TechGDPR

Our first open GDPR Canvas workshop

Tuesday May 21st, 2019 by Malia Thuret-Benoist

On Thursday May 16th 2019, TechGDPR hosted it’s first open GDPR Canvas workshop: ‘Starting GDPR compliance with the GDPR Canvas’, for members of Factory Berlin. The GDPR Canvas Workshop is a workshop that is normally delivered within a team or organisation, but for this workshop we wanted to gain experience with the open format with participants of different projects and companies.

The GDPR Canvas Workshop

This open workshop, based on the GDPR Canvas was ran by Silvan Jongerius and Alex Carroll of TechGDPR. It provided a starting point for understanding data flows which are required as a first step to understand more about your GDPR compliance and define the purposes, means and other key properties that you will need to make known to your data subjects.

The GDPR and the GDPR Canvas

The GDPR came into force almost a year ago and has enhanced awareness about the data we process of others and the measures needed to protect that data. This was clear from the questions participants raised during the session. Protecting our own data is, for most of us a difficult task. But what about protecting data that does not belong to us?

The GDPR Canvas is a methodology developed by TechGDPR, made available for free under a creative commons license, and helps the discovery of one’s processing activities. Participants can visualise what key pieces of information are needed to identify problems, assess the data processing risks and start writing their privacy policy.

The GDPR Canvas

The GDPR Canvas Workshop

After an introduction about the key element of the GDPR, participants were guided through exploring their own data processing activities using the GDPR Canvas.

Going through this structured approach encouraged participants to develop a high-level overview of how data are treated within their own company or organisation and make a solid starting point for the compliance of their startup, department, product or even future product.

GDPR Canvas Workshop experience.

Participants were asked to define the main data flow, data subjects, data processing activities and data processor, and purposes of data collection. They also had to think about Technical and Organisational Measures (TOMs) in place to mitigate the risk of a data breach. Those who took part in the workshop showed a solid interest in gaining insight on how they might avoid pitfalls and start or improve their GDPR compliance. Attendants sentiment revealed that this workshop was really valuable as we had an enthusiastic and interesting team with participants coming from very different backgrounds, private or public sectors, freelancers as well as employees of larger companies.

After sharing their observations and taking part in the discussion of other cases, one participant mentioned, “It was also good to hear other people’s experience” and “the interactive format allows attendees to think through their specific issues but also to hear about issues other were facing and they possibly may need to address”

Alex from TechGDPR talking about risk under the GDPR.

As last part of the GDPR Canvas workshop, Alex of TechGDPR guided the participants through the risk-based approach of data protection and information security. Giving some first pointers on how to treat risk by identifying, evaluating, and prioritising their efforts on data security. After assessing their own company risks, participants were also given some foo for thought about practical solutions to secure their data, and some ideas on how to continue the work on GDPR compliance after the GDPR Canvas workshop.

Tags: ,

Malia Thuret-Benoist

Business Development Intern

Malia has a background in Governance and Political Science, she is convinced about the potential of blockchain as a tool to build trustable participative democracies and a sustainable future.

Blockchain & DLT under the GDPR explained to the European Commission
June 4th, 2019

One year of GDPR: GDPR enforcement and awareness
May 25th, 2019

WiFi-Tracking and Retail Analytics under the GDPR
April 8th, 2019

How to develop Artificial Intelligence that is GDPR-friendly
February 28th, 2019

Is total privacy GDPR compliant? Zcash report shows how “Privacy by Design” handling of personal data gets us close.
February 5th, 2019

The GDPR + Blockchain: Reflecting back and looking ahead
January 8th, 2019

American Intern Meets the GDPR
December 12th, 2018

GDPR, Blockchain, and the Principles of Privacy by Design
December 3rd, 2018

The Limits of Blockchain Privacy and the GDPR
October 22nd, 2018

Blocks Ascending: The GDPR Checklist for Any Blockchain Project
September 17th, 2018

Artificial Intelligence (3)
Beyond EU (3)
Big Data (2)
Blockchain (9)
Court Cases (1)
Data Subjects (4)
DLT (1)
DPO (2)
European Commission (1)
GDPR Canvas (1)
GDPR Status (1)
IoT (4)
Privacy by Design (5)
Speaking (1)
Startups (1)
WiFi (1)
Workshop (1)
Big Data
GDPR Analysis
GDPR so far
gdpr workshop
gdpr year one
one year gdpr
open workshop
Retail Analytics
WiFi
WiFi-Tracking
June 2019 (1)
May 2019 (2)
April 2019 (1)
February 2019 (2)
January 2019 (1)
December 2018 (2)
October 2018 (1)
September 2018 (1)
August 2018 (3)
July 2018 (5)
June 2018 (1)
March 2018 (1)

Contact us to find out how we can help you with your GDPR compliance.