www.dlapiper.com 0Thursday, June 23, 2016
Thursday, June 23, 2016
WHAT CHANGES FOR INTERNETOF THINGS TECHNOLOGIES WITHTHE EU DATA PROTECTIONREGULATION?
Speakers:Giulio Coraggio – DLA Piper, MilanAntoon Dierick – DLA Piper, Brussels
*This presentation is offered for informational purposes only, and the content should not be construedas legal advice on any matter.
www.dlapiper.com 1Thursday, June 23, 2016
Our DLA Piper team today
Giulio CoraggioDLA Piper, Milan
Antoon DierickDLA Piper, Brussels
www.dlapiper.com 2Thursday, June 23, 2016
Agenda
1. Timing, scope and importance of the GDPR for IoT technologies
2. What changes for Internet of Things technologies
3. What to do to be ready in 2018
4. How DLA Piper can help you
www.dlapiper.com 3Thursday, June 23, 2016
A single data protection law across the wholeEuropean Union, with some exceptions…
Put May 25, 2018 in your calendar
www.dlapiper.com 4Thursday, June 23, 2016
Purpose of the GDPR:
Protection constitutional rights and fundamental freedom of individuals; morein particular protection of personal data
Personal data:
"any information relating to an identified or identifiable natural person ('datasubject'); an identifiable natural person is one who can be identified, directly orindirectly, in particular by reference to an identifier such as a name, anidentification number, location data, an online identifier or to one or morefactors specific to the physical, physiological, genetic, mental, economic,cultural or social identity of that natural person"
Personal data
www.dlapiper.com 5Thursday, June 23, 2016
It applies wherever you are located
both
One stop shop benefits
www.dlapiper.com 6Thursday, June 23, 2016
Whether you are a B2B or a B2C supplier ifpersonal data is processed
New obligations for data processors
Renegotiatingdata processing agreements?
www.dlapiper.com 7Thursday, June 23, 2016
Why is it so important for IoT technologies?
Large amount of data
Sharing of data(M2M or individual to
machine)
Deep profiling ofcustomers
Oftentransferred
cross border
www.dlapiper.com 8Thursday, June 23, 2016
And the potential sanctions are now massive
of the global turnover
New accountability principle…
www.dlapiper.com 9Thursday, June 23, 2016
Also cyber-risk becomes a higher threat
in case of data breach
Security measuresadequate or not?
www.dlapiper.com 10Thursday, June 23, 2016
Agenda
1. Timing, scope and importance of the GDPR for IoT technologies
2. What changes for Internet of Things technologies
3. What to do to be ready in 2018
4. How DLA Piper can help you
www.dlapiper.com 11Thursday, June 23, 2016
You can still collect data
PRIVACY INFORMATIONNOTICE
More details on dataprocessing
CONSENT
freely given, specific,informed and
unambiguous by astatement/affirmative
action
CONTRACTPERFORMANCE
Performance cannot bemade conditional to
consent, if processing notnecessary
LEGITIMATE INTEREST
Processing for marketing?
www.dlapiper.com 12Thursday, June 23, 2016
The IoT needs to grow, so what to change in yourproducts and organization?
Better defense!
Privacy bydesign andprivacy by
default
Securityby
design
DataProtection
Officer
www.dlapiper.com 13Thursday, June 23, 2016
Is your customer's profile portable?
old car new car
profile
www.dlapiper.com 15Thursday, June 23, 2016
Are you going to be certified?
Regulatory
Approval
Safetycertification
Privacycertification
Where is the burden of the privacy certificationgoing to stand?
www.dlapiper.com 16Thursday, June 23, 2016
Agenda
1. Timing, scope and importance of the GDPR for IoT technologies
2. What changes for Internet of Things technologies
3. What to do to be ready in 2018
4. How DLA Piper can help you
www.dlapiper.com 17Thursday, June 23, 2016
1. Mapping the data that is currently processed within the group and assessingwhether all data processing is necessary
2. Assessing how data is processed by the company and the technicalinfrastructure
– review of internal policies (if any)
– review of technical functioning of IoT products/services
3. Deleting data that is not necessary and represents only a potential risk
4. Reviewing the current data processing agreements
What is on your immediate to do list?
What to do to be ready in 2018 – To do list
www.dlapiper.com 18Thursday, June 23, 2016
5. Assessing whether the current group structure is privacy efficient under theone-stop-shop rule
6. Appointing a data protection officer (or outsourcing it to a third party)
7. Planning the implementation of
1. Internal policies
2. Privacy impact assessment
3. Privacy by design and privacy by default
4. Security by design
What is on your immediate to do list? (ii)
What to do to be ready in 2018 – To do list
www.dlapiper.com 19Thursday, June 23, 2016
Agenda
1. Timing, scope and importance of the GDPR for gambling companies
2. What changes for gambling companies
3. What to do to be ready in 2018
4. How DLA Piper can help you
www.dlapiper.com 20Thursday, June 23, 2016
How DLA Piper can help you – DLA Piper GDPR Compliance Methodology
GDPR impact assessment: Tailoredassessment of the relevance of the GDPRprovisions
Gap analysis: Analysis of the actual level ofcompliance
Internal evaluation and prioritization:Determining the company’s risk appetite andaction plan
Implementation: During this phase, theaction points identified in the action planduring Module 3 will be implemented. Thisshould result in taking the necessarymeasures to achieve compliance with GDPRrequirements
Consolidation of compliance: AvoidingGDPR infringements (internal and externaldocumentation)
www.dlapiper.com 21Thursday, June 23, 2016
How DLA Piper can help you – DLA Piper standard privacy tools
www.dlapiper.com 22Thursday, June 23, 2016
Access our
Data Protection Laws of the World
Handbook at
www.dlapiperdataprotection.com
How DLA Piper can help you – stay informed
www.dlapiper.com 23Thursday, June 23, 2016
Questions?
Giulio CoraggioDLA Piper, Milan
Antoon DierickDLA Piper, Brussels