Cobb Digital Bitesize workshop - GDPR, are you compliant?
-
Upload
lauren-isaacs -
Category
Marketing
-
view
120 -
download
1
Transcript of Cobb Digital Bitesize workshop - GDPR, are you compliant?
![Page 1: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/1.jpg)
Preparing for the GDPR
How to comply
![Page 2: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/2.jpg)
Introduction to GDPR
![Page 3: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/3.jpg)
UK privacy history
What is GDPR?
1995
1998
2009
2012
2018
First EU
Data
Protection
Directive
Data
Protection Act
First public consultation
with view to revise
European data
protection framework
First draft of
the GDPR
GDPR
comes into
force
![Page 4: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/4.jpg)
• Trust
• Consumer control
• Transparency
Why is GDPR being enforced?
![Page 5: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/5.jpg)
GDPR fines & penalties
![Page 6: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/6.jpg)
Not complying can cost your business up to
€20million or 4% of the company’s annual
worldwide turnover (whichever is higher).
Fines & penalties
![Page 7: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/7.jpg)
hello
Fines & penalties
• Sent 3.3 million emails under the title ‘Are your
details correct?’ to people who didn’t sign up to
marketing material.
• Fined £70,000 in March 2017.
![Page 8: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/8.jpg)
hello
Fines & penalties
• Sent 289,790 emails clarifying whether
customers who hadn’t signed up
wanted to receive marketing
• Fined £13,000 in March 2017
![Page 9: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/9.jpg)
GDPR consumer statistics
![Page 10: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/10.jpg)
Trust in Personal Data: A UK Review
![Page 11: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/11.jpg)
• 96% of respondents claim to understand the term ‘personal data’ but less than 64% picked the correct definition
• 79% of consumers believe the primary use of personal data is for an organisations financial gain
• 65% of consumers are unsure if data is being shared without their consent
Trust in Personal Data: A UK Review
![Page 12: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/12.jpg)
Trust in Personal Data: A UK Review
![Page 13: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/13.jpg)
6 key updates
![Page 14: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/14.jpg)
1. Lawfulness, fairness & transparency
2. Purpose limitation
3. Data minimisation
4. Accuracy
5. Storage limitation
6. Security
6 key updated principles from the
Data Protection Act
![Page 15: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/15.jpg)
Individual’s rights & special
categories of data
![Page 16: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/16.jpg)
The GDPR provides the following
rights for individuals:
1. The right to be informed
2. The right of access
3. The right to erasure
4. The right to object
5. Rights in relation to automated
decision making and profiling
6. The right to rectification
7. The right to restrict
processing
8. The right to data portability
![Page 17: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/17.jpg)
The right to erasure: case study
• hiMario Costeja González
![Page 18: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/18.jpg)
Warning: Special categories of data
l1. Racial or ethnic origin2. Political opinions3. Religious / philosophical beliefs4. Trade union membership5. Genetic data6. Biometric data7. Data containing health or sex life8. Sexual orientation9. Criminal data
![Page 19: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/19.jpg)
Consent
![Page 20: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/20.jpg)
Every submission of personal data must be:
• Freely given
• Specific
• Informed
• Unambiguous
Consent
![Page 21: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/21.jpg)
Consent shouldn’t include:
• Pre-ticked boxes
• Assumptions
• Conditional consent
Consent
![Page 22: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/22.jpg)
How do you persuade consumers to share
their data?
• Offer incentives
• Be completely clear on what
the consumer will receive
• Be completely clear on storage details
and who the information will be shared with
The consent challenge
![Page 23: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/23.jpg)
The GDPR defines valid consent as
unambiguous, affirmative consent.
Consent
![Page 24: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/24.jpg)
The consent challenge: Incentives
![Page 25: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/25.jpg)
The consent challenge
Come up with an incentive to
encourage sign ups to
your mailing list
![Page 26: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/26.jpg)
Can we still use a pre-ticked
box as consent?
Consent Q&A
No, GDPR doesn’t class a pre-ticked
box or any form of inactivity as valid
consent. The data subject must make
an affirmative action for
their consent to be valid.
![Page 27: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/27.jpg)
What is the best way to gain valid consent
if purchasing a product or service?
Consent Q&A
The best way to ensure that you’re fully
compliant with the GDPR is to include a
separate opt-in option at the point a
consumer joins/purchases by
encouraging them to sign up to receive updates via email.
![Page 28: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/28.jpg)
We’ve got historic lists –
will they still be valid?
Consent Q&A
If your current data hasn’t specifically
been collected using affirmative consent
for all activities, or you don’t have a record
of the details required, then
you’ll have to gain fresh consent.
![Page 29: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/29.jpg)
New database requirements
![Page 30: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/30.jpg)
Database requirements
Organisations must be able to demonstrate that an individual consented to the processing of their personal data.
If consent is given
over the phone, you’ll
need a recording
If you collect consent
online, you’ll need to
record consent wording,
time & source
![Page 31: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/31.jpg)
True or false
![Page 32: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/32.jpg)
True or false
GDPR will stop dentists ringing patients to remind them about appointments
![Page 33: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/33.jpg)
True or false
All personal data breaches will need to be reported to the ICO.
![Page 34: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/34.jpg)
Existing data
![Page 35: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/35.jpg)
Existing data
![Page 36: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/36.jpg)
Existing data
Credit: Getty
![Page 37: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/37.jpg)
Review your strategy
![Page 38: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/38.jpg)
Data controller vs data processor
![Page 39: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/39.jpg)
Are you a data controller or data processor?
Data controller - the organisation that collects personal data and decides how it will be used.
Data processor - the organisation that processes personal data on behalf of the data controller.
![Page 40: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/40.jpg)
Data controller obligations
• Collects data
• Which items of personal data to collect
• How the data will be used
• Whether to disclose the data, and if so,
who to
• Arranging access
• Storage
![Page 41: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/41.jpg)
Data processor obligations
• To process data fairly
and lawfully
• Data is kept accurate
and up to date
• Data is only kept for
as long as necessary
• Adhere to all agreements in your
contract with the data controller
![Page 42: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/42.jpg)
Data controller or data processor?
A local authority uses a cloud provider to store
data about its housing stock and residents, rather
than holding the data on its own IT system.
The cloud provider is also contracted to delete
certain data after a particular period and to grant
members of the public access to their own
records via a secure online portal.
![Page 43: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/43.jpg)
Data controller or data processor?
An online retailer work in co-operation with a
third-party payment company to process
customers’ transactions.
![Page 44: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/44.jpg)
Data protection officer
![Page 45: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/45.jpg)
The data protection officer (DPO)
A data protection officer is responsible for overseeing your data protection strategy and implementation to ensure compliance with GDPR.
• Inform
• Monitor
• Contact
![Page 46: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/46.jpg)
Who needs a DPO?x
• Public authorities
• Large scale systematic monitoring of individuals
• Large scale processing of special categories
![Page 47: Cobb Digital Bitesize workshop - GDPR, are you compliant?](https://reader034.fdocuments.us/reader034/viewer/2022051504/5a64f1277f8b9aa2548b4d05/html5/thumbnails/47.jpg)
Any questions?
Thank you
http://cobb.agency/digital | 01273 208 913