BCI South Midlands forum meeting held in December 2016

Slide 1

BCI South Midlands Forum8th December2016

WelcomeBCI South Midlands ForumPromoting Best Practice In Business Continuity

1

AGENDA

2

Welcome & IntroductionsWelcomeCouple of first timers:Tomi Fagbuyi - Thomas CookDave Carlton - Mercedes-Benz Financial Services UKJohn lee - John LewisPeter Hak - Adam Continuity BCI South Midlands ForumPromoting Best Practice In Business Continuity

3

GDPR What does it mean to me?

BCI South Midlands ForumPromoting Best Practice In Business Continuity

4

GDPR What is it?General Data Protection RegulationBCI South Midlands ForumPromoting Best Practice In Business Continuity

Highlights at a glance:Reform comprises two instruments GDPR and Data Protection DirectiveReform of the 2012 act, is adopted early 2016, and coming into enforcement 2 years laterIndividuals to be given more control over how their data is usedData must be portable between service providersMore transparency, and easier to understand policiesAct to be implemented in the same way across the EUA new risk-based approachProtection by designBreach notification window definedMuch bigger fines

5

GDPR What is it?BCI South Midlands ForumPromoting Best Practice In Business Continuity

Key changes to EU data protection introduced by the GDPRMore rigorous requirements for obtaining consent for collecting personal data.Raising the age of consent for collecting an individuals data from 13 to 16 years old.Requiring a company to delete data if it is no longer used for the purpose it was collected.Requiring a company to delete data if the individual revokes consent for the company to hold the data.Requiring companies to notify the EU government of data breaches in 72 hours of learning about the breach.Establishing a single national office for monitoring and handling complaints brought under the GDPR.Firms handling significant amounts of sensitive data or monitoring the behaviour of many consumers will be required to appoint a data protection officer.Fines up to 20m or 4% of a companys global revenue for its non-compliance.

6

GDPR - Timeline

BCI South Midlands ForumPromoting Best Practice In Business Continuity Anyone processing personal data is affected

7

GDPR about data governance


8

GDPR Organisational Concerns


9

GDPR AccountabilityBCI South Midlands ForumPromoting Best Practice In Business Continuity

10

GDPR Fines and PenaltiesBCI South Midlands ForumPromoting Best Practice In Business Continuity

11

GDPR Guiding PrinciplesUnderstand what personal data you processKnow where it is and how it flows in the organisationConsider privacy at every levelAlways think user firstReview your information risk managementEnsure you have appropriate mitigations in placeDont forget detection and response planningBCI South Midlands ForumPromoting Best Practice In Business Continuity

12

GDPR Where to StartICO web sitesGeneral - https://ico.org.ukGDPR Specific - https://ico.org.uk/for-organisations/data-protection-reform/Raise AwarenessLocate InformationReview and update Privacy Notices and PoliciesKnow Individuals rightsProcedures for Data Breaches


Information Commissioners Office13

GDPR Where to StartICO document Preparing for the GDPR 12 steps


Information Commissioners Office14

GDPR BC Impacts ?Business ContinuityIncident response capabilityData BreachesBCI South Midlands ForumPromoting Best Practice In Business Continuity

15

GDPR BREXITThe ICO has announced it will revise the timeline for the implementation of GDPR following Britain's plans to split from the EU.

Following the Secretary of State Karen Bradley MP telling the Culture, Media and Sports Select Committee that "it would be expected and quite normal" for Britain to opt into GDPR, the ICO has kick-started its campaign to prepare for the move in 2018BCI South Midlands ForumPromoting Best Practice In Business Continuity

16

GDPR BREXITBrexit (if achieved) does not mean that GDPR will go away for the UKGDPR is extra-territorial i.e. it applies globally Where an entity offers goods or services to EU data subjects or monitors their behaviourThe UK Government is likely to exercise its rights to flexibilityA number of clauses are defined as being modifiableICO states said that for now the British Data Protection Act remains the law of the land UK Government has said that it is currently unsure how GDPR will applyWill work with the ICO to give businesses adviceWhen published, the digital strategy should provide more informationGDPR comes into force before the UK is likely to actually leave the EUBCI South Midlands ForumPromoting Best Practice In Business Continuity

UK Approach to GDPR

http://www.theregister.co.uk/2016/05/04/will_the_uks_approach_to_the_gdpr_be_harmonised/http://www.computing.co.uk/ctg/news/2463852/government-unsure-how-eu-data-protecion-laws-will-apply-post-Brexithttp://www.computerweekly.com/feature/Europe-fires-starting-gun-for-dash-to-GDPR-complianceWith the UK voting to leave the European Union in the recent referendum, what impact does Brexit have on the workings of the data protection directive?Assuming the UK comes to some kind of compromise with Europe and continues to trade with the continent, it will need to abide by the new rules. One unknown is what happens with regards to the one-stop-shop and the identification of a lead supervisory authority. Will the ICO now be included in this regime? Given this ambiguity, there may be an even greater onus on UK-based companies to prove compatibility with the regulation.

17

GDPRGeneral Data Protection (GDPR) to be implemented by 2018Some major changesPrinciples:-Privacy by designPrivacy by defaultAccountabilityExpanded definition of Personal DataOne law across EuropeExtra-territorialityIncreased responsibility for Data ProcessorsThis needs to be reflected in contracts with suppliersRight to be ForgottenNO implied consentMandatory breach notificationsOrganisations need processes and a Data Protection Officer (DPO)BCI South Midlands ForumPromoting Best Practice In Business Continuity

18

Update from Chapter and Leaders meeting


19

Chapters / Leaders MeetingNew executive Director and his visionGPG revisionMembershipCRM/CMS system update


20

New Executive Director and his vision 5 weeks in


21

Our aim in three little wordsBCI South Midlands ForumPromoting Best Practice In Business Continuity UnifyConsistent messaging wherever it originatesSupporting common strategic goalsConsistent visual presentationSimplifyStrategic AlignmentCore messaging Core formattingAmplifyTargeted messaging to different communitiesReinforcement of core strategic goals/messagesOne VoiceOne Set of MessagesMany audiences

22

GPG RevisionAnnounced BCI World 2017Launched January/February 2018Exam update ready for 2018No need to delay taking exam


23

MembershipFairly StaticCertified approx. 3800-4000Total approx. 7600-8400BCI South Midlands ForumPromoting Best Practice In Business Continuity

24

CRM/CMS System Update


What are we doing?A more complete membership experience for BCI members across all tiers might be provided by services orientated towards a career long hire to retire vocational support system.

25

CRM/CMS - DatesBCI South Midlands ForumPromoting Best Practice In Business Continuity

What will it mean for the community?Some changes to how we workContent curated centrally (new in house position) to ensure consistencyNeed for closer collaboration between central office team and community teamsSingle integrated database for all BCI contactsSingle event booking systemGreater ability to engage with our communities (also peer to peer)Greater ability to tailor content for usersGreater exposure for our work

26

BreakYour chance to mingle!


27

www.thebci.org 28BCI update

28

Business Continuity Awareness Week (BCAW) 2017

Date set as 15th 19th May 2017Theme is cyber resilience

29

Workplace recovery report now availableAims to benchmark workplace recovery arrangements among organizations worldwide. It also seeks to understand the human factor behind workplace recovery as well as underlying attitudes which may influence its implementation.

Available free to download from BCI website http://www.thebci.org/index.php/workplace-recovery-2016

30

Horizon scan survey 2017 openThis survey poses questions about horizon scanning and your organizational profile in order to identify trends across this area of business continuity planning.

https://www.surveymonkey.co.uk/r/9N3SNGT

31

Supply chain resilience report now availableTracks the origins, causes and consequences of supply chain disruption across industry sectors and regions worldwide. It also benchmarks business continuity (BC) arrangements in place - including the uptake of insurance - in different organizations which build supply chain resilience.

Available free to download from BCI website http://www.thebci.org/index.php/bci-supply-chain-resilience-report-2016

32

Working paper series contributions needed

Papers can come in the form of best practice articles, case studies, empirical research, quantitative/qualitative analysis, or a meta-analysis of available literature in the field, among others.

capture the state of knowledge in business continuity (BC) and related fields; track current and emerging BC trends; provide inputs that may influence the profession; and discuss the future of BC as a discipline.

Papers can range from 2,500-5,000 words.

Submissions and enquiries to [email protected]

33

Questions?

34

Christmas Continuity Quiz


35

Continuity QuizTeams of 3 or 4

Play your Threats RightName that Disaster TuneQuick Fire Round


36

BC ClinicWhat is troubling you?Is there anything you would appreciate a view upon?What can the group do to help you?


37

Future TopicsRemain in your TeamsList 3 Topics/Ideas


38

Any other BusinessDates of 2017 meetingsTBC but to be held in the following monthsMarch, June, September & DecemberBCI South Midlands ForumPromoting Best Practice In Business Continuity

39

BCI South Midlands Forum

Thank you for your support during 2016Next Meeting March 2017


40