gdpr 101
play

GDPR 101 Michael Kohagen Bagchi Law, PLLC ENTREPRENEURSHIP ~ - PowerPoint PPT Presentation

Sep 20, 2022 •148 likes •413 views

GDPR 101 Michael Kohagen Bagchi Law, PLLC ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION Who We Are ... Assist organizations and partners to develop and implement practices to secure IT systems and comply with regulations DIY TOOLKIT

  1. GDPR 101 Michael Kohagen Bagchi Law, PLLC ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  2. Who We Are ... Assist organizations and partners to develop and implement practices to secure IT systems and comply with regulations DIY TOOLKIT CONSULTING MANAGED SERVICES DIY assessment, training, Professional services Managed compliance and customized policies & procedures to help you with your security services to focus on and much more … Compliance needs your key business outcome. 2 ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  3. About Michael Michael Kohagen MICHAEL KOHAGEN (ATTORNEY) Prior to joining Bagchi Law, Michael was in-house counsel at a local startup company. Today, Michael handles for the firm’s domestic and foreign clients a variety of corporate and commercial matters, such as GDPR compliance, and transactions including venture capital financings and mergers and acquisitions. Bagchi Law: Bagchi Law (www.bagchilaw.com) is a global commercial transactions / contracts boutique law firm that serves as a trusted advisor to management teams across a variety of industries including information technology, manufacturing, and life sciences. We provide unique solutions to complex commercial problems. ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  4. What is GDPR? • GDPR stands for General Data Protection Regulation • Implemented by the EU Parliament April 14, 2016, effective May 25, 2018 • Designed to harmonize data privacy laws across Europe with respect to how information related to individuals may be collected and used ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  5. DISCLAIMER Consult your attorney This webinar has been provided for educational and informational purposes only and is not intended and should not be construed to constitute legal advice. Please consult your attorneys in connection with any fact- specific situation under federal law and the applicable state or local laws that may impose additional obligations on you and your company. 5 ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  6. WHY IS GDPR IMPORTANT? As the world becomes more connected, our personal information is increasingly at risk. • Every day, 6,152,850 electronic data records are lost or stolen as a result of data breaches, and this number is increasing dramatically as more of our valuable personal information is digitized • Individuals are increasingly concerned with the security of their information • 40% of Americans feel their personal information is less secure than it was 5 years ago • Over 73% of American consumers want companies to be transparent about use of personal data • 86% of internet users actively try to minimize, anonymize and hide the visibility of their digital footprint ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  7. GDPR IS NOT ALONE GDPR represents the first of many efforts to modernize data privacy and protection laws. • California Consumer Privacy Act (CCPA) • New York Cybersecurity Requirements for Financial Services Companies • People’s Republic of China Cybersecurity Law • Brazilian General Data Protection Law (LGPD) ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  8. To What Does GDPR Apply? GDPR applies to entities which “process” “personal data” related to residents of the European Economic Area. The concepts of “processing” and “personal data” are key to understanding the impact of GDPR. ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  9. WHAT IS “PROCESSING” UNDER GDPR? Defined in Article 4 of GDPR as “ any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. ” ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  10. WHAT IS “PERSONAL DATA” UNDER GDPR? Defined in Article 4 of GDPR as “any information relating to an identified or identifiable natural person (‘data subject’) ; an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person. ” ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  11. TO WHOM DOES GDPR APPLY? Controllers : Article 4 defines “controller” as “the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data ” Processors : Article 4 defines “processor” as “a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller ” ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  12. KEY TOPICS 1.Guiding Principals 2.Legal Basis for Processing 3.Data Subject Rights 4.Accountability and Recordkeeping 5.Transfers of Personal Data 6.Contractual Requirements ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  13. Guiding Principals (Article 5) Personal Data must be: 1. Processed lawfully, fairly and in a transparent manner 2. Collected for specified, explicit, legitimate purposes 3. Collected only as necessary, relevant and adequate for the intended purpose 4. Accurate 5. Retained in personally identifiable form only for so long as necessary 6. Held and processed in a secure manner ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  14. LAWFUL BASIS FOR PROCESSING A “lawful basis” is required to process personal data: - Consent; or - Processing is necessary for: - Performance of a contract - Compliance with a legal obligation - To protect vital interests - Performance of a task benefiting certain public interest The performance of a “legitimate interest” - ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  15. DATA SUBJECT RIGHTS - GDPR provides numerous rights to individuals - If an individual directly requests exercise of such rights, an entity must respond within one (1) month (subject to certain extensions) - Exercise of data subject rights generally must be provided at no cost to data subjects ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  16. KEY DATA SUBJECT RIGHTS ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  17. ACCOUNTABILITY AND RECORDKEEPING • Must comply at all times with obligations set forth in GDPR, and be able to demonstrate such compliance • Must adequately identify and respond to security breaches with respect to personal data, including by providing notice to data subjects or controllers • Processors must provide certain access to records related to its processing of a controller’s personal data (more on this in a minute) ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  18. DATA TRANSFERS • If personal data related to EEA residents is transferred to a “ third country ”, an approved data transfer mechanism must be in place to ensure security of transfer • In general, two mechanisms are used to ensure safe transfer: • Model Clauses : also known as the “standard contractual clauses,” the model clauses” constitute standard language approved by the EU Commission for transfer of data • EU-US Privacy Shield: a framework designed by the US Department of Commerce and EU Commission for transfer of personal data. Requires self-certification under the privacy shield ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  19. CONTRACTUAL REQUIREMENTS Article 28 Section 3 of GDPR requires processing by a processor to be governed by a contract that sets out: • the subject-matter of the processing; • the duration of the processing; • the nature and purpose of the processing; • the types of personal data subject to processing; • the categories of data subjects (whose data is being processed); and • the rights and obligations of the controller. ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  20. CONTRACTUAL REQUIREMENTS (CONT.) In addition, GDPR requires each such contract to stipulate: • the processor must act only on the controller’s documented instructions unless required by law; • the processor must ensure that individuals processing the controller’s personal data are subject to an appropriate duty of confidence; • the processor must take appropriate measures to ensure the security of processing; • the processor may only engage with a sub-processor with the controller’s prior authorization and pursuant to a written contract containing appropriate protections; ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

  21. CONTRACTUAL REQUIREMENTS (CONT.) • the processor must take appropriate measures to help the controller respond to request from individuals to exercise the rights provided to them under GDPR; • taking into account the nature of processing and the information available, the processor must assist the controller in meeting its GDPR obligations in relation to the security of processing, notification of personal data breaches and data protection impact assessments; • the processor must delete or return all personal data to the controller upon the termination of the provision of services relating to processing; and • the processor must submit to certain audits and inspections. ENTREPRENEURSHIP ~ GLOBALIZATION ~ INNOVATION

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require?

Welcome Agenda GDPR is in force now and applies to Australian businesses What does GDPR require? How does an Australian business comply? Action Plan Section 1: GDPR is here Privacy in the digital age Historically, privacy was almost

513 views • 40 slides
Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The

Almost one year after the GDPR, where are we now? Click to add title Click to add subtitle Before the GDPR: the great GDPR compliance panic The first year of the GDPR can best be described as "quiet test run. What are the most striking

405 views • 8 slides
GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU

GDPR T owards Compliance 25 May 2018 Wha hat t is GDPR? EU Data Protection Directive EU General Data Protection 1995 Regulation 2016 Data Protection Act 1998 Data Protection Bill 2017-19 Fines DPA GDPR Maximum Fine 500k Two

622 views • 17 slides
GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont

GDPR Dont be scared Even if you cant answer all the questions on the form GDPR Dont be scared 60% of people welcome the rights under GDPR 48% of UK adults plan to activate their rights 56% welcome the right to object to marketing

1.32k views • 37 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get

GDPR Hacks For O365 3/27/2018 How O365 And Azure Can Help JB Wissma mann nn Organizations Get Compliant Agenda GDPR at a glance What does GDPR mean for IT departments Microsoft and GDPR M365 O365 Azure Dynamics

349 views • 18 slides
GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR

GDPR INFORMATION SEMINAR Dun Laoghaire / Rathdown Sports Partnership March 2018 WHY ? 1. GDPR applies to you because you hold data it does not discriminate on size / profit 2. Deadline to comply 3. Fines 4. Book stops with you ? 5. Piece

1.05k views • 37 slides
CONTENTS: BEHAVIORAL ADVERTISING Introduction 7 Definitions 9 I. Education 12 II.

CONTENTS: BEHAVIORAL ADVERTISING Introduction 7 Definitions 9 I. Education 12 II.

- 4 &

778 views • 50 slides
NASA Dual-Anonymous Peer Review Earth Science US Participating Investigator Program Virtual

NASA Dual-Anonymous Peer Review Earth Science US Participating Investigator Program Virtual

NASA Dual-Anonymous Peer Review Earth Science US Participating Investigator Program Virtual Community Town Hall June 23, 2020, 2pm-3pm ET Richard Eckman Slides courtesy of Daniel Evans Program Manager Astrophysics Division Science Mission

663 views • 42 slides
How Innovation Can Drive Rural Connectivity Contents Introduction and context

How Innovation Can Drive Rural Connectivity Contents Introduction and context

Closing the Coverage Gap: How Innovation Can Drive Rural Connectivity Contents Introduction and context Innovation in: Base stations Backhaul Energy Business models Wrap-up 2 Introduction | Innovation

522 views • 31 slides
Guidelines for the Preparation of TPAC Dossiers Kevin McLaughlin Dean of the Faculty September

Guidelines for the Preparation of TPAC Dossiers Kevin McLaughlin Dean of the Faculty September

Guidelines for the Preparation of TPAC Dossiers Kevin McLaughlin Dean of the Faculty September 9, 2019 Online Resources Tenure and Promotion page on the DoF website includes Detailed guidance on the preparation of dossiers Useful

536 views • 37 slides
IT Board Update Portland Community College 2017 Office of the CIO 1 Agenda 1. IT Strategy

IT Board Update Portland Community College 2017 Office of the CIO 1 Agenda 1. IT Strategy

IT Board Update Portland Community College 2017 Office of the CIO 1 Agenda 1. IT Strategy 2. InfoSec: Defense in Depth (DiD) 3. Portfolio Management Appendix: IT Strategy Additional Slides 1 IT Strategy 3 Our Vision Information

499 views • 22 slides
Ed Hard Byron Chigoy Praprut Songchitruksa, Ph.D., P.E. Steve Farnsworth Darrell Borchardt,

Ed Hard Byron Chigoy Praprut Songchitruksa, Ph.D., P.E. Steve Farnsworth Darrell Borchardt,

New Methods and Technologies for Collecting Origin-Destination (O-D) Data Ed Hard Byron Chigoy Praprut Songchitruksa, Ph.D., P.E. Steve Farnsworth Darrell Borchardt, P.E. 15 th National Tools of the Trade Conference Charleston, South

530 views • 33 slides
How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation

How Big Data Is Driving Companies Data Security Data Science Digital Predictive Automation Analytics Top 10 Business Intelligence DevOps Trinity Chief Analytics Officer Buzzwords for 2019 ContinuousNext Digital Citizen Chatbots

223 views • 19 slides
TOLA DATA Helping people survive and communities thrive. Tola Data The problem...

TOLA DATA Helping people survive and communities thrive. Tola Data The problem...

TOLA DATA Helping people survive and communities thrive. Tola Data The problem... Duplicate, disaggregated and broken data No central, standard system for M&E Data is not timely enough for decision-making Helping people

378 views • 21 slides

More recommend