Upload
corinium-coriniumglobal
View
322
Download
0
Embed Size (px)
Citation preview
IMPLEMENTING THE GDPR & LEVERAGING PRIVACY AS A COMPETITIVE ADVANTAGE
Dr. Anna Zeiter, LL.M., Head of Data Protection, EMEA CDO Europe – London, 23 February 2017
AGENDA
AGENDA
• Overview of eBay in EMEA
• Implementation of the GDPR at eBay
• Leveraging privacy as a (competitive) advantage
• Q&A session
3Implementation of the GDPR at eBay
OVERVIEW OFEBAY IN EMEA
OVERVIEW OF EBAY IN EMEA
5Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY
IMPLEMENTATION OF THE GDPR AT EBAY (1)
• Part I – Preparation (January 2016 – March 2016)• Part II – Gap Analysis (April 2016 – August 2016)• Part III – Budget/Resource Planning (September 2016)• Part IV – Implementation (October 2016 – December 2017)• Part V – Monitoring (October 2017 – June 2018)
7Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (2)
• Part I – Preparation (January 2016 – March 2016)- Raise awareness, start internal communication- Inform stakeholders, e.g. Business Units, Marketing
Teams, PR, etc. - Choose project name
• Part II – Gap Analysis (April 2016 – August 2016)• Part III – Budget/Resource Planning (September 2016)• Part IV – Implementation (October 2016 – December 2017)• Part V – Monitoring (October 2017 – June 2018)
8Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (3)
GIANT9Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (4)
• Part I – Preparation (January 2016 – March 2016)• Part II – Gap Analysis (April 2016 – August 2016)
- Carry out gap analysis per data controller- Carry out interviews with Legal Teams and Business Units- Use assessment tools, e.g. TRUSTe Assessment Manager- Draft gap analysis report/use metrics- Compile list of action items
• Part III – Budget/Resource Planning (September 2016)• Part IV – Implementation (October 2016 – December 2017)• Part V – Monitoring (October 2017 – June 2018)
10Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (5)
List of action items:• ...?
11Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (6)
12Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (7)
List of action items:• Data mapping • Process for new subject access rights • Privacy Impact Assessments (PIAs) • Privacy by design/by default• Review of consent based processing • Review of the DPO position • Privacy champion program • Data deletion/data retention • Data breach response plan • Privacy trainings
13Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (8)
• Part I – Preparation (January 2016 – March 2016)• Part II – Gap Analysis (April 2016 – August 2016)• Part III – Budget/Resource Planning (September 2016)
- According to data controllers - According to list of action items
• Part IV – Implementation (October 2016 – December 2017)• Part V – Monitoring (October 2017 – June 2018)
14Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (9)
• Part I – Preparation (January 2016 – March 2016)• Part II – Gap Analysis (April 2016 – August 2016)• Part III – Budget/Resource Planning (September 2016)• Part IV – Implementation (October 2016 – December 2017)
- Create sub-projects and create sub-project names- Assign project leads and sub-project leads- Involve stakeholders, e.g. Legal Teams, Business Units, etc. - Agree on timelines, define dependencies- Start with the implementation – now and globally
• Part V – Monitoring (October 2017 – June 2018)
15Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (10)
List of sub projects:• Data mapping (Project Discovery)• Process for new subject access rights (Project Altlas)• Privacy Impact Assessments (PIAs) (Project Alexandria)• Privacy by Design/by Default (Project Prudentia)• Review of consent based processing (Project Zeus)• Review of the DPO position (Project Phoenix)• Privacy Champion Program (Project Concilium)• Data deletion/data retention (Project Hades)• Data breach response plan (Project Hermes)• Privacy Trainings (Project Athena)
16Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (11)
• Part I – Preparation (January 2016 – March 2016)• Part II – Gap Analysis (April 2016 – August 2016)• Part III – Budget/Resource Planning (September 2016)• Part IV – Implementation (October 2016 – December 2017)• Part V – Monitoring (October 2017 – June 2018)
- Monitor the implementation closely, involve audit team- Change approach if needed- Follow the opinions of the EU Data Protection Board and
the Data Protection Authorites closely- Reach out to Data Protection Authorities if needed- Carry out internal communication and trainings
17Implementation of the GDPR at eBay
IMPLEMENTATION OF THE GDPR AT EBAY (12)
• Raise Awareness! • Start with internal communication!• Inform stakeholders!• Choose cool project names!• Do the things you already do – but better!• Start asap!• General Data Protection Regulation = Global Data
Protection Regulation!• Follow the opinions of the Art. 29 Working Party and the
Data Protection Authorities closely!• Change approach if needed!
18Implementation of the GDPR at eBay
LEVERAGING PRIVACY AS A (COMPETITIVE) ADVANTAGE
INTERNALLY & EXTERNALLY
20
INTERNAL ADVANTAGES OF THE GDPR (1)
Die Datenfrage - warum Unternehmen einen CPO brauchen
Implementation of the GDPR at eBay
INTERNAL ADVANTAGES OF THE GDPR (2)
• Privacy is in the spotlight – internally and externally!• High fines are threatening!• Privacy matters are discussed at C-level!• DPO position will be more poweful!• More budget and resources needed!• Opportunity to ask questions you never asked before!• Opportunity to challenge current processes!• Opportunity to enhance Privacy within your company!
21Implementation of the GDPR at eBay
22
INTERNAL ADVANTAGES OF THE GDPR (3)
Use the GDPR to implement a samrt and comprehensive data governance strategy:
Die Datenfrage - warum Unternehmen einen CPO brauchen
Implementation of the GDPR at eBay
EXTERNAL ADVANTAGES OF THE GDPR (1)
Use the GDPR to gain and strengthen customer trust and your company’s privacy brand:
Die Datenfrage - warum Unternehmen einen CPO brauchen 23
23Implementation of the GDPR at eBay
24
EXTERNAL ADVANTAGES OF THE GDPR (2)f
Use the GDPR to minimize the risk of data breaches:
Die Datenfrage - warum Unternehmen einen CPO brauchen
Implementation of the GDPR at eBay
Q&A SESSION
CONTACT DETAILS
CONTACT DETAILS
Dr. Anna Zeiter, LL.M.Director of Privacy & Data Protection Officer, EMEA
Helvetiastrasse 15/173005 BernSwitzerland
Tel.: +41 31 3590701Mobil: +41 79 5298425 Email: [email protected]
27Implementation of the GDPR at eBay
EXECUTIVE SUMMARY (2)
28Implementation of the GDPR at eBay