perspectives and best practices for
play

Perspectives and Best Practices for Operationalizing Global - PowerPoint PPT Presentation

Jan 24, 2024 •32 likes •272 views

October 16, 2019 GDPR Extraterritoriality Industry Perspectives and Best Practices for Operationalizing Global Compliance Corey M. Dennis, PPD Lael Bellamy, Fenwick & West Barbara Lawler, Looker Susan DeVane, NCR Corporation Lauren

  1. October 16, 2019 GDPR Extraterritoriality — Industry Perspectives and Best Practices for Operationalizing Global Compliance Corey M. Dennis, PPD Lael Bellamy, Fenwick & West Barbara Lawler, Looker Susan DeVane, NCR Corporation Lauren Kitces, Squire Patton Boggs

  2. Speakers Lael Bellamy, CIPP/US Corey M. Dennis, CIPP/US, CIPP/E, CHC Director, Privacy & Cybersecurity Director of Privacy & Counsel Fenwick & West Pharmaceutical Product Development, LLC (PPD)

  3. Speakers Barbara Lawler, CIPP/US, CIPM, FIP Suzy DeVane, Esq., EnCE, CIPP/US Lauren Kitces, CIPP/US, CIPP/E VP, Chief Privacy and Data Ethics Officer IT Data Privacy Manager Associate Looker NCR Corporation Squire Patton Boggs

  4. Introduction Why is this issue so important? • Compliance is complex and challenging • Lack of understanding of GDPR’s territorial scope • Incorrect assumptions made on applicability Conflicts with law (e.g., 1 st Amendment, National • Security) • Fines of up to 4% global revenue for compliance violations • Potential PR issue applying different rights globally (e.g., Facebook, Google)

  5. GDPR Territorial Scope and Requirements GDPR Article 3 (Territorial Scope) (1) This Regulation applies to the processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing takes place in the Union or not. (1) This Regulation applies to the processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union, where the processing activities are related to: a) the offering of goods or services , irrespective of whether a payment of the data subject is required, to such data subjects in the Union; or b) the monitoring of their behaviour as far as their behaviour takes place within the Union. (2) This Regulation applies to the processing of personal data by a controller not established in the Union, but in a place where Member State law applies by virtue of public international law.

  6. GDPR Territorial Scope and Requirements Additional GDPR Requirements • GDPR Article 27 (Appoint Representative) – where ex-EU Controller/Processor processes EU data subject personal data in many circumstances • GDPR Article 37 (DPO) – additional requirements described in Articles 38 and 39

  7. EDPB Guidelines EDPB Guidelines on Territorial Scope of GDPR • Draft guidelines (Nov. 2018) confirm expansive reach of GDPR • Many open questions remain, e.g.: – “establishment” criteria – definitions of “monitoring” behavior and “offering goods or services” – Representative role/responsibilities

  8. Extraterritorial Application and Enforcement • Enforcement challenges • Google v. CNIL • global right to erasure rejected by EU Court of Justice • ability to apply rights globally permitted at a member-state level • case C-507/17 (24 Sept. 2019) • Facebook CJEU ruling (Oct. 2019) • Facebook responsible for worldwide removal of defamatory comments • Freedom of speech/expression concerns

  9. Case Study An e-commerce website is operated by a company based in Brazil. Data processing is exclusively carried out in Brazil, but the company has established a European office in Paris in order to lead and implement marketing campaigns aimed at EU citizens. Questions: (1) Is the company caught by the GDPR? (2) Do Brazilian data subjects have rights to make a data subject rights request?

  10. Case Study Questions : (1) Is the company caught by the GDPR? (2) Do Brazilian data subjects have rights to make a data subject rights request? Answers : (1) Yes. The organization will be caught by Article 3(1) (2) Yes. Technically, once caught by Art 3(1) GDPR applies to ALL personal data processed (Art 3(1) is data subject blind).

  11. Best Practices • Understand territorial applicability/limitations of GDPR • When in doubt, assume “personal data” is subject to GDPR and broadly defined • Ensure policies/procedures required by GDPR are global • Implement global training on GDPR • Implement appropriate EU data transfer mechanisms • Incorporate GDPR contract requirements (e.g., Article 28) • For Controllers/Processors based outside EU, appoint Representative where required • Procure cyber insurance with broad scope of GDPR considered

  12. Best Practices • If seeking to avoid application of GDPR entirely, consider: – Not establishing physical presence/facilities in EU – Avoiding processing data of EU customers – Ensuring any such data is technically anonymized before received – Avoiding offering goods/services to those in the EU – Avoiding monitoring behavior of those in the EU – Not providing services (e.g., software hosting) involving EU data processing – Adopting position statement on GDPR inapplicability – Exercising care when negotiating agreements with GDPR obligations

  13. Industry Perspectives — Healthcare (Corey) • EDPB Guidelines Example 5 • pharma company based in EU (Stockholm) processes clinical trial data at company affiliate in Singapore • GDPR applies to processing per GDPR Article 3(1) • multiple controller scenarios • e.g., EU-based pharma company and U.S. university hospital • potential application of EU subject rights under GDPR

  14. Technology/Data Analytics (Barb) B2B Events, professional certifications and sales/lead prospecting • - contracts and DSARs under GDPR • multiple controller scenario • single controller scenario Data Analytics Platform - contracts, data security, DSARs under GDPR • • controller to processor scenarios • data transfers and subprocessors

  15. Financial Services (Lauren) • Data movement in a multiple-controller environment • Insurance placement example • KYC check considerations • Ensuring consideration of other requirements in regulated industries

  16. Fintech (Suzy) • GDPR and CCPA • Efficiency and expediency are key: Organizations need to harmonize disparate rules and regulations to avoid redundancy and streamline compliance efforts. • As global companies with all data flowing worldwide how to delineate personal data from a particular country or state to be treated any differently?

  17. Questions + Contact Corey M. Dennis Lael Bellamy Director of Privacy & Counsel Director PPD Fenwick & West coreymdennis@gmail.com 404-277-2495 lbellamy@Fenwick.com

  18. Questions + Contact Barbara Lawler Suzy DeVane Lauren Kitces Chief Privacy & Data Ethics Officer IT Data Privacy Manager Associate Looker NCR Squire Patton Boggs barbara.lawler@looker.com 678-808-5104 202-457-6427 Susan.DeVane@NCR.com lauren.kitces@squirepb.com

  19. Resources

  20. Resources GDPR vs. Data Protection Directive Issue The Directive The GDPR Impact Establishment Rec.19; Art.4(1)(a) Rec.22; Art.3(1) The GDPR and the Directive both apply to organisations that have an establishment in the Organisations are subject to EU data The Directive (as implemented via the The GDPR applies to organisations that: EU and process personal data in the context of protection law if they have an establishment national law of a Member State) that establishment. ∙ are established in one or more in then EU. The word "establishment" is not applied to organisations that: Member State(s); and precisely defined. The key question is ∙ were established in one or whether there is effective and real exercise ∙ process personal data (either as more Member State(s); and of activity through stable arrangements (e.g., controller or processor, and a branch or subsidiary can be an ∙ processed personal data regardless of whether or not the "establishment", but a travelling salesperson (whether as controller or processing takes place in the EU) in is unlikely to constitute an "establishment"). processor and regardless of the context of that establishment. whether or not the processing takes place in the EU) in the context of that establishment. Application of Public International Law Art.4(1)(b) Rec.25; Art.3(3) The GDPR does not amend this principle. In practice, the circumstances in which the laws of a EU data protection law applies to an An organisation that is not established An organisation that is not established in Member State apply by virtue of public organisation if the laws of any Member State in any Member State, but is subject to any Member State, but is subject to the international law are rare, and so this issue is apply to that organisation by virtue of public the laws of a Member State by virtue laws of a Member State by virtue of public unlikely to materially affect many organisations. international law. of public international law was also international law is also subject to the subject to the Directive. GDPR.

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Contents Part I: European Perspectives on Language Policies and Practices 1. Towards European

Contents Part I: European Perspectives on Language Policies and Practices 1. Towards European

In partnership with Sponsored by Project publisher Co-funded by 0 Contents Part I: European Perspectives on Language Policies and Practices 1. Towards European indicators of language policies and practices Guus Extra and Kutlay Ya mur 2.

494 views • 24 slides
International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES

International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES

International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES Ho Chi Minh City, July 30-31, 2015 Using Student Response Systems for Peer Instruction and Active Learning in the Classroom Mike MacCallum, PhD

321 views • 10 slides
International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES Ho

International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES Ho

International Conference in QUALITY IN HIGHER EDUCATION: GLOBAL PERSPECTIVES AND BEST PRACTICES Ho Chi Minh City, July 30-31, 2015 Using Student Response Systems for Peer Instruction and Active Learning in the Classroom Mike Ma c Ca llum, PhD

573 views • 28 slides
EBM From Concept to Reality EBM from Multiple Perspectives and a Nova Scotia Forest Practices

EBM From Concept to Reality EBM from Multiple Perspectives and a Nova Scotia Forest Practices

EBM From Concept to Reality EBM from Multiple Perspectives and a Nova Scotia Forest Practices Review Case Study Laird Van Damme, R.P.F Lakehead University KBM Resources Group Edmonton; June 19, 2018 Outline EBM as seen through an

494 views • 27 slides
Municipal Solid Waste Management Perspectives, Best Practices & Case Study International

Municipal Solid Waste Management Perspectives, Best Practices & Case Study International

Municipal Solid Waste Management Perspectives, Best Practices & Case Study International Center for Environmental Audit & Sustainable Development Components of Municipal Solid Waste Physical Composition of Indian Composition of

845 views • 27 slides
Mentoring Practices: The Perspectives of Principals, Mentors and Novice Teachers 1 R I TA N . M

Mentoring Practices: The Perspectives of Principals, Mentors and Novice Teachers 1 R I TA N . M

Mentoring Practices: The Perspectives of Principals, Mentors and Novice Teachers 1 R I TA N . M O U R A D I A N A N D H A G O P A . YA C O U B I A N E D U C AT I O N D E PA RT M E N T H A I G A Z I A N U N I V E R S I T Y B E I R U T, L E

338 views • 22 slides
Introductory Session FACTS AND PERSPECTIVES IN PSYCHOLOGY Overview Perspectives in psychology

Introductory Session FACTS AND PERSPECTIVES IN PSYCHOLOGY Overview Perspectives in psychology

Introductory Session FACTS AND PERSPECTIVES IN PSYCHOLOGY Overview Perspectives in psychology (psychodynamic, behavioural and cognitive perspectives) Perspectives in psychology (biological, humanistic and Week 1 sociocultural

856 views • 58 slides
+ Inclusion in the Real World: Perspectives and Strategies for Early Childhood Supporting

+ Inclusion in the Real World: Perspectives and Strategies for Early Childhood Supporting

1/29/19 + Inclusion in the Real World: Perspectives and Strategies for Early Childhood Supporting Inclusive Practices Seven Hills Conference Center - SFSU February 7, 2019 + Giraffes Cant Dance Written by Giles Andreae Illustrated by

457 views • 17 slides
Practices of looking Practices of looking Introduction to practices of looking Discuss

Practices of looking Practices of looking Introduction to practices of looking Discuss

Practices of looking Practices of looking Introduction to practices of looking Discuss theories of representation Discuss the myth of the photographic truth (see sample response paper) Discuss facets of ideology

512 views • 33 slides
RPC Sharing insight and best practices in risk management 12 Monday, October 15 6:30 PM

RPC Sharing insight and best practices in risk management 12 Monday, October 15 6:30 PM

MOODYS ANALYTICS RISK PRACTITIONER CONFERENCE 2012 RPC Sharing insight and best practices in risk management 12 Monday, October 15 6:30 PM Welcome Reception & Dinner Terrace, fmoor 16 Perspectives on Banking: Thriving in Risk

292 views • 8 slides
THE MODEL: PERSPECTIVES AND CHALLENGES PERSPECTIVES AND CHALLENGES NOU 2012:2 Outside and Inside

THE MODEL: PERSPECTIVES AND CHALLENGES PERSPECTIVES AND CHALLENGES NOU 2012:2 Outside and Inside

THE MODEL: PERSPECTIVES AND CHALLENGES PERSPECTIVES AND CHALLENGES NOU 2012:2 Outside and Inside Norways Agreements with the EU Chapter 13, 27 and 28 THE MODEL? 1) Perspectives 1) Perspectives 2) Features of the model 3) Challenges )

457 views • 21 slides
Harmonization of Higher Education Practices Dr. Pamela Tibihikirra-Kalyegira Director Quality

Harmonization of Higher Education Practices Dr. Pamela Tibihikirra-Kalyegira Director Quality

Perspectives from the East African Community on Harmonization of Higher Education Practices Dr. Pamela Tibihikirra-Kalyegira Director Quality Assurance & Accreditation National Council for Higher Education 24 th April 2018 Cairo, Egypt

191 views • 18 slides
THE AFRICAN UNION AND THE AFRICAN UNION AND ITS PERSPECTIVES ON ITS PERSPECTIVES ON BIOSAFETY

THE AFRICAN UNION AND THE AFRICAN UNION AND ITS PERSPECTIVES ON ITS PERSPECTIVES ON BIOSAFETY

THE AFRICAN UNION AND THE AFRICAN UNION AND ITS PERSPECTIVES ON ITS PERSPECTIVES ON BIOSAFETY BIOSAFETY Mahlet Teshome Department of HRST African Union Commission EC-JRC GMO Analysis International Workshop October 28-29, 2010 White

1.21k views • 23 slides
State of the State: Housing Perspectives from the field State of the State: Housing Perspectives

State of the State: Housing Perspectives from the field State of the State: Housing Perspectives

State of the State: Housing Perspectives from the field State of the State: Housing Perspectives from the field This report is prepared by Sagamore Institute For additional information, please contact Dr. JoAnna M. Brown, Senior Research

383 views • 17 slides
Can Research-based Technology Change School-based Learning? Perspectives from Singapore Chee-Kit

Can Research-based Technology Change School-based Learning? Perspectives from Singapore Chee-Kit

Can Research-based Technology Change School-based Learning? Perspectives from Singapore Chee-Kit Looi National Institute of Education Singapore 1 Outline of talk Conditions in which research-based technology can impact practices in

1.1k views • 61 slides
1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE

1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE

1 Best Practices Conversational UX Design 2 Best Practices Conversational UX Design SET THE RIGHT EXPECTATIONS Set the right tone Tell users what they can do and what to expect Is it more an open or a closed conversation? 3 Best Practices

925 views • 21 slides
A Multigrid Optimization Framework for Centroidal Voronoi Tessellation Zichao Di Department of

A Multigrid Optimization Framework for Centroidal Voronoi Tessellation Zichao Di Department of

Outline CVT Application Previous Method Traditional Multigrid MG/OPT Summary A Multigrid Optimization Framework for Centroidal Voronoi Tessellation Zichao Di Department of Mathematical Sciences George Mason University Collaborators: Dr.

427 views • 40 slides
Climate Change Emissions and Poverty on the Caribbean Coast, the BOSAWAS Biosphere Reserve and

Climate Change Emissions and Poverty on the Caribbean Coast, the BOSAWAS Biosphere Reserve and

Emissions Reduction Programme to Reduce Climate Change Emissions and Poverty on the Caribbean Coast, the BOSAWAS Biosphere Reserve and the Indio Maz Biological Reserve Contenido 1. Alignment with national priorities 2. ERPD development

259 views • 21 slides
Brief overview on Data Protection in Europe and in Brazil Amanda Prota LL.M Student at WWU,

Brief overview on Data Protection in Europe and in Brazil Amanda Prota LL.M Student at WWU,

New Technology and Law Workshop ITM & GEDAI Brief overview on Data Protection in Europe and in Brazil Amanda Prota LL.M Student at WWU, Brazilian Lawyer at Kasznar Leonardos Advogados; E-mail: amandaprota@gmail.com 16th January 2019

346 views • 18 slides
Fundraiser Metrics & Portfolio Management Camille Anderson Licklider, Executive Director of

Fundraiser Metrics & Portfolio Management Camille Anderson Licklider, Executive Director of

Fundraiser Metrics & Portfolio Management Camille Anderson Licklider, Executive Director of Gift Planning David Lively, Senior Associate Vice President & Campaign Manager Quantitative Goals for Gift Planning: Current State of Affairs 6

621 views • 27 slides
AVOIDING THE PITFALLS International sanctions regimes represent a significant compliance

AVOIDING THE PITFALLS International sanctions regimes represent a significant compliance

Breachingasanctionsregimeisa Awiderangeofnormalbusiness Theassumptionthatmultilateral Enhancedchecksandscreeningare INSIGHT: UN SANCTIONS VIOLATIONS

56 views • 3 slides
Canadian Territorial North Considerations from Nunavut Responsible Investing Initiative Webinar

Canadian Territorial North Considerations from Nunavut Responsible Investing Initiative Webinar

Responsible Investing in the Canadian Territorial North Considerations from Nunavut Responsible Investing Initiative Webinar May 28, 2013 Dr. Frances Abele and Joshua Gladstone Carleton Centre for Community Innovation RI and the Extractive

91 views • 6 slides
PERPETUATE project: a performance-based approach to earthquake protection of cultural heritage

PERPETUATE project: a performance-based approach to earthquake protection of cultural heritage

Cluster meeting CfC, SMooHS, Perpetuate, 3ENCULT, EU-CHIC 30-31 May 2011 Olimia Spa, Hotel Sotelia Congress Centre, Podetrtek, Slovenia PERPETUATE project: a performance-based approach to earthquake protection of cultural heritage Sergio

513 views • 33 slides
Capital raising Francesco De Ferrari, Chief Executive Officer Gordon Lefevre, Chief Financial

Capital raising Francesco De Ferrari, Chief Executive Officer Gordon Lefevre, Chief Financial

8 August 2019 Capital raising Francesco De Ferrari, Chief Executive Officer Gordon Lefevre, Chief Financial Officer Not for distribution or release in the United States NOT FOR DISTRIBUTION OR RELEASE IN THE UNITED STATES Capital raising

814 views • 39 slides

More recommend