Preparing for GDPR - Oyster IMS
-
Upload
simplex-consulting -
Category
Business
-
view
78 -
download
1
Transcript of Preparing for GDPR - Oyster IMS
2 May 2023 Preparing for the EU GDPR
Preparing for the EU Data Protection Regulation
(GDPR)
www.oyster-ims.com
April 2016
2 May 2023 Preparing for the EU GDPR
On April 14 2016, the European Union adopted the General Data Protection Regulation (GDPR) after four years of negotiationIt will come into force in April 2018 - there are two components to the new law:
The General Data Protection Regulation (GDPR) which is designed to give EU citizens better control of their personal dataData Protection Directive which covers how personal data is used by police in the EU
Preparing for the EU GDPR – What is it?
2 May 2023 Preparing for the EU GDPR
Under the new rules:
Individuals will have more information on (and control over) how their personal data is processed - data protection must be "by default" and "by design" for products and services and include adequate “affirmative consent”Personal data will be portable, so that it can be moved more easily between different organisationsThe so-called "right to be forgotten“ is clarified under the GDPR
Preparing for the EU GDPR – What’s new?
2 May 2023 Preparing for the EU GDPR
Also:
Companies and organisations will have a greater level of accountability including the obligation to inform national supervisory bodies of serious data breaches so that appropriate remediation measures can be takenThe new rules will be backed up by much stronger enforcement: data protection authorities will be able to fine companies that do not comply up to 4 percent of global annual turnover
Preparing for the EU GDPR – What’s new?
2 May 2023 Preparing for the EU GDPR
In order to be ready for the new regulations you first need to understand what personal data you have, how you use personal data, where and how personal data is stored and how personal data is transferred internally and externally including cross-border transfersThere are three main locations for personal data:
Paper: local, on-site and off-site repositoriesStructured Data: line of business systems and other database applicationsUnstructured Data: file share, email systems, document repositories
Preparing for the EU GDPR – Where to Start
2 May 2023 Preparing for the EU GDPR
In order to get an accurate picture you need to carry out a data protection audit which should consist of:
Creation of a custom personal data classification scheme for the organisationA review of the organisation’s data protection landscape including the policies, procedures and controls currently in placeA business engagement, prioritised using a risk-based approach, to understand all interactions with personal dataA review of all locations, supported by file analytics software, to discover personal data and bring it under appropriate management
Data Protection Audit
2 May 2023 Preparing for the EU GDPR
The data protection audit will deliver:Personal data “data map” showing locations of personal data and identifying high risk areasFully documented personal data flows showing movement of personal dataRemediation programme to deliver compliance with GDPR
Audit Outcomes and Compliance
2 May 2023 Preparing for the EU GDPR
Data Protection Audit Case Study
The ClientA global insurer and reinsurer
Japanese owned with European headquarters in Switzerland
Japanese parent has c.$85 billion assets
Underwrites a diversified portfolio of specialty lines business from its operations at Lloyd's and globally
Significant growth over the last twelve years through a mix of organic expansion and acquisition and is one of the top 10 insurers in the Lloyd's insurance market, writing premiums in excess of £1 billion
The ProjectPersonal data analysis and remediation as part of a full Information Governance Programme
Three levels of personal data defined – Sensitive (Type A); Core (B); Contact and Organisational (C)
Oyster IMS carried out Global Data Protection and Privacy Audit to report on creation, capture, storage, management and transfer of type A and B personal data
Automated file analysis tool to search for content across 50Tb of data equating to 30 million files
The Results> 250,000 files identified containing personal data from defined categories
Split between personal data found in locations identified by business during audit and elsewhere
74%
26%
Type A Personal Data
Found in ExpectedFound Elsewhere
Preparing for the EU GDPR2 May 2023
For more information contact:[email protected]
0207 199 0620
www.oyster-ims.com