emma bate jade kowalski partner senior associate ebate
play

Emma Bate Jade Kowalski Partner Senior Associate - PowerPoint PPT Presentation

Dec 28, 2022 •393 likes •864 views

BIBA: General Data Protection Regulation 6 July 2017 Emma Bate Jade Kowalski Partner Senior Associate ebate@dacbeachcroft.com jkowalski@dacbeachcroft.com 020 7894 6740 020 7894 6744 Agenda Overview of the GDPR Industry approach to

  1. BIBA: General Data Protection Regulation 6 July 2017 Emma Bate Jade Kowalski Partner Senior Associate ebate@dacbeachcroft.com jkowalski@dacbeachcroft.com 020 7894 6740 020 7894 6744

  2. Agenda Overview of the GDPR Industry approach to privacy notices & consent Actions to take now

  3. Background What is the GDPR and why does it matter? GDPR replaces the UK Data Protection Act 1998 and national legislation across Europe on 25 May 2018 An attempt to harmonise data protection laws across Europe Applicable despite Brexit Greater obligations on organisations when processing personal data Provides individuals with more rights which are easier to enforce Changes the risk profile of data protection compliance

  4. Overview of the GDPR New Principle of Data Handling Data Protection Accountability Obligations Principles Data Subject Legal Basis for Rights Processing Security & consent & privacy policies Breach Data Protection Enforcement Notification Officers

  5. Overview of the GDPR New Principle of Data Handling Accountability Obligations Breach Enforcement Notification

  6. Overview of the GDPR Data Subject Legal Basis for Rights Processing & consent & privacy policies

  7. Key aspects of the GDPR New principle of accountability The data controller must be responsible for, and be able to demonstrate compliance with the other principles.  Policies and procedures  Governance  Records of processing  Data protection officers  Data protection impact assessments  Data protection by design and by default

  8. Key aspects of the GDPR Data Protection Impact Assessments Required where processing is likely to result in a high risk to the rights and freedoms of data subjects Will be required in cases of: systematic and extensive evaluation of personal aspects based on  automated processing, including profiling processing of special categories of data on a large scale  systematic monitoring of a publicly accessible area on a large scale 

  9. Key aspects of the GDPR Data protection by design and by default  Consider: the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks posed by the Processing  What technical and organisational measures could be used? (e.g. pseudonymisation)  Goal: only Personal Data which is necessary for each specific purpose of the processing are processed

  10. Key aspects of the GDPR Data breach notification to the regulator Without undue delay and, where feasible, not later than 72 hours Exception: where the breach is “unlikely to result in a risk to the rights and freedoms” of data subjects Notification must contain:  nature of the breach including, where possible, the categories of data and approximate number of Data Subjects;  name and contact details of the data protection officer;  likely consequences of the Personal Data breach; and  measures taken or proposed to be taken by the Data Controller to address the breach.

  11. Key aspects of the GDPR Data breach notification to the data subjects Without undue delay but only where the breach is likely to result in a high risk to the rights and freedoms of data subjects Notification is not required where:  personal data is unintelligible (e.g. encrypted);  the data controller has taken subsequent measures to ensure that the high risk to data subjects will not materialise; or  individual notification would require disproportionate effort (but – public communication)

  12. Key aspects of the GDPR International transfers Personal Data should not be transferred outside of the EEA unless “adequate data protection” is ensured:  EU Model Clauses  Transfer is under binding corporate rules  Privacy Shield Two new approved transfer mechanisms:  reliance on approved code of conduct  approved privacy seal

  13. Why does the GDPR change the landscape? Enforcement powers Powers granted to the ICO include the ability to:  carry out audits;  issue orders to suspend or cease processing; or  order suspension of data flows to third countries. Member States can put in place criminal sanctions.

  14. Why does the GDPR change the landscape? Fines  Fines can be imposed for any infringement of the GDPR.  When imposing a fine, the regulator must ensure it is “effective, proportionate and dissuasive ”. Factors to be taken into account include: The nature, gravity and duration of the infringement The intentional or negligent character of the infringement Any action taken to mitigate damage to data subjects Co-operation with the regulator Self-reporting Any other mitigating or aggravating factors

  15. Why does the GDPR change the landscape? Examples Level of fine • Category A failure to maintain up to EUR 10,000,000 breaches written records or • failure to implement 2% of worldwide annual data protection by turnover of an undertaking design and default • Category B processing without a up to EUR 20,000,000 breaches relevant legal basis or • infringement of data 4% of worldwide annual subject rights turnover of an undertaking

  16. Why does the GDPR change the landscape? Compensation A data subject has the right to compensation where he or she has suffered “material or non - material damage” as a result of an infringement. Not-for-profit organisations are able to pursue claims on behalf of individuals and classes.

  17. GDPR Challenges Delivery of privacy notices Requirement to obtain explicit consent

  18. Privacy Notices  Controller must “ take appropriate measures” to provide the privacy notice  Must be in a “concise , transparent, intelligible and easily accessible form, using clear and plain language”  Two lists of information to be provided:  when you are collecting the information from the individual  when a third party passes on that information to you.

  19. Privacy notices  Identity of controller & any data protection officer  Purposes & legal grounds  Set out ‘legitimate interest’ if relevant  Set out right to withdraw consent if relevant  Categories of personal data  Sources  Recipients / categories of recipients  Details of international transfers

  20. Privacy notices  Data retention periods, or the criteria used  Existence of data subject rights to:  access data,  rectification,  erasure,  restriction,  object  Existence of automated decision making / profiling  Right complain to the Information Commissioner

  21. Privacy notices Legal grounds  Special category data; e.g. health & criminal records data Personal data Special categories of data Consent Explicit Consent Performance of a contract Legal claims with the data subject Vital interests Vital interests (data subject not capable of giving consent) Legitimate interests In substantial public interest & set out in UK law

  22. Privacy notices Legal grounds  Special category data: e.g. health & criminal records data Personal data Special categories of data Consent Explicit Consent Performance of a contract Legal claims with the data subject Vital interests Vital interests (data subject not capable of giving consent) Legitimate interests In substantial public interest & set out in UK law

  23. Consent • Clear, demonstrable, freely given & capable of withdrawal • Granular • Inform data subjects of right to withdraw consent at any time. It must be as easy to withdraw consent as to give it • Silence and pre-ticked boxes do not constitute consent. • Conditional consent – is possible but will be under high scrutiny • ICO draft guidance discouraged use of conditional consent

  24. Industry Approach  Template privacy notice  Set out standard response for:  Brokers  Insurers  Coverholders  Reinsurance Brokers  Reinsurers  Retrocession Brokers  Retrocessionaires

  25. Industry Approach  Who is to provide the notice?  Format of the Notice:  layered approach  tables  clicks and reveals  Identity of data controller?  Changes to insurance chain during the policy  Obligation is to provide the notice within 30 days, unless the individual already has the information

  26. Industry response • Lobbying DCMS – New legal ground for insurance sector processing special category data – Why this is needed: • Have to use a conditional consent • Withdrawal of consent is likely to terminate the policy • Challenge to obtain consent for an insurance chain

  27. Industry response • Lobbying DCMS – Legal basis: it is in the substantial public interest, and is: • proportionate to the aim pursued • respects the essence of the right to data protection • provides suitable and specific measures to safeguard the fundamental rights and interests of the data subject

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Data privacy from across the pond: what US companies need to know about the European General Data

Data privacy from across the pond: what US companies need to know about the European General Data

Data privacy from across the pond: what US companies need to know about the European General Data Protection Regulation. 15 February 2018 Jade Kowalski Jade Kowalski Joseph Fitzgerald Joseph Fitzgerald Senior Associate Senior Associate

422 views • 28 slides
DMO Covid-19 Legal Clinic 19 May 2020 Matt Gatenby , Senior Partner Ami Naru , Partner, Head of

DMO Covid-19 Legal Clinic 19 May 2020 Matt Gatenby , Senior Partner Ami Naru , Partner, Head of

DMO Covid-19 Legal Clinic 19 May 2020 Matt Gatenby , Senior Partner Ami Naru , Partner, Head of Employment Emma Shakespeare , Senior Associate, Head of Corporate Governance What Will We Cover Today? Travlaws F.A.Q.s Current Landscape

319 views • 9 slides
UKinbound Covid-19 Webinar Legal Issues 31 March 2020 Matt Gatenby , Senior Partner Ami Naru

UKinbound Covid-19 Webinar Legal Issues 31 March 2020 Matt Gatenby , Senior Partner Ami Naru

UKinbound Covid-19 Webinar Legal Issues 31 March 2020 Matt Gatenby , Senior Partner Ami Naru , Partner, Head of Employment Emma Shakespeare , Senior Associate, Head of Corporate Governance Covid-19 & The UK-centric Travel Industry Most

330 views • 7 slides
Round up of recent shipping cases Emma Burrage Elizabeth McArthur Senior Associate Associate

Round up of recent shipping cases Emma Burrage Elizabeth McArthur Senior Associate Associate

Round up of recent shipping cases Emma Burrage Elizabeth McArthur Senior Associate Associate Norton Rose Fulbright LLP October 25, 2017 Round up of recent shipping cases Contractual interpretation the limits of commerciality Gard

319 views • 31 slides
1 9/14/2019 Deb ebate Str trategies: Deb ebate Str trategies: Google search- I got

1 9/14/2019 Deb ebate Str trategies: Deb ebate Str trategies: Google search- I got

9/14/2019 COI DISCLOSURES I have received lecture and proctoring honoraria from Spectranetics. I have been funded by and NIH/SBIR grant to AJ Medical Devices, Inc. (AJMD) and research grants from Boston Scientific, Medtronic, CON-LifeVest

586 views • 5 slides
A presentation by hilldickinson.com Gross Negligence Manslaughter Emma Galland Partner

A presentation by hilldickinson.com Gross Negligence Manslaughter Emma Galland Partner

A presentation by hilldickinson.com Gross Negligence Manslaughter Emma Galland Partner emma.galland@hilldickinson.com 020 7280 9294 Contents What is the current position Recent cases: Dr Sellu Dr Bawa-Garba Williams Review

606 views • 18 slides
CRUMMELL SCHOOL REDEVELOPMENT PROJECT TEAM & INTRODUCTIONS PARTNER PARTNER PARTNER 2

CRUMMELL SCHOOL REDEVELOPMENT PROJECT TEAM & INTRODUCTIONS PARTNER PARTNER PARTNER 2

CRUMMELL SCHOOL REDEVELOPMENT PROJECT TEAM & INTRODUCTIONS PARTNER PARTNER PARTNER 2 RELEVANT EXPERIENCE Victory Squ Squar are ( (Parkside) 98-units senior affordable building Independent senior living 100% of units below

269 views • 15 slides
Disclosures Managing Bronchiolitis: Just Stand There or Do I have nothing to disclose

Disclosures Managing Bronchiolitis: Just Stand There or Do I have nothing to disclose

5/17/13 Disclosures Managing Bronchiolitis: Just Stand There or Do I have nothing to disclose Something? Michele Long, MD Associate Clinical Professor Pediatric Hospitalist Case: Emma does Emma need a CXR? Emma is a 4 month old

319 views • 10 slides
SOLUTIONS TO SUCCESS Thursday 9 th February The Assembly House, Norwich Presented by: Neale

SOLUTIONS TO SUCCESS Thursday 9 th February The Assembly House, Norwich Presented by: Neale

THE BUSINESS OF CHARITIES: SOLUTIONS TO SUCCESS Thursday 9 th February The Assembly House, Norwich Presented by: Neale Grearson, Partner and Head of Charities Department Hugh Berridge, Senior Partner, Charities Department Jade Tinney,

708 views • 58 slides
Agenda Corporate Attribution Rules Section 84.1 Traps Capital Dividend Account

Agenda Corporate Attribution Rules Section 84.1 Traps Capital Dividend Account

Tax Traps to Remember Joan E. Jung, Partner Minden Gross LLP Michael A. Goldberg, Partner Minden Gross LLP Samantha A. Prasad, Partner Minden Gross LLP Matthew Getzler, Associate Minden Gross LLP Ryan Chua, Associate Minden Gross

1.52k views • 105 slides
I NTRODUCTION ( n = 1) Leau-Fatou flower theorem (1920). M ARCO A BATE (U NIVERSIT DI P ISA ) M

I NTRODUCTION ( n = 1) Leau-Fatou flower theorem (1920). M ARCO A BATE (U NIVERSIT DI P ISA ) M

D YNAMICS OF FAMILIES OF MAPS TANGENT TO THE IDENTITY Marco Abate Dipartimento di Matematica Universit di Pisa Parameter problems in analytic dynamics Imperial College, London, June 27, 2016 M ARCO A BATE (U NIVERSIT DI P ISA ) M APS

1.57k views • 111 slides
Safety surveillance in real world data: leveraging transactional insurance claims databases and

Safety surveillance in real world data: leveraging transactional insurance claims databases and

Worldwide Safety Strategy Safety surveillance in real world data: leveraging transactional insurance claims databases and electronic medical records Andrew Bate Andrew Bate Senior Director, Analytics Team Lead, Epidemiology, Worldwide Safety

541 views • 13 slides
DDD R e bate 101 for Distr ic t Administr ator s R ole s and R e sponsibilities L

DDD R e bate 101 for Distr ic t Administr ator s R ole s and R e sponsibilities L

DDD R e bate 101 for Distr ic t Administr ator s R ole s and R e sponsibilities L oc a l Jurisdic tions: Appoint District Administrator to market, manage and report on program Connect potential investment opportunities -

686 views • 12 slides
Employment Law Update Keith Land, Partner Catherine Hope, Associate Fiona Campbell, Associate

Employment Law Update Keith Land, Partner Catherine Hope, Associate Fiona Campbell, Associate

Employment Law Update Keith Land, Partner Catherine Hope, Associate Fiona Campbell, Associate 19 November 2020 Your speakers today Introduction to Reed Human Resources reedglobal.com About reedglobal.com Heres a little more on what

440 views • 39 slides
PSEAS and Beyond Emma Steely Rising Southern Columbia Senior Borlaug Scholar What is PSEAS?

PSEAS and Beyond Emma Steely Rising Southern Columbia Senior Borlaug Scholar What is PSEAS?

PSEAS and Beyond Emma Steely Rising Southern Columbia Senior Borlaug Scholar What is PSEAS? Pennsylvania School for Excellence in the Agricultural Sciences Four-week residential program Located at University Park Two

507 views • 9 slides
TRANSFORMATION OF ISLINGTONS ADULT SUBSTANCE MISUSE SERVICES Emma Stubbs Senior Commissioning

TRANSFORMATION OF ISLINGTONS ADULT SUBSTANCE MISUSE SERVICES Emma Stubbs Senior Commissioning

TRANSFORMATION OF ISLINGTONS ADULT SUBSTANCE MISUSE SERVICES Emma Stubbs Senior Commissioning Manager Charlotte Ashton Consultant in Public Health March 2017 Key areas Background information Why are we doing this? Which services

346 views • 7 slides
EL v THE STATE The Breastfeeding Case SUMMARY OF FACTS The appellant was a young lady

EL v THE STATE The Breastfeeding Case SUMMARY OF FACTS The appellant was a young lady

EL v THE STATE The Breastfeeding Case SUMMARY OF FACTS The appellant was a young lady woman living with HIV who was convicted of negligently and recklessly doing an act which is likely to spread the infection of any disease which

92 views • 7 slides
Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and

Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and

Keep Alaska Moving through service and infrastructure Keep Alaska Moving through service and infrastructure AGENDA Fiscal Year 2016 Review AMHS RBA Measures Results Based Alignment Core and Direct Services Conformance to Plan,

371 views • 17 slides
The Pipeline Interface The results of joint Trade Customs research Frank Heijmann David

The Pipeline Interface The results of joint Trade Customs research Frank Heijmann David

The Pipeline Interface The results of joint Trade Customs research Frank Heijmann David Hesketh Netherlands Customs United Kingdom Customs Malcom Purcell McLean, 1913 2001 Current Customs and International Trade Systems Data relating

268 views • 10 slides
A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins

A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins

A Formal Framework for Component Deployment Y. David Liu Scott F. Smith Johns Hopkins University OOPSLA'06, Portland, Oregon A Menagerie of Deployment Systems CLI Assemblies InstallShield JSR 277 OSGi RPM Dpkg EJB Manifests Portage

934 views • 82 slides
Relevant Case-Law Summaries Webinar on R ecent Important Judgements under GST Presented by:

Relevant Case-Law Summaries Webinar on R ecent Important Judgements under GST Presented by:

Relevant Case-Law Summaries Webinar on R ecent Important Judgements under GST Presented by: Advocate L. Badrinarayanan Indirect Taxes Study Circle 16 th May,2020; Saturday Index of Case Laws: Sl No. Case Issue 1. Safari Retreats Pvt. Ltd.

241 views • 11 slides
O O'MELVENY & M^ERS LLP ^ ^. l ^ c SAti [^AA!CC1SC0 4ao South Hope Street ^^ uss

O O'MELVENY & M^ERS LLP ^ ^. l ^ c SAti [^AA!CC1SC0 4ao South Hope Street ^^ uss

O O'MELVENY & M^ERS LLP ^ ^. l ^ c SAti [^AA!CC1SC0 4ao South Hope Street ^^ uss . s s^ n c Los Angeles , Calfar^a goo7^-^8qq c ; ^ ruxv crrv s . co ^ v^ , ^ :v ^^^^P^^o^^ (^^3} 430-6000 ^ O^c ^ o ^

524 views • 20 slides
D&O insurance in a global context Have you got it covered? Jane Harte-Lovelace and Sarah

D&O insurance in a global context Have you got it covered? Jane Harte-Lovelace and Sarah

Feature: Risk management D&O insurance in a global context Have you got it covered? Jane Harte-Lovelace and Sarah Turpin consider the current climate for directors' and officers' (D&O) claims in Europe, and the issues of concern

180 views • 7 slides
Collingwood General and Marine Hospital Building our Future Hospital Fall 2015 CGMH Catchment

Collingwood General and Marine Hospital Building our Future Hospital Fall 2015 CGMH Catchment

Collingwood General and Marine Hospital Building our Future Hospital Fall 2015 CGMH Catchment Areas IP 37% IP 28% ER 37% IP 4% ER 26% DS 36% ER 3% DS 27% DIAL 33% DS 6% DIAL 41% DIAL 1% IP 16% ER 16% DS 16% DIAL 20% Outside

714 views • 34 slides

More recommend