/ Legal minds GDPR and webshops Safeshops e-legal day 10 March 2017
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
/
Legal mindsFirm results
GDPR and webshopsSafeshops e-legal day10 March 2017
/
DENIAL IGNORANCERECKLESSNESS
2
/
Myth #1Nobody cares about data protection.
3
/
HTTP://EC.EUROPA.EU/JUSTICE/DATA-PROTECTION/FILES/DATA-PROTECTION-BIG-DATA_FACTSHEET_WEB_EN.PDF 4
/
5
/
6
4% total annual worldwide turnover
/
Myth #2I am not processing personal data.
7
/
8
Personaldata
Anonymousdata
• any information, • directly or indirectly,• relating to, • an identified or
identifiable, • natural person
• non-personal data
Pseudo-nomyzeddata
• personal data that can no longer be attributed
• without the use of additional information,
• that is kept separately, • subject to technical and
organisational measures
/Myth #3I outsourced so data protection concerns are not mine
9
/
10
ACTORS
Controller Processor Sub-processor
Sub-subprocessor Datasubject
/
Myth #4I have consent so I am content.
11
/
Ceci n’est pas un consentement .
12
/
13
Processingshallbe
lawfulonlyifandtotheextent…
Consent
Performanceofa
contract
Pre-contractual
steps
Legalobligation
Protectionofvitalinterests
Publicinterest/official
authority
Legitimateinterests
PROCESSING GROUNDS NORMAL PERSONAL DATA
/
Myth #5 Once I have an opt-in, I can do what I want
14
/
15
/Myth #6We’ll ask our lawyers to draft some opaque privacy policy
16
/NEW OBLIGATIONS
• Extended data subject rights• Records keeping obligation• Data protection impact assessment• Data protection by design• Data protection by default• Demonstrate compliance
DocumentationProceduresPolicies etc.
17
/
18
/Myth #7We all have to appoint a data protection officer (DPO)
19
/DPO
• Public authorities• Core activities
Require large scale monitoring = large scale processing of sensitive data
• Belgian or EU law
20
/Myth #8We all have to conduct a data protection impact assessment (DPIA)
21
/
22
Likely to result inahighriskfor natural persons
Evaluationofpersonalaspects
basedonautomatedprocessing,
includingprofiling,withlegalorsimilareffects
Largescaleprocessingofsensitive orcriminal data
Monitoringpubliclyavailable places on
alargescale
/Myth #9Data breach notification duty only applies in the event of hacking
23
/
24
/
Myth #10May 2018? I still have plenty of time!
25
/
26
/CONTACT
27
Gerrit [email protected]
Tour&Taxis BuildingAvenue du Port 86C, B4141000 Brusselswww.altius.com
Related Documents
