• Home

  • Documents

  • GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation,...
36
Presenter: Stefanie Retfalvi, Learning Design & Solutions Consultant, IT Governance GDPR Compliance: Getting Everyone On Board

GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

  • Upload
    others

  • View
    0

  • Download
    0

Embed Size (px)

Citation preview

Page 1: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Presenter: Stefanie Retfalvi, Learning Design & Solutions Consultant, IT Governance

GDPR Compliance: Getting Everyone On Board

Page 2: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Agenda

01

02

03

04

06

07

?Q&A

05

Cyber Security Awareness Programme

GDPR Compliance: Getting Everyone

on board

Page 3: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

About IT Governance & Introduction

Page 4: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

About IT Governance

Page 5: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Introduction

• Stefanie Ildiko RETFALVI

• Learning Design & Solutions Consultant

• International cross-sector experience

Page 6: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Staff Awareness & The GDPR

Page 7: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Article 36

1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits;

Page 8: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Why it matters

ICO publication:Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now

Page 9: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Stakeholders, Focus Groups & Planning

Page 10: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Compliance affects Everyone

• C-Suite, senior management buy-in (leading by example)

• DPOs, CISOs, CIOs • Business process owners• HR, change management, internal comms• Focus groups • Surveys

Page 11: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Managing Change

Page 12: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Dealing with resistance

Aversion to change is natural

Resistance to Content versus

Resistance to Process Consider this question within your

organisational context

Page 13: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

• Understand your audience(s)• Align your strategy and your culture• Read and rewrite the context• Make use of proven engagement techniques• Be opportunistic

Managing the Transition

Page 14: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

To attain the highest levels of employee engagement, it is important to generate personal investment and motivation for adopting the GDPR.

“Bringing about a Change in Mindset

Page 15: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Common Challenges

Page 16: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

The GDPR as a focal subject• Viewed as dry • Perceived as overwhelming• Misconceptions (regarding

implications)

Page 17: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Training Audit Trail True Engagement & Behaviour Change

Page 18: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Proven Techniques & Solutions

Page 19: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Identifying Problems

Identifying common drivers for resistance or gaps in understanding is the first step to gaining organisation-wide buy-in.

Page 20: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Implementing a GDPR Awareness Programme

It is important to offer a modern mix of different GDPR-focused learning and communications tools to address individuals’ diverse needs and preferences.

Page 21: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Gaining Buy-In

Don’t treat GDPR awareness training like a bitter medicine that everyone needs to swallow.

Page 22: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Example

Page 23: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Delivering Knowledge

Understanding the GDPR will help to mitigate aversion to change and reduce the human factor as a risk.

Page 24: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Example

Page 25: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Encouraging Knowledge Transfer to the Workplace

It is not enough to know what best practice involves. Employees need to apply their obtained knowledge in their everyday activities.

Page 26: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Sample Solution

These should:• Be meaningful, encouraging deep reflection and the transfer

of acquired knowledge to the workplace;• Make learners active participants by challenging them to

recall key information in relevant contexts; and • Prompt participants to identify risks and apply best practice

in situations that could arise in real life on the job.

Page 27: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Example

Page 28: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Continual monitoring of progress will ensure that everyone has achieved the required level of knowledge and understanding.

“Evaluation

Page 29: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Example

Page 30: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Once the programme is finished, it is important to ensure that the GDPR remains at the forefront of individuals’ minds.

“Continual Reinforcement

Page 31: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Useful References

Page 32: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Useful References

“GDPR in the workplace”“Employee communication”“Change management”https://www.cipd.co.uk/http://www.wfpma.com/https://ico.org.uk/about-the-ico/what-we-do/taking-action-data-protection/https://www.itgovernance.co.uk/blog

https://www.cipd.co.uk/
http://www.wfpma.com/
https://ico.org.uk/about-the-ico/what-we-do/taking-action-data-protection/
https://www.itgovernance.co.uk/blog
Page 33: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Conclusion & Your turn! Q&A

Page 34: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Conclusion

Page 35: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Call us+44 (0)333 800 7000

Email [email protected]

Visit our websitewww.itgovernance.co.uk

Like us on Facebook/ITGovernanceLtd

Follow us on Twitter/itgovernance

Join us on LinkedIn/company/it-governance

Read our blogwww.itgovernance.co.uk/blog

Stay in touch!

Page 36: GDPR Compliance: Getting Everyone On Board · 1. (b) to monitor compliance with this Regulation, with other Union or Member State data protection provisions and with the policies

© IT Governance Ltd 2018

Queries?

Understanding?

Clarification?

Your Turn!


GDPR Compliance - Infinigate · 2017. 11. 22. · In˜nigate UK’s GDPR team start the compliance assessment through an initial conference call with the organisation to explain the

GDPR Compliance - Infinigate · 2017. 11. 22. · In˜nigate UK’s GDPR team start the compliance assessment through an initial conference call with the organisation to explain the

Documents
Getting Started with GDPR Compliance

Getting Started with GDPR Compliance

Business
Five Pillars for GDPR Compliance with Talend · 2020-04-13 · under EU GDPR rules. Affirmative Consent: obtaining consent for ... A 16 Step Data Governance Plan for GDPR Compliance

Five Pillars for GDPR Compliance with Talend · 2020-04-13 · under EU GDPR rules. Affirmative Consent: obtaining consent for ... A 16 Step Data Governance Plan for GDPR Compliance

Documents
2BM COMPLIANCE Scope your GDPR compliance in SAP with …

2BM COMPLIANCE Scope your GDPR compliance in SAP with …

Documents
TECHNOLOGY GUIDE TO MEET GDPR COMPLIANCE

TECHNOLOGY GUIDE TO MEET GDPR COMPLIANCE

Documents
Achieving GDPR Compliance with Avature · Achieving GDPR Compliance Avature 3 Guiding Principles In order to be prepared for GDPR, your company must comply with the following principles

Achieving GDPR Compliance with Avature · Achieving GDPR Compliance Avature 3 Guiding Principles In order to be prepared for GDPR, your company must comply with the following principles

Documents
Supporting Your EU GDPR Compliance Journey · 2019. 8. 21. · Supporting Your EU GDPR Compliance Journey with Microsoft Dynamics for Finance and Operations Page 3 | 17 Disclaimer

Supporting Your EU GDPR Compliance Journey · 2019. 8. 21. · Supporting Your EU GDPR Compliance Journey with Microsoft Dynamics for Finance and Operations Page 3 | 17 Disclaimer

Documents
OBSERVAR GDPR Solution 2017 - assets.kpmg€¦ · KPMG delivers a preconfigured GDPR compliance solution with all relevant content necessary to ensure compliance with the new regulations

OBSERVAR GDPR Solution 2017 - assets.kpmg€¦ · KPMG delivers a preconfigured GDPR compliance solution with all relevant content necessary to ensure compliance with the new regulations

Documents
A Structured Approach to GDPR Compliance and ... Pages/GDPR Toolkit/Getting... · When getting started with GDPR compliance, ... throughout the organisation resulting in the ability

A Structured Approach to GDPR Compliance and ... Pages/GDPR Toolkit/Getting... · When getting started with GDPR compliance, ... throughout the organisation resulting in the ability

Documents
GDPR Compliance Benchmarking: Measuring Accountability Pages/GDPR Benchmark Stud… · GDPR Compliance Benchmarking: Measuring Accountability Executive Summary The concept of “accountability”

GDPR Compliance Benchmarking: Measuring Accountability Pages/GDPR Benchmark Stud… · GDPR Compliance Benchmarking: Measuring Accountability Executive Summary The concept of “accountability”

Documents
Accelerate GDPR compliance with the Microsoft Cloudibiz-solutions.no/sites/default/files/2b._gdpr_generell_-_ole_tom... · Accelerate GDPR compliance with the Microsoft Cloud Ole

Accelerate GDPR compliance with the Microsoft Cloudibiz-solutions.no/sites/default/files/2b._gdpr_generell_-_ole_tom... · Accelerate GDPR compliance with the Microsoft Cloud Ole

Documents
Compliance to Enablement - SABSA & GDPR

Compliance to Enablement - SABSA & GDPR

Technology
Overview of WHOIS Compliance with GDPR · Overview of WHOIS Compliance with GDPR (incl. Expedited PDP) 21 October 2018 Laureen Kapin ... BC/IPC Accreditation and Access Model v1.6

Overview of WHOIS Compliance with GDPR · Overview of WHOIS Compliance with GDPR (incl. Expedited PDP) 21 October 2018 Laureen Kapin ... BC/IPC Accreditation and Access Model v1.6

Documents
gdpr Compliance Checklist - Global Privacy & Security ... · GDPR Compliance Checklist . GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that

gdpr Compliance Checklist - Global Privacy & Security ... · GDPR Compliance Checklist . GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that

Documents
GDPR and Worldwide Data Privacy Compliance

GDPR and Worldwide Data Privacy Compliance

Documents
EU GDPR - 12 Steps To Compliance

EU GDPR - 12 Steps To Compliance

Data & Analytics
Payslip Compliance with GDPR · 2020-01-13 · Payslip Compliance with GDPR Payslip Compliance with GDPR Ensuring your Payslips are compliant with GDPR GDPR changes coming in May

Payslip Compliance with GDPR · 2020-01-13 · Payslip Compliance with GDPR Payslip Compliance with GDPR Ensuring your Payslips are compliant with GDPR GDPR changes coming in May

Documents
Accelerate GDPR compliance with the Microsoft Cloudinfo.microsoft.com/rs/157-GQE-382/images/EN-CNTNT-whitepaper... · Accelerate GDPR compliance with the Microsoft Cloud 7 This GDPR

Accelerate GDPR compliance with the Microsoft Cloudinfo.microsoft.com/rs/157-GQE-382/images/EN-CNTNT-whitepaper... · Accelerate GDPR compliance with the Microsoft Cloud 7 This GDPR

Documents
GDPR Compliance With Varonis - GDP… · VARONIS WHITEPAPER: GDPR Compliance With Varonis 3 Overview On May 25, 2018, the EU General Data Protection Regulation (GDPR) will finally

GDPR Compliance With Varonis - GDP… · VARONIS WHITEPAPER: GDPR Compliance With Varonis 3 Overview On May 25, 2018, the EU General Data Protection Regulation (GDPR) will finally

Documents
General Data Protection Regulation (GDPR) …dynamic.globalscape.com/files/Guide-MFT-GDPR-Compliance...GDPR readiness, when applied in context with software products, means that software

General Data Protection Regulation (GDPR) …dynamic.globalscape.com/files/Guide-MFT-GDPR-Compliance...GDPR readiness, when applied in context with software products, means that software

Documents
GDPR readiness 20 steps to achieving compliance Presented by...GDPR Achieving Compliance Journey (Nov17) – a step-by-step methodology for achieving compliance 6. GDPR – the role

GDPR readiness 20 steps to achieving compliance Presented by...GDPR Achieving Compliance Journey (Nov17) – a step-by-step methodology for achieving compliance 6. GDPR – the role

Documents
Practical steps to GDPR compliance

Practical steps to GDPR compliance

Technology
GDPR Compliance - Broadcom Inc

GDPR Compliance - Broadcom Inc

Documents
The first steps towards GDPR compliance 

The first steps towards GDPR compliance 

Business
EU GDPR is more than compliance - Fujitsu · 2017-08-03 · governance and compliance with EU GDPR. GAP REMEDIATION SERVICES What? Our team of cyber security experts work with you

EU GDPR is more than compliance - Fujitsu · 2017-08-03 · governance and compliance with EU GDPR. GAP REMEDIATION SERVICES What? Our team of cyber security experts work with you

Documents
ACHIEVING GDPR COMPLIANCE WITH ASOLVI...ACHIEVING GDPR COMPLIANCE WITH ASOLVI A need-to-know guide On May 25th 2018, the European Union’s General Data Protection Regulation (GDPR)

ACHIEVING GDPR COMPLIANCE WITH ASOLVI...ACHIEVING GDPR COMPLIANCE WITH ASOLVI A need-to-know guide On May 25th 2018, the European Union’s General Data Protection Regulation (GDPR)

Documents
GDPR Compliance and Elasticsearch · GDPR Compliance and Elasticsearch Webinar - March 2018 Webinar Abstract The European Union’s (EU) General Data Protection Regulation (GDPR)

GDPR Compliance and Elasticsearch · GDPR Compliance and Elasticsearch Webinar - March 2018 Webinar Abstract The European Union’s (EU) General Data Protection Regulation (GDPR)

Documents
GDPR Compliance

GDPR Compliance

Data & Analytics
GDPR Compliance Checklist - IACS

GDPR Compliance Checklist - IACS

Documents
SYMPHONY’S GDPR COMPLIANCE STRATEGYs GDPR Compliance Strategy.pdfSYMPHONY’S ROLE UNDER THE GDPR The GDPR distinguishes two roles that organisations can play: controllers and processors

SYMPHONY’S GDPR COMPLIANCE STRATEGYs GDPR Compliance Strategy.pdfSYMPHONY’S ROLE UNDER THE GDPR The GDPR distinguishes two roles that organisations can play: controllers and processors

Documents