The European General Data Protection Regulation (GDPR) has been in effect for a number of years and a company often has to deal with additional laws and regulations. Observation shows that companies (and institutions) have made a modest implementation; that the attention in the organizations is waning, that the data subjects (for example persons, citizens, individuals) are increasingly submitting serious complaints to the supervisory authority, the Dutch Data Protection Authority (AP) or are going to court.
Group mores and target groups
Individuals wish to belong to groups and are willing to conform to group mores. Companies also want to belong to target groups of their customers and their suppliers and use these target groups to market their products and services. If a company does not adhere to the group mores, the people will withdraw and start a new group. Individuals can achieve this – based on their rights – with a few mouse clicks. A dubious reputation (for example caused by a data breach) can be the reason that a company is excluded by the (target) group. This immediately creates a continuity risk.
Companies want (or may have to) connect with target groups to sell products and services and need company and personal data for this. A company will therefore have to make agreements with people about the use of their data.
Facilitating rights and accountability
Adequately facilitating the rights of partners and accountability for the effectiveness of the control measures, especially to the chain partners, is essential in order to be and remain connected to target groups. Knowing partners (customers, employees or suppliers) offers the company opportunities to organize the organization more effectively and cost-efficiently. A data-centric data processing is necessary for organizing a people-centric organization.
The transition from application to data-centric data processing requires management and employees to adopt a different attitude/ “view” on data processing and protection. The transition has a chance of success if there is sufficient knowledge and support among management and employees about the legal and business necessity, the approach and the ability to realize the transition. This training connects to this and creates a common knowledge base in an organization.
Your business activities are central
The training takes you – from your main business activities – along with legislation, additional legislation and regulations and case law. Next, the rights of the data subject (the persons, individuals, citizens or patients) are discussed. The data subject has the tools to exercise control over his (or her) data. Within this context, we deal with the translation of the obligations into appropriate organizational and technical measures. With this we are in line with the discussions about organizing “privacy by design” and “privacy by default”. Together we look at how you can focus on those involved and what you need to arrange for this, how you can integrate the legislation into your regular business activities and systems, what benefits this brings for people and for your company or organization and how you can use it to take the next steps towards digital transformation.
A business situation has been described for this training and will be sent to you in advance. This business situation is a guideline during the training.