THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

Transcription

1 THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

2 EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist, SAS Kalliopi provides thought-leadership within the SAS organization and to SAS customers on European data protection and privacy issues. Kalliopi strives to bridge the gap between public policy, legal and business considerations relating to privacy to ensure that both SAS and its customers remain at the forefront of the rapidly evolving European privacy landscape. She holds a law degree from the National and Kapodestrian University of Athens, Greece. Kalliopi also has a master s degree from the Eberhard-Karls-Universität Tübingen, Germany.

3 THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

4 CONTENT Scope & general principles New elements: fines, accountability & consumer empowerment SAS tools from perspective of GDPR compliance What to expect next

5 ONE OF THE MOST PROMINENT EU LAWS EVER General EU Data Protection Regulation (GDPR) Negotiated over four years Applicable in all EU countries from May 2018 Reflects a transitional era for society Privacy becomes a core business issue

6 WHAT IS IT ABOUT Only covers personal data Rules on how to collect & process personal data Main objective: enable individuals to protect their privacy

7 DATA PROTECTION & PRIVACY Used interchangeably but the protection of personal data is the means to protect privacy

8 PERSONAL DATA DATA OWNERSHIP

9 CONSUMER EMPOWERMENT TRANSPARENCY INFORMATION Customer Trust CONSENT SECURITY

10 NEW ELEMENTS Fines & Enforcement Up to 4% annual global turnover New powers to data protection authorities in each EU country New European Data Protection Board

11 NEW ELEMENTS Organisations need to review structures, policies, processes around collection and processing of personal data.

12 Map and review data flows Review security measures/data breach notification obligations Document & maintain detailed records of processing activities Review internal privacy policies & training material

13 Conduct Privacy Impact Assessments/ Implement Privacy by design & Privacy by default Appoint Data Protection Officer (DPO) Review contracts for third party processing contracts Ensure lawfulness of personal data transfers outside the EU

14 Put in place mechanisms to respond to individual s right to: Access, rectify, delete data ( right to be forgotten ); Provide & withdraw consent; Obtain information on processing Data portability

15 BIG DATA ANALYTICS A number of provisions have a direct impact on the big data analytics market: Collection & processing of personal data (only with specific legal bases & under certain conditions) Further processing of personal data for purposes other than collected Profiling of individuals with personal data De-identification of personal data: anonymisation, pseudonymisation, encryption

16 SAS AND OUR CUSTOMERS SAS delivers software and services to our customers. Responsibility to comply with GDPR remains with our customers. SAS can help our customers explore ways to configure SAS solutions in a manner that meets customers business needs AND at the same time fulfills customers compliance requirements.

17 SAS AND OUR CUSTOMERS SAS solutions can be customized to meet customer compliance requirements & policies Example SAS CUSTOMER INTELLIGENCE 360 Should personal data be collected? What types of personal data are required to be collected? How should they be stored (de-identification)? Consent: opt-in / opt-out

18 A NEW SAS SOLUTION FOR GDPR COMPLIANCE Addressing data management and data quality issues for GDPR compliance with SAS analytics

19 WHAT S NEXT More GDPR.! Guidelines, guidances, codes of conduct by EU bodies & national authorities Review of e-privacy Directive (including cookies provision) New EU laws on free flow of data inluding data localisation data ownership, access and re-use liability in IoT context

20 THANK YOU!