Our first open GDPR Canvas workshop

Tuesday May 21st, 2019 by Malia Thuret-Benoist

On Thursday May 16th 2019, TechGDPR hosted it’s first open GDPR Canvas workshop: ‘Starting GDPR compliance with the GDPR Canvas’, for members of Factory Berlin. The GDPR Canvas Workshop is a workshop that is normally delivered within a team or organisation, but for this workshop we wanted to gain experience with the open format with participants of different projects and companies.

The GDPR Canvas Workshop

This open workshop, based on the GDPR Canvas was ran by Silvan Jongerius and Alex Carroll of TechGDPR. It provided a starting point for understanding data flows which are required as a first step to understand more about your GDPR compliance and define the purposes, means and other key properties that you will need to make known to your data subjects.

The GDPR and the GDPR Canvas

The GDPR came into force almost a year ago and has enhanced awareness about the data we process of others and the measures needed to protect that data. This was clear from the questions participants raised during the session. Protecting our own data is, for most of us a difficult task. But what about protecting data that does not belong to us?

The GDPR Canvas is a methodology developed by TechGDPR, made available for free under a creative commons license, and helps the discovery of one’s processing activities. Participants can visualise what key pieces of information are needed to identify problems, assess the data processing risks and start writing their privacy policy.

The GDPR Canvas

The GDPR Canvas Workshop

After an introduction about the key element of the GDPR, participants were guided through exploring their own data processing activities using the GDPR Canvas.

Going through this structured approach encouraged participants to develop a high-level overview of how data are treated within their own company or organisation and make a solid starting point for the compliance of their startup, department, product or even future product.

GDPR Canvas Workshop experience.

Participants were asked to define the main data flow, data subjects, data processing activities and data processor, and purposes of data collection. They also had to think about Technical and Organisational Measures (TOMs) in place to mitigate the risk of a data breach. Those who took part in the workshop showed a solid interest in gaining insight on how they might avoid pitfalls and start or improve their GDPR compliance. Attendants sentiment revealed that this workshop was really valuable as we had an enthusiastic and interesting team with participants coming from very different backgrounds, private or public sectors, freelancers as well as employees of larger companies.

After sharing their observations and taking part in the discussion of other cases, one participant mentioned, “It was also good to hear other people’s experience” and “the interactive format allows attendees to think through their specific issues but also to hear about issues other were facing and they possibly may need to address”

Alex from TechGDPR talking about risk under the GDPR.

As last part of the GDPR Canvas workshop, Alex of TechGDPR guided the participants through the risk-based approach of data protection and information security. Giving some first pointers on how to treat risk by identifying, evaluating, and prioritising their efforts on data security. After assessing their own company risks, participants were also given some foo for thought about practical solutions to secure their data, and some ideas on how to continue the work on GDPR compliance after the GDPR Canvas workshop.

Tags: ,

Malia Thuret-Benoist

Business Development Intern

Malia has a background in Governance and Political Science, she is convinced about the potential of blockchain as a tool to build trustable participative democracies and a sustainable future.

Small meetings under the COVID-19 ordinance in Berlin
March 18th, 2020

Response to the GDPR-relevant points in the German Blockchain Strategy of September 2019
September 29th, 2019

GDPR compliant products debunked: it’s all about HOW you use it
September 26th, 2019

GDPR’s Right to be Forgotten in Blockchain: it's not black and white.
August 13th, 2019

What is the difference between personally identifiable information (PII) and personal data?
June 27th, 2019

Personal data and cold calling under the GDPR
June 25th, 2019

Blockchain & DLT under the GDPR explained to the European Commission
June 4th, 2019

One year of GDPR: GDPR enforcement and awareness
May 25th, 2019

WiFi-Tracking and Retail Analytics under the GDPR
April 8th, 2019

How to develop Artificial Intelligence that is GDPR-friendly
February 28th, 2019

Artificial Intelligence (3)
Berlin (1)
Beyond EU (5)
Big Data (2)
Blockchain (11)
Court Cases (1)
Data Subjects (6)
DLT (1)
DPO (2)
European Commission (1)
GDPR Canvas (1)
GDPR Status (1)
Germany (2)
IoT (4)
Privacy by Design (7)
Regulation (1)
Speaking (1)
Startups (1)
Strategy (1)
Terminology (1)
WiFi (1)
Workshop (2)
Article 17
Artificial Intelligence
Big Data
call center
Cold calling
European Commission
GDPR Analysis
GDPR Compliance
GDPR so far
gdpr workshop
gdpr year one
German Blockchain Strategy
one year gdpr
open workshop
personal data
personally identifiable information
Privacy by Design
privacy policy
Retail Analytics
right to be forgotten
right to erasure
March 2020 (1)
September 2019 (2)
August 2019 (1)
June 2019 (3)
May 2019 (2)
April 2019 (1)
February 2019 (2)
January 2019 (1)
December 2018 (2)
October 2018 (1)
September 2018 (1)
August 2018 (3)
July 2018 (5)
June 2018 (1)
March 2018 (1)

Contact us to find out how we can help you with your GDPR compliance.