Академический Документы
Профессиональный Документы
Культура Документы
• The Regulation:
• Expands the scope of its application
• Increases data protection requirements
• Enhances enforcement
2| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation Overview
• Consequences – EU Enforcement
3| Our Journey: Preparing for the General Data Protection Regulation | September 2017
Proposed Project Timeline/Resources
• Team Members:
• Internal Company Members
• Project Manager
• Cross Functional Team Members
4| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Project Plan
5| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation Overview
Timeline
6| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Personal Data Mapping
Purpose:
• Create and maintain a record of processing activities for EU personal data
Status:
• Effort initially focused on Europe and US, where EU personal data is
primarily located
• Collaboration with process owners
• Finalized July 31, 2017 and remediate by December 31, 2017
• Foundational to other GDPR projects
Team Leader:
• Member of Center for Global Business Conduct
7| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Data Protection by Design
Purpose:
• Embed privacy and security at the onset of any system development, as
well as products and services
Status:
• Effort initially focused on scope definition and IT development standards
• Acquiring data protection impact assessment tool – privacy and IT
• Incorporate into existing processes and communicate/train
Team Leader:
• Information Technology
8| Our Journey: Preparing for the General Data Protection Regulation | September 2017
Global Data Protection Regulation
Data Incident Response
Purpose:
• Provide timely notices of a data security incident to EU data subjects and
EU regulators
Status:
• Effort focused primarily on enhancing current incident response
procedures and documentation
• Securing service providers
• Developing communication/training
Team Members:
• Information Technology and Integrated Solutions Group
9| Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Data Subject Rights
Purpose:
• Codifies previously existing principles
• Creates an additional right of “data portability”
Status:
• Data Subject Rights – Employees
• Access, rectification, erasure, etc.
• Establishing process to grant, process and respond to requests
10 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Data Subject Rights (continued)
Status:
• Intelligent Solutions Group (ISG)
• Leverage other data subject rights projects
• New right of portability
• ISG-specific GDPR requirements
Team Members:
• Legal & Human Resources, Intelligent Solutions Group
11 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
E-Discovery/Investigations
Purpose:
• Modify existing procedures to incorporate changes required by GDPR.
Status:
• Project team recently chartered and launched
• Current processes well developed
• Engage external council to assist with evaluation
Team Leader:
• Legal
12 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Vendor Management
Purpose:
• Select suitable vendors, incorporate required terms into vendor contracts,
and then ongoing auditing and remediation of deficiencies
Status:
• Chartered & launched project team, outlined requirements, performed
process & tool gap analysis, & created detailed action plan
• Implementing process & tool enhancements and establishing risk positions
• Will update vendor contracts and consolidate vendors as appropriate
Team Leader:
• Legal
13 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Vendor Management – Significant Issues
14 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Communication Plan
15 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Training Plan
16 | Our Journey: Preparing for the General Data Protection Regulation | September 2017
General Data Protection Regulation
Summary
• Questions?
17 | Our Journey: Preparing for the General Data Protection Regulation | September 2017