Key Points to Takeaway on GDPR and How to Prepare


Key Points to Takeaway on GDPR and how to prepare



 You can download a full copy of the slides from this webinar. 




Full transcript available below:

Good afternoon. Thank you for joining the webinar today. We're going to give everyone just a couple more minutes to join and then we'll start the webinar. Good afternoon and thank you for joining today's webinar Prepare your firm for GDPR hosted by me Bethany Sirven of MyComplianceOffice with feature presenter Emily Mahoney.

We've reached the end of the 10 themes or changes that I wanted to discuss today in regard to the GDPR's impact on financial services firms and fintechs. Key points to take away, the core themes that existed under the directive are clearly broadly the same, but there are just tighter controls.

Clearly, there's greater accountability that is expected of you as data controller or data processor and a shift in the burden of proof. There is absolutely increased records and compliance burden on entities and there is increased financial exposure and finally related to that financial exposure are the broader data subject rights.

Their ability also to file a claim against an entity that they feel has violated their rights under the general data protection regulation. You have seven months to get it right. The time to start preparing is now and in light of that, the next two slides all talk briefly about steps that you want to consider.

Step one, what are we doing? Do a data mapping exercise. Figure out the data flows and disclosures that you're making to your data subjects. Map the purpose and legitimization that the purpose for which you're collecting the data and how you are legitimizing that collection, engage in such a mapping exercise.

Audit your data transfers, where is your data going and do remember Brexit for when the UK exits the EU. Audit those data-related contracts, all those outsourcing contracts, see what the contract say and whether they need to be renegotiated which they may likely have to be renegotiated, but just look at those contracts or perhaps even draft it if you don't have an agreement in place with your data processors.Then finally undergo a GDPR gap analysis. Next slide.

That gap analysis is evaluating what you're doing now as a company and what gaps exists in terms of GDPR compliance. Based upon that gap analysis, you can decide upon key action points that you're going to prioritize in terms of your readiness or in terms f your preparation to be in a GDPR compliant posture in time of 25th May 2018.

Start creating those internal accountability records, update your internal, external policies and contracts and create any necessary new policies and templates. For example, privacy by design, default playbooks, DP, Data Protection Impact Assessments Protocols and Templates. A security breach response plan.

If necessary or desired, appoint a data protection officer and finally engage in education of all the people throughout your organization so they understand that privacy and data protection are a big deal and that the GDPR is coming. 




This webinar was co-hosted with Mason Hayes & Curran

Find out how MCO can help

Request a demo today to learn how MyComplianceOffice puts you in command of your compliance program, synchronizing your business needs with regulation. 

Request a Demo



Download our four page Portfolio of Solutions to learn about;

  • Personal Trade Monitoring
  • Gifts & Entertainment
  • Political Contributions
  • Third Party vendor risk management
  • Trade surveillance
  • And more

Brochure Download