Aleth Gueguen: GDPR – Talk Recap – FemtoConf 2018

The FemtoConf 2018 Notes and recaps can be found on the central hub page.

Title: Achieve GDPR compliance without losing your mind
Twitter: @pl4n3th 
Slides & help: Slides //

  • Protects personal data of persons inside EU
    • any piece of information that can identify a physical person
    • Data subject’s rights
  • any person who’s physically inside EU
  • Privacy
    • What you can do with people’s data & what you can’t do
  • Security of processing
    • Processing is collection, recording, organisation, structuring, storage, adaptation or alteration… EVERYTHING. 
      Once you touch data, you’re on the hook
  • Joint responsibility as Data Controller & Data Processor

Risks & penalties

  • European companies will ask for GDPR
  • people will ask for their rights
  • Stop collecting and/or processing personal data 
  • Fines… 

Set of best practices

  • Marketing & customer relationship
  • Security
  • Functionalities

Keep Calm & Document

  • processes & procedures
  • Record of processing activities
  • Privacy notice
  • Take inventory of your data
    • You want to know the Who, What, Where, How long, Why, and How?
    • Do I really need that data? Do I really process it? 
    • Where? 
      • Transfer to third country: 
        • Adequacy decision
        • “Privacy Shield”
        • Standard data-protection clauses
        • Data Processing Agreement
    • How long do you store the data? 
      • You need to state a duration
  • Train your team on privacy & security
    • Identify when “it’s personal data”
    • Procedures for: 
      • Marketing campaign
      • New users stories
      • Transfering list of contacts
    • Privacy by design & by default
    • Profiling, retargeting
    • Notification of personal data breach to authorities within 3 days

Review information to people

  • What you’re doing with people’s data
  • How they can exercise their rights

Update your consent process

  • Clearly distinguishable
  • Intelligible & easily accessible form
  • clear & plain language
  • Make it easy to withdraw consent

Implement data subjects’ rights

  • Access
  • Rectification
  • Erasure (“right to be forgotten”)
  • Portability (easy to read by machines. Make it easier for people to switch services)
  • Restriction of processing

Share Button
About Christoph

Christoph lives in Munich, Germany and is bootstrapping his own SaaS application as a part-time entrepreneur.

He likes to write on this blog about anything of relevance to single-founder bootstrapped software startups.

Speak Your Mind


This site uses Akismet to reduce spam. Learn how your comment data is processed.