The FemtoConf 2018 Notes and recaps can be found on the central hub page.
Title: Achieve GDPR compliance without losing your mind
Website: SmartLeads.com
Twitter: @pl4n3th
Slides & help: Slides // gdpr4saas.eu
- Protects personal data of persons inside EU
- any piece of information that can identify a physical person
- Data subject’s rights
- any person who’s physically inside EU
- Privacy
- What you can do with people’s data & what you can’t do
- Security of processing
- Processing is collection, recording, organisation, structuring, storage, adaptation or alteration… EVERYTHING.
Once you touch data, you’re on the hook
- Processing is collection, recording, organisation, structuring, storage, adaptation or alteration… EVERYTHING.
- Joint responsibility as Data Controller & Data Processor
Risks & penalties
- European companies will ask for GDPR
- people will ask for their rights
- Stop collecting and/or processing personal data
- Fines…
Set of best practices
- Marketing & customer relationship
- Security
- Functionalities
Keep Calm & Document
- processes & procedures
- Record of processing activities
- Privacy notice
- Take inventory of your data
- You want to know the Who, What, Where, How long, Why, and How?
- Do I really need that data? Do I really process it?
- Where?
- Transfer to third country:
- Adequacy decision
- “Privacy Shield”
- Standard data-protection clauses
- Data Processing Agreement
- Transfer to third country:
- How long do you store the data?
- You need to state a duration
- Train your team on privacy & security
- Identify when “it’s personal data”
- Procedures for:
- Marketing campaign
- New users stories
- Transfering list of contacts
- Privacy by design & by default
- Profiling, retargeting
- Notification of personal data breach to authorities within 3 days
Review information to people
- What you’re doing with people’s data
- How they can exercise their rights
Update your consent process
- Clearly distinguishable
- Intelligible & easily accessible form
- clear & plain language
- Make it easy to withdraw consent
Implement data subjects’ rights
- Access
- Rectification
- Erasure (“right to be forgotten”)
- Portability (easy to read by machines. Make it easier for people to switch services)
- Restriction of processing
[…] Aleth Gueguen: GDPR […]