Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
GDPRandLogistics 38daysandcounting
Lynn Parnell 16th April 2018
LynnParnellIndependentLogisticsConsultantSpecialistinLogisticsITprojects–software&hardwareInLogisticssince1990,startingwitha3PLinoperationalrolesSpecialistinITinLogisticssince1991EstablishedLogisticsPartnersin2000Selection,Design,Implementation,AuditNotalegalspecialistButGDPRimpactsalotofwhatIdoTransaidAmbassador
QuestionsWhohasheardaboutGDPR?WhothinksGDPRisrelevanttotheirjob?WhohashadspecifictrainingaboutGDPR?WhoseorganisationhasnewproceduresforGDPR?
WhatisGDPR?TheEUGeneralDataProtectionRegulation(2016/679)ReplacesUKDataProtectionAct1998Effective25thMay2018“Thebiggestchangetodataprotectionlawforageneration”Finesupto£17millionor4%ofglobalturnover
ICOView“Ifyourorganisationcan’tdemonstratethatgooddataprotectionisacornerstoneofyourbusinesspolicyandpractices,you’releavingyourorganisationopentoenforcementactionthatcandamagebothpublic
reputationandbankbalance.Butthere’sacarrothereaswellasastick:getdata
protectionright,andyoucanseearealbusinessbenefit.”InformationCommissionerElizabethDenham
MythsGDPRisonlyaboutemailmarketingGDPRwillnotberelevantafterBREXITIoutsourceoperationssodonotneedtoworryItisonlyaboutdataoncomputersOnlyaffectsdataheldintheEU
KeyRequirementsPrivacybydesignPrivacybydefaultDataProtectionOfficersDataPrivacyimpactassessmentDataControllersandDataProcessorsPersonalDatashallbe
CollectedLawfullySpecificpurposeAdequaterelevantandlimitedAccurateanduptodateNolongerthannecessaryfororiginalpurposeAppropriatesecurity
WhatisPersonalData?IdentifiesapersondirectlyorindirectlyExamples
NameAddressDateofBirthPassportNumberDrivinglicensenumberTelephonenumberEmailaddressIPaddressCarregistration
Thislistisnotexhaustive!
DataSubjectrightsClearconsentorlegitimateuseTransparencyTobeinformedofabreachRighttobeforgottenPortabilityofdataAccesstodataRectificationofdataRestrictautomatedprocessing
CompanyObligationsAccountableDemonstrateCompliance
KeepdatasecureAllowaccessFacilitateeditordelete
SafeguardsfordatatransferredtoothersIfappropriateappointDataProtectionOfficerReportDatabreachPayafeetoICO
ExamplesofLogisticsUsesPersonnelrecordsDriverdetailsCustomerdetailsPickinglistsinwarehousesPODdevicesPrinteddeliverynotesonclipboardsSpreadsheetsforKPIsSigninginBooksTestdataTHISISNOTANEXHAUSTIVELIST!
RealExamples
IsyourOrganisationReady?🤔"😄😎🍹&😱🤯💩⏱⏳🏔👣
StepstoComplianceDoyouneedaDataProtectionOfficer?IdentifyDataController/DataProcessorIdentifywhatdataisheldwhereDataProtectionImpactAssessmentComplianceplanforalldataContractsforoutsourceddataprocessorsTraining&AwarenessContinuousauditforcomplianceInfoatwww.ico.org.uk
Don’tForgetNonCompliance
Fineofupto£17millionor4%ofglobalturnover
SO!WhohasheardaboutGDPR?WhothinksGDPRisrelevanttotheirjob?WhothinkstheirteamneedspecifictrainingaboutGDPR?WhothinkstheirorganisationneedsnewproceduresforGDPR?WHOHASSOMEWORKTODO?38Daysandabout4hourstogo!
Any Questions?
GraphiccourtesyofInterimTeam