Upload
bart-van-den-brande
View
81
Download
1
Embed Size (px)
Citation preview
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017
In this presentation
Introduction to GDPRWho is affected by GDPRGDPR in your law firm?Impact of GDPR on business processesImpact of GDPR on database managementNecessity of GDPR complianceOpportunities offered by GDPRSet-up of GDPR compliance trajectoriesContact details of the Sirius Legal IT/IP/Media team
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017An Introduction…
“General Data Protection Regulation” EU 2016/679Replaces Directive 95/46/EG (which in itself was an update of a 1989 Regulation)
Determines rules that companies and organisations should followWhen “collecting” or “processing” “personal data”
“Personal data” = ANY piece of information that in itself or in combination withOther pieces of information can allow somewhone to directly or indirectly –with the help of third parties- identify a fysical person.
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017An introduction…
“General Data Protection Regulation” EU 2016/679Replaces Directive 95/46/EG (which in itself was an update of a 1989 Regulation)
The times, they are a changin’…
1995No online marketingNo “profiling” or “tracking”No “cookies”No “big data”No “trigger based marketing”No e-commerce or social mediaNo cloud, Internet of Things, drones, mobile devices, …Less than 1% of EU population had an internet connection …
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017An introduction…
GDPR enters into force on 25 May 2018NO transition period
National Privacy Authorities will be entitled to impose VERY high fines (4% of worldwide turnover)
GDPR compliance is inevitable
Companies do best to see GDPR as an commercial opportunity/advantage and start early (although it is probably to late to start “early”)
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017An introduction…
EVERY company that collects, stores or “processes” “personal data”
ObviouslyAnyone in (online) marketingBankingFinanceE-commerceTravel
But alsoANY company that has a client databaseANY company that has an HR/personel data baseANY company that has an accounting databaseAny company that has a procurement database…
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Who is affected…?
EVERY company that collects, stores or “processes” “personal data”
Regardless of size, sector or type of activity
That means just about every company or organization
ALL of your clients, regardless of their business
Private clientsSME and independant workersCorporate clientsNot-for-profit organisationsGouvernement and public services, hospitals,…
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Who is affected…?
GDPR compliance is inevitable for all of your clientsMost companies are unaware of obligations and consequences
But even more so…
YOUR FIRM should start working on its own complianceYour client data base also falls under GDPR compliance obligations
Consulegis as an organisation should start working on its own complianceIts contact data base and membership database also falls under GDPR complianceObligations…
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017GDPR in your law firm…?
Only work with “safe” subcontractors (we are already seeing the consequences of this in the marketing sector)
Have in place written contracts with a series of mandatory data security clauses
Data processing log journal within the organisation
Appropriate technical and organizational measures, to ensure an appropriate level of security” (pseudonimise, security, back-ups, access restrictions, …)
Data Protection Impact Assessment
Data Breach Notification obligation (+ appropriate procedure in place)
Data Protection officer within the organization
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Impact of GDPR on business processes
Information and consent
Legality of processing – opt-in remains basic rule – “justified reasons” (DM?)Proof of prior “informed” and “free” opt-in required for data controller-16 YO? Consent only by parentsBuying (or selling) data base? Obligation to inform data subject within 30 daysRight to object to profilingRight to object to electronic decision takingData portabilityRight to be forgottenPrivacy by designPrivacy by defaultData portabilityPseudonymous or anonymous data…
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Impact of GDPR on database management
Clients (and law firms) should be well prepared…
Most important articles (cfr. Profiling, PIA, data breach notification, DPO, …)Fines up to 20 mio euroOr up to 4% of worldwide turnover
Movement towards “level playing field” within EU will lead to more proactive action by authorities in traditionally “soft” countries (e.g. Belgium)
+ damage compensation
+ damage to company/brand image
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Necessity of GDPR compliance
GDPR compliance is inevitable for all of your clientsMost companies are unaware of obligations and consequences
Important part of compliance trajectory is legal work (as we will see in the upcoming minutes), but IT firms and business consultants are gradually occupying the field
Opportunity for clients toUse GDPR compliance as a sales argumentUse GDPR compliance as a means to install proper business processes, dataownership, appropriate security, …
Opportunity for law firms to Strengthen relationship with your clients by informing/alarming them in time“Upsell”Consulegis as a network to act on cross border level…
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Opportunities offered by GDPR…?
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Independants Work load +/- 2 daysTiming: 3 to 4 weeks
SME’s Work load
Depending on size, maturity and complexity
Work load: 5 to 25 daysTiming: 1 to 4 months
Corporate entitiesDepending on size, maturity and
complexity Work load: 20 to … daysTiming: 3 to 10 months
Why GDPR compliance is important to your law practiceConsulegis European Regional Meeting 2017Set-up of GDPR compliance trajectories
Our IT/IP/Media team
Media & advertisement lawCopyright - trademarks - datebases - software - knowhowTravel & consumer protectionIT, Internet & e-commercePrivacy, data protection & cookiesGambling & gaming
[email protected] or [email protected]/siriuslegal