Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

GDPR and Data Protection Practices

Verified

Added on 2020/02/24

AI Summary

This document delves into the complexities of the General Data Protection Regulation (GDPR), outlining its key provisions, implications for organizations, and practical steps for achieving compliance. It explores various aspects of data protection, including consent mechanisms, data subject rights, breach notification requirements, and the role of data protection officers. The document also provides guidance on implementing appropriate security measures, conducting privacy impact assessments, and fostering a culture of data protection within businesses.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assignment One1
CHALLENGES AND OPPORTUNITIES IN PLANNING AND IMPACT OF GDPR
IMPLEMENTATION ON TWENTYCI
Student by (Name)
Professor’s (Name)
College
Course
Date

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Assignment One2
1. Executive summary
General Data Protection Regulation (GDPR) has in the present UK meant to replace the
old data protection regulation of year 1998. The UK data protection act was passed by the 1995
EU Data Protection Directives and attracts various immense fines for non-compliance and breach
of the act by any organization. The act also presets rights to various clients on what and what not
firms managing their personal data can do with their personal data. The main aim of the
implementation of General Data Protection Regulation (GDPR) is to allow more rights to the
people on how their personal data can be used and many of companies are yet to face challenges
and also have various opportunities at the same time. The implementation of the General Data
Protection Regulation (GDPR) implementation by TwentyCi will shake the operations of the
firm, management, leadership, timing and survival of the organization as key business deals are
personal data. The content of this report therefore majors on the discussion of various challenges
and opportunities which TwentyCi will experience due to General Data Protection Regulation
(GDPR) implementation.
Implementation of General Data Protection Regulation (GDPR) presents opportunities in
various sectors in the management, company survival, and finance and in other sectors within the
organization. However, the organization is likely to face challenges in direct marketing, support
employee information as well as within the technology information area and finance. As result of
the challenges and opportunities, the content further presents recommendations for General Data
Protection Regulation (GDPR) implementation planning. The organization is recommended to

Assignment One3
offer proper training to their workforce on the changes made within the system by the new
regulation. The report concludes with another recommendation that the organization should
employ smooth implementation process with an understanding that the personal data of citizens
in UK is protected.
Table of Contents
1. Executive summary.....................................................................................................................2
2. Introduction..................................................................................................................................4
3. Analysis.......................................................................................................................................5
3.1 Challenges and opportunities of General Data Protection Regulation (GDPR)
implementation.............................................................................................................................5
3.1.1 Business Reputation........................................................................................................5
3.1.2Survival............................................................................................................................7
3.1.3Timing..............................................................................................................................8
3.1.4 Volume............................................................................................................................9
3.1.5 New Opportunities..........................................................................................................9
4. Conclusion.................................................................................................................................11
5. Recommendation.......................................................................................................................12

Assignment One4
Assignment one
2. Introduction
The content of this paper provides information to TwentyCi an organization which is
likely to face challenges and opportunities due to the full implementation of GDPR by 2018.
The content also discusses the General Data Protection Regulation (GDPR) with regards to
TwentyCi as an organization that handles EU citizen’s personal information and doe marketing
through the use of phones and mail. TwentyCi as one of the organizations which deals with data
and information according to the case study should comply with the General Data Protection
Regulation (GDPR) by 25th May the year 2018. Various business organizations such as
TwentyCi due to the constant changing nature of the market has over the time relied on personal
data for the development (Carey 2009). The company based on the their choice of operations
must therefore comply to the various demands set by General Data Protection Regulation
(GDPR).The compliance with the regulation will therefore ensure the effectiveness of the work
done by TwentyCi and increase and sustain high level of performance.
General Data Protection Regulation (GDPR) according to the analysis almost similar to
the UK Data Protection act of 1998 and will affect all the organization which will have not
complied by 25th May 2018. This therefore means that the main obligation and line of operations
by various organizations dealing with data is gathering of the data. If the organization can

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Assignment One5
explain clearly the reason why they are accumulating data and to what level they are doing so,
the organization to this perspective is in very much compliance to regulations except for various
political inclinations, opinions of religion as well as generic data. The regulations also demands
deletion of data after its main purpose is meant. Being that TwentyCi as an organization fully
rely on collection of personal data, the regulations will therefore affect the firm’s customer
relation management (CRM), direct marketing, support service providers, financial management
sectors, support employee information as well as information technology. The implementation of
General Data Protection Regulation (GDPR) will also present various opportunities as presented
within the discussion below. TwentyCi is one of the organizations which is controlling the data
and information industry in the UK and failure to prepare for the implementation of General
Data Protection Regulation (GDPR) may destroy the company reputation in case other firms plan
is perfect compared its plan (Christer 2017). The implementation of General Data Protection
Regulation (GDPR) will require TwentyCi to change the management system in order to comply
with the demand of the regulation and maintain their reputations. The company will therefore
improve and make appropriate changes on how to manage
3. Analysis
3.1 Challenges and opportunities of General Data Protection Regulation (GDPR)
implementation
3.1.1 Business Reputation
The full implementation of the General Data Protection Regulation (GDPR) will result
present a lot of challenges and opportunities in relation to the survival of the TwentyCi as an
organization dealing with the gathering of data in UK. In relation to the reputation of the

Assignment One6
organization, failure to fully prepare for the implementation may destroy the organizations
reputations. However, with proper planning and preparation for the full implementation of the
General Data Protection Regulation (GDPR by 25th may 2018 will result into an improved
organizational reputation. Making proper changes in terms of management and organization of
the human resource sector within the firm to secure reputation is one of the challenging issues
the organization have to deal with before 25th May 2018. In order to secure the customer trust
and loyalty which rely much on the firm’s reputation, TwentyCi will have to and must adopt a
much strict as well as costly process in dealing with data. The management of the organization
will have to appoint skilled labor force to ensure that the firm’s reputation is maintained during
the implementation process and after the implementation. The process of preserving their
reputation and the desire to remain at the top of the game is likely to be cost and may reflect on
the cost of service provision.
Increased prices may in turn not be taken positively by some customers leading to
reduced loyalty and poor reputation of TwentyCi as an organization. The cost of maintaining an
organization such as that of TwentyCi which is one of the top marketers in UK is high and the
management of the organization has a serious obligation to meet. TwentyCi will have to review
their whole system to comply with the requirements of General Data Protection Regulation
(GDPR). The review of the whole process as already mentioned is likely to reflect to the cost of
operations increasing the sales price. When sales prices of the services offered by a leading firm
in the industry increases, the reputation of the firm goes own as it may lose customers to other
firms destroying its reputations in the local market an internationally. The reputation of the firm
is directly linked to the number of customers, where there few customers the reputation of the

Assignment One7
company goes down. For TwentyCi to maintain their reputation as one of the top marketers in
the industry, the organization must develop a plan on how to cost effectively implement Data
Protection Regulation (GDPR).
3.1.2Survival
The survival of any organization in an industry highly depends on various factors within
the industry and the general market. With the scale of the fine indicated within the Data
Protection Regulation (GDPR) requirements, the survival of any firm within the marketers
industry has been threatened. The set penalties by the Data Protection Regulation (GDPR) for
the breach and non-compliance is quite high for any firm caught or not caught on the wrong side
of the regulation by GDPR. TwentyCi survival is therefore at a stake due to the high penalties on
any offense in relation to Data Protection Regulation (GDPR). This is because any firm within
the marketer industry is responsible for the transgression of Data Protection Regulation (GDPR)
requirements. The survival of any firm while preparing and implementing the requirements of
Data Protection Regulation (GDPR) is at a stake based on the kind of transition a firm has to go
through before becoming in full compliance of the set regulation (De Hert and Papakonstantinou
2012).
TwentyCi being one of the firms in UK preparing for the implementation of Data
Protection Regulation (GDPR) will have to go through a full transition to meet the regulations,
the organization will have to absolutely renovate their system of gathering data, processing
methods, securing and storage of information, sharing and securely delete a personal data. The
renovation of the system will require a special team whose main objective is to manage Data

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Assignment One8
Protection Regulation (GDPR) for the company to survive. Data Protection Regulation (GDPR)
has similar requirements meaning same standards for all firms within the industry. With similar
standards the survival of TwentyCi is threatened based on the increased competition as a result
of similar standards. The organization should therefore invest a lot on the appointment and
establishment of a right team which is a key factor to the firm’s survival and successful Data
Protection Regulation (GDPR) preparedness (De Hert and Papakonstantinou 2012).
. The organization will therefore be faced with several challenges in relation to the
preparedness and survival. TwentyCi should come up with a proper management team to remain
at the top of the game which requires training and this may be a challenging to the firm to
appoint.
3.1.3Timing
TwentyCi is one of the organizations which are required by the Data Protection
Regulation (GDPR) to comply with its regulations prior to 25th may 2018. There are only a few
months left and TwentyCi will need to come up with new policies and proper planning, test the
procedure and the plan in order to ensure that they are able to comply fully with various data
rights within the time limits. The timing may be challenging to the organization based on the
number factors they have to consider while preparing to implement Data Protection Regulation
(GDPR). In such cases of urgency the firm will not only be required to make important
investments financially but consider investments in time as an important factor (Gilbert 2011).
The process will involve portability of data thus time is required. The preparation for the
implementation of Data Protection Regulation (GDPR) will affect various sectors within the firm

Assignment One9
which then require proper time allocation. TwentyCi will have to appoint various teams to
manage Data Protection Regulation (GDPR) implementation, the will need to appoint new sales
team or train the former team to proper inform their customers on the new order of the day.
Appointment and allocation of resources for the preparation and management will need proper
time allocation and the firm will need to have proper planning with the given time limits by
GDPR.
3.1.4 Volume
In relation to the volume, the firm will have to gather reduced volume of data during the
implementation preparation. This is due to the new system of data managements procedures
created based on the Data Protection Regulation (GDPR). The volume of the data that the
company will be able to handle will reduce as they will have to adopt a much strict procedure as
required by GDPR. The procedure to be followed by organization will increase the volume of
work to be done by the employees and reduce the quantity of the output. The firm according to
the research conducted will need to come up with a system named A-Z which will help with data
control (Kshetri and Murugesan 2013). TwentyCi will also need to perform data mapping prior
to the implementation and analyse the whole process after receiving information or data from
their clients to identify where the data comes from as well as document every procedure for data
gathering (Gilbert 2011). This complex procedure may reduce the volume of data managed by
the firm after the implementation of Data Protection Regulation (GDPR). Data obtained by the
firm will passed through a technical security protocol which may then also reduced the volume
of work to be done by the firm. The company therefore to some extent will have reduced volume
of work in terms of client data management but will have to go through a large volume of work

Assignment One10
in relation preparation and implementation of Data Protection Regulation (GDPR) and this will
be a challenge to the firm.
3.1.5 New Opportunities
Preparations and implementation of Data Protection Regulation (GDPR) does not only
present challenges to TwentyCi but also presents a number of various opportunities that the
organization can exploit to remain on the top of the game. According to various sources
preparation and implementation of the Data Protection Regulation (GDPR) could be the right
time for TwentyCi to come out of their comfort zone as an organization to move further top
within the industry. The management of the organization should not have a negative thinking
that implementation of Data Protection Regulation (GDPR) will restrict their operations. The
firm should take this opportunity to make distinctions between the marketing strategy, privacy of
personal data as well as technology (Kshetri and Murugesan 2013). Based on the regulation
requirements, TwentyCi as an organization will have an opportunity to upgrade their system in
terms of the data science and insight of the of the business, the organization will have to develop
their data translation system to meet their customers’ demands in accordance with the data
regulations.
The procedure for implementing the new regulation set by the UK government requires
firms to come up with proper management team for the implementation in order to avoid fines
set by the GDPR. The process and planning for the implementation of the Data Protection
Regulation (GDPR) presents TwentyCi with an opportunity to appoint new management team
and improve their performance. TwentyCi will have to reprogram their system to meet the Data
Protection Regulation (GDPR) in order to improve the company information sales (Kshetri and

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Assignment One11
Murugesan 2013). As an organization which is a marketer, improvement in the data
management, organization and security will enable TwentyCi as a firm to attract various
customer firms who are interested in information sold by TwentyCi. The company has the
opportunity to develop data subject access system that will enable them to respond first enough
to various client demands. Moreover, the company has been presented with the chance to come
up with new Web and non-Web based access that will then enable the firm to limit any
possibility of being hacked. Securing the firm’s system from various hack attempts will increase
the firm’s reputation as well as their customer loyalty. With proper preparedness and
implementation Data Protection Regulation (GDPR) by TwentyCi, the organization therefore
stands a chance to remain at the top of the marketing industry. The company has been presented
by a number of opportunities in relation to the management of the firm based on GDPR
regulations, increase the firm’s reputations, and implement new marketing strategies and ways to
retain the consumer.
4. Conclusion
Various challenges and opportunities discussed within the content above justify the
wrong perception by various data dealing firms in relation to the GDPR regulations. Many firms
have over the present past viewed the new requirements by the UK government as being over
stricken. Implementation of the new Data Protection Regulation (GDPR) has presented firms
such as TwentyCi with a lot opportunities compared to the challenges. The firm in process of
preparing itself to the full implementation of Data Protection Regulation (GDPR) requirements is
face with several challenges in relation to timing, work volume, labor organization and survival

Assignment One12
but at the end, the whole process has learnt several opportunities which are likely to help the firm
survive at the top of the game (Kshetri and Murugesan 2013). According to the research
conducted within the firm, implementation of Data Protection Regulation (GDPR) by TwentyCi
s at the right time and the firm should fully comply. Instead of seeing the whole process as being
strict, TwentyCi should take the opportunity to redeem itself and become one of the most to
firms within the industry. As just mentioned earlier, the management team of TwentyCi should
come up from their comfort zone and become one of the best firms dealing with data in whole
global market. The application of the rules set within Data Protection Regulation (GDPR), will
help the firm to operate within the demands and rights of their customers developing further the
firm’s loyalty and maintain customer loyalty. Based on the discussion above, it can be conclude
that Data Protection Regulation (GDPR) does create pain and challenges to firms such as
TwentyCi, but if they come up with a proper way of compliance and show value of privacy to
their clients personal data they will then improve on their data management ways and remain
firm within the industry.
5. Recommendation
Data Protection Regulation (GDPR) implementation preparedness though presents
various challenges as discussed above on firms which rely on personal data management. The
firms are therefore recommended to come up with a clear and proper Data Protection Regulation
(GDPR) implementation strategy. It is recommended for firms such as TwentyCi to first appoint
a proper management team with the required management skills to ensure full implementation of
Data Protection Regulation (GDPR) prior to the set date of 25th may 2018. Based on the research

Assignment One13
conducted on Data Protection Regulation (GDPR) and interrogations, the firm is quite prepared
for the implementation of Data Protection Regulation (GDPR). TwentyCi does not need to
reprogram their whole system but instead offer training to their staffs on how to prepare for the
implementation and on the full implementation itself (Knyrim and Trieb 2011).
The recommendation will enable the firm’s human resource team to have a clear
understanding of the regulations operate within the required policies preventing the firm from
threats risks arising from fines on the breach of the regulations and non-compliance. It is also
recommended for the firm to take into consideration various key areas such appointment of
external advisors for proper implementation of Data Protection Regulation (GDPR), TwentyCi
being at the threat of fines should arrange proper insurance on cyber security protection. It is
also recommended for the firm to come up with a proper notification standard procedure to
prevent volume data breach (Knyrim and Trieb 2011). The notification standard procedure will
inform any breach to the organization within the required time span prescribed by GDPR
requirements. TwentyCi is also recommended to comply fully with the requirements of the
GDPR Data Protection Regulations in order to avoid various fines for non-compliance and enjoy
various opportunities which comes with the GDPR implementations.

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Assignment One14
References
Carey, P., 2009. Data protection: a practical guide to UK and EU law. Oxford University Press,
Inc..
Christer Jansson,2017 https://www.capgemini.com/blog/capping-it-off/2017/02/the-top-10-
things-to-know-about-the-gdpr-and-how-capgemini-can-help-yo-0
Colin Bradshaw lands role at data agency TwentyCi
http://www.decisionmarketing.co.uk/news/colin-bradshaw-lands-role-at-data-agency-twentyci

Assignment One15
De Hert, P. and Papakonstantinou, V., 2012. The proposed data protection Regulation replacing
Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security
Review, 28(2), pp.130-142.
Erik Matlick https://martechtoday.com/4-reasons-love-chief-martec-supergraphic-177735
GDPR Readiness – Calculate Your Return on Security Investment (ROSI) by Nick Symms
https://www.imperva.com/blog/2017/06/gdpr-readiness-calculate-your-return-on-security-
investment-rosi/
Gilbert, F., 2011. European data protection 2.0: new compliance requirements in sight-what the
proposed EU data protection regulation means for us companies. Santa Clara Computer & High
Tech. LJ, 28, p.815.
ICO https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Ipswitch https://www.youtube.com/watch?v=WIUsiB89o4sCloud computing and EU data
privacy regulations. Computer, 46(3), pp.86-89.
John Leyden https://www.theregister.co.uk/2017/04/28/ico_fines_post_gdpr_analysis/
Kaye, J., Whitley, E.A., Lund, D., Morrison, M., Teare, H. and Melham, K., 2015. Dynamic
consent: a patient interface for twenty-first century research networks. European Journal of
Human Genetics, 23(2), p.141.
Knyrim, R. and Trieb, G., 2011. Smart metering under EU data protection law. International
Data Privacy Law, 1(2), pp.121-128.
Kshetri, N. and Murugesan, S., 2013. GDPR http://www.eugdpr.org/

Assignment One16
Van der Sloot, B., 2014. Do data protection rules protect the individual and should they? An
assessment of the proposed General Data Protection Regulation. International Data Privacy
Law, 4(4), p.307.
What is the GDPR https://www.youtube.com/watch?v=XVBHishpew8&t=42s (Youtube)
Zwingelberg, H. and Hansen, M., 2011, September. Privacy Protection Goals and their
implications for eID systems. In IFIP PrimeLife International Summer School on Privacy and
Identity Management for Life (pp. 245-260). Springer, Berlin, Heidelberg.
COMPLIANCE STRATEGY
Student by (Name)
Professor’s (Name)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Assignment One17
College
Course
Date
COMPLIANCE STRATEGY
Executive summary
Presently, the United Kingdom fully relies on a data protection act which was passed on
the 1995 EU Data Protection Directive. The act which is used within the UK currently is known
as the Data Protection Act 1998 which demands every firm to comply with its regulations and
requirements. In the cases of failure to meet the regulations and non-compliance, any firm
according to the regulation will face regulatory immense fines. The regulatory fines is also
extended to breaches by firms and gives individuals whose personal data are managed by
organizations such as TwentyCi a voice of what companies can use their data. The main purpose
for the new data protection regulation GDPR is to give people authority over their personal data.

Assignment One18
Various companies like Google and Facebook deals with the exchange of people’s personal data
for their service use. GDPR is therefore meant to protect people’s personal data from being
misused. Data Protection act 1998 came into implementation before the advanced application
and use of internet and technology. The increased use of internet technology has over the recent
past become an issue with regular manipulation of people’s personal data.
As a result of the manipulation of data which has increased over the recent past due to
weak regulations set by Data Protection act 1998, GDPR has therefore been introduced in the
UK and its effect will soon be witnessed in the world as a whole. The GDPR being aware of the
weakness of the older data protection act, has been made with proper corroboration data
protection legislation requirements and has also introduced a very strict enforcement policies to
enable the emergence of digital economy. GDPR indicates a risk computing of up to 4 per cent
of the annual world turnover and have only a few months remaining for full implementation.
Firms are required by the Data Protection Regulation to fully cross over to the use of the new
regulation and every state member of the EU in current in the process for the full implementation
of the requirement. The main strategy for TwentyCi is to comply with the regulations and the
requirements of the law in order to avoid risks arising from the regulatory fines and remain at the
top level of the game. The reports the report therefore discusses the impact of compliance
TwentyCi in relation to the leadership management, operational management, financial sector
and the information management. It further concludes with recommendations such as the
standards which should be followed by the firm for full compliance.

Assignment One19
Table of Contents
Executive summary.........................................................................................................................2
1. Introduction..............................................................................................................................4
2. Leadership and Management.......................................................................................................5
3.Operations Management...............................................................................................................6
4. Information Systems....................................................................................................................7
5. Finance.........................................................................................................................................9
6. Conclusion...................................................................................................................................9
7. Recommendation.......................................................................................................................10
8. References..................................................................................................................................12
COMPLIANCE STRATEGY
1. Introduction
The content of this paper contends on compliance as one of the strategy that should be
adopted by TwentyCi as a firm that operates within the EU boundaries. The UK Data Protection
act 1998 (DPA) is yet to be fully replaced by the current GDPR regulations and this will apply to
all member states of the EU. With the implementation of the General Data Protection Regulation
(GDPR) gathering of information or data required for business purposes will be done under a

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Assignment One20
strict rules set by the law in corroboration with the old DPA act. Firms will not be allowed by
the law to gather information on various matters such as political inclination, religious opinions
as well as generic data. Gathering information on such types of data attracts fines and penalties
as it is considered as a breach of the requirements of GDPR (Kshetri and Murugesan 2013). In
order to escape the set of regulatory fines and penalties risks, TwentyCi should comply with the
requirements of General Data Protection Regulations (GDPR). The compliance however, will
shake various sectors within the organization which is covered within the content of this report.
The content in relation to the compliance strategy majors on the core operation area of TwentyCi
which will be shaken by the GDPR requirements. The core business units that are likely to be
shaken by the compliance strategy includes: finance, leadership management, operational
management as well as the information system (Knyrim and Trieb 2011). The paper concludes
on various issues discussed within the analysis and ends with various recommendations, where in
the recommendation advice is laid to TwentyCi in relation to how the firm can successfully plan
and implement General Data Protection Regulations (GDPR).
2. Leadership and Management
Due the compliance strategy TwentyCi as an organization will have to improve on their
management for proper implementation of the General Data Protection Regulations. The firm
will have to a point a new leader of the have the new leadership training. As a leader, the
management of the firm will have to provide a consistent approach to leadership development for
staff in TwenetyCi. The will further represents the organization to a system of training where all
the staff should seek to be one day. Implementation of data protection in relation to full

Assignment One21
compliance will require the leadership of the firm to appoint a leading team to supervise and
undertake the whole process of implementing General Data Protection Regulations (GDPR).
With compliance as a strategy, the focus on TwentyCi by the management team is how it
can develop a desire to build on existing leadership by different staff group and create a single
central leadership for all staff. This will fully depend on the leadership of the organization to
form a strong team in order to achieve their desire of a unified staff. The management team is
also required to see through the adoption and training of all staff members on how to comply
with the requirements of General Data Protection Regulations (GDPR)
The leadership of the firm will need to have the following skills leader to have to be
ready for GDPR:
• should have self-awareness & Development> this can be by aware of your own
values, principles, and assumptions, and can learn.
• Able to act with integrity> open and honest.
• Work with others> in teams and networks to deliver and improve the service.
• should be able to build and maintain relationships by listening, supporting others,
gaining trust and showing understanding.
• Should be able to achieve the goals by planning.
• Appropriately manage the resources and knowing are available to ensure that it
can be used ready on time.
• People administration and providing directions, performance, motivations to
others and promoting equality and diversity.
• should be accountable in all aspects of the duty.

Assignment One22
• Improving the way, they collect data and to identify where it can be improved.
• Ensuring the security and risk of the organization associated with the GDPR.
• Identifying the contexts for change by being aware of the range of factors to be
considerate.
• Creating the vision on how to be able to tackle any obstacle might come.
• To contemplate the culture, history and long term underlying of the organization.
2. Operations Management
The organization management will have to adopt much stricter processes in dealing with
customer data. Moreover, the organization with compliance strategy will have to have appoint a
GDPR team who will oversee the compliance side of it as this is not just an IT or a matter of
Information System issue. The operations of the firm will go through a series of process in order
to comply with General Data Protection Regulations (GDPR)
Twentyci will need to create an A to Z Data control within their operation system for
security functions. The team of IT experts will have to perform mapping of all the data for the
entire business, what they already have with a clear knowledge of where the data comes from
and document everything what they do it or what it will if this data no longer serves them.
• Where is this data source hold and if there are any risks to the data?
• They shouldn't keep any data that is not necessary and it should be removed as
they won't be able to keep it when the GDPR are fully complied with as the requirements are

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Assignment One23
very specific and this will be one of the operations taking place within the firm based on
compliance strategy.
• They will need to introduce a better understanding of what they can keep and
what they can't simple. In this case the firm will have to sought out what they can keep and those
to fully eliminate from the database of the organization as failure to delete non lawful data will
result into fines.
• Is there a need to erase any of non-authorized personal data, what will the
organization achieve from it and is there a way to keep it by encrypting it? This fully explains
another operation of encryption that the team of experts will have to undertake.
• Security measures will be the top priority as that will save money and time.
• They will need to Develop and implement a selected safeguard throughout the
arrangements to help contain any data breaches. This means putting security measures in place to
guard against data breaches, and taking quick action to notify individuals and authorities in the
event a breach if occur.
• Making sure they check with their suppliers also. Outsourcing doesn’t exempt you
from being liable. You need to make sure that they have the right security measures in place also
• With the GDPR, individuals must openly have consent to the attainment and
processing of their data.
• TwentyCi will need to carry out a crack analysis of their current compliance
against GDPR and then create and tool documentation plan, arranging it by different type of risk
areas.

Assignment One24
• TwentyCI will have to review all tier privacy statements and disclosures and
adjust them where it is needed, Pre-checked boxes and implied consent may not be acceptable
anymore.
• Monitoring requirements will have to be in place.
The operation management will have to create an operation team to expertly deal with the
compliance with the General Data Protection Regulations prior to the collapse of the time
allocated by GDPR. The organization at the point of implementation will have to manage two
processes where the first one being the firm’s normal operation and the second one being the
implementation procedure. In this case proper management must be put in place to ensure
smooth running of all the operations within the organization. Operation management will
therefore be an issues which the management team of TwentyCi will have to deal. For the
company succeed with the compliance and implementation of General Data Protection
Regulations, they will have the proper management skills. The labor force which will be required
to manage the operations will have to undergo training. Supervisors will have to be assigned to
oversee the series of operations taking place.
4. Information Systems
Twentyci as an organization is a science and insight entity which translates data for
sales, market research and logistics, sales purposes to various entities which needs to make better

Assignment One25
choices and for better decisions. The compliance strategy will require the firm to consider their
information systems; from the study conducted the company may not need not fully reprogram
their system but make critical changes with regards to the demands of General Data Protection
Regulations (GDPR). The study conducted in the firm also indicated that the firm should come
up with a data subject access system which enable them respond quickly to various requests in
the form that is within the framework of General Data Protection Regulations (GDPR). The firm
should also need to split the information system into smaller sections with data points. Moreover,
the organization should also come up with user defined fields and sections. The organization
need organize their roles and permissions: the firms in this perspective need to flinch with the
proactively manage the consent and user roles within the organization as they also use the basic
framework structured upon ‘Who has access to what, and when?’ Recognizing opportunities can
orchestrate in relation to the set up information system, via the use of a central command Centre
for cross-channel outreach, TwentyCi can have an understanding of their customers as well as
responsibly balance direct personalization with rigid security measures. Another factor within the
information system that should be created by the organization is flexible differentiation of their
system (Kshetri and Murugesan 2013). This structured on the basis that GDPR should not hinder,
but enable marketing to adapt, adopt, test and learn alongside TwentyCi evolving global of
customers. Moreover, the firm should create a 360-degree Platform to the command Centre for
marketing integrations in marketing realm. This should be one to come up with a solution which
centralizes the increasingly complex network of integrations, platform experts and regulations
will have to be top notch. The management of the organization should in relation to the new
regulations, manage all channels independently, a central, adaptable technology seems to be the

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Assignment One26
solution in a way which it can forge a security and concealment orchestration tactic. The firm
should have a centrally placed caretaker to let your TwentyCi to remain in to control of security
measures, and at the same time creating an opportunity to orchestrate your marketing message.
The information management team will need to offer a unique balance between customer
engagement and an ingrained propensity to privacy and security. But instead of being on the
defense, trying to detect data breaches and struggling with user permissions across tens or
hundreds of channels; take back control in order to secure the whole system in relation to the
General Data Protection Regulations.
5. Finance
Even though the research conducted within the firm never provided enough information
on the impact of GDPR implementations, it is one of the sectors which will require proper check-
ups due to compliance strategy. Every process taken for the full compliance by the organization
will need financing, appointment and purchases to be made while making the system compatible
with the GDPR. Allocation of the resources at this point requires proper financial management.
The organization at this point should appoint a firm accounting team and apply various
accounting strategies to review the system (Gilbert 2011). TwentyCi should also appoint an
external auditor to help with firm financial reviews amid the course implementations. Proper
financial management at this point is crucial and will help the firm to avoid miss management of
resources as well as ensure proper allocation of resources. The firm at some point of
implementation will be dealing with upgrades to the system and my not be able to attract much

Assignment One27
in terms of profit. The firm will therefore come up with a clear financial management strategy to
manage what comes in as profits.
6. Conclusion
With the advanced knowledge in technology, data has become one of the most selling
commodities in the marketing industry. Even though data has become one of the most selling
commodities within the market, several rules should be adhered to in relation to the newly set
regulations. Even though the firms may have challenges to implement General Data Protection
Regulations (GDPR), it also presents to the firm new opportunities which can help the firm stay
at the top of the industry. Proper implementation of the General Data Protection Regulations
(GDPR) will enable the firm to improve on how they manage personal data for as long as they
firms remains operational within the marketing industry (Carey 2009). Compliance as a strategy
may how ever be stressful to an organization as it shakes all core sectors of the organization but
will enable the firm to build a structural trust on their customers and maintain their loyalty. As
discussed within the assignment one, compliance is the best strategy that should be fully
implemented by TwentyCi to allow them step up from their resting zone and move the industry
further. Compliance according to the discussion will also provide the organization with the
privilege to make appropriate changes in their core operational sectors and remain the controlling
firm within the industry.

Assignment One28
7. Recommendation
Based on the content of the paper and the analysis conducted within assignment one and
within this content, preparation and implementation of General Data Protection Regulations
(GDPR) presents an opportunity for TwentyCi to move to the top level within the marketing
industry. Application of compliance by TwentyCi will enable the firm to step out and restrict
themselves from the thinking that such implementation will prevent them from their normal
operations. The firm should come up with a proper method of management to safely implement
General Data Protection Regulations (GDPR) within their core sectors. In compliance, it is
recommended for TwentyCi to take into considerations that they have to keep personal
information obtained from the citizens of Europe within Europe (Carey 2009). The should also
take into consideration that transfer of information or personal data from European citizens
should be done under regulations set within the General Data Protection Regulations (GDPR).
Another recommendation is for TwentyCi to offer proper training for their labor force without
selection of which sectors to inform, this should be done to all staff members in relation to the
impact of General Data Protection Regulations (GDPR) in the organization. This
recommendation should be done prior to the implementation or in the course of induction.
TwentyCi as organization more importantly should appoint a well-trained personnel to ensure the
implementation of General Data Protection Regulations (GDPR) and this should be done with
the consideration of the financial stability of the organization. The last recommendation is for
the organization to comply with General Data Protection Regulations (GDPR) and maintain their
stand according to the formulated plan and adopt a well procedure to avoid risks which may arise
from the risks in terms of fine. Implementation of General Data Protection Regulations (GDPR)

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

Assignment One29
according to the procedure will dedicate time for the TwentyCi as an organization to understand
the requirements and become acquiescent within the time limit prior to 25th may 2018. With the
implementation of these recommendations, TwentyCi will be able to remain at the top of the
industry through testing of whole planning system prior to the collapse of the time given by
GDPR.

Assignment One30
8. References
Carey, P., 2009. Data protection: a practical guide to UK and EU law. Oxford University Press,
Inc..
Christer Jansson https://www.capgemini.com/blog/capping-it-off/2017/02/the-top-10-things-to-
know-about-the-gdpr-and-how-capgemini-can-help-yo-0
Colin Bradshaw lands role at data agency TwentyCi
http://www.decisionmarketing.co.uk/news/colin-bradshaw-lands-role-at-data-agency-twentyci
De Hert, P. and Papakonstantinou, V., 2012. The proposed data protection Regulation replacing
Directive 95/46/EC: A sound system for the protection of individuals. Computer Law & Security
Review, 28(2), pp.130-142.
Erik Matlick https://martechtoday.com/4-reasons-love-chief-martec-supergraphic-177735
GDPR Readiness – Calculate Your Return on Security Investment (ROSI) by Nick Symms
https://www.imperva.com/blog/2017/06/gdpr-readiness-calculate-your-return-on-security-
investment-rosi/
Gilbert, F., 2011. European data protection 2.0: new compliance requirements in sight-what the
proposed EU data protection regulation means for us companies. Santa Clara Computer & High
Tech. LJ, 28, p.815.
ICO https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Ipswitch https://www.youtube.com/watch?v=WIUsiB89o4sCloud computing and EU data
privacy regulations. Computer, 46(3), pp.86-89.
John Leyden https://www.theregister.co.uk/2017/04/28/ico_fines_post_gdpr_analysis/

Assignment One31
Kaye, J., Whitley, E.A., Lund, D., Morrison, M., Teare, H. and Melham, K., 2015. Dynamic
consent: a patient interface for twenty-first century research networks. European Journal of
Human Genetics, 23(2), p.141.
Knyrim, R. and Trieb, G., 2011. Smart metering under EU data protection law. International
Data Privacy Law, 1(2), pp.121-128.
Kshetri, N. and Murugesan, S., 2013. GDPR http://www.eugdpr.org/
Van der Sloot, B., 2014. Do data protection rules protect the individual and should they? An
assessment of the proposed General Data Protection Regulation. International Data Privacy
Law, 4(4), p.307.
What is the GDPR https://www.youtube.com/watch?v=XVBHishpew8&t=42s (Youtube)
Zwingelberg, H. and Hansen, M., 2011, September. Privacy Protection Goals and their
implications for eID systems. In IFIP PrimeLife International Summer School on Privacy and
Identity Management for Life (pp. 245-260). Springer, Berlin, Heidelberg.

1 out of 31

+13062052269

info@desklib.com

GDPR and Data Protection Practices

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

Data Protection Regulations

Data Protection and GDPR Compliance

Critical Differences between FRCP and GDPR

General Data Protection Regulation (GDPR) in Banking Institutions in Oman

GDPR and Legislation: Protecting Data and Ensuring Compliance

GDPR and Cloud Computing