What is the General Data Protection Regulation (GDPR)?
The General Data Protection Regulation (GDPR) is the European Union's data protection regulation coming into force in 2018

Who does it affect?
Organisations holding or processing data pertaining to EU citizens
What of existing regulations?
GDPR replaces the European Data Protection Directive (DPD) that came into force in December 1995
Non compliance
In serious cases, fines up to 20 million Euros, or 4% global turnover, whichever is the greater
How has it Changed?

New Authority
New regulatory powers for the Information Commissioners Office (ICO), including audit, orders to cease business, suspension of data processing or operations to third

Conducting Privacy
Requirement to conduct Privacy Impact Assessments (PIA) against any processing involving sensitive personal data

Documented Policies
The business must be able to demonstrate documented policies and procedures in line with GDPR

Breaching Regulation
Failure to comply may result in penalties, specifically strict fines may be imposed, for serious breaches

Data Protection Officer
Companies processing sensitive data must appoint a Data Protection Officer (DPO)

Accountability
Businesses must show greater accountability for the validation, protection and destruction of personal data

Data Ownership
The client retains ownership of the data they have supplied and may be entitled to request the raw telematics data for portability
Different Data Types


Personal Data
Data relating to an individual e.g. Home address, phone number or type of car they drive

Sensitive Data
Special classes of personal data e.g. biometric and genetic

Consent
There must be explicit or unambiguous consent from the individual to hold and use their data
Defined Data Responsibility


Data Subject
The individual who is the subject of the personal data

Data Controller
The person who determines the manner in which the data will be processed

Data Processor
The person or organisation that processes the data

Data Protection Officer
The person responsible for ensuring compliance, risk reduction and control of the data on behalf of the business
Data Areas Included in the Regulation

Data Collected or Created

Data Erasure

Data Archiving

Data Processed

Data Used or Analysed

Data Reporting
How to Prepare?

Global Reach
Leaving the EU will still affect British business, GDPR has global reach

Personal Data
Make sure that all the personal data you hold is documented, its source and origination

Reviewing Data
Review data processes and procedure, particularly how consent is sought and recorded

Validation of Age
Verify age of individuals and gather parental or guardian approval, ensuring all records are updated

Data Protection Officer
Identify a Data Protection Officer

Deadline
2018 seems a long way, don’t be caught out, act now

Awareness
Ensure that decision makers in your organisation are aware of the changing law

Privacy Notices
Review current privacy notices and plan changes

Data processing
Verify data processing processes and document

Policies
Update policies
We Can Help you Become Compliant

Fifth Step

Assessment

Implementation

Compliance



Download infographic
Fifth Step can provide expertise to assess and action the
changes to attain compliance to GDPR
For more information, please contact Wayne Jolly - Head of Security