Dealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
|
|
- Shanna Gordon
- 6 years ago
- Views:
Transcription
1 Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016
2 Do you need to comply? The Regulation will apply to a business processing personal data: (1) in the context of establishments in the EU; or (2) outside the EU where it carries out activities aimed at offering goods or services to individuals in the EU or that monitor individuals. So Regulation will apply to US companies that have personal data on European citizens even if not European business Determine which of your business units will be subject to the Regulation
3 What are the potential consequences of not complying? Fines of up to the greater of 4% of the annual worldwide turnover (gross revenue) or 20 million for failing to comply with the proposed Regulation Claims by individuals or representative organisations Damages will now be permitted for non-financial loss e.g. for distress One Stop Shop - businesses will be accountable to one single Lead DPA in the EU country where the data controller has its main establishment Determine applicable Lead DPA Carry out gap analysis between existing privacy requirements and those in the Regulation Implement or update privacy program to deal with requirements under the Regulation and to mitigate risk
4 1. Update privacy notices, consents and policies The Regulation introduces new requirements as to the information that should be provided in notices AND new consent requirements The Regulation also sets out limited legal grounds for which personal data may be processed Review and amend existing employee and customer data privacy notices, consents and policies Determine legal grounds that can be used for processing of personal data and if consent, how it will be obtained in line with Regulation
5 2. Keep detailed data records The Regulation requires businesses to have clear and accessible policies and maintain a detailed record of processing activities The records must be provided to the DPA upon request Carry out data flow analysis and document the internal use of personal data by the business to meet accountability principles under the Regulation
6 3. Assess compliance with accountability principles A business must appoint a data protection officer where: the processing involves large amounts of sensitive personal data (e.g. health data) the processing involves regular monitoring of individuals it is required by Member State law Privacy impact assessments must be carried out where data processing uses new technologies and is likely to result in a high risk to individuals (e.g. Profiling or the processing of health data on a large scale) Determine if required to appoint a DPO single or multiple DPO(s)? internal or external? Develop a procedure to ensure accountability measures including carrying out privacy impact assessments where required under the Regulation
7 4. Review IT systems and procedures The Regulation introduces the concept of privacy by design and by default Requirement to implement technical and organisational measures to ensure data protection requirements are met AND to ensure that by default only the minimum amount of personal data are processed Carry out a review of IT Systems and procedures to consider impact of privacy by design and data minimization requirements
8 5. Information security and reporting security breaches Requirement to implement appropriate technical and organisational measures, to ensure a level of security appropriate to the risk including, e.g., pseudonymization and encryption of data and regular assessments as to the efficacy of the measures Security breaches must be reported to the DPA without undue delay and where feasible within 72 hours after becoming aware of breach Security breaches that involve high risk must also be reported to affected individuals without undue delay unless measures taken to minimize risk, e.g. the data is encrypted Review and update information security standards and implement a process for regular information security audits Develop a data breach response plan and reporting procedures
9 6. Review arrangements with vendors The Regulation introduces new requirements and liabilities for data processors (e.g. vendors) New obligations to be included in the processing agreement Prior specific consent must be given by controller where vendor appoints subcontractor and subcontractor must comply with the same data privacy obligations as vendor Conduct a review of vendor agreements to ensure appropriate data privacy provisions are included as well as provisions dealing with liability and security breach reporting Consider implementing a vendor management program with vendor questionnaire, minimum security requirements and regular vendor audits
10 7. Dealing with individuals new privacy rights Right to erasure a business is obligated to erase an individual s personal data where, for example, the data is no longer necessary for the purpose for which it was obtained or consent is withdrawn Right to object to processing an individual has a right to object to the use of their personal data including in relation to direct marketing Right to data portability an individual has a right to request the transfer of their personal data from one service provider to another where the data is processed in a machine-readable, structured and commonly-used format and the processing is based on consent or on the performance of a contract with the individual Determine how the new data privacy rights apply to your business and develop policies and procedures, and if necessary system changes, to deal with these new rights
11 8. Review profiling activities The Regulation introduces new restrictions on businesses carrying out profiling which produces legal effects or significantly affects an individual subject to exceptions such as, where: this is necessary for the performance of a contract it is authorized by national Member State law it is conducted with the explicit consent of the individual Review current profiling activities and determine whether profiling is covered by an exception Where appropriate amend profiling activities to ensure compliance with the Regulation Review consents and notices to deal with profiling
12 9. Review international data transfers Restriction on transfers of personal data outside the EEA to jurisdictions that do not provide adequate safeguards. Data transfer solutions include: the recently announced EU-US Privacy Shield (if agreed!) EU Standard Contractual Clauses and Binding Corporate Rules (but currently being evaluated by Article 29 Working Party) approved Codes of Conduct or Certification Mechanisms Determine international data flows based on reviews of processing activities Consider international transfer solutions and review whether current solutions are adequate particularly in light of recent developments on EU-US Privacy Shield
13 William Long
General Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationwith Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting
with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting xada@gedapre.eu tel 0475-41.03.22 xavier.darmstaedter@dacota.eu Gent, 3 October 2017 4 facts 1. We are not really in control of our personal
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationData Privacy Bootcamp: GDPR
Data Privacy Bootcamp: GDPR preparing for the general data protection regulation Data Privacy Bootcamp: GDPR Preparing for the General Data Protection Regulation Rebecca Eisner Partner Mayer Brown Oliver
More informationContents. Introduction 1. Territorial scope 3. Supervisory authority 4. Data governance and accountability 5. Export of personal data 14
GDPR checklist Contents Introduction 1 Territorial scope 3 Supervisory authority 4 Data governance and accountability 5 Export of personal data 14 Joint controllers 16 Processors 17 Lawful grounds to process
More informationGDPR Compliance Checklist
GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationAccelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications
Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications O R A C L E W H I T E P A P E R D E C E M B E R 2 0 1 7 Disclaimer The purpose of this document
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes!
More informationEU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.
EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law
More informationPreparing for GDPR 27th September, Reykjavik
Preparing for GDPR 27th September, Reykjavik Introduction Who I am? Solicitor fromlondon Worked in digital industry for the last 7years Specialized in Privacy for the last 7 years and did some consulting
More informationTHE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE
OCTOBER 2017 EU, COMPETITION, TRADE AND REGULATORY THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE The EU General Data Protection Regulation (GDPR) becomes effective
More informationWSGR Getting Ready for the GDPR Series
WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationEU data protection reform
EU data protection reform Background and insight A Whitepaper Executive summary The Irish Data Protection Acts 1988 and 2003 gave effect to the European Data Protection Directive 95/46/EC. The existing
More informationLisbon, 17 May Agustín Puente Escobar State Counsel Head of the Legal Cabinet. Agencia Española de Protección de Datos
The new GDPR. Implications in the pharmaceutical industry Lisbon, 17 May 2017 Agustín Puente Escobar State Counsel Head of the Legal Cabinet 1 New regime. Key topics Personal data: Singling-out information/
More informationThe General Data Protection Regulation An Overview
The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationMind the Gap: GDPR Ahead. Rakesh Sancheti. Author. July Vice President and Business Head - Analytics, Europe and Nordic
Author Rakesh Sancheti Vice President and Business Head - Analytics, Europe and Nordic July 2017 The regulatory environment has become increasingly complex, with new regulations being introduced across
More informationGDPR Webinar 4: Data Protection Impact Assessments
Webinar 4: Data Protection Impact Assessments T-Minus 365 Days (May 25, 2017) Presenters: Peter Blenkinsop peter.blenkinsop@dbr.com Hilary Wandall General Counsel & Chief Data Governance Officer, TRUSTe
More informationOrganisational Readiness for the European Union General Data Protection Regulation (GDPR)
Organisational Readiness for the European Union General Data Protection Regulation (GDPR) 1 Contents Foreword...3 Executive Summary...4 Survey Results and Key Findings...6 1. GDPR impact, organisational
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 05/EN WP108 Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules Adopted on April 14 th, 2005 This Working Party
More informationThe EU General Data Protection Regulation
The EU General Data Protection Regulation Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership
More informationThe Top 10 Operational Impacts of the EU s General Data Protection Regulation
The Top 10 Operational Impacts of the EU s General Data Protection Regulation www.iapp.org IAPP - International Association of Privacy Professionals The Top 10 Operational Impacts of the EU s General Data
More informationGeneral Data Protection Regulation. The changes in data protection law and what this means for your church.
General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationNew EU-GDPR: Challenges for Universities and Research Organisations
New EU-GDPR: Challenges for Universities and Research Organisations Prof. Dr. Ing. Ramin Yahyapour CIO Georg-August-Universität Göttingen and University Medical Centre Director GWDG EUNIS workshop for
More informationGeneral Data Protection Regulation
General Data Protection Regulation Draft Privacy Notice for employees November 2017 www.uk.coop/gdprtoolkit This is a draft document which provides a widely drafted privacy notice to allow data to be processed
More informationData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationGDPR. The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April
www.thalesgroup.com/uk SECURE COMMUNICATIONS AND INFORMATION SYSTEMS The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 Contents What is the
More informationGetting Ready for the. General Data Protection Regulation GDPR. A Guide by Mason Hayes & Curran. Dublin, London, New York & San Francisco. MHC.
Getting Ready for the General Data Protection Regulation GDPR 2018 Dublin, London, New York & San Francisco A Guide by Mason Hayes & Curran MHC.ie The contents of this publication are to assist access
More informationGDPR - HOW IS INDUSTRY ADDRESSING THE LEGISLATION
GDPR - HOW IS INDUSTRY ADDRESSING THE LEGISLATION 25 January 2017 https://www.surveymonkey.co.uk/r/7x9lwlz 1 Agenda 1. Setting the scene 2. The major elements of the GDPR 3. Impact for organisations and
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationAmCham s HR Committee s
AmCham s HR Committee s GDPR / Data Privacy Roundtable 19. SEPTEMBER 2017 THE REGULATION REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural
More informationCOMPLIANCE WITH THE EU S GENERAL DATA PROTECTION REGULATION AND US DISCOVERY LAW. By: Miriam C. Beezy and Stephanie A. Lucas
COMPLIANCE WITH THE EU S GENERAL DATA PROTECTION REGULATION AND US DISCOVERY LAW By: Miriam C. Beezy and Stephanie A. Lucas I. INTRODUCTION On May 25, 2018, the General Data Protection Regulation ( GDPR
More informationPrivacy governance survey. The state of privacy management in Belgian organisations
Privacy governance survey The state of privacy management in Belgian organisations January 2017 Welcome How are Belgian organisations performing when it comes to the protection of personal data? In November
More informationCANDIDATE DATA PROTECTION STANDARDS
CANDIDATE DATA PROTECTION STANDARDS I. OBJECTIVE The aim of these Candidate Data Protection Standards ( Standards ) is to provide adequate and consistent safeguards for the handling of candidate data by
More informationGDPR A Catalyst to Drive Real Action around Privacy and Security
2013 Corix Partners 1 GDPR A Catalyst to Drive Real Action around Privacy and Security Key factors for Boards and Executive Management to consider Firms should not focus simply on deadlines, but on creating
More informationGDPR: keeping data processing records
GDPR: keeping data processing records Fit4DataProtection Keeping data processing records under the GDPR 1. Why? 2. Who? 5. 3. 4. What? How? Sanctions? 6. What can we recommend? 1. Why? new data quality
More informationParliament of Romania Chamber of Deputies Committee for information technologies and communications
Parliament of Romania Chamber of Deputies Committee for information technologies and communications The reform of the EU Data Protection framework Building trust in a digital and global world 9/10 October
More informationGeneral Optical Council. Data Protection Policy
General Optical Council Data Protection Policy Authors: Lisa Sparkes Version: 1.2 Status: Live Date: September 2013 Review Date: September 2014 Location: Internet / Intranet Document History Version Date
More informationThe New EU General Data Protection Regulation and its Consequences for IT Operations and Governance
WHITEPAPER The New EU General Data Protection Regulation and its Consequences for IT Operations and Governance sqs.com Author: Anita Vocht Senior consultant SQS Nederland Published: September 2016 Transforming
More informationGeneral Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance. Page 2 What is General Data Protection Regulation? What The general data protection
More informationThe EU General Data Protection Regulation. allenovery.com
The EU General Data Protection Regulation 2017 2 The EU General Data Protection Regulation 2017 A new data protection landscape After over four years of discussion, the new EU data protection framework
More informationGDPR, What s in it for you?
GDPR, What s in it for you? Amsterdam Brussels Dubai Hong Kong London Luxembourg New York Topic GDPR: Challenge and opportunity 04 1. Applicability of the new regime and respective responsibilities 06
More informationThe Proposed Digital Content Directive and its Implications for the Data Economy
The Proposed Digital Content Directive and its Implications for the Data Economy Christiane Wendehorst XXXII Nordic Conference on Legal Informatics, 13 November 2017 Proposed Digital Content Directive
More informationGDPR: Is it just another strict regulation or a great opportunity for operational excellence?
GDPR: Is it just another strict regulation or a great opportunity for operational excellence? Xenofon Liapakis General manager CIO & Services of Interamerican group Chairman of Hellenic CIO forum November
More informationWORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY
WORLD MEDIA GROUP THE IMPLICATIONS OF GDPR FOR THE ADVERTISING INDUSTRY This month s World Media Group Breakfast Briefing Everything You Need to Know about GDPR - was one of our best-ever attended sessions.
More informationThe new EU data protection Regulation: The business opportunity beyond legal compliance. Kalliopi Spyridaki Chief Privacy Strategist, Europe
The new EU data protection Regulation: The business opportunity beyond legal compliance Kalliopi Spyridaki Chief Privacy Strategist, Europe Content The GDPR: background, content & principles What does
More informationThe Data Protection Regulation for Europe
The Data Protection Regulation for Europe Magnus Stenbeck, Karolinska Institutet Dept of Clinical Neuroscience and The Research Data Inquiry (U 2016:04) The data protection regulation in the EU Old system
More informationA questionnaire for senior management
Getting ready for GDPR Part 2: Accountability - A questionnaire for senior management Accountability is more than simple compliance with the rules - it implies a culture change organisations and not Data
More informationQuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready?
QuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready? October 10, 2017 Attorney Advertising Webinar Guidelines Participants are in listen-only mode Submit questions via the
More informationAUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION
AUDITING AND ENFORCEMENT AT THE SPANISH DPA. EXPERIENCE WITH OUTSOURCING TO COUNTRIES WITH A NON ADEQUATE LEVEL OF PROTECTION CONFERENCE ON CROSS-BORDER DATA FLOW & PRIVACY October 15 16, 2007 Washington,
More informationECDPO 1: Preparing for the EU General Data Protection Regulation
ECDPO 1: Preparing for the EU General Data Protection Regulation GDPR comes with a raft of changes that will affect every organisation that process personal data. While some organizations are prepared
More informationIn partnership with. GDPR for marketers: The essentials
In partnership with GDPR for marketers: The essentials Contents Contents... 1 Welcome to GDPR guidance for marketers... 2 Foreward by the Information Commissioner... 3 The DMA and the GDPR... 4 Introduction...
More informationProject Agreements, Risk Management and Litigation Risk Sean Ralph, General Counsel, Sasol Canada Phil Scheibel, Partner, Rose LLP
Project Agreements, Risk Management and Litigation Risk Sean Ralph, General Counsel, Sasol Canada Phil Scheibel, Partner, Rose LLP Canadian Energy Law Foundation March 1, 2013 11:00 a.m. 12:00 p.m. Introduction
More informationPERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR
PERSONAL DATA SECURITY GUIDANCE FOR MICROENTERPRISES UNDER THE GDPR The General Data Protection Regulation ( the GDPR ) significantly increases the obligations and responsibilities of organisations and
More informationRexel Shredding. Why a paper security policy is integral to GDPR compliance.
Rexel Shredding Why a paper security policy is integral to GDPR compliance. Disclaimer Nothing contained herein should be construed as legal advice. Organisations should consult legal counsel with regard
More informationGeneral Data Protection Regulation (GDPR) Meeting the new requirements
General Data Protection Regulation (GDPR) Meeting the new requirements Data protection rules are changing In a nutshell Predating social media, cloud computing and geolocation services, the law needs to
More informationA Parish Guide to the General Data Protection Regulation (GDPR)
A Parish Guide to the General Data Protection Regulation (GDPR) What s happening and why is it important? The law is changing. Currently, the Data Protection Act 1998 governs how you process personal data
More informationDATA PROTECTION AUTHORITY IN POLAND
DATA PROTECTION AUTHORITY IN POLAND Urszula Góral The Cardinal Wyszyński University in Warsaw Bureau of the Inspector General for Persona Data Protection, Poland Generalny Inspektor Ochrony Danych Osobowych
More informationThe draft General Data Protection Regulation
The draft General Data Protection Regulation from a DPA perspective by Harald Zwingelberg Unabhängiges Landeszentrum für Datenschutz Schleswig-Holstein Overview The draft general data protection regulation
More informationGDPR Best Practices Implementation Guide. Transforming GDPR Requirements into Compliant Operational Behaviours
GDPR Best Practices Implementation Guide Transforming GDPR Requirements into Compliant Operational Behaviours 01 02 Introduction The General Data Protection Regulation (GDPR) is a revolutionary change
More informationTHE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER
THE GENERAL DATA PROTECTION REGULATION: GUIDANCE ON THE ROLE OF THE DATA PROTECTION OFFICER Contents 1 Introduction 2 2 Key messages 3 3 The requirement to appoint a Data Protection Officer 4 3.1 Public
More informationCommittee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 06.07.2012 WORKING DOCUMT on the protection of individuals with regard to the processing of personal data and on the free
More informationGeneral Data Protection Regulation (GDPR) Strategy
General Data Protection Regulation (GDPR) Strategy NHS Digital s Approach to Compliance Published October 2017 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information
More informationThe operational consequences of new EU data protection regulation In a SAP user access management context
The operational consequences of new EU data protection regulation In a SAP user access management context Application Integrity 01.06.2016 Agenda 08:30 09:00: Registration, coffee & breakfast 09:00 09:15:
More information2 nd Quarter, 2017 Q Zachodniopomorskie Province
Q2 2017 Zachodniopomorskie Province 1 Adecco Poland is the world leader amongst human resource consulting companies and has 5600 branches in more than 60 countries. We operate in Poland since 1994. Utilizing
More informationAchieving GDPR Compliance with Avature
Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace
More informationQuality Assurance Agreement
Quality Assurance Agreement between Preh GmbH, Schweinfurter Strasse 5-9, 97616 Bad Neustadt an der Saale, Germany Preh, - hereinafter referred to as the Customer and, - hereinafter referred to as the
More informationCENTRE FOR INFORMATION POLICY LEADERSHIP RESPONSE
19 October 2017 CENTRE FOR INFORMATION POLICY LEADERSHIP RESPONSE CONSULTATION BY THE COMMISSION NATIONALE DE L INFORMATIQUE ET DES LIBERTÉS ON THE TOPICS OF TRANSPARENCY AND INTERNATIONAL DATA TRANSFERS
More informationWebinar: Deep Dive into the Role of the DPO under the GDPR
Webinar: Deep Dive into the Role of the DPO under the GDPR Wednesday, 22 June 2016 11:00 AM US EDT Use the chat box to ask questions. www.informationpolicycentre.com 1 Webinar Agenda Use the chat box to
More informationPreparing for GDPR. Frequently Asked Questions & Answers. July July Clearswift 2016
Preparing for GDPR Frequently Asked Questions & Answers July 2016 July 2016 Clearswift 2016 www.clearswift.com Contents Background 3 Questions & Answers 3 1. Why is the GDPR being put in place now? 3 2.
More informationSIGBI DATA PROTECTION PROTOCOLS 2018
SIGBI DATA PROTECTION PROTOCOLS 2018 For the purpose of this document, references to Soroptimist International Great Britain and Ireland (SIGBI) Limited and Soroptimist International may be written as
More informationGUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector
GUIDELINES FOR IMPLEMENTING A PRIVACY MANAGEMENT PROGRAM For Privacy Accountability in Manitoba s Public Sector TABLE OF CONTENTS INTRODUCTION... 2 Accountable privacy management 2 Getting started 3 A.
More informationKRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012
. SAFE HARBOR PRIVACY POLICY Amended and Restated as of July 20, 2012 I. OBJECTIVES The objective of this policy is to comply with applicable laws and regulations and document the processes and procedures
More informationGeneral Data Protection Regulation Key News
General Data Protection Regulation Key News / Introduction The General Data Protection Regulation 1 ( GDPR ) was approved on 27 April 2016 and is set to come into force on 25 May 2018. It will replace
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationWorking toward GDPR compliance. Insights from a SAS survey and an end-to-end approach
Working toward GDPR compliance Insights from a SAS survey and an end-to-end approach Compliance doesn t have to be a scary word even when facing the multifaceted challenges of meeting the European Union
More information