• Home

  • Documents

  • The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally...
8
The GDPR Are you ready? kpmg.ie

The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

  • Upload
    others

  • View
    1

  • Download
    0

Embed Size (px)

Citation preview

Page 1: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

The GDPR Are you ready?

kpmg.ie

Page 2: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do
Page 3: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

The GDPR - Overview

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection framework under the EU Data Protection Directive.

This regulation imposes new obligations and stricter requirements on all organisations involved in the processing of personally identifiable data, emphasising transparency, security and accountability.

Objectives

The primary objectives of the GDPR are to:• Institute citizens’ rights in controlling their personal data • Simplify the regulatory business environment by adopting a

unified regulation across the EU Implications

Failure to comply with the directive may result in:• Fines of up to €20,000,000 or 4% of total annual global

turnover (whichever is greater)• Reputational risk • Individuals are also empowered to bring private claims against

organisations where their data privacy has been infringed

THE GENERAL DATA PROTECTION REGULATION 1

Page 4: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

The GDPR - Summary of key requirementsGDPR contains 99 articles and 173 recitals. A summary of key requirements include:

Personal data Extended definition now includes direct and indirect identification.

Accountability Mandatory accountability culture, privacy management activities and record keeping with enforcement policies.

Vendor Management Liability now includes both data controllers and data processors making vendor management a critical aspect.

Expanded personal privacy rights Additional rights of access, notice, consent, portability, profiling and erasure.

Data protection officer Under certain circumstances, requirement for an assigned and empowered DPO to steer compliance.

Breach notification obligation Breach notification within 72 hours of identification.

Privacy impact assessments Regular testing, assessment and evaluation of effectiveness of technical and organisational measures.

Cross-border data transfer Requirement to know all of your data processors that are handing EU personal data.

Privacy by design and default Embed privacy-related technical and organisational measures into design and by default only process personal data where necessary.

THE GENERAL DATA PROTECTION REGULATION2

Page 5: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

The GDPR and YOU

If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018

Do you have interactions with individuals? e.g. via Sales, Procurement, Marketing, Human Resource and Payroll processes

What is your Data Privacy strategy – People/Process/Technology and Protect/Detect/Respond?

Who is in charge of Data Privacy and Protection in the company?

Do you know where your data is stored and who has access to it?

Do you know how your third parties safeguard your data?

THE GENERAL DATA PROTECTION REGULATION 3

• Do you have a culture of Data Monitoring? • Are your employees aware of the GDPR implications?

Did you obtain the data on a “lawful basis”? Is it shared outside of the EU?

THE GENERAL DATA PROTECTION REGULATION3

Page 6: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

How KPMG can help

Management Consulting• GDPR Readiness

Assessment• GDPR Programme

Planning & Management • Data Governance• Process Design• Change Management

Forensic Services• Data Discovery • Where complexity

requires a software-driven response

• Ongoing monitoring and control over your personal data storage

Implementing GDPR requires a multi-disciplinary team of subject matter experts.

KPMG’S unrivalled experience of large transformational change projects means we understand the challenges facing you and can assist you in addressing them.

Legal Services• Legitimate basis

for Data Processing activities

• Privacy notices meet the GDPR requirements

• 3rd Party Contract Review

Risk Consulting• Data Protection Risk,

Process and Control Assessments

• Information Security & Controls

• Cyber Security

GDPR Readiness

THE GENERAL DATA PROTECTION REGULATION4

Page 7: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

How KPMG can help We can offer you a full range of services which can be customised to suit your specific needs at any stage in your journey to GDPR readiness.

Start Now

ASSESS GDPR readiness assessment Create & collate personal data registers

GDPR 25th May 2018

DESIGN Initiate GDPR readiness programme Design your data protection & governance framework

MONITOR Demonstrate ongoing compliance Regular testing, assessing & evaluation of security measures

IMPLEMENT Revised data governance structures Policies, procedures, notices & contract changes Staff training & awareness

1

23

4

THE GENERAL DATA PROTECTION REGULATION 5THE GENERAL DATA PROTECTION REGULATION5

Page 8: The GDPR - are you ready? · The GDPR and YOU If your organisation processes personally identifiable data, you will need to be in compliance with the GDPR by the 25th May 2018 Do

© 2017 KPMG, an Irish partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (“KPMG International”), a Swiss entity. All rights reserved. Printed in Ireland.

The information contained herein is of a general nature and is not intended to address the circumstances of any particular individual or entity. Although we endeavour to provide accurate and timely information, there can be no guarantee that such information is accurate as of the date it is received or that it will continue to be accurate in the future. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.

The KPMG name and logo are registered trademarks of KPMG International Cooperative (“KPMG International”), a Swiss entity.

If you’ve received this communication directly from KPMG, it is because we hold your name and company details for the purpose of keeping you informed on a range of business issues and the services we provide. If you would like us to delete this information from our records and would prefer not to receive any further updates from us please contact [email protected] or phone +353 1 700 4868.

Produced by: KPMG’s Creative Services. Publication Date: Sept 2017. (2980)

kpmg.ie

Market Leading GDPR Consulting Provider

Paul Toner

Management Consulting Partner

T. +353 1 410 1277E. [email protected]

Michael Daughton

Risk Consulting Partner and Cyber Risk Lead

T. +353 1 1 410 2965E. [email protected]

David Collins

Director, Management Consulting

T. +353 1 700 4282E. [email protected]

William O’Brien

Director, Forensics

T. +353 1 700 4119E. [email protected]

Gordon Wade

Manager, Legal Services

T. +353 1 700 4806E. [email protected]


GDPR digest - tmaclub.com · ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest

GDPR digest - tmaclub.com · ARE YOU GDPR READY? {More than a MORTGAGE CLUB} GDPR digest

Documents
GDPR – Threat and Opportunity · 2017. 10. 23. · GDPR – Threat and Opportunity Tobias Witt, SAS Institute "Change before you have to ... GDPR – a Compelling Event Anonymization,

GDPR – Threat and Opportunity · 2017. 10. 23. · GDPR – Threat and Opportunity Tobias Witt, SAS Institute "Change before you have to ... GDPR – a Compelling Event Anonymization,

Documents
GDPR: what you need to know - EY · GDPR: what you need to know Getting to grips with the EU General Data Protection Regulation (GDPR) Introduction In May 2018, the European Union’s

GDPR: what you need to know - EY · GDPR: what you need to know Getting to grips with the EU General Data Protection Regulation (GDPR) Introduction In May 2018, the European Union’s

Documents
ArcTitan - What do you need to know about EU GDPR?WHAT DO YOU NEED TO KNOW ABOUT EU GDPR? Whatever business you’re in, the new EU GDPR will have an impact on your organisation. Information

ArcTitan - What do you need to know about EU GDPR?WHAT DO YOU NEED TO KNOW ABOUT EU GDPR? Whatever business you’re in, the new EU GDPR will have an impact on your organisation. Information

Documents
GDPR ist da Und jetzt? - magellan netzwerke GmbH · 2018-06-21 · Let Splunk Professionals get you to GDPR Visibility Faster GDPR Implementation Success Packages Category Outcome

GDPR ist da Und jetzt? - magellan netzwerke GmbH · 2018-06-21 · Let Splunk Professionals get you to GDPR Visibility Faster GDPR Implementation Success Packages Category Outcome

Documents
General Data Protection Regulation (GDPR) · GDPR Compliance Data Residency Cost Savings FILECLOUD HELPS YOU MEET GDPR User consent Right to access Right to be forgotten Data portability

General Data Protection Regulation (GDPR) · GDPR Compliance Data Residency Cost Savings FILECLOUD HELPS YOU MEET GDPR User consent Right to access Right to be forgotten Data portability

Documents
GDPR & LOL Digital PropertiesGDPR Basics The General Data Protection Regulation (GDPR) is a far-reaching privacy law governing the collection & use of personally identifiable information

GDPR & LOL Digital PropertiesGDPR Basics The General Data Protection Regulation (GDPR) is a far-reaching privacy law governing the collection & use of personally identifiable information

Documents
GDPR - What does this mean for you? Accelerate GDPR ... · How does GDPR affect organizations? Enhancedpersonal privacy rights. Increased duty for protecting data. Mandatory breach

GDPR - What does this mean for you? Accelerate GDPR ... · How does GDPR affect organizations? Enhancedpersonal privacy rights. Increased duty for protecting data. Mandatory breach

Documents
SilkRoad Technology Security · OPERATIONAL SECURITY GENERAL DATA PROTECTION REGULATION (GDPR) ORGANIZATIONAL SECURITY PERSONALLY IDENTIFIABLE INFORMATION (PII) SilkRoad leverages

SilkRoad Technology Security · OPERATIONAL SECURITY GENERAL DATA PROTECTION REGULATION (GDPR) ORGANIZATIONAL SECURITY PERSONALLY IDENTIFIABLE INFORMATION (PII) SilkRoad leverages

Documents
Document Lifecycle Management Group - SCTP · Document Lifecycle Management Group According to GDPR… ZPersonal data' means any information relating to an identified or identifiable

Document Lifecycle Management Group - SCTP · Document Lifecycle Management Group According to GDPR… ZPersonal data' means any information relating to an identified or identifiable

Documents
What Does GDPR Mean for B2B Organizations? - OpenText · PDF fileWhat Does GDPR Mean for B2B ... enterprise, digital fax solution ... GDPR places responsibility to ensure that you

What Does GDPR Mean for B2B Organizations? - OpenText · PDF fileWhat Does GDPR Mean for B2B ... enterprise, digital fax solution ... GDPR places responsibility to ensure that you

Documents
GDPR an Introduction - Community Works · 2017. 11. 15. · GDPR an Introduction Are You ready? GDPR monetary penalties. GDPR an Introduction Are You ready? Paul Hamill - Assurance

GDPR an Introduction - Community Works · 2017. 11. 15. · GDPR an Introduction Are You ready? GDPR monetary penalties. GDPR an Introduction Are You ready? Paul Hamill - Assurance

Documents
GDPR & Parmenion · GDPR & Parmenion 3 1. How have Parmenion prepared for GDPR? With GDPR coming into effect on the 25th May 2018, we understand that you will be making preparations

GDPR & Parmenion · GDPR & Parmenion 3 1. How have Parmenion prepared for GDPR? With GDPR coming into effect on the 25th May 2018, we understand that you will be making preparations

Documents
Preparing your organisation for the GDPR: What you need to

Preparing your organisation for the GDPR: What you need to

Documents
GDPR, GDPR, vaan mikä se on se GDPR

GDPR, GDPR, vaan mikä se on se GDPR

Presentations & Public Speaking
THE GDPR PLAYBOOK - Melissa...governance policies and assets for GDPR compliance needs and beyond. On behalf of the BackOffice Associ-ates team, we hope you find the GDPR Playbook

THE GDPR PLAYBOOK - Melissa...governance policies and assets for GDPR compliance needs and beyond. On behalf of the BackOffice Associ-ates team, we hope you find the GDPR Playbook

Documents
What is GDPR and Should You Care? - Ingram Microsecurity.ingrammicro.com/.../What-is-GDPR-and-Should-you-Care.pdf · What is GDPR and Should You Care? 1405002 rev 6.27.14 Proprietary

What is GDPR and Should You Care? - Ingram Microsecurity.ingrammicro.com/.../What-is-GDPR-and-Should-you-Care.pdf · What is GDPR and Should You Care? 1405002 rev 6.27.14 Proprietary

Documents
Webinar | GDPR: How Can Content Services Help You Comply?

Webinar | GDPR: How Can Content Services Help You Comply?

Presentations & Public Speaking
Don’t Let GDPR Blow You Away: 5 Tips to Help you Set Sail

Don’t Let GDPR Blow You Away: 5 Tips to Help you Set Sail

Technology
Web - b2b-gdpr.comor via article downloads or using inbound social media to send visitors to ... personally identifiable generic emails. GDPR COMPLIANT B2B EMAIL MARKETING PLATFORM

Web - b2b-gdpr.comor via article downloads or using inbound social media to send visitors to ... personally identifiable generic emails. GDPR COMPLIANT B2B EMAIL MARKETING PLATFORM

Documents
GDPR - What You Need To Know

GDPR - What You Need To Know

Technology
Cobb Digital Bitesize workshop - GDPR, are you compliant?

Cobb Digital Bitesize workshop - GDPR, are you compliant?

Marketing
GDPR | HEALTH & RESEARCH...2016/11/18  · GDPR “in a nutshell” AGE OF MATURITY Any information of any kind relating DIRECTLY OR INDIRECTLY to an identified or identifiable natural

GDPR | HEALTH & RESEARCH...2016/11/18  · GDPR “in a nutshell” AGE OF MATURITY Any information of any kind relating DIRECTLY OR INDIRECTLY to an identified or identifiable natural

Documents
Lexis PSL Risk & Compliance GDPR Planner (Phases 1, 2, 3 ... · 1 GDPR Planner (drafting notes) This GDPR planner aims to help you prepare your business data compliance processes

Lexis PSL Risk & Compliance GDPR Planner (Phases 1, 2, 3 ... · 1 GDPR Planner (drafting notes) This GDPR planner aims to help you prepare your business data compliance processes

Documents
Crayon’s GDPR Assessment · GDPR Maturity Assessment The Crayon GDPR Maturity Assess-ment provides a comprehensive insight into how you should design and customize documents as

Crayon’s GDPR Assessment · GDPR Maturity Assessment The Crayon GDPR Maturity Assess-ment provides a comprehensive insight into how you should design and customize documents as

Documents
The Finance Industry and the GDPR - Canon Globaldownloads.canon.com/nw/industries/MPI-GDPR-Whitepaper...Brought to you by Canon U.S.A., Inc. The Finance Industry and the GDPR New Standards,

The Finance Industry and the GDPR - Canon Globaldownloads.canon.com/nw/industries/MPI-GDPR-Whitepaper...Brought to you by Canon U.S.A., Inc. The Finance Industry and the GDPR New Standards,

Documents
How Blackboard’s GDPR implementation supports our clients€¦ · | 2 | how blackboard’s gdpr implementation support our clients 31 march 2018 contents gdpr – what you need

How Blackboard’s GDPR implementation supports our clients€¦ · | 2 | how blackboard’s gdpr implementation support our clients 31 march 2018 contents gdpr – what you need

Documents
POPIA GDPR 05 Cover&Intro - Novation Consultingor GDPR applies is virtually impossible. However, to get there, you have some decisions to make. Where the GDPR introduces a concept

POPIA GDPR 05 Cover&Intro - Novation Consultingor GDPR applies is virtually impossible. However, to get there, you have some decisions to make. Where the GDPR introduces a concept

Documents
Do You Have a Roadmap for EU GDPR Compliance?

Do You Have a Roadmap for EU GDPR Compliance?

Technology
GDPR and its Impact on Brand Protection: Everything you ...€¦ · GDPR and its Impact on Brand Protection: Everything you need to know . Table of Contents ... For those wondering

GDPR and its Impact on Brand Protection: Everything you ...€¦ · GDPR and its Impact on Brand Protection: Everything you need to know . Table of Contents ... For those wondering

Documents