Unpacking the GDPR

By now, most marketers are aware of the impending General Data Protection Regulation, a European Union initiative designed to give consumers greater control and transparency when it comes to the personal data companies are collecting and storing. The compliance deadline is May 25, 2018, which means any business that hasn't reviewed its policies and practices is running out of time.Although the GDPR currently only applies to companies that possess data from EU residents, many experts believe similar regulations will start emerging elsewhere. It's best to prepare yourself and become compliant now, even if you don't currently have overseas customers.

<p>Unpacking the European Commission General Data Protection Regulation Getting into the Nitty Gritty of How to Comply Lothar Determann | Partner, Palo Alto Julia Kaufmann | Partner, Munich Agenda 1 Project plan 4 2 Data mapping 6 3 Compliance recommendations 9 4 Implementation & ongoing review 29 2017 Baker & McKenzie LLP Speakers 3 Julia Kaufmann Partner, Munich + 49 89 5 52 38 200 julia.kaufmann@bakermckenzie.com Lothar Determann Partner, Palo Alto + 1 650 856 5533 lothar.determann@bakermckenzie.com 2017 Baker & McKenzie LLP EU general data protection regulation 4 What is it? Regulation v. Directive First major update since 1995 What will happen to national law? When will it be effective? Does it apply to companies outside the EU? What are the major changes? 1 Project plan 2017 Baker & McKenzie LLP Project plan 6 Align core team (internal and external) Establish GDPR project plan Obtain senior leadership approval 2 Processing Records and Compliance Documentation 2017 Baker & McKenzie LLP 2017 Baker & McKenzie LLP Data mapping step-by-step 9 Scoping - "staging the map" prepare a project plan and the necessary tools and materials bespoke to your needs - questionnaires/templates/guidance documents Information Collection - via questionnaires/interviews collect all required information in order to generate a record of processing - Consider internal and external resource required for this phase Information Analysis & Mapping - based on the information collected and your specific needs, produce data flow maps and analysis to best record and visualise your organization's data processing activities. 2017 Baker & McKenzie LLP Data mapping the 5Ws of personal data 10 Who are we? are our data subjects? has access to personal data? Where do we keep their personal data? do we transfer personal data to? Why is personal data under our control? When are we keeping personal data until? do we share personal data with others? What mechanisms do we have in place to safegu