Binding Corporate Rules: We ve Come a Long Way, Baby!
|
|
- Roy Simon
- 6 years ago
- Views:
Transcription
1
2 Binding Corporate Rules: We ve Come a Long Way, Baby! Nuala O Connor Kelly GE Chief Privacy Leader nuala.oconnorkelly@ge.com Christian Pardieu GE EU Privacy Leader and CIL christian.pardieu@ge.com Bridget Treacy Hunton & Williams Head UK Privacy Practice btreacy@hunton.com Hunton & Williams LLP
3 Context Dealing with EU data protection regulatory requirements in a fragmented way is expensive, burdensome and can delay projects GE sought to deal more efficiently and strategically with international data transfers involving EU data reflect the growing importance of personal data in a business context data is a valuable corporate asset that requires strategic management GE s reputation is as a leader and innovator in approaches to information governance and data protection compliance eg close cooperation between CIO and CPO first company to achieve a BCR
4 Why Binding Corporate Rules? Widely regarded as the most practical data transfer mechanism for complex, international corporate groups. For GE, the other possibilities (Model Clauses, Safe Harbor, Consent) are cumbersome and provide an incomplete solution Becoming recognised as the means by which companies may demonstrate strong data governance Renewed EU DPA support for BCRs Renewed focus on resolving delays in approval mutual recognition process GE has previous experience of BCRs
5 BCR is a Way to: Demonstrate Accountability Promote consumer and employee trust Satisfy business information needs while minimizing risk, operating compliantly in multiple jurisdictions Apply consistent privacy standards globally Keep pace with emerging and evolving regulation
6 Global Framework for Personal Data Processing as BCR Concept is BCR Plus ie a refined, next generation, BCR Founded on: Existing legal framework for BCRs International Standards for Data Protection adopted in Madrid 2009 by international data protection regulators which explicitly acknowledges concept of binding internal privacy rules Growing EU DPA support for accountability principle as a new approach to data protection regulation GE s previous experience of BCR and what has been learned from that process
7 Enforcement - Key for success Create a strong compliance culture, beginning at the top of the organization 1 Have global privacy standards, with local or business line level implementation plans 2 Handle Compliance monitoring and enforcement at local level with reporting up the chain to regional and enterprise level management 3 Follow local standards, but be prepared to follow higher standards which will always prevail 4 Train, retrain Employees 5 6 Communicate throughout the organization Conduct periodic audits to enforce privacy compliance commitments 7
8 Features of Global Framework for Personal Data Processing Intended to cover all data, all processing, subject to specific exemptions Based explicitly on International Standards for Data Protection, articulates plain English Do s and Don ts of handling personal data Framework structure, incorporating existing HR BCR and other existing policies and standards Binding legal effect Comply with WP29 checklist (WP153)
9 GE s Privacy Governance Structure Policy Compliance Review Board (PCRB) GE General Counsel Regular updates Corporate Global Privacy Council Employment Data Privacy Committee Corp Audit Staff Chief Privacy Leader Policy stewardship Business reviews Corporate Europe Privacy Leader Business Chief Privacy Leaders Data Protection Review Boards Senior HR/IT Leaders Country Country Privacy Leader Country HR Privacy Leader
10 GE: The Spirit & Letter Policies binding on individuals: New employees receive a copy and acknowledge that they are required to comply Employees re-acknowledge every 18 months Failure to comply can lead to termination of employment Policies binding on GE and controlled affiliates: Subsidiaries and other controlled affiliates throughout the world must adopt and follow corresponding policies. A controlled affiliate is a subsidiary or other entity in which GE owns, directly or indirectly, more than 50% of the voting rights, or in which the power to control the entity is possessed by or on behalf of GE. Policies binding on third parties: GE businesses must require that others representing GE such as consultants, agents, sales representatives, distributors and independent contractors agree to follow applicable GE policies.
11 GE s BCR Diagram Spirit & Letter GE Policies binding on: GE and controlled affiliates Individuals Third Parties BCR Binding Corporate Rules Apply to all GE Group Members and its employees Has legally binding effect on all GE Entities and employees GE s Commitment GE Data Protection Standards Supplement GE s Commitment Have to comply with GE s Commitment provisions GE s Employment Data Protection Standards Supplier Data Protection Standards Customer Data Protection Standards GE Policies, Guidelines & Working Instructions Summarize what to know, what to do, what to look out for Give instructions on how to process data GE Policies, Guidelines & Working Instructions
12 Privacy e-learning
13 What is different? Explicit characterisation of the BCR as a binding code of conduct at the heart of GE s data governance strategy More efficient approval process?
14 Role of Outside Counsel BCRs are based on standardised requirements but work best when founded on the client s internal strategy and objectives Outside counsel s role is that of a strategist, guide and co-leader, as well as legal adviser May act as a sounding board for believers and non-believers and assist in building consensus Contributes experience, expertise and objectivity: Does not reinvent the wheel Is aware of what has worked for others Fosters DPA relationships Anticipates future direction of travel
15 Outside Counsel Tasks Prepare draft BCR, based on company s: Privacy strategy Privacy programme Legal requirements WP 74: Applying Article 26(2) to BCRs WP 108: BCR Checklist WP 153: BCR Table: elements and principles WP 154: BCR Framework Structure WP 155: BCR FAQs Facilitate key decisions (illustrated by GE Commitment) Scope (geographic and material) Binding Lead DPA Assess any compliance gaps and remediate BCR assumes compliance with EU DP law
16 Future of BCRs? Explicit legal recognition of BCRs in proposed EU Regulation, but Prior authorisation still required Still characterised as a transfer tool Viviane Reding, Commissioner for Justice Fundamental Rights and Citizenship, has specifically hailed BCRs: they offer legal certainty and a lot of flexibility compatible with any corporate culture a very smart data protection tool based on one single law, the European law can also be used by processors cloud computing can be covered by them Code provides a consistent and near comprehensive compliance framework in a cost effective way, building on existing substantive programme GE s Binding Global Code embraces this vision
17 Questions?
Organizational Accountability and Privacy Compliance
Organizational Accountability and Privacy Compliance Marty Abrams July 2013 www.informationpolicycentre.com 1 What Are Our Compliance Objectives for Privacy? It isn t as simple as saying just comply with
More informationProtecting Your Personal Data Globally
Protecting Your Personal Data Globally How ADP s Adoption of Binding Corporate Rules Helps Your Company Comply with the General Data Protection Regulation We re passionate about protecting the privacy
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP265 Recommendation on the Standard Application form for Approval of Processor Binding Corporate Rules for the Transfer of Personal Data Adopted on 11 April
More informationThe One Stop Shop Working in Practice
The One Stop Shop Working in Practice Introduction This paper is submitted to the Working Party in light of its deliberations on the application of the One Stop Shop ( OSS ) under the proposed General
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationComments by the Centre for Information Policy Leadership. on the Article 29 Data Protection Working Party s
Comments by the Centre for Information Policy Leadership on the Article 29 Data Protection Working Party s Guidelines for identifying a controller or processor s lead supervisory authority adopted on 13
More informationThe table below compares to the 2009 Essential Elements and the 2018 Enhanced Data Stewardship Elements
October 8, 2018 The Essential Elements of Accountability were developed by a multi-stakeholder group that met in Dublin Ireland as the Global Accountability Dialogue. The Essential Elements provided granularity
More informationAPEC ENGINEER FRAMEWORK
PART 1 APEC ENGINEER FRAMEWORK 1. Purpose The APEC Engineer Manual provides overall guidance to participating APEC economies for the operation of APEC Engineer Registers. The Manual includes a description
More informationKING III CHECKLIST. In accordance with the Board Charter the board is the guardian of the values and ethics of the group.
KING III CHECKLIST Principle number Description Compliance Chapter 1: Ethical leadership and corporate citizenship 1.1 The board should provide effective leadership based on an ethical foundation. 1.2
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 05/EN WP108 Working Document Establishing a Model Checklist Application for Approval of Binding Corporate Rules Adopted on April 14 th, 2005 This Working Party
More informationCall-Off Contract. Legal Consultancy Services Framework Call-Off Number DCCT0012 Legal consultancy on GDPR. Version: V1.0
Call-Off Contract Legal Consultancy Services Framework Call-Off Number DCCT0012 Legal consultancy on GDPR Version: V1.0 Date: 16 August 2017 Author: Classification: Redacted DCC Public CONSULTANCY LEGAL
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationKRONOS WORLDWIDE, INC. SAFE HARBOR PRIVACY POLICY Effective December 1, 2009 Amended and Restated as of July 20, 2012
. SAFE HARBOR PRIVACY POLICY Amended and Restated as of July 20, 2012 I. OBJECTIVES The objective of this policy is to comply with applicable laws and regulations and document the processes and procedures
More informationData transfers to non-eu countries. Some practical aspects 28 February 2018
Data transfers to non-eu countries Some practical aspects 28 February 2018 2 Plan 1. Adequacy decisions Brexit 2. Focus on two types of appropriate safeguards Binding Corporate Rules (BCR) Standard data
More informationWe collect and process your personal data when providing heating services to you. The personal data we collect includes:
Vital Energi Privacy Notice for Esco End Customers Last Updated: July 2018 Introduction Vital Energi Holding Limited and its affiliates, subsidiaries and related entities ( Vital Energi, we, our ) is committed
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationLeading the Board, challenging the effectiveness of the group as a whole, and each director individually
Air Partner plc Roles and responsibilities of key Board members Chairman The Chairman is accountable to the board of directors (the "Board"). The Chairman is not responsible for executive matters regarding
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationBriefing No. 2 GDPR. 1 mccann fitzgerald
Briefing No. 2 GDPR This briefing was produced by the Institute of Directors in association with McCann FitzGerald for use in Ireland. McCann FitzGerald is one of Ireland s premier law firms, providing
More informationSHELL GENERAL BUSINESS PRINCIPLES
SHELL GENERAL BUSINESS PRINCIPLES The Shell General Business Principles govern how each of the Shell companies which make up the Shell Group* conducts its affairs. * Royal Dutch Shell plc and the companies
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More information1. OBJECTIVE 1.1 This Charter outlines the roles and responsibilities of the Board.
Board Charter Table of Contents 1. OBJECTIVE... 1 2. SCOPE... 1 3. DEFINITIONS AND INTERPRETATION... 1 4. POLICY STATEMENT... 2 Director Responsibilities... 2 Size and Composition of the Board... 4 Criteria
More informationSalesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data
Salesforce s Processor Binding Corporate Rules for the Processing of Personal Data Table of Contents 1. Introduction 3 2. Definitions 3 3. Scope and Application 4 4. Responsibilities Towards Customers
More informationBoard Charter Z Energy Limited
Board Charter Z Energy Limited Z Energy Limited ( Z Energy ) is committed to the highest standards of corporate governance. This Board Charter ( Charter ) is the foundation document which sets out the
More informationEmbracing SaaS: A Blueprint for IT Success
Embracing SaaS: A Blueprint for IT Success 2 Embracing SaaS: A Blueprint for IT Success Introduction THIS EBOOK OUTLINES COMPELLING APPROACHES for CIOs to establish and lead a defined software-as-a-service
More informationOffice of the Police and Crime Commissioner Devon & Cornwall
Not protectively marked Office of the Police and Crime Commissioner Devon & Cornwall Policy Cover Sheet Policy Name: Records and Information management policy Version Number: V1.0 Date: 10/09/14 Policy
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) The EU General Data Protection Regulation (GDPR) What is the GDPR? The General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR) was adopted on 27 April,
More informationPRIVACY CHALLENGES IN GLOBAL HR MANAGEMENT
PRIVACY CHALLENGES IN GLOBAL HR MANAGEMENT CORE HR MANAGEMENT CHALLENGES Development Expertise / Talent Management Supervision Staffing Benefits Reporting Evaluation Efficiency Diversity Compensation PRIVACY
More informationECOLAB INC. PRIVACY POLICY STATEMENT PERSONAL DATA
ECOLAB INC. PRIVACY POLICY STATEMENT PERSONAL DATA A. Ecolab Commitment to Data Privacy Protection The Statement set forth below outlines the Personal Data that Ecolab may collect, how Ecolab uses and
More informationCorporate Governance Policy
BACKGROUND Scope (Vic) Ltd. ( Scope ) was established in 1948 as The Spastic Children s Society of Victoria by a group of parents of children with cerebral palsy. It became The Spastic Society of Victoria
More informationReady for GDPR? Five steps to turn compliance into your advantage
Ready for GDPR? Five steps to turn compliance into your advantage 2017 KPMG LLP, a UK limited liability partnership and a member firm of the KPMG network of independent member firms affiliated with KPMG
More informationA Short Guide to Binding Corporate Rules (BCRs) for EU Privacy. by Maggie Gloeckle & Daniel J. Solove
A Short Guide to Binding Corporate Rules (BCRs) for EU Privacy by Maggie Gloeckle & Daniel J. Solove 2 Table of Contents Preface................................................................. Introduction...........................................................
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationGDPR SMART. The Neopost Guide to Managing GDPR. ermissions Personal Data Right of Access. nal Data Right of Access Consent Permissi
s Personal Data Right of Access l Data Right of Access Consent P f Access Consent Permissions Pe sent Permissions Personal Data Rig ions Personal Data Right of Access nal Data Right of Access Consent P
More informationXerox Privacy Notice: Rights of data subjects pursuant to the General Data Protection Regulation
Xerox Privacy Notice: Rights of data subjects pursuant to the General Data Protection Regulation EU Regulation 2016/679 (known as the General Data Protection Regulation, hereinafter referred to as GDPR
More informationThe EU General Data Protection Regulation. Coming to you 25 May 2018, wherever you may be...
The EU General Data Protection Regulation Coming to you 25 May 2018, wherever you may be... Supporting you to support your clients through the GDPR compliance maze Extra-territorial effect does the GDPR
More information3. Serve as a point of reference for the Authority in the assigned responsibility; 4. The Officer is expected to:
Job Description Position: Grade: Directorate: Reports to: Senior Officer (Legal Affairs) Grade C Various Superior (as assigned from time to time) Key Responsibility In the role of Senior Officer Legal
More information2014 World s Most Ethical Company
2014 World s Most Ethical Company LETTER FROM ETHISPHERE DEAR READERS Tim Erblich Chief Executive Officer We re delighted to announce that Realogy Holdings Corp. - and by extension its subsidiary Cartus
More informationStatement of Strategy
Statement of Strategy 2019-2021 Adding value to qualifications [i] Contents [1] Foreword [2] Introduction and Context [6] Vision, Mission and Values [8] Who we are, what we do now and what we will do [10]
More informationCORPORATE GOVERNANCE KING III COMPLIANCE
CORPORATE GOVERNANCE KING III COMPLIANCE Analysis of the application as at March 2013 by AngloGold Ashanti Limited (AngloGold Ashanti) of the 75 corporate governance principles as recommended by the King
More informationBOARD OF DIRECTORS MANDATE
BOARD OF DIRECTORS MANDATE 1. Purpose The Board of Directors (the Board ) is responsible for the stewardship of Painted Pony Energy Ltd. (the Corporation ). It has the duty to oversee the strategic direction
More informationSANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP
SANCTIONS COMPLIANCE POLICY OF MIKRO KAPITAL GROUP MIKRO KAPITAL MANAGEMENT S.A. 10, Rue C.M. Spoo- 2546 LUXEMBOURG G.-D. of Luxembourg APPROVED ON 12 OCTOBER 2018 Vincenzo Trani, Director Pape Sliou Ndao,
More informationTECHNICAL RELEASE TECH 05/14BL. Data Protection Handling information provided by clients
TECHNICAL RELEASE TECH 05/14BL Data Protection Handling information provided by clients ABOUT ICAEW ICAEW is a world leading professional membership organisation that promotes, develops and supports over
More informationPolicy Name: McKesson s Imaging and Workflow Solutions and Enterprise Information Solutions U.S. - EU Safe Harbor Privacy Policy ( Policy )
Overview: McKesson is committed to maintaining the privacy and security of Personal Information. This Policy establishes the principles that govern the Processing of Personal Information received from
More informationEU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA Francoise Gilbert 1
EU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA Francoise Gilbert 1 The EU General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC
More informationA Practical Guide to Data Protection for Information Professionals
A Practical Guide to Data Protection for Information Professionals Naomi Korn and Carol Tullo on behalf of NKCC NKCC 2018. All Rights Reserved. www.naomikorn.com The information contained within this document
More informationRobert Bond Partner 3/13/2015. EU Data Protection Officer: Roles and responsibilities
EU Data Protection Officer: Roles and responsibilities Robert Bond, CCEP Head of Data Protection and Cyber Security Law and DPO charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years'
More informationCORPORATE GOVERNANCE POLICY
WEIFA ASA CORPORATE GOVERNANCE POLICY as first resolved by the Board of Directors on 24 April 2006 and last revised on 15 August 2014 (draft) 1. INTRODUCTION TO CORPORATE GOVERNANCE... 2 2. BUSINESS...
More informationAccountability: A Compendium for Stakeholders HUNTON & WILLIAMS
Accountability: A Compendium for Stakeholders HUNTON & WILLIAMS Preface The Centre for Information Policy Leadership Hunton & Williams LLP March 2011 Since 2008, the Centre for Information Policy Leadership
More informationBoard Charter. Values Statement for IDCARE
Board Charter New Zealand Entity Company Number 4918799 NZ Business Number 9429041070109 Australian Entity ABN 84 164 038 966 Values Statement for IDCARE In all its planning, services and behaviour, IDCARE
More informationApplication of King III Principles
Application of King III Principles Principle Status Application 1. Ethical leadership and corporate citizenship 1.1 The Board should provide effective leadership based on an ethical foundation. The ethical
More informationErnst & Young Data Protection Binding Corporate Rules Programme
Ernst & Young Data Protection Binding Corporate Rules Programme Table of contents Introduction to the data protection binding corporate rules programme... 2 Part I: Background and actions... 3 Part II:
More informationMiFID II - Product Governance
MiFID II - Product Governance The product governance rules under MiFID II, including guidelines issued by ESMA, take effect from 3 January 2018. The new regime represents a fundamental change to European
More informationCode of Ethical Conduct for the Sanlam Group
Code of Ethical Conduct for the Sanlam Group Ian Kirk Group Chief Executive Officer The Sanlam Group has evolved into a diversified financial services group operating in an everchanging environment. However,
More informationOpinion 3/2010 on the principle of accountability
ARTICLE 29 DATA PROTECTION WORKING PARTY 00062/10/EN WP 173 Opinion 3/2010 on the principle of accountability Adopted on 13 July 2010 This Working Party was set up under Article 29 of Directive 95/46/EC.
More informationEnglish Translation (For Information Purposes Only) CODE OF BEST CORPORATE PRACTICES. Introduction
English Translation (For Information Purposes Only) SCHEDULE A CODE OF BEST CORPORATE PRACTICES Introduction Upon the initiative of the Business Coordinating Council, the Corporate Governance Committee
More informationBoard of Directors of Nomura Bank International plc Terms of Reference
1. Constitution Board of Directors of Nomura Bank International plc Terms of Reference 1.1 In accordance with the Articles of Association of Nomura Bank International plc (the "Company" or NBI ), the Board
More informationGeneral Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationCENTRAL BANK OF CYPRUS
GUIDELINES TO BANKS ON THE APPROVAL PROCESS OF THE INTERNAL RATINGS BASED (IRB) AND THE ADVANCED MEASUREMENT (AMA) APPROACHES FOR THE CALCULATION OF CAPITAL REQUIREMENTS APRIL 2007 TABLE OF CONTENTS 1.
More informationYour committee: Evaluates the "tone at the top" and the company's culture, understanding their relevance to financial reporting and compliance
Audit Committee Self-assessment Guide The following guide summarizes leading audit committee practices discussed in the "Audit Committee Effectiveness- What Works Best" report. You may use it to help assess
More information2017 IBM Corporation. IBM s Journey to GDPR Readiness
IBM s Journey to GDPR Readiness IBM s Journey to GDPR Readiness At IBM, we have a deep rooted understanding that privacy is foundational to trust. We are approaching the GDPR in the same spirit, both internally
More informationModel Contracts & Binding Corporate Rules: Reflections from Working with Global Organizations
Model Contracts & Binding Corporate Rules: Reflections from Working with Global Organizations Conference on Cross Border Data Flows, Data Protection and Privacy October 16, 2007 James Koenig, Co-Leader
More informationWe collect information including personal data when we carry out a pre-installation survey at your home. This will include:
Vital Energi Privacy Notice for Leeds MSF Project Last Updated: 03-October-18 Introduction Vital Energi is working with Leeds City Council to install a heating and hot water system for specific households
More informationProject Title. Project Number. Privacy Impact Assessment
Project Title Project Number Privacy Impact Assessment This document is classified as Official and is disclosable under the terms of the Freedom of Information Act. No part of the report should be disseminated
More informationCORPORATE GOVERNANCE REPORT.
CORPORATE GOVERNANCE REPORT. At Diebold Nixdorf, responsible, transparent business management and control centered on the creation of sustained added value is considered an essential basis for commercial
More informationSAP and SAP Ariba Solution Support for GDPR Compliance
Frequently Asked Questions EXTERNAL The General Data Protection Regulation (GDPR) SAP Ariba Source-to-Settle Solutions SAP and SAP Ariba Solution Support for GDPR Compliance The European Union s General
More informationEU General Data Protection Regulation ( GDPR ) FAQs External Version - 16 March 2018
EU General Data Protection Regulation ( GDPR ) FAQs External Version - 16 March 2018 This document is a broad overview of the GDPR and does not provide legal advice. We urge you to consult with your own
More informationWest Kent Clinical Commissioning Group
West Kent Clinical Commissioning Group Information Governance Strategy 2017-18 Release: Final Approved Date: 27/10/2016 Author: Jamie Sheldrake Senior Associate - Information Governance Owner: SOUTH EAST
More informationRecruitment Privacy Notice
Rev. A December, 2018 Contents 1. About Us... 2 2. Collection... 2 3. Use of Personal Data... 3 4. Legal Basis... 3 5. Sharing of Personal Data... 4 5.1 Within Jacobs... 4 5.2 With Third Parties... 4 6.
More informationVendor Agreements and the New EU GDPR Steps to Take Now
Presenting a live 90-minute webinar with interactive Q&A Vendor Agreements and the New EU GDPR Steps to Take Now Complying With the EU General Data Protection and Privacy Regulation TUESDAY, JANUARY 30,
More informationPwC UK and the Modern Slavery Act
www.pwc.co.uk/who-we-are/corporate-sustainability/human-rights-and-modern-slavery.html PwC UK and the Modern Slavery Act January 2017 Human rights and modern slavery statement The geographic scope of this
More informationTHE ARCG CHARTER. Issued in March 2008
THE ARCG CHARTER Issued in March 2008 Index Part A Internal Audit Purpose Charter Mission Independence Scope & Responsibilities Authority Accountability Standards Part B Compliance Introduction Guiding
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationTrust Board Meeting in Public: Wednesday 17 January 2018 TB
Trust Board Meeting in Public: Wednesday 17 January 2018 Title Progress report regarding organisational preparedness for the General Data Protection Regulation (Data Protection Act 2018) Status History
More informationPOSITION DESCRIPTION. JOB TITLE: Director, Corporate Services STATUS: Permanent. LOCATION: Sydney HOURS: 35 hours per week
POSITION DESCRIPTION Cancer Council Australia is the nation s leading non-government cancer control organisation. Cancer Council develops and promotes independent, evidence-based policy and information
More informationBriefing Agenda (as at 15 th March 2010) (All 1 st June sessions in English) 1 st June, 2010
8.00 Registration Briefing Agenda (as at 15 th March 2010) (All 1 st June sessions in English) 1 st June, 2010 9.00 Welcome Host (Latham & Watkins or Noerr, Frankfurt) 9.05 Introduction Stewart Dresner,
More informationOVERVIEW OF KING III PRINCIPLES
OVERVIEW OF KING III PRINCIPLES This checklist has been prepared in terms of the JSE Listings Requirements and sets out Brimstone s approach to corporate governance in relation to the King Report on Governance
More informationAudit, Risk and Compliance Committee Terms of Reference. Atlas Mara Limited. (The "COMPANY") Amendments approved by the Board on 22 March 2016
Audit, Risk and Compliance Committee Terms of Reference Atlas Mara Limited (The "COMPANY") Amendments approved by the Board on 22 March 2016 1. OVERVIEW 1.1 The primary objective of the committee is to
More informationMemorandum of understanding between the Competition and Markets Authority and NHS Improvement
1 April 2016 Memorandum of understanding between the Competition and Markets Authority and NHS Improvement Contents Page Foreword... 2 Summary points of the MoU... 3 Memorandum of understanding between
More informationManagement Excluded Job Description
Management Excluded Job Description 1. Position Identification Position Number 993234 Position Title Department Reports to (title) Associate Director, Supply Management Purchasing Services Director, Purchasing
More information1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction
Introduction On April 2016 the European Parliament approved the General Data Protection Regulation (GDPR). This new regulation, with mandatory implementation by Member States (MS) and businesses that have
More informationWill Your Company Pass a Privacy Audit?
Will Your Company Pass a Privacy Audit? by Tammi K. Franke The Issue - Companies that collect personal information are under increasing scrutiny by both consumers and governments in the United States and
More informationACCENTURE BINDING CORPORATE RULES ( BCR )
ACCENTURE BINDING CORPORATE RULES ( BCR ) EXECUTIVE SUMMARY INTRODUCTION Complying with data privacy laws is part of Accenture s Code of Business Ethics (COBE). In line with our COBE, we implement recognized
More informationBOARD CHARTER Introduction Company Board Responsibilities
BOARD CHARTER Introduction The directors are accountable to the shareholders and must ensure that Ausdrill Limited ( Company ) is appropriately managed to protect and enhance the interests and wealth of
More informationWORKING WITH THIRD PARTIES POLICY POLICY ADOPTED MARCH 2015, REVISED FEBRUARY 2017
WORKING WITH THIRD PARTIES POLICY POLICY ADOPTED MARCH 2015, REVISED FEBRUARY 2017 TABLE OF CONTENTS WORKING WITH THIRD PARTIES POLICY... 3 Introduction... 3 Working with third parties... 3 Due diligence
More informationINTEL CORPORATION BOARD OF DIRECTORS GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES
INTEL CORPORATION BOARD OF DIRECTORS GUIDELINES ON SIGNIFICANT CORPORATE GOVERNANCE ISSUES A. BOARD COMPOSITION 1. Board Leadership; Separation of the positions of Chairman and CEO The Board s general
More informationUNITY HOUSING ASSOCIATION - Board Member
UNITY HOUSING ASSOCIATION - Board Member Role Profile Role Specification Competencies Introduction Unity Housing Association expects all Board members to ensure that the Association complies with the 9
More informationThis Board Charter (Charter) is the foundation document which sets out the Board s role and responsibilities in
Board Charter Motor Trade Finance Limited Motor Trade Finance Limited and its subsidiaries (MTF) are committed to a high standard of corporate governance. MTF was founded as a co-operative company and
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationRBA Online Privacy Notice for
RBA Online Privacy Notice for www.responsiblebusiness.org Last updated [ ] The Responsible Business Alliance ( RBA, we, us, our ), is committed to protecting your privacy. At all times we aim to respect
More information27 April GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback
27 April 2017 GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback 1 GDPR Implementation Challenges A Summary of CIPL GDPR Project Participants Feedback In early 2017, CIPL
More informationEffects of GDPR and NY DFS on your Third Party Risk Management Program
Effects of GDPR and NY DFS on your Third Party Risk Management Program Please disable popup blocking software before viewing this webcast June 27, 2017 Grant Thornton LLP. All rights reserved. 1 CPE Reminders
More informationCORPORATE COMPLIANCE PROGRAM
-- -- ~-1~ _ \ ~ CORPORATE COMPLIANCE PROGRAM In order to address any deficiencies in its internal controls, policies, and procedures regarding compliance with the Foreign Corrupt Practices Act ("FCPA"),
More informationAPPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2016
APPLICATION OF KING III CORPORATE GOVERNANCE PRINCIPLES 2016 This table is a useful reference to each of the King III principles and how, in broad terms, they have been applied by the Group. KING III ETHICAL
More informationINTEGRITY COMPLIANCE GUIDELINES
AFRICAN DEVELOPMENT BANK GROUP African Development Bank Group Integrity and Anti-Corruption Department INTEGRITY COMPLIANCE GUIDELINES 1 1. Prohibition of Misconduct A clearly articulated and visible prohibition
More informationREX ENERGY CORPORATION CORPORATE GOVERNANCE GUIDELINES
REX ENERGY CORPORATION CORPORATE GOVERNANCE GUIDELINES The Board of Directors (the Board ) of Rex Energy Corporation (the Company ) has adopted the following corporate governance guidelines. These guidelines
More informationKPMG N.V. Code of Conduct. kpmg.nl
KPMG N.V. Code of Conduct kpmg.nl Contents 01 02 06 08 10 12 12 Leadership message Introduction The KPMG Values Commitments Responsibilities Where to get help Compliance with the Code Leadership message
More informationCorporate Governance Principles 2015
Corporate s 2015 corporate principles 1 corporate principles 1. Ethical leadership and corporate citizenship Responsible leadership 1.1 The board should provide effective leadership based on an ethical
More information