80 likes | 114 Vues
GDPR. An Update. 2 November 2017. Countdown. The clock is ticking… 6 Months 3 Weeks 2 Days The General Data Protection Regulations will come into force on 25 May 2018. Internal Compliance Project Update. Retention Policies for personal data have been defined across the business
E N D
GDPR An Update 2 November 2017
Countdown The clock is ticking… 6Months 3 Weeks 2 Days The General Data Protection Regulations will come into force on 25 May 2018 Presentation to insert name here
Internal Compliance Project Update • Retention Policies for personal data have been defined across the business • We have fully reviewed our cyber and digital security set-up to ensure it meets the GDPR standard • Our new member portal has been introduced with further improvements to the back office processing of member data to take place before the end of 2017 • We are midway through our full DPIA process and aim to be signing off compliant business units action plans as complete by January 2018 • Our move to SharePoint has led to the removal of most unnecessary data from our file system and historic data will be removed from our active systems later this year • Privacy policies and marketing statements are currently being reviewed and will be live in early 2018 including a more detailed preferences centre for members and customers • The Right to Forget tool is being worked on at present and is set to be tested on dummy data in December Presentation to insert name here
Access to Data • Member Group data is no longer accessible though the Member Secure Area • Introduction of the new MyBCS portal • Business Intelligence reports will be available on request from your Member Group co-Ordinator • These can include statistics on member growth, age ranges, location data and other options in the format of a simple report • All reports will be in an anonymised format and contain no personal data • This approach will replace old reports generated from the Member Portal • Depending on uptake, this approach may lead to automated monthly reports for groups. Presentation to insert name here
The New Policy for Member Data • Rationale explanation • Obligations as a Data Controller • The Changes • The planned process (previous four points covered in the policy document) • Consultation question in survey Presentation to insert name here
Timeline • Convention 15th November 2016 • Data Survey January • MyBCS launch in Summer 2017 • Business Intelligence launch October 2017 • Policy Announcement November 2017 • Policy Consultation November/December 2017 • Policy Launch January 2018 • Full compliance March 2018 Presentation to insert name here
Expectations • The approach to data processing will be consistent across our business, including for volunteers and member groups • Our policies are in line across the Group for data handling and retention • We have conducted a large data cleansing exercise to rid the business of ‘out of date’ and inaccurate data • We are introducing new measures so that only those staff with a genuine business need to have access to data, have it. And this will be reviewed regularly • We collectively share the same pain when implementing the new Regulations • Any behavior not in line with the new Policy will be reported to the DPO and investigated • Possible sanctions against individuals and / or Groups Presentation to insert name here