post may 25th gdpr obligations governance and response
play

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR - PowerPoint PPT Presentation

Dec 07, 2022 •292 likes •589 views

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the

  1. POST MAY 25TH – GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms.

  2. WITH YOU TODAY Karen Schuler Lisa Sotto Part ner and Nat ional Dat a & Part ner and Chair, Privacy and Informat ion Governance Pract ice Cybersecurity Pract ice Leader Hunt on Andrews Kurt h LLP BDO US A, LLP 200 Park Avenue 8401 Greensboro Drive, S uit e 800 New York, NY 10166 McLean, VA 22102 Direct : 212-309-1223 Direct : 703-336-1533 lsot t o@ hunt on.com kschuler@ bdo.com www.huntonprivacyblog.com www.bdo.com T MAY 25 TH – GDPR OBLIGATIONS 2 POS , GOVERNANCE, AND RES PONS E WEBINAR

  3. TOPICS TO BE COVERED • GDPR Background • Primary Legal Considerations • Approach to GDPR • Minimizing Y our Exposure Post-May 25 • Managing Risk in an Uncertain World T MAY 25 TH – GDPR OBLIGATIONS 3 POS , GOVERNANCE, AND RES PONS E WEBINAR

  4. GDPR Background T MAY 25 TH – GDPR OBLIGATIONS 4 POS , GOVERNANCE, AND RES PONS E WEBINAR

  5. GDPR Background The General Data Protection Enhanced personal privacy • Regulation (GDPR) imposes rights new rules on organizations that offer goods and services Increased duty for protecting • to people in the European data Union (EU), or that collect and analyze data tied to EU Mandatory breach reporting • residents, no matter where they are located. S ignificant penalties for non- • compliance T MAY 25 TH – GDPR OBLIGATIONS 5 POS , GOVERNANCE, AND RES PONS E WEBINAR

  6. Key GDPR Themes Strengthened Increased Harmonisation Increased rights of enforcement, obligations individuals fines, liabilities • Right t o erasure • Regulat ory fines up t o • Harmonised rules, but • DP principles t ight ened 4% of annual worldwide not fully (e.g. employee (consent , t ransparency) • Dat a port abilit y t urnover dat a, children dat a) • Profiling rules • Right not t o be subj ect • Individual act ion • One S t op S hop: Lead t o aut omat ed • Privacy Impact DP A for pan-European profiling/ right t o obj ect • Class act ion Assessment mat t ers, in cooperat ion • Criminal sanct ions (in • Privacy by Design wit h ot her DP As; Local nat ional laws) • Breach not ification – t o DP A for local mat t ers • Larger role for European DP As and individuals and redress for Dat a Prot ect ion Board • Direct obligat ions and individuals (EDPB) liabilit y for processor • Risk-based approach • Account abilit y – Privacy • S ome reduct ion of Programme administ rat ive burden • Int ernal record of (no nat ional regist rat ion processing of processing or prior • DP Officer aut horisat ion) • BCRs, seals and cert ifications T MAY 25 TH – GDPR OBLIGATIONS 6 POS , GOVERNANCE, AND RES PONS E WEBINAR

  7. Territorial S cope EU Businesses Non-EU Businesses • The GDPR applies if personal • The GDPR applies when a data are processed in the business “ targets” individuals context of the activities of in the EU (by offering them their establishment in the EU products or services), or monitor the behavior of • Based on the concept of individuals in the EU “ establishment” • What is “ targeting” ? • Irrespective of where the actual processing takes • What is “ monitoring” ? place T MAY 25 TH – GDPR OBLIGATIONS 7 POS , GOVERNANCE, AND RES PONS E WEBINAR

  8. Data S ubj ect Rights Access Obj ection Portability Profiling/ Restriction Erasure automated decisions T MAY 25 TH – GDPR OBLIGATIONS 8 POS , GOVERNANCE, AND RES PONS E WEBINAR

  9. Fines & S anctions • Controllers and processors subj ect to administrative fines for non- compliance • High fines of up to: ‒ 20 million euros, or ‒ “ in case of an undertaking” up to 4% of total worldwide annual turnover of the preceding financial year, whichever is higher • Fines should take into account: ‒ Gravity and duration of the violation, and ‒ Any mitigating measures taken by companies • Criminal sanctions also available and will continue to be determined at national level T MAY 25 TH – GDPR OBLIGATIONS 9 POS , GOVERNANCE, AND RES PONS E WEBINAR

  10. Primary Legal Considerations T MAY 25 TH – GDPR OBLIGATIONS 10 POS , GOVERNANCE, AND RES PONS E WEBINAR

  11. Legal Basis for Processing • Personal data may be processed under the GDPR only if there is a legal basis to do so • Legal bases include: ‒ Consent ‒ Performance of a contract ‒ Compliance with a legal obligation ‒ Legitimate Interests T MAY 25 TH – GDPR OBLIGATIONS 11 POS , GOVERNANCE, AND RES PONS E WEBINAR

  12. GDPR Transparency Requirements • Transparency is an explicit requirement • Personal data must be processed fairly, lawfully and in a transparent manner ‒ The Controller is responsible for demonstrating compliance with transparency obligations ‒ The Controller must provide information to individuals in a concise, transparent, intelligible and easily accessible form, using clear and plain language ‒ Individuals must be made aware of data processing, purposes, risks, rules, safeguards and rights ‒ Further reinforced by and linked to requirements for consent, notice, legitimate interest, publishing DPO contacts T MAY 25 TH – GDPR OBLIGATIONS 12 POS , GOVERNANCE, AND RES PONS E WEBINAR

  13. Privacy Notice Requirements • Controllers must provide certain information to individuals when: ‒ Obtaining data directly from the individuals, and ‒ When obtaining personal data about the individual from third parties • This information must include: ‒ Controller/ representative identity and DPO identity/ contact details ‒ Purposes of processing and legal basis ‒ When processing based on legitimate interests, an explanation ‒ Whether provision of data is mandatory ‒ Information about recipients of data and data retention periods ‒ Explanation of individual rights ‒ Information regarding cross-border transfers ‒ Existence of automated decision taking and logic behind it T MAY 25 TH – GDPR OBLIGATIONS 13 POS , GOVERNANCE, AND RES PONS E WEBINAR

  14. Accountability Requirements Data Codes of Internal Protection conduct and records certifications Officer Data Data protection Protection by impact Design and by assessments Default T MAY 25 TH – GDPR OBLIGATIONS 14 POS , GOVERNANCE, AND RES PONS E WEBINAR 14

  15. Approach to GDPR T MAY 25 TH – GDPR OBLIGATIONS 15 POS , GOVERNANCE, AND RES PONS E WEBINAR

  16. Holistic GDPR Implementation • • Access requests • Data Protection Readiness and forms Officer S ervices assessment • • • Business processing Response iGRC mechanisms • • POS Compliance Information • Rectification & inventory • Policy erasure • Management Risks • Accuracy • Vendors Dat a • Account abilit y & Obj ections • S pecial categories Transfers & Organizat ional Technical Measures Measures S ubj ect Monit oring & Readiness, Access Right s Governance Dat a Mapping • • Records retention & Transfers to data & Regist ers erasure subj ects • Awareness & • Transfers to DPA’ s/ S A’ s training 3 rd party transfers • • Website policies • International transfers • Privacy notices • Info. security policies • Data protection • Data breach response & policies notifications T MAY 25 TH – GDPR OBLIGATIONS 16 POS , GOVERNANCE, AND RES PONS E WEBINAR

  17. Path to Compliance • GDPR is a combination of evolving and new requirements • GDPR requires an ongoing compliance obligation • Management buy-in is critical • Continued compliance means ‒ Ongoing diligence Ongoing understanding of your data processing activities o Conduct ongoing gap analyses against GDPR requirements o Continue to remediate based on the gap analysis o ‒ Ongoing Remediation Execute strategic remediation on an ongoing basis o Continue to implement underlying changes o T MAY 25 TH – GDPR OBLIGATIONS 17 POS , GOVERNANCE, AND RES PONS E WEBINAR

  18. Minimizing Your Exposure Post- May 25 T MAY 25 TH – GDPR OBLIGATIONS 18 POS , GOVERNANCE, AND RES PONS E WEBINAR

  19. Minimizing Exposure People Informat ion Meet DPO Requirement s management Policies & PoS & ERP procedures Compliance Process GDPR LIFECYCLE Dat a S AR t ransfers & Management st orage Technology Cont racts & Training & t hird part y awareness Management T MAY 25 TH – GDPR OBLIGATIONS 19 POS , GOVERNANCE, AND RES PONS E WEBINAR

  20. S ecurity: Risk Assessment and S afeguards Obligat ions S ecurit y measures • Applies to • Technical controllers and safeguards processors • Organisational • Must evaluate safeguards risks of • Policies and processing procedures • Must put in place adequate security measures T MAY 25 TH – GDPR OBLIGATIONS 20 POS , GOVERNANCE, AND RES PONS E WEBINAR

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
Accountability and Governance evidence To what extent can an agreed RMP act as evidence

Accountability and Governance evidence To what extent can an agreed RMP act as evidence

RMPs and GDPR Accountability and Governance evidence To what extent can an agreed RMP act as evidence of compliance with GDPR obligations around accountability and governance? Article 5(2) Accountability Principle The

362 views • 13 slides
Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands

Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands

Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands TeC Meeting 6. June 2018 First things first steemkr.com The heart of the GDPR The most important principles Lawfulness Fairness Art. 6

485 views • 15 slides
EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

Reaz Khedarun and Ian Davis EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda Implications and opportunities of GDPR New obligations and liabilities for suppliers How GDPR compliance can

437 views • 24 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018

EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018

EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018 Meet Your Presenters Tyler Duzan Jeff Sandstrom Product Manager for MySQL Product Manager for MongoDB Software at Percona Software at

772 views • 40 slides
Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think! Vincenzo Di Somma CISSP vincenzo.di.somma@canonical.com @vds Agenda Introduction Why should we care? What should we do? Introduction

670 views • 43 slides
Non-interventional post-authorisation safety studies: definition, obligations and requirements

Non-interventional post-authorisation safety studies: definition, obligations and requirements

Non-interventional post-authorisation safety studies: definition, obligations and requirements Presented by: Annalisa Rubino, PhD Pharmacovigilance and Risk Management Sector An agency of the European Union Post-authorisation safety studies

702 views • 12 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin

GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin

GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin (Senior Executive Lead) Lancashire & Cumbria Consortium of LMCs www.nwlmcs.org April-May 2018 GDPR Day : which one are you? 25th May 2018 Sorted ?

1.64k views • 55 slides
GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster

GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster

GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster Response and Recovery Frameworks ACP House Brussels, 9 June 2017 Francis Ghesquiere Manager, Head of GFDRR Secretariat The Global Facility for

355 views • 10 slides
Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Data Protection. IT issues and Solutions Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What information is being collected? v Who is collecting it? v How is it collected? v Why is it being collected?

198 views • 18 slides
Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are

Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are

Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are political parties using AI? 2. How are political parties responding to GDPR? 3. How to build a post-GDPR political practice? 4. What is the

233 views • 7 slides
SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6

SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6

SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6 December 2019 Disclaimer This material is provided to you solely for the purpose of providing a record of todays presentation. The presentation is

744 views • 22 slides
Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018 Norid collects and processes customer data To ensure that private individuals and organisations can register Norwegian domain names and maintain

432 views • 17 slides
- Friday April 25th, 2014- 1 Migrants, active players in development "Migrants are

- Friday April 25th, 2014- 1 Migrants, active players in development "Migrants are

Thematic meeting on migrants in a crisis context Paris, April 24th and 25th, 2014 SESSION 3 - THE CONTRIBUTION MADE BY DIASPORAS IN A TIME OF CRISIS AND POST-CRISIS / Group 2 - Contribution of diasporas to development in a post-crisis period

244 views • 12 slides
DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January,

DATA PROTECTION TODAY: CHALLENGES AND PERSPECTIVES Eleonora Bassi (Nexa Center) On January, 25th 2012 The European Commission presented his official Proposal for a Regulation (replacing Directive 95/46/EC) setting out a general EU framework

374 views • 19 slides
Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1%

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1%

Live Webinar #4 Thursday 5 December 2019 GDPR : where do we stand? Complaints Framework : 1% 94622 27th April 2016 : Adoption 6th May 2018 : Application May 2020 : Public e valuation report by the Commission in May 2020 and

412 views • 24 slides
Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian

Legal Questions surrounding the Blockchain The 6th Vienna Forum on European Energy Law Austrian Supreme Court of Justice Vienna, 28 September 2018, 09.45 10.00 Dr. Matthias Lang Dr. Matthias Lang Partner, Energy & Utilities

269 views • 23 slides
The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions

The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions

EFTA Seminar on the EEA On 10 and11 December 2009 The Functions of the EFTA Court Skli Magnsson, Registrar EFTA Court Some imposing Questions Does the functioning of the EEA require a court of law? If so, is a permanent court

841 views • 21 slides
Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy

Privacy and Security by Design: Regulatory Compliance Will Not be Enough to Preserve our Privacy Ann Cavoukian, Ph.D. Distinguished Expert-in-Residence Privacy by Design Centre of Excellence Ryerson University Ryerson CSR Institute / PPOCIR

3.12k views • 64 slides
General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by

General Data Protection Regulation David Sumner EU GDPR P CISM In association Certified by Accredited by Powered by with General Data Protection Regulation (GDPR) Why? Supports a single digital market place Protect privacy

413 views • 22 slides
Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu

Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu

Tachograph Forum Bernardo MARTNEZ Land Transport Unit (DGMOVE) bernardo.martinez@ec.europa.eu Transport Objective and composition Objective: support dialogue on technical matters concerning tachograph (art. 43 Regulation 165/2014)

365 views • 8 slides
Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation

Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation

Industry Day M adrid Current information as of 23 rd October 2019 2 Goods Regulation Department for Business, Energy and Industrial Strategy 3 Check which regulations apply to your product Old Approach: goods New Approach : a

641 views • 30 slides

More recommend