![Page 1: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/1.jpg)
#survivingGDPR
@Criteo
Surviving a Post-GDPR World
![Page 2: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/2.jpg)
Director of Product Marketing, Criteo
Ali Hanyaloglu
![Page 3: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/3.jpg)
What You Need to Know
Putting It Into Practice
Your GDPR Checklist
Agenda
![Page 4: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/4.jpg)
What You Need to Know
![Page 5: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/5.jpg)
5 •
The General Data Privacy Regulation aligns data protection
policies across the EU and affects all companies collecting or
processing personal data on individuals in the European
Union, even if the company isn’t based in the EU.
![Page 6: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/6.jpg)
6 •
What data is collected,
purposes of collection,
how it affects a browser’s
online experience
Offer a way for users to
control experience with opt-
outs that are easy to access
and understand
Racial or ethnic origin, political
opinions, religious/philosophical
beliefs, trade union membership,
genetic data, biometric data, health
data, or sexual orientation data
Easy access to a privacy
policy and information on
industry privacy standards
or commitments
Protect Personal Data
![Page 7: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/7.jpg)
8 •
6 Legal Bases of Data Collection
The vital interest of the individual
The public interest
Contractual necessity
Compliance with legal obligations
Valid unambiguous consent of the individual
Legitimate interest of the data controller
![Page 8: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/8.jpg)
The GDPR Checklist
![Page 9: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/9.jpg)
10 •
Monitoring Processing Designation
• GDPR requires each company to designate a DPO
• The processing is carried out by a public authority or body, except for courts acting in judicial capacity
• The core activities of the controller or the processor require regular and systematic monitoring of data subjects on a large scale
1. Designate a Data Protection Officer (DPO)
![Page 10: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/10.jpg)
11 •
Education Collaboration Compliance
• Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices
• Ensure the DPO can work with all teams to ensure that your organization collects data in a collaborative manner
• Make sure your employees are educated around the practices and expectations of GDPR
2. Make Sure Your DPO is Ready to Collaborate
![Page 11: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/11.jpg)
12 •
Data WebsiteConsent
• The information and consent language you provide to your customers should be as clear and transparent as possible
• Your website should explicitly state what customers opt in and out of
• Ensure your customers know what data is being shared and what types they are providing to you
3. Provide Transparency & Control
![Page 12: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/12.jpg)
13 •
UsageClarification PIA
• Implement Privacy Impact Assessment (PIA) to assess the processing that might risk the rights of individuals
• Explain how personal data is collected, used, and edited
• Allow EU citizens to review and reject data being used and keep a record of company data infrastructure
4. Put Data Governance First
![Page 13: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/13.jpg)
14 •
TransfersUpdates Authorization
• Establish strict employee authorization policies that limit access to data & ensure privacy
• Make sure you’re continuously refreshing policies to reflect company needs & monitor for breaches
• All data transfers, even to destinations outside the EU, must meet the same protection & governance conditions as organizations within the EU
5. Monitor Employee & Contractor Access to Data
![Page 14: Surviving a Post- GDPR World · • Make sure the DPO, legal, compliance, and IT teams have a clear understanding of data practices • Ensure the DPO can work with all teams to ensure](https://reader034.vdocument.in/reader034/viewer/2022051912/6002486689732200a94bb977/html5/thumbnails/14.jpg)
Thank you