide legal or other advice. It shall not be used as a substitute for legal advice, but is only intended for general information on matters of interest. While we endeavour to represent the information as accurately and correctly as possible, we cannot accept any responsibility for any errors or omissions.  For more information please do visit our website: www.carstedrosenberg.com