GDPR Enforcement model
Perform a detailed gap analysis
Areas concerned shall include. Transparency. Collection & Purpose Limitation. Consent: How does your organization seek,…
Data Breach Notification
Notification to supervisory authority by Controller¦New Mandatory only if breach is likely to result in…
Compliance assessment and objectives
Lawfulness
Processing is lawful if at least 1 legal justifications applies. Data subject has given consent…
Assess the risk
Mandatory security measures depend on risk level. Taking into account the state of the art,…
Processor’s New Direct Responsibilities
GDPR regulates processors¦NewController shall contract only with processors providing sufficient guarantees (e.g ISO 27018 for…
Risk assessment map
Data Protection Impact Assessment DPIA
Mandatory if processing is likely to result in a high risk. In regards to its…
Prioritize objectives and tasks
Conduct Level of Effort (LOE) Analysis Identify remediation action for each gap and estimate Levels…
Restrictions to Individuals’ Rights, Transparency
Member States may narrow the scope of rights/transparency if restriction “Respects the essence of fundamental…
Build remediation plan
Build a timeline for actions to perform on the ground of the gap, risk and…
Remedies & liabilities
GDPR makes it easier for individuals to bring claims Right to Remedies Lodge a complaint…
Execute remediation plan
Implement actions following priorities. Keep particular attention to: Data protection frameworks.Data protection governance.Privacy by design…
Cross border enforcement
One stop shop¦New. One stop shop is one objective included in EU commission proposal in…
Data Protection Officer DPO
Mandatory DPO¦New. Controller and the processor must appoint a DPO where: Processing is performed by…
Monitor
Monitor compliance Governance framework. Risk metrics. Processes. Support. Guidance. DPO. Training, awareness, audits. Regulation updates….
Security reinforced for transfers
Transfer of personal data (for processing) outside of the European Economic Area EEA are permitted…
Widen Scope
Expanded territorial scope Establishments in the EU Real exercise of activity more than Establishments’ legal…
Benefits of GDPR compliance
Avoid the risk of massive fines. Penetrate a new 500 millions consumer market. Gain a…
GDPR is Applicable Across EU
GDPR coming into forceUniformity within all European countriesNo need for EU member states to implement…
Transfers of personal data
General derogations Explicit informed consent has been obtained, or Transfer is necessary (for performance of…
GDPR New Principles
Principles / personal data. Lawfulness, fairness and transparency. Purpose limitation. Data minimization. Accuracy. Storage limitation….
Massive fines & Penalties
Revenue based administrative fines Increased risk Sanctions imposed by SA are effective, proportionate and dissuasive….
Consent
Required if consent serve as legal justification. Shall be unambiguous or even explicit¦New. Proof of…
Ensure Security of Processing
Taking into account the state of the art, the costs of implementation […] the controller…
Accountability
Controller is responsible for and shall demonstrate compliance with the 6 principles related to personal…
Controller’s Strengthened Responsibilities
Controller takes “appropriate technical and organizational measures to ensure and demonstrate” that processing complies with…
Roadmap to compliance
Assess your readiness compliance. Define your project scope. Explore and understand your data. Perform a…
Enhanced rights for data subject
Transparency: Transparent, intelligible, easily accessible form, clear and plain language (child).Duty to facilitate exercise of…
Readiness compliance & project scope
Snapshot readiness assessment Understand the GDPR principles Answer key questions Checklist key actions to fit…
Special Categories
Data processing is prohibited when relates to Racial or ethnic origin. Political opinions. Religious or…
Explore and understand your data
Execute a detailed data Inventory and discovery Identify the differents kinds of personal data you…