live webinar 4 thursday 5 december 2019 gdpr where do we
play

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? - PowerPoint PPT Presentation

Dec 30, 2023 •163 likes •412 views

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1% 94622 27th April 2016 : Adoption 6th May 2018 : Application May 2020 : Public e valuation report by the Commission in May 2020 and

  1. Live Webinar #4 – Thursday 5 December 2019

  2. GDPR : where do we stand? Complaints Framework : 1% 94622 27th April 2016 : Adoption • 6th May 2018 : Application • May 2020 : Public e valuation report by the • Commission in May 2020 and transmitted to Data breach Total 47% the European parliament and to the Council notifications 206326 2020 : E-PRIVACY • 52% 64684 April 2019 : European Data Protection Board • report: COOPERATION – CONSISTENCY – STANDARDISED for Supervisory Authorities Other • July 2019 – European Commission 47020 Communication taking stock of one year application of the GDPR • June 2019 - European Commission Ongoing Closed Appealed report of the multi-stakeholder group SAs from 11 EEA countries imposed a total of € 55.955,671 in fines

  3. GDPR : where do we stand? A joint project carried out between ECIIA and FERMA, with the support of 5 IIA national Institutes and 11 national risk management associations. Our ambitious objectives were to: Collect “best practices” and key challenges related to GDPR • from a large panel of practitioners. Promote good governance and internal audit and risk • management alongside the GDPR. Provide facts and tangibles to be used as an advocacy tool for • the new GDPR guidelines. 346 25 Up to 19 respondents Interviewees Questions in total

  4. GDPR : expert’s introduction Lene Ritz Ralf Herold Chief Risk Officer & Team leader SVP Corporate Audit Energinet (Denmark) BASF (Germany)

  5. GDPR : Polling question #1 Do you have a DPO internally or as outsourced function ? Internally – new function • Internally – existing function • Outsourced • Other •

  6. Do you have a DPO internally or as outsourced function ? 1. Legal - Compliance : 54% 2. IT - IS : 15% Outsourced 3. Risk Management : 11% 4. Operations - Finance : 10% 11% No DPO role was assigned 18% internally to an New internal existing function function Yes … 53% 82% 6

  7. GDPR : Polling question #2 What is your level of interaction with the DPO ? • Formalised • Not Formalised • No contact • Not applicable

  8. What is your level of interaction with the DPO ? Not sure 1% No contact 4% Not applicable – I’m the DPO… Formalised (several times a 86% in year…) contact 31% Not formalised (on request) 55%

  9. GDPR : Polling question #3 In your organisation, who is in charge of reporting to the Board about data privacy matters including GDPR ? • DPO • Senior Management • CRO • CAE • Other

  10. Who is in charge of reporting to the Board about data privacy matters including GDPR? CAE 7% CRO Other 10% 19% Senior management 21% DPO 43%

  11. GDPR : Polling question #4 Do you foresee that the GDPR related engagements will become recurring audits in your audit plan ? • Yes • No • I do not know

  12. What elements of GDPR do you plan to (or currently) audit? 60% 47% 39% 56% 44% 42% 2018 2019 2020 33% Audit plan trends GDPR Governance GDPR General Design GDPR GDPR performance & Implementation effectiveness

  13. GDPR : Polling question #5 How do you rate the various risks of GDPR in your organisation ? • Strategic • Operational • Compliance • Financial • Reputational

  14. Did you perform an evaluation of the threats arising from the GDPR implementation? No, not my role, Yes, they have been performed by financially quantified No another function, and with proposed 24% please specify which mitigation measures one … 30% Yes, as regards frequency and Yes severity without financial 76% quantification 44% Is Data Protection integrated in your global risk mapping of ERM?

  15. What are the challenges of GDPR implementation in your organisation ? Top challenges mentioned by respondents in the survey (%) 1. Uncertainty, complexity 30% 2. Innovation/ R&D 25% 3. Workload, resources 17% 4. Relations – 3 rd parties 14% 5. Relations – internal 14%

  16. Questions & Answers

  17. Recommendations

  18. Appendix 1. Lene’s recommendation 2. Ralph’s recommendation

  19. Main recommendations for IA and the European Authorities 1. Recognize the key role played by corporate governance in ensuring GDPR compliance as well as a certain degree of accountability of organizations about personal data protection. 2. Reduce the uncertainty of how local authorities will deal with GDPR compliance (interpretation of what constitutes “high” risks, amount, format and frequency of the reporting…). 3. Formalize the relationship regarding privacy risks between the DPO, Risk Management and Internal Audit, relying on the three lines of defense model as a starting point.

  20. Main recommendations for RM and the European Authorities 1. Embed data privacy in most of the existing risk maps. 2. Include the understanding of how privacy risks can affect all aspects of the business into their risk assessment, in order to propose credible and documented mitigation measures to the senior management of the organisation 3. The next review of the GDPR by the European Commission in May 2020 should preserve the organisation’s ability to innovate.

  21. Next steps Final report available on FERMA and FERMA and ECIIA ECIIA to follow websites up with EU institutions in 2020

  22. Thank you and see you in 2020 • 4 webinars were conducted in 2019 with increasing attendance and high ratings • FERMA will continue in 2020 to propose new webinars on the most relevant topics for the risk professionals • Subscribe to our newsletter to stay informed https://www.ferma.eu/contact-us/

  23. About FERMA The Federation of European Risk Management Associations (FERMA) speaks for the risk management profession in Europe. FERMA acts on its behalf at European level and promotes the risk management profession. FERMA provides a risk management perspective on European issues and strengthens the profession through a European risk management certification (rimap). They represent nearly 5,000 professional risk managers active in a wide range of business sectors. FERMA brings together 21 risk management associations in 20 European countries.

  24. About ECIIA The European Confederation of Institutes of Internal Auditing (ECIIA) is the voice of internal audit in Europe. Our role is to enhance corporate governance through the promotion of the professional practice of internal auditing. The ECIIA mission is to further the development of good corporate governance and internal audit at the European level, through Knowledge sharing • Developing key relationships • Impacting the regulatory environment, by dealing with the European • Union, its Parliament and the European Authorities. ECIIA gives voice to 47.000 Internal Auditors in 34 countries from wider Europe.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Live Webcast: How Cognitive Search Accelerates GDPR Compliance GDPR Legal Overview By Erin

Live Webcast: How Cognitive Search Accelerates GDPR Compliance GDPR Legal Overview By Erin

Live Webcast: How Cognitive Search Accelerates GDPR Compliance GDPR Legal Overview By Erin Aslan Legal Counsel - Sinequa Live Webcast: How Cognitive Search Accelerates GDPR Compliance GDPR takes effect on May 25, 2018 with no further

285 views • 26 slides
GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the

1 GDPR Webinar Guide Overview and key points Part 1 of our series on GDPR and its impact on the recruitment industry 2 Introduction The rules which underpin the storage of personal data have changed dramatically. The new EU-US Privacy Shield

998 views • 35 slides
How to Predict Overdose Death with PDMP Data and Advanced Analytics Live Webinar Thursday, March

How to Predict Overdose Death with PDMP Data and Advanced Analytics Live Webinar Thursday, March

How to Predict Overdose Death with PDMP Data and Advanced Analytics Live Webinar Thursday, March 16, 2017 Sp Spon onsored by: y: Live Webinar 3/16/17 | 1:00 p.m. ET Q+A Submit a question, located below the slides Resources List

819 views • 44 slides
Funds: Subscription, NAV and Hybrid Loans THURSDAY, DECEMBER 7, 2017 1pm Eastern | 12pm

Funds: Subscription, NAV and Hybrid Loans THURSDAY, DECEMBER 7, 2017 1pm Eastern | 12pm

Presenting a live 90-minute webinar with interactive Q&A Structuring Credit Facilities for Private Equity Funds: Subscription, NAV and Hybrid Loans THURSDAY, DECEMBER 7, 2017 1pm Eastern | 12pm Central | 11am Mountain | 10am

544 views • 38 slides
Sound Thursday, 8 December 11 CD quality 44.1 kHz, 16-bit, stereo Thursday, 8 December 11

Sound Thursday, 8 December 11 CD quality 44.1 kHz, 16-bit, stereo Thursday, 8 December 11

Sound Thursday, 8 December 11 CD quality 44.1 kHz, 16-bit, stereo Thursday, 8 December 11 Thursday, 8 December 11 Thursday, 8 December 11 Thursday, 8 December 11 Thursday, 8 December 11 Auditory spectrogram of [A] white noise; [B] a pure

569 views • 9 slides
The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and

The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and

The pseudo-GDPR on digital marketplaces challenge a general testbed for normative reasoning and GDPR-related applications 11 December 2019, Madrid, GDPR@Jurix workshop Giovanni Sileno (g.sileno@uva.nl), Thomas van Binsbergen

527 views • 23 slides
Title IV, Part A LEA Needs Assessment Tool: Live Demonstration Webinar Thursday, April 9, 2020

Title IV, Part A LEA Needs Assessment Tool: Live Demonstration Webinar Thursday, April 9, 2020

Title IV, Part A LEA Needs Assessment Tool: Live Demonstration Webinar Thursday, April 9, 2020 2:00 p.m. to 3:30 p.m. Housekeeping Mute/Unmute Chat Box Polls Full Screen Downloads 2 Introduction Paul Kesner Director Office of Safe and

678 views • 28 slides
Ascertainability, Predominance, Preemption and Standing THURSDAY , SEPTEMBER 5, 2019 1pm

Ascertainability, Predominance, Preemption and Standing THURSDAY , SEPTEMBER 5, 2019 1pm

Presenting a live 90-minute webinar with interactive Q&A Food Labeling Class Actions: Navigating Ascertainability, Predominance, Preemption and Standing THURSDAY , SEPTEMBER 5, 2019 1pm Eastern | 12pm Central | 11am Mountain |

1.08k views • 85 slides
GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the

GDPR Breach & Automated Decision Making Part 5 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you

617 views • 38 slides
Networking and Webinar Ethics Thursday 20 June 2019, 12 12:30 Todays webinar Ethics

Networking and Webinar Ethics Thursday 20 June 2019, 12 12:30 Todays webinar Ethics

Rapid Translational Incubator Networking and Webinar Ethics Thursday 20 June 2019, 12 12:30 Todays webinar Ethics Q&A Speaker: Nailah Brown, Project Manager, Hearing Health and Respiratory themes, NIHR Manchester Biomedical

467 views • 15 slides
GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry

GDPR Rights and Consent Part 2 of our series on GDPR and its impact on the recruitment industry This webinar is provided for information purposes and is NOT intended to be legal advice pertaining to the subject matter. If you have specific

495 views • 35 slides
Auditing for the EUs GDPR A Windfall for Tylenol? ISACA & IIA Joint Meeting December 12,

Auditing for the EUs GDPR A Windfall for Tylenol? ISACA & IIA Joint Meeting December 12,

Auditing for the EUs GDPR A Windfall for Tylenol? ISACA & IIA Joint Meeting December 12, 2017 Keith A. Cheresko, Principal Robert L. Rothman, Principal Privacy Associates International LLC Agenda Recap GDPR Key Terms

719 views • 44 slides
and Vereins: Navigating Fee-Splitting, Referral, Conflicts and Other Ethical Issues THURSDAY,

and Vereins: Navigating Fee-Splitting, Referral, Conflicts and Other Ethical Issues THURSDAY,

Presenting a live 90-minute webinar with interactive Q&A Legal Ethics in the Era of Law Firm Mergers and Vereins: Navigating Fee-Splitting, Referral, Conflicts and Other Ethical Issues THURSDAY, DECEMBER 3, 2015 1pm Eastern | 12pm

628 views • 43 slides
Co-Management Arrangements in Healthcare: Compliance in Hospital-Physician Arrangements THURSDAY,

Co-Management Arrangements in Healthcare: Compliance in Hospital-Physician Arrangements THURSDAY,

Presenting a live 90-minute webinar with interactive Q&A Co-Management Arrangements in Healthcare: Compliance in Hospital-Physician Arrangements THURSDAY, DECEMBER 7, 2017 1pm Eastern | 12pm Central | 11am Mountain | 10am

753 views • 61 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
Indemnity, Reps and Warranties, Termination, Damages Provisions THURSDAY, FEBRUARY 28, 2019 1pm

Indemnity, Reps and Warranties, Termination, Damages Provisions THURSDAY, FEBRUARY 28, 2019 1pm

Presenting a live 90-minute webinar with interactive Q&A Risk Allocation in Commercial Contracts: Indemnity, Reps and Warranties, Termination, Damages Provisions THURSDAY, FEBRUARY 28, 2019 1pm Eastern | 12pm Central | 11am

475 views • 46 slides
Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian Supreme Court of Justice Vienna, 28 September 2018, 09.45 10.00 Dr. Matthias Lang Dr. Matthias Lang Partner, Energy & Utilities

269 views • 23 slides
The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions

The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions

EFTA Seminar on the EEA On 10 and11 December 2009 The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions Does the functioning of the EEA require a court of law? If so, is a permanent court

841 views • 21 slides
Seminar and Inter-regional Dialogue on the Protection of Journalists Towards an effective

Seminar and Inter-regional Dialogue on the Protection of Journalists Towards an effective

Seminar and Inter-regional Dialogue on the Protection of Journalists Towards an effective framework of protection for the work of journalists and an end to impunity Strasbourg, 3 November 2014 The framework of legal protection for journalists at

231 views • 5 slides
EUROCORPS, a tool for the European Union, NATO and UN Use it or lose it ! 1 EUROCORPS is an

EUROCORPS, a tool for the European Union, NATO and UN Use it or lose it ! 1 EUROCORPS is an

26 th Feb. 2015 Brussels Subcommittee on Security and Defence Lieutenant-general BUCHSENSCHMIDT Commander Eurocorps EUROCORPS, a tool for the European Union, NATO and UN Use it or lose it ! 1 EUROCORPS is an Army Corps Headquarters:

411 views • 25 slides
DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January, 25th 2012 The European Commission presented his official Proposal for a Regulation (replacing Directive 95/46/EC) setting out a general EU framework

374 views • 19 slides
POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP,

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP,

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the

589 views • 28 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by Accredited by Powered by with General Data Protection Regulation (GDPR) Why? Supports a single digital market place Protect privacy

413 views • 22 slides

More recommend