KYC & Data Protection: Friends or Foes?
|
|
- Sarah Octavia Reynolds
- 5 years ago
- Views:
Transcription
1 KYC & Data Protection: Friends or Foes? How To Comply with KYC Requirements CREOBis March 28 th,
2 Overview 1. Relationship between DP & KYC Regulations 2. Using Data Beyond KYC Purposes? 3. Supervisory Authorities 1
3 Relationship DP >< KYC/AML Combined application of both legislations Processing has a valid legal basis "necessary for complying with a legal obligation to which the data controller is subject" "shall be considered a matter of public interest" Other data protection principles remain applicable (proportionality, purpose limitation, data minimization, etc.) Limitation of right of access 2
4 Illustration 4th directive 2015/849 (Rec ; Articles 41, 43 & 61): Defines the requirements of identification and data collection Defines the categories of information to be used for verification purposes Processing must remain limited to: customer due diligence, ongoing monitoring, investigation and reporting of unusual and suspicious transactions, identification of the beneficial owner, identification of a PEP, sharing of information No further processing for commercial purposes Storage period of 5 years + 5 years max. Right of access only through supervisory authorities 3
5 Relationship DP >< KYC/AML Under the current Privacy Act of 8 Dec. 1992: Some provisions are not applicable: Art. 9: mandatory information to be provided to the individual The AML directive only provides for an exemption in relation to the right of access Under the directive 95/46, Member States may provide for specific exceptions and have a margin of appreciation Art and 12: right of access and right of rectification No explicit alternative is provided to exercize the right of access through the Privacy Commission The fundamental data quality principles apply 4
6 Relationship DP >< KYC/AML Poins of attention under the new GDPR: Legal basis Access & Portability Rights? (art. 15 & 20) Automated decision & profiling? (art. 22) 5
7 GDPR Adoption Process January st draft EU-Commission December 2015 Compromise Wording by EU Parliament, Council and Commission (Trilogue Version) 27 April 2016 Formal Adoption 4. May 2016 Publication in Official Journal 24 May 2016 Entry into Force 25 May 2018 End of Transition Period 6
8 GDPR What is new? 1. Territorial Scope of the GDPR Expansion of extraterritorial scope 2. Lawfulness of the data processing Modifications of the requirements permitting the processing of personal data 3. Use of data processors Requirements only slightly amended; increased duties of data processors 4. International transfers of data Only minor changes; in the mid-term new options for international data transfers 7
9 5. Data Governance / Accountability a) Privacy Impact Assessments b) Data Breach Notification c) Data Protection Officer d) Privacy by Design / Default Increased accountability requirements; new overarching burden of proof Introduction of PIAs Broader notification duties DPO requirement across the EU (with national law specifications remaining possible) Partially new, partially stricter requirements with high relevance in practice 6. Regulators / One Stop-Shop Introduction of the One-Stop-Shop principle 7. Fines Drastic increase (up to EUR 20m or 4% worldwide group revenues) 8. Data Security Measures Minor changes, but higher relevance in practice 8
10 Legal basis for processing Necessity for performing a legal obligation is still a legal basis for processing data The legal obligation must be defined by EU or MS law (non-eu laws will not be a valid legal basis for processing) The legal basis must define the purposes and may bring some adaptations to the provisions of the GDPR 9
11 Using Data Beyond KYC? Other potential legal bases include : Consent Legitimate interests? Need to take into account the legitimate expectations of the data subject Need to assess the compatibility on the basis of (i) link between the purposes, (ii) context of collection, (iii) nature of personal data, (iv) potential consequences, (v) existence of appropriate safeguards including encryption and pseudonymisation 10
12 When do you need consent? When do you need "consent" under the GDPR? Consent is one of the grounds for processing personal data When do you need "explicit consent" under the GDPR? Processing special categories of personal data (if you can't rely on any of the other lawful grounds); Automated decision making, including profiling (if you can't rely on any of the other lawful grounds); and Transfers of personal data to third countries (if there is no other transfer mechanism in place). 11
13 What does "consent" mean under the GDPR? "'consent' of the data subject means any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her" [emphasis added] Requests for consent must be: clearly distinguishable from other matters (i.e. no "bundled" consent) in an intelligible and easily accessible form use clear and plain language Consent can be withdrawn at any time: must be as easy to withdraw as to give data subject must be told upfront that this is possible Other drawbacks: contract performance must not be conditional on consent clear evidence consent for separate processing operations 12
14 What does "explicit consent" mean under the GDPR? The same as under the EU's Data Protection Directive? The Article 29 Working Party defined "explicit consent" as: " all situations where individuals are presented with a proposal to agree or disagree to a particular use or disclosure of their personal information and they respond actively to the question, orally or in writing" Opt-in tick box or declaratory statement Practically, how does this compare with "consent"? Is the clue in the Recitals? 13
15 Private & Confidential Key actions Identify data capture points (e.g. online forms, registrations, contact centres) Check whether opt-in/consent is really required What are people told about how their data will be used? (check policies, statements and notices) Revisit and amend any optin/consent forms Update policies, statements and notices 14
16 Supervisory Authorities under the GDPR Overlap with sectoral (KYC) regulator? Lead supervisory authority on an EU wide basis Cooperation and consistency mechanisms Investigations, injunctions, sanctions 15
17 Osborne Clarke is the business name for an international legal practice and its associated businesses. Full details here: osborneclarke.com/definitions Thank you Paste end slide graphics over this grey box in slide deck
GDPR: What Every MSP Needs to Know
Robert J. Scott GDPR: What Every MSP Needs to Know Speaker Robert J. Scott Agenda Purpose GDPR Intent & Obligations Applicability Subject-matter and objectives Material scope Territorial scope New Rights
More informationTHE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*)
THE GENERAL DATA PROTECTION REGULATION: A BRIEF OVERVIEW (*) The first IBM Personal Computer was introduced just over 35 years ago, on August 12, 1981. The first-generation iphone was introduced in the
More informationBrexit and the Future of Data Protection
Brexit and the Future of Data Protection Max Todd Information Compliance Team, Council Secretariat Tuesday 27 September 2016 General Data Protection Regulation (GDPR) Applies throughout EU from 25 May
More informationPreparing for the GDPR
Preparing for the GDPR Note: These slides and the accompanying presentation contain a general summary and are not legal advice. Niall Rooney 03/11/2017 (1) Data Protection The Right to Data Protection
More informationWSGR Getting Ready for the GDPR Series
WSGR Getting Ready for the GDPR Series Overview, main concepts, principles and obligations Cédric Burton Of Counsel Laura De Boel Senior Associate Christopher Kuner Senior Privacy Counsel WSGR Webinar,
More informationCHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR. Legal02# v1[RXD02]
CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Legal02#67236978v1[RXD02] CHECKLIST FOR TASKS NEEDED IN ORDER TO COMPLY WITH GDPR Notes: We recommend that any business looking to comply with the
More informationTimePlan Education Group Ltd ( the Company ) Data Protection. Date: April Version: 001. Contents
Company Name: Document DP3 Topic: ( the Company ) Data Protection Policy Data Protection Date: April 2018 Version: 001 Contents Introduction Definitions Data processing under the Data Protection Laws 1.
More informationIntroduction to the General Data Protection Regulation (GDPR)
Introduction to the General Data Protection Regulation (GDPR) #CIPR / @CIPR_UK This guide is worth 5 CPD points Introduction to the General Data Protection Regulation (GDPR) / 2 Contents 1 Introduction
More informationMore information at cventconnect.com/europe/mobileapp
Download and Login to the Cvent CONNECT Europe Mobile Event App Tap On Schedule Find Your Session Access Polls and Live Q&A More information at cventconnect.com/europe/mobileapp Cvent CONNECT Europe General
More informationEU GENERAL DATA PROTECTION REGULATION
EU GENERAL DATA PROTECTION REGULATION GENERAL INFORMATION DOCUMENT This resource aims to provide a general factsheet to Asia Pacific Privacy Authorities (APPA) members, in order to understand the basic
More informationGeneral Data Protection Regulation (GDPR) A brief guide
General Data Protection Regulation (GDPR) A brief guide Document compiled by: Terence Clark & Dr. Nathan Matthews June 2017 Acknowledgements This document contains material from the Information Commissioner
More information1 Privacy by Design: The Impact of the new European Regulation on Data protection. Introduction
Introduction On April 2016 the European Parliament approved the General Data Protection Regulation (GDPR). This new regulation, with mandatory implementation by Member States (MS) and businesses that have
More informationGDPR: Are You Ready? Mapping the Road to GDPR Compliance. March 2018
GDPR: Are You Ready? Mapping the Road to GDPR Compliance March 2018 Agenda GDPR Overview Should you appoint a DPO? Accountability checklist/documentation required When is consent appropriate and how do
More informationGenera Data Protection Regulation and the Public Sector
Genera Data Protection Regulation and the Public Sector Tuesday 30 May 2017 @mhclawyers Welcome Edward Gleeson Partner & Head of Public & Administrative Law Mason Hayes & Curran GDPR for Public Bodies
More informationEU General Data Protection Regulation ( GDPR ) FAQs External Version - 16 March 2018
EU General Data Protection Regulation ( GDPR ) FAQs External Version - 16 March 2018 This document is a broad overview of the GDPR and does not provide legal advice. We urge you to consult with your own
More informationNew General Data Protection Regulation - an introduction
New General Data Protection Regulation - an introduction Netnod spring meeting 2017 Johan Hübner, Partner, Advokat Erika Hammar, Associate Agenda Background Why you need to care about the new data privacy
More informationGDPR Webinar : Overview & practical compliance steps. 23 October 2017
GDPR Webinar : Overview & practical compliance steps 23 October 2017 1 Dr Michelle Goddard Director Policy & Communication, EFAMRO Mattias Strandberg Skribent, dagensanalys.se copyright efamro 2010 2 About
More informationThe General Data Protection Regulation and associated legislation. Part 1: Guidance for Community Pharmacy. Version 1: 25th March 2018
The General Data Protection Regulation and associated legislation Part 1: Version 1: 25th March 2018 Introduction The General Data Protection Regulation and, when enacted, the Data Protection Act 2018
More informationb. by a controller not established in EU, but in a place where Member State law applies by virtue of public international law.
Buzescu Ca>Romanian Business Law>Romanian Data Protection Laws 12. ROMANIAN DATA PROTECTION LEGAL REGIME Updated October 2018 The relevant Romanian data protection laws are: European Regulation no. 679
More informationwith Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting
with Xavier Darmstaedter Managing Partner GEDAPRE DACOTA Consulting xada@gedapre.eu tel 0475-41.03.22 xavier.darmstaedter@dacota.eu Gent, 3 October 2017 4 facts 1. We are not really in control of our personal
More informationRSD Technology Limited - Data protection policy: RSD Technology Limited ( the Company )
RSD Technology Limited - Data protection policy: Introduction Company Name: Document DP3 Topic: RSD Technology Limited ( the Company ) Data Protection Policy Data protection Date: 25 th May 2018 Version:
More informationGeneral Data Protection Regulation Philippe Roggeband. Business Development, Manager, GSSO EMEAR
General Data Protection Regulation Philippe Roggeband Business Development, Manager, GSSO EMEAR Why should you care? Data Protection, and compliance with the General Data Protection regulation, is NOT
More informationWHAT DOES THE GDPR MEAN FOR HR PROFESSIONALS?
WHAT DOES THE GDPR MEAN FOR HR PROFESSIONALS? The General Data Protection Regualtion An introduction The General Data Protection Regulation comes into effect in mid-2018 and will introduce a number of
More informationData Protection Policy. Data protection. Date: 28/4/2018. Version: 1. Contents
Company Name: Document: Topic: System People ( the Company ) Data Protection Policy Data protection Date: 28/4/2018 Version: 1 Contents Introduction Definitions Data processing under the Data Protection
More informationGDPR & SMART PIA. Wageningen University Feb 2017
GDPR & SMART PIA Wageningen University Feb 2017 Tips for Action: Anticipate on the new EU General Data Protection Regulation (GDPR) to determine the privacy standards GDPR has been adopted by EU Parliament
More informationGDPR is coming in 108 days: Are you ready?
Charles-Albert Helleputte Partner, Brussels GDPR is coming in 108 days: Are you ready? Diletta De Cicco Legal Consultant, Brussels 6 February 2018 +32 2 551 5982 chelleputte@mayerbrown.com +32 2 551 5974
More informationEU General Data Protection Regulation (GDPR)
A Brief Overview of the EU General Data Protection Regulation (GDPR) November 2017 What is the GDPR? After several years in the making, on 8 April 2016 the European Council finally adopted Regulation
More informationBrace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas
February 13, 2017 Brace for Impact: Why the GDPR Should Remain at the Top of Directors Agendas The ICSA Annual Conference 2017 Stronger Boards, Better Governance ExCel, London, 4 July, 2017, 11:30 AM Our
More informationThe Top 10 Operational Impacts of the EU s General Data Protection Regulation
The Top 10 Operational Impacts of the EU s General Data Protection Regulation www.iapp.org IAPP - International Association of Privacy Professionals The Top 10 Operational Impacts of the EU s General Data
More informationThe Data Protection Regulation for Europe
The Data Protection Regulation for Europe Magnus Stenbeck, Karolinska Institutet Dept of Clinical Neuroscience and The Research Data Inquiry (U 2016:04) The data protection regulation in the EU Old system
More informationBrasenose College Data Protection Policy Statement v1.2
Brasenose College Data Protection Policy Statement v1.2 1. Introduction All documents referred to in this policy can be found online at the address below: https://www.bnc.ox.ac.uk/privacypolicies 1.1 Background
More informationGetting ready for GDPR. A guide to General Data Protection Regulations
Getting ready for GDPR A guide to General Data Protection Regulations The General Data Protection Regulation (GDPR) Wherever information is stored, individuals and organisations need to be mindful of the
More informationGDPR for Charities. Tuesday 17 October 2017
GDPR for Charities Tuesday 17 October 2017 Welcome Edward Gleeson, Head of Charities GDPR for the Charity Sector Robert Haniver, Senior Associate Data protection reform General Data Protection Regulation
More information27 April GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback
27 April 2017 GDPR Implementation Challenges: A Summary of CIPL GDPR Project Participants Feedback 1 GDPR Implementation Challenges A Summary of CIPL GDPR Project Participants Feedback In early 2017, CIPL
More information#RSAC TEN PITFALLS TO AVOID IN GDPR
SESSION ID: SEM-M01 TEN PITFALLS TO AVOID IN GDPR Next Month 25 May 2018 > Protection of personal data in e-society Single legal basis for all 28 (27) Member States Regulation > no enabling legislation
More informationGDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges
GDPR and Canadian organizations: Addressing key challenges GDPR and Canadian organizations: Addressing key challenges Cyber Risk 1 GDPR and Canadian organizations: Addressing key challenges The regulation
More informationGuidance on the General Data Protection Regulation: (1) Getting started
Guidance on the General Data Protection Regulation: (1) Getting started Guidance Note IR03/16 20 th February 2017 Gibraltar Regulatory Authority Information Rights Division 2 nd Floor, Eurotowers 4, 1
More informationWhat do companies need to do?
Briefing GDPR The General Data Protection Regulation ( GDPR ) will come into effect on 25 May 2018. The GDPR will replace the existing data protection laws in all EU member states and is designed to result
More informationGetting Ready for the GDPR
Getting Ready for the GDPR Ann Cartwright Information Governance Lead Sefton Council for Voluntary Service (CVS) Registered Charity No. 1024546. Company Limited by Guarantee No. 2832920. Suite 3B, 3rd
More informationWHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION
WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) WHAT PAYROLL PROFESSIONALS NEED TO KNOW ABOUT THE GENERAL DATA PROTECTION REGULATION (GDPR) Published by: The
More informationGeneral Data Protection Regulation
General Data Protection Regulation Sofie van der Meulen Axon seminar 21 February 2018 Why and when GDPR Essentials Guidance Data Protection Officer Lead Authority Data Portability Data Protection Impact
More informationGENERAL DATA PROTECTION REGULATION Guidance Notes
GENERAL DATA PROTECTION REGULATION Guidance Notes What is the GDPR? Currently, the law on data protection requiring the handling of data which identifies people to be done in a fair way, is contained in
More informationP Drive_GDPR_Data Protection Policy_May18_V1. Skills Direct Ltd ( the Company ) Data protection. Date: 21 st May Version: Version 1.
Company Name: Document DP3 Topic: Skills Direct Ltd ( the Company ) Data Protection Policy Data protection Date: 21 st May 2018 Version: Version 1 Contents Introduction Definitions Data processing under
More informationThe ICT Service:
GDPR for schools 1 Intro and aims The ICT Service: support@theictservice.org.uk, 0300 300 00 00 Cambridgeshire County Council: Information and Records Team. Data.protection@cambridgeshire.gov.uk 01223
More informationAccountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management? Alan Calder Founder & Executive Chairman IT Governance Ltd 19 January 2017 www.itgovernance.co.uk Introduction Alan Calder
More informationExploring the Impact of the GDPR on Companies Sponsoring and Managing Global Clinical Research
With an ever-abundant list of important compliance requirements to contend with, life sciences compliance officers have no shortage of challenges. And this year won t offer any reprieve. On May 25, 2018,
More informationThe General Data Protection Regulation in health & social care. 6 October 2016 Leeds
The General Data Protection Regulation in health & social care 6 October 2016 Leeds Session outline 09.05am: Roadmap of the GDPR 10.15am: Coffee break 10.30: GDPR impact: Streetview Employment Rights of
More informationThe GDPR enforcement deadline is looming are you ready?
Link to Article The GDPR enforcement deadline is looming are you ready? 1 Compliance Is this relevant to the Wealth Management community is Asia? It is relevant to your business if you have an establishment
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) ServiceNow Governance, Risk, and Compliance Table of Contents What is the GDPR?...3 Key Requirements for the GDPR...4 Accountability, Policies,
More informationCustomer Data Protection. Temenos module for the General Data Protection Regulation (GDPR)
Customer Data Protection Temenos module for the General Data Protection Regulation (GDPR) Contents Glossary 03 GDPR Geographical Scope 03 GDPR implementation status 03 Overview of GDPR 03 Financial Institutions
More informationPREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER
PREPARING YOUR ORGANISATION FOR THE GENERAL DATA PROTECTION REGULATION YOUR READINESS CHECKLIST DATA PROTECTION COMMISSIONER 1 What will the GDPR mean for your business/organisation? On the 25 th May 2018,
More informationPensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes
Pensions Authority Data Protection Considerations for Trustees of Occupational Pension Schemes 1 INTRODUCTION The General Data Protection Regulation (GDPR) comes into force in all EU Member States on 25.
More informationDealing with the EU Data Protection Regulation in Practice. William Long, Partner Sidley Austin LLP February 11, 2016
Dealing with the EU Data Protection Regulation in Practice William Long, Partner Sidley Austin LLP February 11, 2016 Do you need to comply? The Regulation will apply to a business processing personal data:
More informationTraining Manual. DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Data Protection Officer is Mike Bandurak
PROFESSIONAL INDEPENDENT ADVISERS LTD DATA PROTECTION ACT 2018 (DPA18) Incorporating General Data Protection Regulations (GDPR) Training Manual Data Protection Officer is Mike Bandurak GDPR introduction
More informationBreaking the myth How your marketing activities can benefit from the GDPR December 2017
www.pwc.be Breaking the myth How your marketing activities can benefit from the GDPR December 2017 1. Introduction As opposed to a widespread belief, the GDPR aims to reinforce customers rights, whilst
More informationEuropean Union General Data Protection Regulation 2016 (Effective 25 May 2018)
European Union General Data Protection Regulation 2016 (Effective 25 May 2018) European Union General Data Protection Regulation 2016 (Effective 25 May 2018) CONTENTS Why is the GDPR relevant to Hong
More informationGENERAL DATA PROTECTION REGULATION (GDPR)
GENERAL DATA PROTECTION REGULATION (GDPR) GUIDANCE FOR THE ONLINE GAMBLING INDUSTRY Guidance is to help licensed online gambling operators to comply with their obligations under GDPR www.rga.eu.com GENERAL
More informationSample Data Management Policy Structure
Sample Data Management Policy Structure This document has been produced by The Audience Agency. You are free to edit and use this document in your business. You may not use this document for commercial
More informationThe New EU General Data Protection Regulation 1
The New EU General Data Protection Regulation 1 Dear clients and friends, On 14 April 2016 the EU Parliament formally approved the General Data Protection Regulation ( the Regulation ). The Regulation
More informationEU General Data Protection Regulation in the digital age: Are you ready?
EU General Data Protection Regulation in the digital age: Are you ready? What do you need to know about the new EU General Data Protection Regulation? Data protection has entered a period of unprecedented
More informationEU General Data Protection Regulation: are you ready?
EU General Data Protection Regulation: are you ready? Contents What you need to know about the new EU General Data Protection Regulation Is your organization ready for the EU General Data Protection Regulation?
More informationEU General Data Protection Regulation
Guidance note EU General Data Protection Contents Introduction Guidance note aims and structure Summary Data basics Dealing with individuals Governance and risk management Concluding remarks Appendix 1
More informationLAST UPDATED June 11, 2018 DATA PROTECTION POLICY. International Foundation for Electoral Systems
LAST UPDATED June 11, 2018 DATA PROTECTION POLICY International Foundation for Electoral Systems 1. Purpose 1.1. International Foundation for Electoral Systems is committed to complying with privacy and
More informationGDPR AN OVERVIEW OF THE REGULATIONS AND THEIR LIKELY IMPACT ON APPRENTICESHIPS
GDPR AN OVERVIEW OF THE REGULATIONS AND THEIR LIKELY IMPACT ON APPRENTICESHIPS March 2018 Rebecca Rhodes, Senior Associate, UVAC r.rhodes@bolton.ac.uk Agenda Aim and purpose Scope & implications for non-compliance
More informationGDPR Factsheet - Key Provisions and steps for Compliance
GDPR Factsheet - Key Provisions and steps for Compliance Organisations in the Leisure & Hospitality industry hold vast amounts of personal data relating to customers, employees, and suppliers as well as
More informationGENERAL DATA PROTECTION REGULATION.
For the use of mortgage intermediaries and other professionals only. GENERAL DATA HALIFAX INTERMEDIARIES KEY CHANGES GUIDE MAY 2018 REGULATION >SELECT A TILE FOR MORE INFORMATION WHAT IS THE GDPR? KEY
More informationEU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA Francoise Gilbert 1
EU General Data Protection Regulation: What Impact for Businesses Established Outside the EU and EEA Francoise Gilbert 1 The EU General Data Protection Regulation (GDPR), which replaces Directive 95/46/EC
More informationThe GDPR: What does it mean for executive search?
The GDPR: What does it mean for executive search? At Invenias, we are committed to working in partnership with our customers to ensure a streamlined journey to compliance. Our customers benefit from data
More informationGetting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations
Getting ready for the new data protection laws A guide for small businesses, charities and voluntary organisations Page 1 of 22 Your business and the new data protection laws Data protection and privacy
More informationData Privacy, Protection and Compliance From the U.S. to Europe and Beyond
Data Privacy, Protection and Compliance From the U.S. to Europe and Beyond InsideNGO's 2017 Annual Conference Washington, DC July 20, 2017 Shannon Yavorsky Partner, Venable LLP David Goodman Global Non-
More informationPreparing Your Vendor Agreements for the General Data Protection Regulation
Preparing Your Vendor Agreements for the General Data Protection Regulation Oliver Yaros Partner - London +44 (0)203 130 3698 oyaros@mayerbrown.com Lei Shen Senior Associate - Chicago +1 312 701 8852 lshen@mayerbrown.com
More informationARTICLE 29 DATA PROTECTION WORKING PARTY
ARTICLE 29 DATA PROTECTION WORKING PARTY 17/EN WP 256 Working Document setting up a table with the elements and principles to be found in Binding Corporate Rules (updated) Adopted on 29 November 2017 INTRODUCTION
More informationGDPR a legal overview
GDPR a legal overview Andrew Gilchrist and Noirin McFadden, K&L Gates LLP Copyright 2017 by K&L Gates LLP. All rights reserved. Background to reform WHY WAS REFORM REQUIRED? We ve had data protection laws
More informationNew EU-GDPR: Challenges for Universities and Research Organisations
New EU-GDPR: Challenges for Universities and Research Organisations Prof. Dr. Ing. Ramin Yahyapour CIO Georg-August-Universität Göttingen and University Medical Centre Director GWDG EUNIS workshop for
More informationWHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT
WHAT YOU NEED TO KNOW [WHITE PAPER] ABOUT GDPR HOW TO STAY COMPLIANT WHAT IS GDPR? The EU General Data Protection Regulation (GDPR) comes into force on 25 May 2018. Within this document we ll explore what
More informationIMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS
IMPACT OF THE NEW GDPR DIRECTIVE ON OUTSOURCING ARRANGEMENTS This Insight provides an overview of the changes, and impact the GDPR Directive presents to outsourcing arrangements. Furthermore, it provides
More informationWhat does the GDPR mean for recruitment?
What does the GDPR mean for recruitment? www.recruitment.software Contents 04 What is GDPR? In May 2018, Europe s new data protection rules will come into effect. 04 Who is responsible? 05 What are the
More informationGDPR factsheet Key provisions and steps for compliance
GDPR factsheet Key provisions and steps for compliance Organisations hold vast amounts of personal data relating to customers, employees, and suppliers as well as within marketing databases. Compliance
More informationGeneral Personal Data Protection Policy
General Personal Data Protection Policy Contents 1. Scope, Purpose and Users...4 2. Reference Documents...4 3. Definitions...5 4. Basic Principles Regarding Personal Data Processing...6 4.1 Lawfulness,
More informationDiscussion Paper on innovative uses of consumer data by financial institutions
Datum 28 juli 2016 Referentie OD15800 NVB response to the European Banking Authority Consultation form Discussion Paper on innovative uses of consumer data by financial institutions The EBA invites comments
More informationAmCham s HR Committee s
AmCham s HR Committee s GDPR / Data Privacy Roundtable 19. SEPTEMBER 2017 THE REGULATION REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural
More informationDecember 28, 2018, New Delhi, INDIA
LexArticle December 28, 2018, New Delhi, INDIA GDPR COMPLIANCES BY INDIAN COMPANIES A BRIEF OVERVIEW GDPR COMPLIANCES BY INDIAN COMPANIES A BRIEF OVERVIEW If you have questions or would like additional
More informationPreparing for the General Data Protection Regulation (GDPR)
Preparing for the General Data Protection Regulation (GDPR) 10 Steps For Schools... Introduction The new EU General Data Protection Regulation (GDPR) comes into force in the UK on 25th May 2018. This regulation
More informationThe Revised DPA: What To Expect
The Revised DPA: What To Expect The Federal Council's Draft Bill of September 2017 David Rosenthal Where we stand today Revision of Swiss Data Protection Act (DPA) Pre-draft for public comment (December
More informationPresenting a live 90-minute webinar with interactive Q&A. Today s faculty features:
Presenting a live 90-minute webinar with interactive Q&A Compliance With New EU GDPR: Steps Investment Funds, Banks, Advisers and Financial Intermediaries Should Take Now Revising Service Agreements and
More informationGuidelines on the protection of personal data in IT governance and IT management of EU institutions
Guidelines on the protection of personal data in IT governance and IT management of EU institutions Postal address: rue Wiertz 60 - B-1047 Brussels Offices: rue Montoyer 30 - B-1000 Brussels E-mail : edps@edps.europa.eu
More informationTEL: +44 (0)
EU General Data Protection Regulation FAQs Cordery GDPR Navigator This note is part of the Cordery GDPR Navigator. Technical terms are used in this document which are explained in the glossary. Edition
More informationDATA PROTECTION OFFICER (DPO) Maria Maxim Partner Bucharest October 25, 2017
DATA PROTECTION OFFICER (DPO) Maria Maxim Partner Bucharest October 25, 2017 TOPICS GDPR overview Concept of the DPO Recruitment process Job description Liability Your to do s: GDPR Responsibility and
More informationGetting Ready for the. General Data Protection Regulation GDPR. A Guide by Mason Hayes & Curran. Dublin, London, New York & San Francisco. MHC.
Getting Ready for the General Data Protection Regulation GDPR 2018 Dublin, London, New York & San Francisco A Guide by Mason Hayes & Curran MHC.ie The contents of this publication are to assist access
More informationA GDPR Primer For U.S.-Based Cos. Handling EU Data: Part 1
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com A GDPR Primer For U.S.-Based Cos. Handling
More informationThe General Data Protection Regulation An Overview
The General Data Protection Regulation An Overview Published: May 2017 Brunel House, Old Street, St.Helier, Jersey, JE2 3RG Tel: (+44) 1534 716530 Guernsey Information Centre, North Esplanade, St Peter
More informationAn Introduction to GDPR and How To Prepare
An Introduction to GDPR and How To Prepare Vincenzo Ardilio IRIS Data Protection Officer What We Will Highlight What you need to know first about GDPR Privacy notices Data subject rights The data controller/processor
More informationRepresentative Church Body of the Church of Ireland General Data Protection Regulation Overview
Representative Church Body of the Church of Ireland General Data Protection Regulation Overview Rebekah Fozzard Representative Church Body Spring 2018 Introduction Data Protection Coordinator for the Representative
More informationCNPD Training: Data Protection Basics
CNPD Training: Data Protection Basics The obligations of controllers and processors Esch-sur-Alzette Mathilde Stenersen 7-8 February 2018 Legal service Outline 1. Introduction 2. Basic elements 3. The
More informationPolicy Document for: Data Protection (GDPR) Approved by Directors: September Due for Review: September Statement of intent
Policy Document for: Data Protection (GDPR) Approved by Directors: September 2017 Due for Review: September 2020 1. Statement of intent Timu Academy Trust is required to keep and process certain information
More informationTWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION
TWELVE STEP PLAN TO BECOME COMPLIANT WITH THE GENERAL DATA PROTECTION REGULATION Awareness Data Stream Map Communication Rights of the subject Legal basis Consent Data Breaches Privacy by design and PIA
More informationEU General Data Protection Regulation (GDPR) Tieto s approach and implementation
EU General Data Protection Regulation (GDPR) Tieto s approach and implementation GDPR roles and positions Data subjects Information on processing Consent or other basis for processing Right requests High
More informationWith financial penalties of up to 4 percent of global annual turnover, are you up-to-date on the General Data Protection Regulation?
With financial penalties of up to 4 percent of global annual turnover, are you up-to-date on the General Data Protection Regulation? The General Data Protection Regulation The GDPR applies to all organizations
More informationGDPR. Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry
GDPR Legalities, Policies and Process Part 3 of our series on GDPR and its impact on the recruitment industry Who are we? Dillistone Group Plc, a public company listed on the AIM market of the London stock
More information