Effective Data Governance & GDPR Compliance for the Nonprofit CFP
|
|
- Kenneth Phelps
- 6 years ago
- Views:
Transcription
1 Effective Data Governance & GDPR Compliance for the Nonprofit CFP March 22, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international for the Nonprofit BDO network CFP of independent member firms. Page 0 /
2 CPE and Support CPE Participation Requirements To receive CPE credit for this webcast: You ll need to actively participate throughout the program. Be responsive to at least 75% of the participation pop-ups. Please refer to the CPE & Support Handout in the Handouts section for more information about group participation and CPE certificates. Q&A: Submit all questions using the Q&A feature on the lower right corner of the screen. At the end of the presentation, the presenter(s) will review and answer all questions submitted. Technical Support: If you should have technical issues, please contact LearnLive: Click on the Live Chat icon under the Support tab, OR call: Audio Audio will be streamed through your computer speakers. If you experience audio issues during today s presentation please dial into the teleconference: , teleconference code: Page 1
3 WITH YOU TODAY Karen Schuler Data & Information Governance, National Leader BDO USA, LLP 8401 Greensboro Drive, Suite 800 McLean, VA Direct: Mark Antalik Managing Director BDO USA, LLP One International Place Boston, MA Direct: Page 2
4 Agenda Challenges & Threats Data Governance Primer GDPR Introduction Page 3
5 Challenges & Threats Page 4
6 Top challenges Needs driving data governance 1. Uncertainty about the future 2. Financial management 3. Performance monitoring and management 4. Increased regulations and compliance 5. Recruiting the right people 6. Technology and data explosion 7. Maintaining your reputation 8. Funding 9. Data breaches 10.Sustainability Page 5
7 Top NFP Threats Attacks driving data governance TYPES OF ATTACKS WHAT DATA ARE THEY TAKING? 4% 4% 10% 13% 14% 15% 20% 20% Browser Brute force Denial of service Worm Malware Web Scan Others Page 6 Policies and procedures are outdated
8 Top NFP Threats #1 threat the explosion of data Lack of control over data retention Business intelligence Holistic Data Governance New data privacy regulations CHALLENGES Vendors storing sensitive data Thinking about governance Litigation Systems & information in multiple locations Compliance investigations Policies and procedures are outdated No governance program Page 7
9 Data Governance Primer Page 8
10 Business Objectives Reasons to develop a data governance program Consistency & Quality Utilize consistent data for business needs. Identify real and perceived data quality issues. Identify data that is valuable and needed to drive decisions. Standardize approach to address existing and new data needs. Accessibility Integrate data uses across business lines. Prevent redundant data collection. Access needed data. Keep current with IT changes and storage standards. Privacy & Protection Implement data reduction, data protection, and compliance strategies. Align business practices with policies, and procedures. Implement corporate wide updates to meet compliance requirements Maintain security and accessibility so that data elements are not lost, corrupted or made unavailable. Protect vital (e.g., donor, patient, employee and volunteer) data sets. Page 9
11 Where to Start Checklist TASK RESPONSIBLE PARTY(IES) Champion the Data Governance Program Executive Director, Board, C-Suite Identify applications and data sets CIO/IT and business functions Identify sensitive data (PII, PHI, PCI) CIO/IT, Legal, Privacy, CFO Identify data accessed by third parties CIO/IT, CISO/Security Classify data Legal, CIO/IT, CISO/Security, Privacy, CFO Document and update policies Legal, CIO/IT Review IT and security controls CIO/IT, CISO/Security Review data management controls and policies CIO/IT Review vendor contracts Legal Determine data management needs CIO/IT Page 10
12 Longer Term Planning Required teams Business & Operations IT & Security Human Resources Legal & Compliance Sales & Marketing Page 11
13 Longer term planning Implementation Business processes Information inventory Vendors Vital data Business intelligence Driving value from data Policies Procedures Litigation readiness Data breach response Assets Readiness Data Management Data breach notification Technology Inventory Privacy Security Data management Risk identification Accessibility & Quality Management 3 rd party transfers International transfers BYOD Retention Technical & Organizational Measures Disposition Page 12
14 Holistic approach to cybersecurity risk management Implementation Cybersecurity risk management is not just about technology. A holistic approach: Addresses how the cybersecurity strategy needs to align with the business strategy. Recognizes that people and culture are important elements of the process. Recognizes that the target industry is a driver of cyber threats. Understands that managing risk has a cost and ROI. Page 13
15 Framework Putting it all together Page 14
16 GDPR Introduction Page 15
17 GDPR Background, Impact & Context Effective May 25, 2018 The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data Mandatory breach reporting Significant penalties for noncompliance Fines are up to 4% of global revenues or 20 million, whichever is greater. Page 16
18 GDPR Background, Impact & Context Personal data Applies to personal data meaning any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier. Sensitive personal data Sensitive personal data are special categories of personal data that are subject to additional protections (e.g., genetic data, biometric data, criminal information). Data subject rights The Right to: access, erasure, to be forgotten, or data portability. Page 17
19 GDPR Background, Impact & Context Does GDPR apply to your organization? Applies to organizations wherever they are located that: Offer goods and services (including free services) to people in the EU; or, Monitors the behavior of people in the EU (e.g., website analytics) Personal data is broadly defined as any information relating to an identified or identifiable natural person (e.g., IP address, country identifier). Applies whether you are a controller or a processor. Page 18
20 GDPR Alignment after May 25, 2018 Identify. Analyze. Govern. Evaluate Obligations & Assess Risk Evaluate & Rank Vendor Risks Develop a Compliance Roadmap Data Mapping Review Policies & Contracts for Gaps Remediate, Govern & Manage Page 19
21 1. Assess Risks and Gaps Conduct a GDPR Readiness Assessment Evaluate the current state of GDPR compliance Utilize BDO or other online platforms to evaluate risks and gaps Map GDPR requirements against other privacy regulations Prepare a GDPR implementation plan 46.9 Figure 1. Risk Meter Page 20
22 2. Data Mapping Article 5, 6(1), 9(1), 13-14, 17 and 30 Document information assets and understand in-scope and out-of-scope activities Document business processes and align with data flow and data types Nurse Patient Patient Care Application Lab Tech Pharmacist Understand where data flows inside and outside the organization Doctor Understand data retention policies and records keeping practices Page 21
23 3. Evaluate & Rank Vendor Risks Articles 28, 30, Audit processes to determine how those processes impact privacy of data subjects Initiate and Distribute Online Assessments Evaluate whether products have been developed with appropriate privacy considerations Report on systems that contain significant amounts of personal data and provide a plan for remediation and management iga.bdo.com/privacy Report and Provide Recommendations Analyze Gather Information Page 22
24 4. Review Policies & Contracts for Gaps Articles 12-14, 18, 21-22, 33-34, Privacy notices Data subjects rights Process agreements Data breach response and notification Data protection policies and procedures Page 23
25 5. Develop a Compliance Roadmap Articles 15, 20, 24(1), 24, 32, ACTION PLAN REF RISK RAG SOLUTION/MITIGATING ACTIONS RESULT OUTCOME RAG # Risk to be mitigated Current rating PR1 PR2 E.g. Employee forgets to turn off call recording during payment processing E.g. Customer data incorrectly imported onto system using automated process 8 6 Detail corrective actions, solutions and mitigating controls that address the risk 1. Use automated recording system to turn off recording at set trigger 2. Audit all calls at end of each day to ensure no credit card details have been recorded Utilise manual audits of files after import Edit system to match fields with correct data Reduced, Eliminated or Accepted Risk Reduced Accepted Has the solution(s) reduced the risk enough to proceed with processing? Human error removed from risk, although system could still fail to turn off at trigger. Manual call audit means any recording will still be identified and remove at end of each day. Mitigating actions will only slightly reduce risk, but automatically importing data is an essential business function that cannot be replaced with manual entry New risk rating 2 5 Page 24
26 6. Remediate, Govern and Manage Registers Business processing Information inventory Personal data / special categories Records retention and erasure Awareness and training Accountability / Consent / Privacy Notices Website policies Employee forms Direct marketing Privacy notices Access requests and forms Response mechanisms Subject Access Rights Rectification & erasure Accuracy Objections to processing Data Transfers and Portability Transfers to data subjects Transfers to DPA s or SA s 3 rd party transfers International transfers Information security and data protection policies Technical & Organization Measures Data breach response Data breach notification Page 25
27 Summary and Questions For more information, please contact Mark Antalik or Karen Schuler. Page 26
28 Conclusion Thank you for your participation! Certificate Availability If you participated the entire time and responded to at least 75% of the polling questions, click the Participation tab to access the print certificate button. Please exit the interface by clicking the red X in the upper right hand corner of your screen. Page 27
29 BDO is the brand name for BDO USA, LLP, a U.S. professional services firm providing assurance, tax, and advisory services to a wide range of publicly traded and privately held companies. For more than 100 years, BDO has provided quality service through the active involvement of experienced and committed professionals. The firm serves clients through more than 60 offices and over 550 independent alliance firm locations nationwide. As an independent Member Firm of BDO International Limited, BDO serves multi-national clients through a global network of 73,800 people working out of 1,500 offices across 162 countries. BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms. BDO is the brand name for the BDO network and for each of the BDO Member Firms. This document contains information that is proprietary and confidential to BDO USA, LLP, the disclosure of which could provide substantial benefit to competitors offering similar services. Thus, this document may not be disclosed, used, or duplicated for any purposes other than to permit you to evaluate BDO to determine whether to engage BDO. If no contract is awarded to BDO, this document and any copies must be returned to BDO or destroyed. Material discussed in this publication is meant to provide general information and should not be acted on without professional advice tailored to your organization s individual needs BDO USA, LLP. All rights reserved.
Due Diligence And Oversight of Vendors in the Current Regulatory Environment: What Nonprofits Need to Know November 28, 2017
Due Diligence And Oversight of Vendors in the Current Regulatory Environment: What Nonprofits Need to Know November 28, 2017 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of
More informationof an International Assignment
BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company BDO KNOWLEDGE limited by guarantee, Webinar Series and forms Lifecycle part of the
More informationPresenting a live 90-minute webinar with interactive Q&A. Today s faculty features:
Presenting a live 90-minute webinar with interactive Q&A Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now Revising Service Agreements and
More informationWhat is GDPR and Should You Care?
What is GDPR and Should You Care? Ingram Micro Inc. 1 Overview of Privacy Climate & Concerns 2 2 Today We Live In A World Where Advertisers read key words in your Facebook posts and emails and decide what
More informationINTERNATIONAL WHAT GDPR MEANS FOR RECORDS MANAGEMENT
WHAT GDPR MEANS FOR RECORDS MANAGEMENT Presented by: Sabrina Guenther Frigo Overview Background Basic Principles Scope Lawful Processing Data Subjects Rights Accountability & Governance Data Transfers
More informationSample Audit Committee. of Auditors and Management
Sample Audit Committee Questions to Ask of Auditors and Management 2 Sample Audit Committee Questions to Ask of Auditors and Management u Sample Audit Committee Questions to Ask of Auditors and Management
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR), which takes effect in 2018, will bring changes
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationGeneral Data Privacy Regulation: It s Coming Are You Ready?
General Data Privacy Regulation: It s Coming Are You Ready? Presenters Tristan North Worldwide ERC Government Affairs Adviser, Moderator William R. Tehan General Counsel, Graebel Companies, Inc. Hank A.
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationThe General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner,
The General Data Protection Regulation (GDPR): Getting in good shape for the deadline Copenhagen, 19 September 2017 Janus Friis Bindslev Partner, Deloitte, Cyber Advisory Table of Contents Introduction
More informationwith Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting
with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting xada@gedapre.eu tel 0475-41.03.22 xavier.darmstaedter@dacota.eu Gent, 3 October 2017 4 facts 1. We are not really in control of our personal
More informationINTERNAL AUDIT S ROLE IN HIGHLY AQUISITIVE ORGANIZATIONS
INTERNAL AUDIT S ROLE IN HIGHLY AQUISITIVE ORGANIZATIONS JUNE 27, 2017 Jeff Hemphill Central Region Risk Advisory Services Practice Leader Chris Alger Management Advisory Services Managing Director CPE
More informationPERSPECTIVE. GDPR - An industry and geography agnostic regulation. Abstract
PERSPECTIVE GDPR - An industry and geography agnostic regulation Abstract As the deadline to comply with the General Data Protection Regulation (GDPR) draws near, many organizations are unaware of what
More informationVendor Agreements and the New EU GDPR Steps to Take Now
Presenting a live 90-minute webinar with interactive Q&A Vendor Agreements and the New EU GDPR Steps to Take Now Complying With the EU General Data Protection and Privacy Regulation TUESDAY, JANUARY 30,
More informationSTEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS. April 25, 2018 In-House Counsel Conference
STEPS FOR EFFECTIVE MANAGEMENT OF VENDOR AND SUPPLIER CYBERSECURITY RISKS April 25, 2018 In-House Counsel Conference Presenters: Daniela Ivancikova, Assistant General Counsel, University of Delaware Evan
More informationGeneral Data Protection Regulation (GDPR) Meeting the new requirements
General Data Protection Regulation (GDPR) Meeting the new requirements Data protection rules are changing In a nutshell Predating social media, cloud computing and geolocation services, the law needs to
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationCloud Computing Opportunities & Challenges
Cloud Computing Opportunities & Challenges AICPA & CPA/SEA Interchange State Regulatory & Legislative Affairs Emerging Technologies July 11, 2017 Presented by Donny C. Shimamoto, CPA.CITP, CGMA 1 Unless
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationWhat you need to know. about GDPR. as a Financial Broker. Sponsored by
What you need to know about GDPR as a Financial Broker Dear Partner The regulatory and compliance environment is ever changing and the burden and requirements on financial services professionals continues
More informationGDPR Compliance Checklist
GDPR Compliance Checklist GDPR Compliance Checklist This GDPR Compliance Checklist sets out the key requirements that the General Data Protection Regulation will introduce into EU Privacy law on 25 May
More informationData Flow Mapping and the EU GDPR
Data Flow Mapping and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 29 September 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure services Business
More informationGDPR: Is it just another strict regulation or a great opportunity for operational excellence?
GDPR: Is it just another strict regulation or a great opportunity for operational excellence? Xenofon Liapakis General manager CIO & Services of Interamerican group Chairman of Hellenic CIO forum November
More informationFoundation trust membership and GDPR
05 April 2018 Foundation trust membership and GDPR In the last few weeks, we have received a number of enquiries from foundation trusts concerned about the implications of the new General Data Protection
More informationPreparing Your Vendor Agreements for the General Data Protection Regulation
Preparing Your Vendor Agreements for the General Data Protection Regulation Oliver Yaros Partner - London +44 (0)203 130 3698 oyaros@mayerbrown.com Lei Shen Senior Associate - Chicago +1 312 701 8852 lshen@mayerbrown.com
More informationEU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations. For private circulation only.
EU General Data Protection Regulation (GDPR) Point of View for ERP and HRMS Operations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More informationEU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.
EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes!
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More informationSOLUTION BRIEF HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING PREPARE FOR RISK ASSESSMENT & COMPLIANCE CHALLENGES FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated
More informationREGULATORY HOT TOPIC Third Party IT Vendor Management
REGULATORY HOT TOPIC Third Party IT Vendor Management 1 Todays Outsourced Technology Services Core Processing Internet Banking Mobile Banking Managed Security Services Managed Data Center Services And
More informationSOLUTION BRIEF EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER
EU GENERAL DATA PROTECTION REGULATION COMPLIANCE WITH RSA ARCHER ARRIVAL OF GDPR IN 2018 The European Union (EU) General Data Protection Regulation (GDPR) that takes effect in 2018 will bring changes for
More informationACCENTURE BINDING CORPORATE RULES ( BCR )
ACCENTURE BINDING CORPORATE RULES ( BCR ) EXECUTIVE SUMMARY INTRODUCTION Complying with data privacy laws is part of Accenture s Code of Business Ethics (COBE). In line with our COBE, we implement recognized
More informationEU-GDPR and the cloud. Heike Fiedler-Phelps January 13, 2018
. EU-GDPR and the cloud Heike Fiedler-Phelps January 13, 2018 Disclaimer SAP does not provide legal advice The following presentation is only about a high level discussion about GDPR. 2 EU-GDPR Summary
More informationThird Party Risk Management ( TPRM ) Transformation
Third Party Risk Management ( TPRM ) Transformation September 20, 2017 Internal use only An introduction to TPRM What is a Third Party relationship? A Third Party relationship is any business arrangement
More informationQuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready?
QuickLaunch University Webinar Series Data Privacy and GDPR Is Your Startup Ready? October 10, 2017 Attorney Advertising Webinar Guidelines Participants are in listen-only mode Submit questions via the
More informationQ&A IMPLEMENTING THE NEW REVENUE RECOGNITION STANDARD FOR MANUFACTURERS WEBINAR
Q&A IMPLEMENTING THE NEW REVENUE RECOGNITION STANDARD FOR MANUFACTURERS WEBINAR UNCLAIMED PROPERTY Who ate my gift card balance? March 2016 APRIL 2018 CONTACTS BDO CATHY MCNAMARA Audit Partner, Assurance
More informationERP IMPLEMENTATION RISK
ERP IMPLEMENTATION RISK Kari Sklenka-Gordon, Director at RSM National ERP Risk Advisory Leader March 2017 2015 2016 RSM US LLP. All Rights Reserved. Speaker Kari Sklenka-Gordon National RSM ERP Risk Advisory
More informationData protection in light of the GDPR
Data protection in light of the GDPR How to protect your organization s most sensitive data Why is data protection important? Your data is one of your most prized assets. Your clients entrust you with
More informationThe (Scheme) Actuary as a Data Controller
The (Scheme) Actuary as a Data Controller Keith Webster and Ian Stevens Partners, CMS Cameron McKenna LLP June 2014 Discussion Areas New IFOA guidance Data Protection Act refresher Compliance obligations
More informationEU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant
EU GENERAL DATA PROTECTION REGULATION (GDPR) COMPLIANCE ARE YOU PREPARED? What You Need to Know to Make Your Data Transfers Compliant MAY 25 SAVE THE DATE May 25, 2018 The General Data Protection Regulation
More informationTourettes Action Data Protection Policy
Tourettes Action Data Protection Policy Effective date: 01/01/2018 Review date: 01/01/2020 Approved: Suzanne Dobson, CEO Tourettes Action Author: Pippa McClounan, Office Manager Tourettes Action Version
More information2018 GLOBANET GDPR REPORT
2018 GLOBANET GDPR REPORT CHAPTER 1: Fears of Brand Damage, Job Loss, Company Livelihood Surface as Businesses Try to Come to Grips with GDPR Compliance The deadline looms on the horizon: 25 May,2018.
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationHow employers should comply with GDPR
02 Mind your business Prepare for GDPR How employers should comply with GDPR Recommendations for employer compliance with GDPR The scope of the impact of the GDPR cannot be overstated. The GDPR will impact
More informationEU General Data Protection Regulation
Steve Norledge, UKI GDPR Leader Sol Barron, Information Governance Specialist February 2017 EU General Data Protection Regulation Getting Started with GDPR GDPR significantly extends EU member-state data
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationHuman Resources. Data Protection Policy IMS HRD 012. Version: 1.00
Human Resources Data Protection Policy IMS HRD 012 Version: 1.00 Disclaimer While we do our best to ensure that the information contained in this document is accurate and up to date when it was printed
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationEU General Data Protection Regulation (GDPR) A Point of View. For private circulation only. Risk Advisory
EU General Data Protection Regulation (GDPR) A Point of View For private circulation only Risk Advisory Preface Does the EU GDPR impact organisations in India? Yes! This new law will have a profound impact
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationCHART OF ACCOUNTS SETUP
RSM TECHNOLOGY ACADEMY elearning Syllabus and Agenda CHART OF ACCOUNTS SETUP FOR MICROSOFT DYNAMICS 365 FOR OPERATIONS Course Details 3 Audience 3 At Course Completion 3 Registration and Payment 3 Refund
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationCFO Financial Forum Webcast
CFO Financial Forum Webcast Revenue Recognition: Are you going to be left behind? April 4, 2017 With You Today Bill Tomazin Partner Tel: 312-665-5576 wtomazinjr@kpmg.com Stephen Thompson Partner Tel: 303-382-7970
More informationThe EU General Data Protection Regulation
The EU General Data Protection Regulation Shearman & Sterling LLP is a limited liability partnership organized under the laws of the State of Delaware, with an affiliated limited liability partnership
More informationRisk Management For and By the BOT. Secured BOT Series
Secured BOT Series 2018 Contents Risk Management For and By the BOT Setting context for RPA Risk Management Deloitte's Risk Framework For RPA Risk Management For the BOT Risk Management By the BOT How
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationConsulting Champions
Consulting Champions Get GDPR Ready with SOLA Consulting A bespoke GDPR compliance offering covering people, process, technology and data www.solagroup.com SOLA Consulting is part of SOLA Group Ltd Contents
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationBroad Run Investment Management, LLC
Broad Run Investment Management, LLC GDPR Disclosure The General Data Protection Regulation ( GDPR ) applies to the collection, processing and storage of personal data undertaken by organizations within
More informationThe EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry
The EU General Data Protection Regulation (GDPR) A briefing for the digital advertising industry 1 Contents Introduction 5 Brexit: GDPR or New UK Law? 8 The eprivacy Directive 10 The GDPR: 10 Key Areas
More informationGeneral Data Protection Regulation (GDPR) Frequently Asked Questions
General Data Protection Regulation (GDPR) Frequently Asked Questions 26 March 2018 0 Contents Introduction... 3 What is GDPR?... 3 Who does the GDPR apply to?... 3 Are tax advisers data controllers or
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationA COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS. April 19, 2017
A COMPANION DOCUMENT TO THE GDPR READINESS DECISION TREE QUESTIONS AND ANALYSIS April 19, 2017 The General Data Protection Regulation (GDPR) represents perhaps the most sweeping changes to the protection
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationEU data protection reform
EU data protection reform Background and insight A Whitepaper Executive summary The Irish Data Protection Acts 1988 and 2003 gave effect to the European Data Protection Directive 95/46/EC. The existing
More informationDon t make the same mistake twice! Avoiding repeat violations of Reliability Standards
Don t make the same mistake twice! Avoiding repeat violations of Reliability Standards 17 November 2010 www.morganlewis.com www.ey.com Welcome to Don t Make the Same Mistake Twice! Avoiding Repeat Violations
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationAchieving GDPR Compliance with Avature
Achieving GDPR Compliance with Avature What You Need to Know About GDPR The General Data Protection Regulation, or GDPR, is a regulation that was passed by the European Union in 2016 to update and replace
More informationWSGR Getting Ready for the GDPR Series
WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,
More informationSeptember 9, 2016 kpmg.ca
IIROC 2016 Financial Administrators Section Conference September 9, 2016 kpmg.ca Presenters The contacts at KPMG in connection with this presentation are: Chris Cornell KPMG Partner, Financial Services
More informationGDPR: demanding new privacy rights and obligations
GDPR: demanding new privacy rights and obligations Perspectives for non-eu financial services firms For more cyber and privacy insights, visit ey.com/fsgdpr or ey.com/fscyber Note: The General Data Protection
More informationWebinar: Deep Dive into the Role of the DPO under the GDPR
Webinar: Deep Dive into the Role of the DPO under the GDPR Wednesday, 22 June 2016 11:00 AM US EDT Use the chat box to ask questions. www.informationpolicycentre.com 1 Webinar Agenda Use the chat box to
More informationHARNESSING THE POWER OF DATA ANALYTICS AND CONTINUOUS MONITORING
HARNESSING THE POWER OF DATA ANALYTICS AND CONTINUOUS MONITORING SEPTEMBER 26, 2017 Shana McGee, CIA Manager, Risk Advisory Services Kirstie Tiernan, CFE, OCA Managing Director, Forensic Technology Services
More informationStrengthening Vendor Risk Management Program
Strengthening Vendor Risk Management Program ACUIA Region 5 Fall Meeting Portsmouth, N.H. October 2017 PKF O Connor Davies Risk Advisory Services Governance & Regulations Cyber-Security Risk Management
More informationGDPR readiness for start-ups, technology businesses and professional practices Martin Cassey
www.nascenta.com GDPR readiness for start-ups, technology businesses and professional practices Martin Cassey Introduction GDPR Key Points GDPR/DPA Differences Start Up, Tech Business Professional Practice?
More informationSecuring Intel s External Online Presence
IT@Intel White Paper Intel IT IT Best Practices Information Security May 2011 Securing Intel s External Online Presence Executive Overview Overall, the Intel Secure External Presence program has effectively
More informationA GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com A GDPR Primer For U.S.-Based Cos. Handling
More informationU.S. General Services Administration. What s New Federal Agencies. Steve Babine Vice President Citi
U.S. General Services Administration What s New Federal Agencies Steve Babine Vice President Citi July 2012 This material is intended for use by the GSA only 2012 GSA SmartPay Conference Fine Tune Your
More informationEU General Data Protection Regulation, a new era in data protection
EU General Data Protection Regulation, a new era in data protection The European Union data privacy landscape is about to undergo dramatic change, with lasting enterprise wide implications for the way
More informationPCI Data Breach Preparedness How To Prevent Your Organization From Becoming the Next Data Breach Headline
PCI Data Breach Preparedness How To Prevent Your Organization From Becoming the Next Data Breach Headline Presented by the Bryan Cave Payments Team and Special Guest Speaker Andi Baritchi Agenda Introduction
More informationGDPR Webinar 4: Data Protection Impact Assessments
Webinar 4: Data Protection Impact Assessments T-Minus 365 Days (May 25, 2017) Presenters: Peter Blenkinsop peter.blenkinsop@dbr.com Hilary Wandall General Counsel & Chief Data Governance Officer, TRUSTe
More informationGDPR: An Overview for Public Sector Communicators
GDPR: An Overview for Public Sector Communicators Live webinar 16 August uk.granicus.com @GranicusUK #Granicus17 Granicus Annual Public Sector Communications Conference Tuesday 26 Sept RIBA Venues, London
More informationUK SCHOOL TRIPS PRIVACY POLICY
UK SCHOOL TRIPS PRIVACY POLICY Introduction Welcome to the UK School Trips privacy notice. UK School Trips respects your privacy and is committed to protecting your personal data. This privacy notice will
More informationGDPR: Centralize Unstructured Data Governance Across On-premises and Cloud
GDPR: Centralize Unstructured Data Governance Across On-premises and Cloud YOU HAVE UNTIL MAY 2018 i TO CENTRALISE UNSTRUCTURED DATA GOVERNANCE ACROSS ON-PREMISES AND CLOUD The EU s General Data Protection
More informationData Breaches and Security Rights in SharePoint Webinar
Data Breaches and Security Rights in SharePoint Webinar Coby Royer Director of Product Management CipherPoint croyer@cipherpoint.com Twitter @CipherPointSW Don Miller Vice President of Commercial Accounts
More informationSecuring Access of Health Information Using Identity Management
Securing Access of Health Information Using Identity Management Steve Whicker Manager Security Compliance HIPAA Security Officer AHIS Central Region St Vincent Health sawhicke@stvincent.org Chris Bidleman
More informationData Protection Policy
Data Protection Policy StCH Data Protection Policy - POL 53 vs1 - July 2016 1 Document Control Table Document Title: Data Protection Policy Document Ref: POL 53 Author (name and job title): Karen Anderson,
More informationAccelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications
Accelerate Your Response to the EU General Data Protection Regulation (GDPR) with Oracle Cloud Applications O R A C L E W H I T E P A P E R D E C E M B E R 2 0 1 7 Disclaimer The purpose of this document
More informationSAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases
SAP Innovation Forum Portugal GDPR Compliance Program Focus Use Cases Dr. Neil Patrick Director COE GRC & Security (EMEA) 10 th May 2017 2017 SAP AG. All rights reserved. Internal, Named Partner 1 2017
More informationARTICLE 29 Data Protection Working Party
ARTICLE 29 Data Protection Working Party 17/EN WP264 rev.01 Recommendation on the Standard Application for Approval of Controller Binding Corporate Rules for the Transfer of Personal Data Adopted on 11
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationNavigating the New Health Economy
Navigating the New Health Economy How non-traditional healthcare players are using the HITRUST CSF to drive their security programs forward Speakers Dennis Quandt Risk Assurance Director, PwC Boston, MA
More informationGDPR. Guidance on Employee Personal Data
GDPR Guidance on Employee Personal Data Introduction The General Data Protection Regulation (GDPR), due to come into force on 25 May 2018, will impose significant new burdens on organisations across Europe
More informationThe New EU General Data Protection Regulation 1
The New EU General Data Protection Regulation 1 Dear clients and friends, On 14 April 2016 the EU Parliament formally approved the General Data Protection Regulation ( the Regulation ). The Regulation
More information