big data minute privacy
TRANSCRIPT
Uniting Expertise,Accelerating Ambitions
Uniting Expertise, Accelerating Ambitions
Big Data, Minute PrivacyBA4ALL Big Data & Analytics Insight 2016
Ester Verbylen – CC Legal ManagerGuy Van der Sande – CC BI Manager
USG ProfessionalsMain countries of operation: Benelux, France, Germany
90.000 flex workers at work every day
>40 years of experience
2.3 billion Eur
N°2 in the Netherlands and Belgium
What data do we share ?
Why do we share data ?
81% are comfortable sharing one or
more pieces of personal information
to get better recommendations
68% share to give people a better
sense of who they are and what
they care aboutEvery two years we generate
ten times as much data
91,4% is concerned about online privacy
73% of Android apps shares
personal information with third
parties47% of iOS apps shares geo-coordinates with third parties
93% of Android apps connects to a
mysterious domain
Customer analytics
Uber’s rides of glory
VTech hack
Presence Analytics @ Bobbejaanland
Legislation? • Current legislation goes back to the ‘90’s– Implemented differently in the Member States– New technologies
• Need for new legislation– Discussions started in 2011– General Data Protection Regulation (GDPR) adopted in April 2016– Will apply as from 25 May 2018
GDPR: what is new?– Enforced rights of the data subject, e.g.:• “the right to be forgotten”• “right to data portability”
– Obligation to maintain a record of processing activities• Exceptions e.g. enterprise < 250 persons
– Appointment of a data protection officer (DPO) in some cases
– Notification of data breaches– Obligations for data processors (and not only
for controllers)– …
GDPR: why should I care?
• As from 25 May 2018:– Data protection cases dealt with by a data
protection authority or a court– One-stop shop for individuals and business– Fines!
20 million OR 4% of global annual turnover
GDPR: What should I do before 25 May 2018?
• Gap analysis, e.g:– Audit of the data currently being processed– Do I have a clear overview of all data processing
activities performed by my business?– Is a data protection impact assessment (DPIA)
necessary?– Do I need to appoint a DPO?– Are there data subjects request response
procedures in place?– Do I have a data breach response plan (e.g. central
breach management unit)?• Make staff aware and set up trainings
USG Data Protection FrameworkWe un-complicate your business by applying our USG DPF
USG DPF = Guidance of specialists, working according by a specific set of guidelines, to assure compliancy to the European GDPR
• Perform the necessary GAP analysis• Define the desired level of compliancy• Setup a plan of action to implement the
necessary actions to get to this desired level• Follow-up to ensure you remain compliant
References• Text of the GDPR:
http://eur-lex.europa.eu/legal-content/EN/TXT/?qid=1462353523271&uri=CELEX:32016R0679
• More information about the GDPR:http://www.consilium.europa.eu/en/policies/data-protection-reform/
Guy Van der SandeCC BI [email protected]@BICC_at_USG
Ester VerbylenCC Legal [email protected]
Contactgegevens