IAB GDPR A CASE APPROACHNiklas Nykter

June 2017

ACCENTUREAccenture solves our clients' toughest challenges by providing unmatched services in strategy, consulting, digital, technology

and operations. With expertise across more than 40 industries and all business functions, we deliver transformational outcomes for a demanding new digital world.

5B+raw events processed daily

1M+endpointsmanaged

30M+digital identitiesmanaged

5,000+ securityprofessionals

Our security practice globally:

4,000clients in 120+ countries.

Comm.Media

& Tech.

FinancialServices

Health & Public Service

Products Resources

Accenture Security

ACCENTURENordic Security

Tukholma

Malmö

OsloBergen

Stavanger

Göteborg

Kööpenhamina

Helsinki

Riika

Tampere

# of employeesFinland 1400Sweden 873Norway 844Denmark 466 Latvia 539

~ 140 securityprofessionals in

Nordics

GDPRAccenture Point of View

Digitalisaatioajuri

Ajattelutavan muutos

Liiketoimintakontekstiriippuvainen

GDPRAccenture Approach

6

GDPR KOKONAISHANKE

Initiation“What is required?”

Mobilization“What needs to be done – how, when and by whom?”

Implementation of Changes“Getting it done”

Review and update Data Strategy

Legal Interpretation of GDPR Requirements

Conversion to Business

Requirements

Gap Assessment

Set up GDPR Project

Coordinate through Data Governance

Define Remediation

Activities

Design and Implement Data Governance

Personal Information” Data MappingGDPR Project management, Business and IT Readiness

Data Privacy Framework and Data Sharing

DPIAs and DPO Operating Model

Legal grounds* for Individual Rights and Consent

Data Privacy Security and Incident management

4-6 weeks 6-8 weeks 6-12 months

Conversion to IT

Requirements

1

2

3

4

5

6

7

8

9

10

11

12

13

Updates to…

Roles & ResponsibilitiesWays of working & proceduresData ProcessesData Sharing AgreementsData Privacy PoliciesData Operating PoliciesSystem and Manual ControlsPeople skillsSystem FunctionalitySecurity Operations[not exhaustive]

ALOITUSYmmärretään asiakkaaseen kohdistuvat vaatimukset

Design and Implement Data Governance

1Personal Information

Data Mapping

2Legal Interpretation of GDPR Requirements

3

Conversion tohigh level

business requirements

4Conversion to

high levelIT requirements

5 6

7 8 9

121110

13

MOBILISOINTIVaaditut toimenpiteet - miten, milloin ja kenen toimesta?

High Level Gap Assessment

1 2 3

4 5 6

Design and Implement Data Governance

7

Set up GDPR project

8 9

121110

13

IMPLEMENTOINTIMuutosten toteuttaminen

DPIAs and DPO Operating Model

1 2 3

4 5 6

7 8GDPR Project

management, Business and IT Readiness

9

Legal grounds* for Individual Rights and

Consent

Data Privacy Framework and Data Sharing

121110

Data Privacy Security and Incident management

13

Updates to…

Roles & ResponsibilitiesWays of working &

proceduresData Processes

Data Sharing AgreementsData Privacy Policies

Data Operating PoliciesSystem and Manual Controls

People skillsSystem FunctionalitySecurity Operations

[not exhaustive]