In association with: Presented by:

Wake Up to the Challenges of the EU General Data Protection Regulation –

Govern Your Information and Data Now

Presented 24th September, 2015

In association with: Presented by:

About AIIM

AIIM is the Global Community of Information Professionals AIIM believes that the information systems we use at work should be simple, secure, and available anywhere, anytime, and on any device. Our mission is to improve organizational performance by empowering a community of leaders committed to information-driven innovation. Learn more at www.aiim.org

In association with: Presented by:

AIIM Presents:

Wake Up to the Challenges of the EU General Data Protection Regulation – Govern Your Information and Data Now

Host: Theresa Resek Director AIIM

Mike Davis Principal Analyst msmd advisors

John Culkin Director of Information Management Services Crown Records Management

In association with: Presented by:

Introducing our Featured Speaker

Mike Davis

Principal Analyst

msmd advisors

Data Protection

It’s Personal

©msmd advisors 2015 © of all images acknowledged 5

Setting the (EU) scene

• Why do we need data protection legislation? • What do we have now? (did you know we had

some?) • Why do we need a new regulation? • What will GDPR deliver? • What will the new regulation mean for

business?

©msmd advisors 2015 6

Why do we need data protection legislation?

• Personal data is personal • It should be given and used with consent of

the person (data subject) • Data should remain the ‘property’ of the data

subject • Data custodians have a duty to look after

personal data, as any other property they are trusted with

©msmd advisors 2015 7

Why do we need data protection legislation?

©msmd advisors 2015 8

Lots of people thought that their data was truly private

Why do we need data protection legislation?

©msmd advisors 2015 9

This lady didn’t realise that her personal details were being sold on

Why do we need data protection legislation?

©msmd advisors 2015 10

Bank customers believed their personal data, and identities were protected from theft

What do we have now?

• E.g., In the UK the Data Protection Act 1998 (replaced the 1982 Act)

• Country laws based upon two Directives agreed at EU Commission level

©msmd advisors 2015 11

Why do we need a NEW regulation? Current legislation derived from EU directives

• 28 states = 28 laws • Written + rewritten as EU expanded • Do not cover cloud • Do not cover social media • Did not envisage current scale of ‘out of country’ processing

©msmd advisors 2015 12

What will the GDPR deliver?

• Single set of rules for all states • One data protection authority (DPA) for each organisation • ‘Privacy by design’ • Rapid notification of breach(es) • Significant fines for breach • Right to be forgotten

©msmd advisors 2015 13

‘Privacy by design’

• People will have to ‘opt-in’ to data sharing • No more tiny tick boxes • Consent must be explicit and recorded • Encryption is the norm, not the ‘nice to have’ • Only that data which is really necessary to

provide the service is captured, processed and stored

©msmd advisors 2015 14

Rapid notification

©msmd advisors 2015 15

72 hours is the likely maximum to notify regulators, and data subjects of a data breach

The right to be forgotten

©msmd advisors 2015 16

This man wanted his embarrassing past to be removed from search results

Not just EU companies

©msmd advisors 2015 17

It is country of the data subject that counts, NOT where their data is processed

What will the new regulation mean for business?

©msmd advisors 2015 18

What will the new regulation mean for business?

©msmd advisors 2015

If you comply: • Lower administrative overheads • More accurate information upon which to base business decisions • Less scrutiny from regulators • Greater trust from other businesses • Greater trust from customers

19

Thank you

miked@msmd-advisors.com www.msmd-advisors.com

responsive, credible , flexible

If you would like more detail, or direction, please contact us

©msmd advisors 2015 20

In association with: Presented by:

Introducing our Sponsor Speaker

John Culkin

Director of Information Management Services

Crown Records Management

WHY COMPANIES MUST WAKE UP TO THE CHALLENGES OF THE EU GENERAL DATA PROTECTION REGULATION By John Culkin Director of Information Management Services Crown Records Management

THE ADVANTAGES OF PREPARING EARLY

1. The job is far bigger than you think it is

2. Good data governance and treating data as an asset can raise profits

3. There is a threat of reputational damage if you are one of the first to be investigated

4. Complying with the Regulation will cost money: most companies will need time to budget

5. Customers and stakeholders will be more comfortable if you are seen to be looking after your data – it’s good PR

6. Finding a Data Protection Officer early can save you money

HERE IS A BASIC GUIDE ON HOW TO START THE PROCESS

1. Begin with a data audit

2. Decide what data to keep

3. Securely destroy unnecessary data

101000101101010010110101001101011010001011010110100011010101101101011010100110101010100010100010110101001011010100110101101000101101001010001101010110110110101001101010100010101010001011011011010100110101010001011010010100101000110101011011010100110101101000100001

4. Set a budget for a Data Protection Officer and oversee the appointment

5. Begin staff training and review your information governance framework

6. Put a clear and effective reporting process in place for data breaches

ARE THERE ANY QUESTIONS

REFERENCES • Crown Record Management

www.crownrms.com • Records Management Perspectives

www.crownrms.com/intl/en-gb/article/why-companies-must-wake-up-to-the-challenges-of-the-eu-general-data-protection-regulation

• To find our more information please contact: Jculkin@Crownww.com

THANK YOU

In association with: Presented by:

QUESTIONS?

In association with: Presented by:

AIIM Resources

www.aiim.org/research Download AIIM Studies

aiim.org/training

• Enterprise Content Management Improve customer and staff engagement, ensure compliance, and automate business processes.

• Business Process Management Map, design, and automate operational processes for your organization using a combination of strategies, change management, and technologies.

• Taxonomy & Metadata Optimize navigation, findability, and information discovery through content classification.

• Information Governance Create an information accountability framework that reduces costs, manages risk, and optimizes value.

• Managing Records & eDiscovery with SharePoint 2013 Manage records, ensure compliance, and prepare for civil litigation requests.

• Electronic Records Management Know what to keep and what to discard as volume, variety, and velocity of digital information intensifies.

AIIM Training

In association with: Presented by:

Connect with AIIM

As the Global Community for Information Professionals, join us here

AIIM’s Resource Centers – www.aiim.org/resource-centers

AIIM's Blogging Community – http://community.aiim.org

LinkedIn Group – www.linkedin.com/groups/AIIM-Global-Community-Information-Professionals-3698

Twitter – www.aiim.org/Connect/Twitter

Facebook – www.facebook.com/aiimcommunity

Digital Landfill – http://info.aiim.org/digital-landfill

In association with: Presented by:

Enterprise Content Management (ECM) Business Process Management (BPM) Capture & Scanning Collaboration Content Analytics

Electronic Records Management (ERM) Information Governance Search SharePoint Taxonomy & Metadata Web Content Management

Access Industry Tutorials, Research, Webinars, and Expert Advice Blogs –

all in one place

Visit aiim.org/resource-centers

AIIM Resource Centers

In association with: Presented by:

Survey and Feedback

To take our Survey, click on the link in the Resources tab at the bottom of your screen.

Tell us how we did today, and offer suggestions for topics of future events.

In association with: Presented by:

Upcoming Webinars

October 15th Easing the Transition from Legacy ECM Systems to New Beginnings: it's all in the user interface

Register Today at www.aiim.org/webinars

View our library of Webinars On Demand

www.aiim.org/WebinarsOnDemand

In association with: Presented by: