Deadline is May 25, 2018 for meeting compliance standards set by the General Data Protection Regulation (GDPR). With penalties for non-compliance set at up to 4% of annual revenue, it’s a clear area for focus – but are you ready?
Two recent IACCM Ask the Expert audio-visual webinars linked as recordings below can help ease the angst by answering questions many of you are asking. Experienced practitioners hosting the webinars share their common sense strategies that will help you get the job done.
The first webinar -- Making GDPR work for you – Moving from hype to hope -- takes you through GDPR, highlighting ways you can plan for it. Presenters Steve Lawton, Data Protection Officer of FTSE 250 Company FDM Group; and Mark Darby, Founder of Alliantist (the company behind ISMS.online) respond to questions that might be keeping you “awake at night.”
- What is involved?
- Where do we start?
- When do we finish?
- What does “good” look like?
- What’s the worst that can happen?
- Where can we go for help?
- Who do we believe?
- How much do we need to invest?
- What order do we get this done in?
- How do we fit this into other initiatives already in play or need to get done?
- How do we show we can be trusted?
- How can we trust our suppliers?
Three slides in particular shed light on the answers you likely need:
- Slide 8 provides 84 questions about your readiness across 7 key areas of privacy and protection. Answering these will send you a long way toward complying with GDPR.
- Slide 9 helps you take the ICO gap analysis so you can develop your own unique plan designed to help you determine if you have met ISO 27001 requirements.
- Slide 10 covers how to identify risks to discover your primary vulnerabilities.
For questions about this webinar, contact email@example.com
The second webinar -- Data Protection – the global impact of GDPR – is presented by James Mullock, partner in law firm Bird & Bird. James covers the following three major areas. This presentation covers hidden concerns - like the potential effects of Brexit - and it forecasts other impacts.
- What will May 2018 bring with respect to GDPR? He quickly overviews Europe's changing data protection and cyber incident regulatory framework. He asks and answers briefly “what about Brexit?”
- What Key changes can we expect? Specifically, what will be expected of organizations that trade physically or digitally in the EU? What impact will the changes have on contracts?
- What about data transfers? Specifically, how do EU data transfer laws work? How could upcoming developments impact contracts and projects?
Toward the end of his presentation, James unwraps a four-part compliance plan showing specific ways to:
- plan and structure (including a gap analysis, cyber risk issues)
- analyze and manage your supply chain risk (including audits, liability, training, insurance)
- research accountability, notices and consent (including staff policies, privacy)
- handle security and breach notification (including incident response plan, encryption, legal privilege, codes of conduct)
Finally, as many of you know, a resource to explore thoroughly is the European Commission's website on GDPR. It is very detailed and comprehensive. On the website, four short articles define important terms and conditions you’re going to encounter along the way:
- What does the General Data Protection Regulation (GDPR) govern?
- What is personal data?
- What constitutes data processing?
- What are Data Protection Authorities (DPAs)?
Stronger rules on data protection mean people have more control over their personal data and businesses benefit from a level playing field – a GDPR statement appearing on the EU website.