Slides for the breakout session A2: Getting ready for GDPR (with only one month to go) from the NCVO Annual Conference which took place on 16 April 2018.
Russian🍌Dazzling Hottie Get☎️ 9053900678 ☎️call girl In Chandigarh By Chandig...
A2: Getting ready for GDPR (with only one month to go)
1. GETTING READY FOR
GDPR (WITH ONLY ONE
MONTH TO GO)
CHAIR
SUSAN CORDINGLEY
DIRECTOR OF PLANNING AND RESOURCES,
NCVO
SPEAKERS
KATIE BONAS
LEGAL COUNSEL, SAMARITANS
VICTORIA HORDERN
HEAD OF DATA PRIVACY,
BATESWELLS BRAITHWAITE
Dinner
sponsors:
Media
partner:
Headline
sponsor:
Lead
sponsor:
Digital
partner:
2. 16 April 2018
Getting ready for GDPR
…and does it matter if we’re not.
NCVO Annual Conference 2018
3. What does Elizabeth Denham think?
ICO @ICOnews Apr 9
Q: What do you think is the most
important aspect of the GDPR?
ED: Transparency. That's the
expectation of the public. #DPPC2018
6. What will likely happen on 26th May 2018?
“I hope by now you know that enforcement is a last resort. I
have no intention of changing the ICO’s proportionate and
pragmatic approach after 25th of May. Hefty fines will be
reserved for those organisations that persistently,
deliberately or negligently flout the law.
Those organisations that self-report, engage with us to
resolve issues and can demonstrate effective
accountability arrangements can expect this to be a factor
when we consider any regulatory action”.
9th April 2018
8. Avoiding Data Security Breaches
• Operational safeguards
– Governance and responsibility
• Technical safeguards
– IT security measures fit for purpose
– Regular checks and audits
– Deploying robust encryption
• Policy and Procedure safeguards
– Data Security Policy and Incident Response Plan
– Have they been road tested?
• Personnel safeguards
– Training and Education
• Legal safeguards
– Auditing third party processors
9. Avoiding Complaints being made to the ICO
• Transparency
– Privacy Notices
• Control
– Giving individuals sufficient control of their data
• Systems
– Systems devised that assist with responding to requests
• Policies and Procedures
– Individual Rights Policy – responsive and efficient
– Has it been road tested?
• Personnel
– Training and education
– Can identify requests from individuals quickly
10. Final Thoughts
• The ICO expects you to have effective accountability
arrangements
• Know your vulnerabilities/ high risk areas
• Concentrate on what you can fix now:
– Governance
– Privacy notices
– Internal policies
– Training
• Have a plan for the more complex/ time consuming areas
– Third party processor contracts
– Internal data audit/ data mapping
– Data protection by design
12. GETTING READY FOR
GDPR
SUSAN CORDINGLEY
(DIRECTOR PLANNING &
RESOURCES, NCVO)
APRIL 2018
Dinner
sponsors:
Media
partner:
Headline
sponsor:
Lead
sponsor:
Digital
partner:
16. “ Staff who can be
relied on to exercise
good judgement and
use their common
sense when required
are more likely to
achieve compliance
with Data Protection
than good policies
alone”
16
PEOPLE NOT POLICIES
17. DOCUMENT WHAT YOU ARE DOING
17
This Photo by Unknown Author is licensed under CC BY-NC
18. DATA ASSET REGISTER
• Data asset
• Data controller
• Data processor
• Asset manager
• Type of data collected
• Purpose of data
• Data retention policy
• GDPR compliant
18
19. SOME OF OUR TRICKIER ISSUES
Soft opt in
Recognition – what is in scope?
When does an organisation become an individual?
Data sharing
Don’t forget paper copies/ physical archives
Keeping an eye on the big picture
19
20. PRACTICAL HELP AND SUPPORT
ICO
ico.org.uk/for-organisations/guide-to-the-general-
data...
NCVO KnowHowNonProfit website
knowhownonprofit.org/organisation/operations/
dataprotection
20
DON’T PANIC – BUT DO ACT NOW!
21. GDPR – the final
countdown
Katie Bonas (Legal
Counsel,Samaritans)
22. Prioritise &
Focus
Communicate, communicate, communicate!
ensure staff, volunteers and supporters know what we are
using their personal data for and on what basis
ensure leadership team and Board are aware of progress
and risk areas
set up FAQ pages for staff and volunteers
attend team meetings to check how confident teams are
feeling about compliance
Cascade training & embed accountability
compliance must be a team effort
channel queries through one contact per department /team
to enable them to be dealt with efficiently
23. Prioritise &
Focus
Don’t wait for guidance
there are many principles under the GDPR that can be
turned into action right away, without the need for
detailed guidance
get your housekeeping in order
Record, record, record
make sure all reviews, training sessions and
organisational changes are noted to enable you to
evidence the steps you have taken towards compliance
24. Prioritise &
Focus
Identify high risk areas
document what has been done so far in these areas, what
has yet to be done, when it will be done and by whom
allocate additional resources or time to addressing these
areas
Reach out to your network
share ideas about how to tackle compliance
you are not alone!
25. GETTING READY FOR
GDPR (WITH ONLY ONE
MONTH TO GO)
CHAIR
SUSAN CORDINGLEY
DIRECTOR OF PLANNING AND RESOURCES,
NCVO
SPEAKERS
KATIE BONAS
LEGAL COUNSEL, SAMARITANS
VICTORIA HORDERN
HEAD OF DATA PRIVACY,
BATESWELLS BRAITHWAITE
Dinner
sponsors:
Media
partner:
Headline
sponsor:
Lead
sponsor:
Digital
partner: