General Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
|
|
- Harry O’Neal’
- 6 years ago
- Views:
Transcription
1 General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR
2 Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT an option. It becomes mandatory in May 2018 Not being compliant may result in huge fines (up to 20M or 4% of the WW turnover) Demonstrating compliance ahead of time will be an important business differentiator
3 Some background GDPR took over three years for an agreement to be reached It has 173 Whereas elements defining the context It has 99 articles stating obligations It will come into effect in May 2018 Fun fact : It has 20,000 more words than Shakespeare s Hamlet
4 Some basic terminology Regulations have binding legal force throughout every Member State and enter into force on a set date in all the Member States. Directives lay down certain results that must be achieved but each Member State is free to decide how to transpose directives into national laws. Decisions are EU laws relating to specific cases and directed to individual or several Member States, companies or private individuals. They are binding upon those to whom they are directed.
5 What was voted on 27 th April 2016? Regulation 2016/679 On the protection of natural persons with regard to the processing of personal data and on the free movement of such data Repealing Directive 95/46/EC Directive 2016/680 On the protection of natural persons with regard to the processing of personal data by competent authorities for the purposes of the prevention, investigation, detection or prosecution of criminal offences or the execution of criminal penalties, and on the free movement of such data Repealing Decision 2008/977/JHA
6 In other words Regulation 2016/679 applies to all organisations which control or process personal data Directive 2016/680 applies to law enforcement bodies : Police, Ministry of Interior, state investigation organisations etc. This deck is about REGULATION 2016/679 and how it may affect your organisation
7 Introduction Whenever you open a bank account, join a social networking website or book a flight on-line, you hand over vital personal information : Name, Address, Credit card number, etc. Under EU law, personal data can only be gathered legally under strict conditions, for a legitimate purpose Persons or organisations which collect and manage your personal information must protect it from misuse and must respect certain rights of the data owners Public authorities and individuals transfer vast amounts of personal data across borders. Common EU rules ensure that personal data enjoys a high standard of protection everywhere in the EU. The EU Data Protection regulation also foresees specific rules for the transfer of personal data outside the EU
8 Personal Data definition personal data means any information relating to an identified or identifiable natural person ( data subject ); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
9 Data Processing definition processing means any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction
10 Data Controller definition controller means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data; where the purposes and means of such processing are determined by Union or Member State law, the controller or the specific criteria for its nomination may be provided for by Union or Member State law
11 What has changed with the new Regulation?
12 Key changes vs Directive 95/46/EC GDPR defines new rights for consumers (Data subjects) The GDPR will apply not only to companies established in the EU, but to all companies that target EU markets or consumers. Penalties for non-compliance will reach unprecedented heights with new maximum fines of EUR 20 million or 4% of annual worldwide revenue. EU legislators have introduced significant compliance burdens such as recordkeeping obligations and mandatory privacy impact assessments (PIAs) and, under the accountability principle, companies will have to be able to demonstrate compliance upon request.
13 Consumer / individual rights Unambiguous consent Right to withdraw consent Right to data portability Right to be forgotten Right to be informed when data is compromised Right to compensation One-stop shop
14 Individual Rights : Conditions for Collection and Use Legal Basis for Processing (or legitimate reason) : Necessity to perform a contract ; compliance ; legitimate interest which outweighs privacy right Fraud prevention Consent Freely given, specific, informed and unambiguous indication Can be withdrawn Right to be forgotten Right to request that individual data be erased. Exemptions may apply if the processing is deemed necessary for the exercise of freedom of expression, compliance with a legal obligation, public interest
15 Individual Rights (ctd) Right to Data Portability Provides a way for consumers to take their data from one service provider to another. Individual will be able to request a copy of their personal information in a structured and commonly used electronic format. Only applies to information obtained on the basis of consent or as necessary to perform a contract
16 Scope of the Regulation Data Controller or Processor is based in EU Data Subject is based in EU, even if the holding / processing organisation is based outside the EU This means in practice that a company outside the EU which is targeting consumers in the EU will be subject to the GDPR. This is not the case currently.
17 Remedies, Liability and Penalties (Articles 77 to 84) Data Subjects can exercise rights to Lodge complaints Effective judicial remedy against controllers or processors Compensation and liability in the case of infringement of the Regulation Administrative fines can be imposed Infringements to obligations of the controller, processor, certification body or monitoring body : 10M or up to 2% of total WW turnover Infringements to basic principles, data subject s rights, transfer of personal data to non-compliant third parties : 20M or up to 4% of total WW turnover
18 Compliance and Governance Accountability : companies must be able to demonstrate their compliance to regulators on request. Documentation and Recordkeeping Companies must register data processing activities with their DPA Data controllers and processors must maintain a record detailing purposes of data processing ; potential data recipients ; appropriate safeguards ; security measures.
19 Compliance and Governance (ctd) Privacy Impact Assessments Companies will be required to conduct PIA s for processing activities which are likely to result in high risk for the rights and freedom of individual, e.g. Use of sensitive data Systematic monitoring of public areas.. PIA will include Risk Assessment Analysis of safeguards and accountability measures
20 Compliance and Governance (ctd) Privacy by Design and by Default Requires that companies put in place technical and organisational measures to implement data protection principles GDPR mentions pseudonymization as an example of such measures Other measures include : Key coding techniques Limiting access ( need to know ) Data minimization Limiting data retention
21 Compliance and Governance (ctd) Data Privacy Officer GDPR introduces a requirement to appoint a DPO, but only in limited circumstances Company s core activities require regular and systematic monitoring of individuals on a large scale Activities include large-scale processing of sensitive data Data processed relates to criminal offences DPO may be appointed for a group of companies DPO must have expert knowledge of privacy and data protection law and practice
22 Cross-border Transfers and Binding Corporate Rules EU data protection law prohibits transfers of personal data to non-eu countries that do not provide for an adequate level of personal data protection without individuals explicit consent, unless appropriate safeguards are in place. In addition to continuing to recognize approved Standard Contractual Clauses, the GDPR now formally recognizes the use of BCRs Binding Corporate Rules ("BCR") are internal rules (such as a Code of Conduct) adopted by multinational group of companies which define its global policy with regard to the international transfers of personal data within the same corporate group to entities located in countries which do not provide an adequate level of protection. Putting in place BCRs entails implementing a comprehensive privacy program which is then subject to the approval of European data protection authorities (DPAs).
23 Mandatory Breach Notification & DPA s Companies must notify the competent DPA (Data Protection Authority) within 72 hours DPA s have new task and powers Imposing fines for non-compliance Handling complaints Co-operation with other authorities Drafting standard contracts for data transfers
24 Key changes (ctd) Binding Corporate Rules (BCRs) are formally recognized as an international transfer mechanism. Mandatory breach notification will be established for all of the EU Member States.
25 High-level roadmap to compliance Data Policies Users Processes Technology
26 Are there existing Policies? Do they include Compliance elements? With what? Are roles defined? Do they include need-to-know & Separation of Duties? Are Access control rules defined and implemented? Are they role-based? Are they context aware? Are they granular? To what level? Do they meet GDPR requirements?
27 What is the status of operational capabilities? Are processes defined to align new initiatives / projects with policies? Is there a SOC? Are processes defined to deal with incidents? Is there an Incident Response Team? Do currently installed technologies allow these processes to be effective? Access control Incident / breach of policy detection Incident response
28 How can Cisco help?
29 Cisco s Approach to Managing Privacy Understand Prioritize Develop Govern Privacy Impact Analysis Kickstart a program Periodic review of capability evolution Privacy Program - Assessment and Strategy Development Comprehensive assessment of requirements and development of a program roadmap Privacy Compliance Program Support Accelerate development and implementation Transform compliance requirements into a practical program
30 Service Description Scope & Impact Analysis Program Assessment & Development Compliance & Certification Support Address GDPR requirements Assess applicability of your organisation s data, partners and entities to GDPR compliance Understand the current state of your compliance program and the steps to create an effective data protection program Perform a review of your GDPR program to adjust for changes in business services, new markets, adoption of technologies, use of partners and changed regulations Identify other privacy obligations anticipated by your business plans Develop a custom GDPR programme Perform an evaluation of GDPR requirements and obligations Understand specific business needs, information lifecycle, growth plans and use of technology Perform a Data Protection Impact Assessment to discover PII that is being collected, why it is being collected and how it will be used, secured, shared and stored. Assess existing program against a custom set of relevant process maturity goals Development of a comprehensive program roadmap to meet the needs of the business and GDPR compliance Accelerate implementation of existing GDPR programme Provide independent and experienced advice on how to meet GDPR mandates Transform GDPR compliance requirements into a practical program and implementation plan Review governance mechanisms of your current GDPR compliance program and assess readiness for certification *Assuming large enterprise, local. MNC will be multiple derivative, depending on # of business lines.
31 Cisco Technology solutions NAME SHORT DESCRIPTION Secure Data Centre Obviously, Data Centres will be the location of choice to store personal data, and as such, will be the primary target for attacks on confidentiality. The Cisco Secure Data Centre for the Enterprise Solution Portfolio provides design and implementation guidance for enterprises that want to deploy physical and virtualized workloads in their data centres. Using our solutions can provide exceptional protection to address today's advanced data security threats. Associated technologies: NGFW, NGIPS ACI Stealthwatch Advanced Threat Analytics Network Segmentation & Access Control One of the key elements of GDPR compliance is controlling access to the resources where the personal data is stored and processed. Cisco s Access control and network segmentation capabilities help customers gain awareness of everything hitting their network, and provide access consistently and efficiently. This relieves the stress of complex access management, as security policies are updated and distributed dynamically. Associated technologies: Identity Services Engine TrustSec Breach detection and notification Major news organisations, analyst reports, and companies have all confirmed a new era of intrusions, theft, and malicious attacks. A major challenge facing organisations seeking GDPR compliance will be detecting these advanced threats, then analysing and blocking them. Cisco offers a full portfolio of solutions, combining combines static and dynamic malware analysis with threat intelligence into one unified solution. Associated technologies: OpenDNS Advanced Malware Protection, ThreatGrid Stealthwatch (Network as a Sensor) Active Threat Analytics
32 What about Cisco? Will we be compliant? As the GDPR seeks to strengthen privacy compliance and organisational accountability while driving consistency and interoperability throughout the EU and the world Cisco is committed to full compliance with the GDPR requirements by May From our developers and engineers to our legal and HR programs, we look at data protection and privacy from all angles. We devote significant resources to data protection and privacy and have a rigorous compliance program that has been driving toward robust privacy protection for years
33 Do you need more information?
34 8 Recommendations Prepare for data security breaches Establish a framework for accountability Embrace privacy by design Analyse the legal basis on which you use personal data Check your privacy notices and policies Bear in mind the rights of the data subjects If you are a supplier to others, consider whether you have new obligations as a processor Consider BCR to facilitate cross-border data transfers
35 Closing thought Being Compliant does not make you secure Being Secure helps you to be compliant
36
INTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT
WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationWSGR Getting Ready for the GDPR Series
WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,
More informationWhat you need to know. about GDPR. as a Financial Broker. Sponsored by
What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationwith Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting
with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting xada@gedapre.eu tel 0475-41.03.22 xavier.darmstaedter@dacota.eu Gent, 3 October 2017 4 facts 1. We are not really in control of our personal
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationGeneral Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationPERSPECTIVE. GDPR - An industry and geography agnostic regulation. Abstract
PERSPECTIVE GDPR - An industry and geography agnostic regulation Abstract As the deadline to comply with the General Data Protection Regulation (GDPR) draws near, many organizations are unaware of what
More informationPreparing Your Vendor Agreements for the General Data Protection Regulation
Preparing Your Vendor Agreements for the General Data Protection Regulation Oliver Yaros Partner - London +44 (0)203 130 3698 oyaros@mayerbrown.com Lei Shen Senior Associate - Chicago +1 312 701 8852 lshen@mayerbrown.com
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business
More informationcloser look at Definitions The General Data Protection Regulation
A closer look at Definitions The General Data Protection Regulation September 2017 V1 www.inforights.im Important This document is part of a series, produced purely for guidance, and does not constitute
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationPresenting a live 90-minute webinar with interactive Q&A. Today s faculty features:
Presenting a live 90-minute webinar with interactive Q&A Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now Revising Service Agreements and
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationACADEMIC AFFAIRS COUNCIL ******************************************************************************
ACADEMIC AFFAIRS COUNCIL AGENDA ITEM: 4 D (3) DATE: February 21, 2018 ****************************************************************************** SUBJECT EU Data Protection Regulations CONTROLLING STATUTE,
More informationGDPR. https://www.eugdpr.org/eugdpr.org.html
GDPR https://www.eugdpr.org/eugdpr.org.html GDPR FAQs When is the GDPR coming into effect? Frequently Asked Questions about the incoming GDPR. The GDPR was approved and adopted by the EU Parliament in
More informationSalesforce s Processor Binding Corporate Rules. for the. Processing of Personal Data
Salesforce s Processor Binding Corporate Rules for the Processing of Personal Data Table of Contents 1. Introduction 3 2. Definitions 3 3. Scope and Application 4 4. Responsibilities Towards Customers
More informationVendor Agreements and the New EU GDPR Steps to Take Now
Presenting a live 90-minute webinar with interactive Q&A Vendor Agreements and the New EU GDPR Steps to Take Now Complying With the EU General Data Protection and Privacy Regulation TUESDAY, JANUARY 30,
More informationEU data protection reform
EU data protection reform Background and insight A Whitepaper Executive summary The Irish Data Protection Acts 1988 and 2003 gave effect to the European Data Protection Directive 95/46/EC. The existing
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationACCENTURE BINDING CORPORATE RULES ( BCR )
ACCENTURE BINDING CORPORATE RULES ( BCR ) EXECUTIVE SUMMARY INTRODUCTION Complying with data privacy laws is part of Accenture s Code of Business Ethics (COBE). In line with our COBE, we implement recognized
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationThe Top 10 Operational Impacts of the EU s General Data Protection Regulation
The Top 10 Operational Impacts of the EU s General Data Protection Regulation www.iapp.org IAPP - International Association of Privacy Professionals The Top 10 Operational Impacts of the EU s General Data
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationCommittee on Civil Liberties, Justice and Home Affairs WORKING DOCUMENT. Committee on Civil Liberties, Justice and Home Affairs
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 06.07.2012 WORKING DOCUMT on the protection of individuals with regard to the processing of personal data and on the free
More informationEU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant
EU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant MAY 25 SAVE THE DATE May 25, 2018 The General Data Protection Regulation
More informationThe General Data Protection Regulation: What does it mean for you?
The General Data Protection Regulation: What does it mean for you? We are here to help The changes being introduced in the EU General Data Protection Regulation 2016 (GDPR) will be the biggest shake-up
More informationEU General Data Protection Regulation
Guidance note EU General Data Protection Contents Introduction Guidance note aims and structure Summary Data basics Dealing with individuals Governance and risk management Concluding remarks Appendix 1
More informationEU General Data Protection Regulation, a new era in data protection
EU General Data Protection Regulation, a new era in data protection The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way
More informationThe New EU General Data Protection Regulation 1
The New EU General Data Protection Regulation 1 Dear clients and friends, On 14 April 2016 the EU Parliament formally approved the General Data Protection Regulation ( the Regulation ). The Regulation
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationPersonal data: By Personal data we understand all information about identified or identifiable natural ( data subject ) according to GDPR
PRINCIPLES OF PERSONAL DATA PROTECTION In these Principles of Personal Data Protection we inform the subjects of data whose personal data we process about all our activities regarding processing and principles
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationGeneral Data Protection Regulation. The changes in data protection law and what this means for your church.
General Data Protection Regulation The changes in data protection law and what this means for your church. 1 Contents Page 5 Page 6 Page 7 Page 8 Page 9 Page 10 Page 11 Page 12 Page 18 Page 20 Page 23
More informationThe General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2017
The General Data Protection Regulation (GDPR) and Data Protection Act (DPA) 2017 Part 1: Guidance for Community Pharmacies Version 1: April 2018 With thanks to the Community Pharmacy GDPR Working Party
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes!
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationA GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com A GDPR Primer For U.S.-Based Cos. Handling
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationAccelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications
Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications O R A C L E W H I T E P A P E R D E C E M B E R 2 0 1 7 Disclaimer The purpose of this document
More informationGDPR Compliance Checklist
GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May
More informationEU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory
EU General Data Protection Regulation (GDPR) A Point of View For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law will have a profound impact
More informationGDPR breakfast roundtable: legal grounds for use & data mapping. Jurriaan Jansen Nikolai de Koning Norton Rose Fulbright LLP 23 May 2017
GDPR breakfast roundtable: legal grounds for use & data mapping Jurriaan Jansen Nikolai de Koning Norton Rose Fulbright LLP 23 May 2017 Agenda Legal grounds for processing personal data Necessary for the
More informationThe Sage quick start guide for businesses
General Data Protection Regulation (GDPR): The Sage quick start guide for businesses Contents Introduction 3 Infographic: GDPR at a Glance 4 The basics 5 The GDPR in summary 5 Individual rights and informing
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationThe General Data Protection Regulation An Overview
The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter
More informationDepending on the circumstances, we may collect, store, and use the following categories of personal information about you:
Ignata Group Data Protection / Privacy Notice What is the purpose of this document? Ignata is committed to protecting the privacy and security of your personal information. This privacy notice describes
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationUK Research and Innovation (UKRI) Data Protection Policy
UK Research and Innovation (UKRI) Data Protection Policy Document Information Revision History Version Comment Date By 0.1 Draft Policy created July 2017 DH 0.2 Revision post review by information manager
More information12 STEPS TO PREPARE FOR THE GDPR
12 STEPS TO PREPARE FOR THE GDPR Presented by Henshalls Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR
More informationPreparing for GDPR 27th September, Reykjavik
Preparing for GDPR 27th September, Reykjavik Introduction Who I am? Solicitor fromlondon Worked in digital industry for the last 7years Specialized in Privacy for the last 7 years and did some consulting
More informationEffective Data Governance & GDPR Compliance for the Nonprofit CFP
Effective Data Governance & GDPR Compliance for the Nonprofit CFP March 22, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited
More information2018 GLOBANET GDPR REPORT
2018 GLOBANET GDPR REPORT CHAPTER 1: Fears of Brand Damage, Job Loss, Company Livelihood Surface as Businesses Try to Come to Grips with GDPR Compliance The deadline looms on the horizon: 25 May,2018.
More informationThe General Data Protection Regulation and associated legislation. Part 1: Guidance for Community Pharmacy. Version 1: 25th March 2018
The General Data Protection Regulation and associated legislation Part 1: Version 1: 25th March 2018 Introduction The General Data Protection Regulation and, when enacted, the Data Protection Act 2018
More informationConsulting Champions
Consulting Champions Get GDPR Ready with SOLA Consulting A bespoke GDPR compliance offering covering people, process, technology and data www.solagroup.com SOLA Consulting is part of SOLA Group Ltd Contents
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationEU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.
EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationGDPR. The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April
www.thalesgroup.com/uk SECURE COMMUNICATIONS AND INFORMATION SYSTEMS The General Data Protection Regulation (EU) 2016/679 of the European Parliament and of the Council 27 April 2016 Contents What is the
More informationEuropean Union General Data Protection Regulation 2016 (Effective 25 May 2018)
European Union General Data Protection Regulation 2016 (Effective 25 May 2018) European Union General Data Protection Regulation 2016 (Effective 25 May 2018) CONTENTS Why is the GDPR relevant to Hong
More informationData protection (GDPR) policy
Data protection (GDPR) policy January 2018 Version: 1.0 NHS fraud. Spot it. Report it. Together we stop it. Version control Version Name Date Comment 1.0 Trevor Duplessis 22/01/18 Review due Dec 2018 OFFICIAL
More informationTEL: +44 (0)
EU General Data Protection Regulation FAQs Cordery GDPR Navigator This note is part of the Cordery GDPR Navigator. Technical terms are used in this document which are explained in the glossary. Edition
More informationGDPR Physical Security and Privacy Safeguards
GDPR Physical Security and Privacy Safeguards The European Union General Data Protection Regulation (GDPR) requires organizations worldwide to rethink how they access, use and maintain personal data. This
More informationNew EU-GDPR: Challenges for Universities and Research Organisations
New EU-GDPR: Challenges for Universities and Research Organisations Prof. Dr. Ing. Ramin Yahyapour CIO Georg-August-Universität Göttingen and University Medical Centre Director GWDG EUNIS workshop for
More informationThe Committee of Ministers, under the terms of Article 15.b of the Statute of the Council of Europe,
Recommendation CM/Rec(2015)5 of the Committee of Ministers to member States on the processing of personal data in the context of employment (Adopted by the Committee of Ministers on 1 April 2015, at the
More informationIMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS
IMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS This Insight provides an overview of the changes, and impact the GDPR Directive presents to outsourcing arrangements. Furthermore, it provides
More informationGuidelines on the protection of personal data in IT governance and IT management of EU institutions
Guidelines on the protection of personal data in IT governance and IT management of EU institutions Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 30 - B-1000 Brussels E-mail : edps@edps.europa.eu
More informationGeneral Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance.
General Data Protection Regulation and Episerver Learn how to leverage your organization s data to support GDPR compliance. Page 2 What is General Data Protection Regulation? What The general data protection
More information10366/15 VH/np DGD 2C LIMITE EN
Council of the European Union Brussels, 2 July 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 10366/15 LIMITE DATAPROTECT 110 JAI 511 MI 422 DIGIT 53 DAPIX 116 FREMP 145 COMIX 302 CODEC 948 NOTE
More informationTHE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE
OCTOBER 2017 EU, COMPETITION, TRADE AND REGULATORY THE EU GENERAL DATA PROTECTION REGULATION AND INTERNATIONAL AIRLINES SPECIAL UPDATE The EU General Data Protection Regulation (GDPR) becomes effective
More informationAmCham EU s Recommendations on GDPR Implementation
AmCham EU s Recommendations on GDPR Implementation Ensuring a balanced and forwardlooking data protection framework in Europe Executive summary AmCham EU s recommendations for the implementation of the
More informationEU General Data Protection Regulation
Steve Norledge, UKI GDPR Leader Sol Barron, Information Governance Specialist February 2017 EU General Data Protection Regulation Getting Started with GDPR GDPR significantly extends EU member-state data
More informationGetting Ready for the. General Data Protection Regulation GDPR. A Guide by Mason Hayes & Curran. Dublin, London, New York & San Francisco. MHC.
Getting Ready for the General Data Protection Regulation GDPR 2018 Dublin, London, New York & San Francisco A Guide by Mason Hayes & Curran MHC.ie The contents of this publication are to assist access
More informationSupplemental guide to the GDPR for HR professionals
Supplemental guide to the GDPR for HR professionals Version 1.0, January 2018 The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, representing the most significant change
More informationGeneral Data Protection Regulation. What should community energy organisations be doing to prepare?
General Data Protection Regulation What should community energy organisations be doing to prepare? The implementation date of 25 May 2018 for the General Data Protection Regulation (GDPR) is fast approaching.
More informationBreaking the myth How your marketing activities can benefit from the GDPR December 2017
www.pwc.be Breaking the myth How your marketing activities can benefit from the GDPR December 2017 1. Introduction As opposed to a widespread belief, the GDPR aims to reinforce customers rights, whilst
More informationDATA PROTECTION POLICY 2016
DATA PROTECTION POLICY 2016 ADOPTED FROM BRADFORD METROPOLITAIN COUNCIL MODEL POLICY AUTUMN 2016 To be agreed by Governors on; 17/10/16 Signed by Chair of Governors: Statutory policy: Yes Frequency of
More information