post may 25th gdpr obligations governance and response
play

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR - PowerPoint PPT Presentation

Dec 07, 2022 •292 likes •589 views

POST MAY 25TH GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the

  1. POST MAY 25TH – GDPR OBLIGATIONS, GOVERNANCE, AND RESPONSE WEBINAR May 2, 2018 BDO USA, LLP, a Delaware limited liability partnership, is the U.S. member of BDO International Limited, a UK company limited by guarantee, and forms part of the international BDO network of independent member firms.

  2. WITH YOU TODAY Karen Schuler Lisa Sotto Part ner and Nat ional Dat a & Part ner and Chair, Privacy and Informat ion Governance Pract ice Cybersecurity Pract ice Leader Hunt on Andrews Kurt h LLP BDO US A, LLP 200 Park Avenue 8401 Greensboro Drive, S uit e 800 New York, NY 10166 McLean, VA 22102 Direct : 212-309-1223 Direct : 703-336-1533 lsot t o@ hunt on.com kschuler@ bdo.com www.huntonprivacyblog.com www.bdo.com T MAY 25 TH – GDPR OBLIGATIONS 2 POS , GOVERNANCE, AND RES PONS E WEBINAR

  3. TOPICS TO BE COVERED • GDPR Background • Primary Legal Considerations • Approach to GDPR • Minimizing Y our Exposure Post-May 25 • Managing Risk in an Uncertain World T MAY 25 TH – GDPR OBLIGATIONS 3 POS , GOVERNANCE, AND RES PONS E WEBINAR

  4. GDPR Background T MAY 25 TH – GDPR OBLIGATIONS 4 POS , GOVERNANCE, AND RES PONS E WEBINAR

  5. GDPR Background The General Data Protection Enhanced personal privacy • Regulation (GDPR) imposes rights new rules on organizations that offer goods and services Increased duty for protecting • to people in the European data Union (EU), or that collect and analyze data tied to EU Mandatory breach reporting • residents, no matter where they are located. S ignificant penalties for non- • compliance T MAY 25 TH – GDPR OBLIGATIONS 5 POS , GOVERNANCE, AND RES PONS E WEBINAR

  6. Key GDPR Themes Strengthened Increased Harmonisation Increased rights of enforcement, obligations individuals fines, liabilities • Right t o erasure • Regulat ory fines up t o • Harmonised rules, but • DP principles t ight ened 4% of annual worldwide not fully (e.g. employee (consent , t ransparency) • Dat a port abilit y t urnover dat a, children dat a) • Profiling rules • Right not t o be subj ect • Individual act ion • One S t op S hop: Lead t o aut omat ed • Privacy Impact DP A for pan-European profiling/ right t o obj ect • Class act ion Assessment mat t ers, in cooperat ion • Criminal sanct ions (in • Privacy by Design wit h ot her DP As; Local nat ional laws) • Breach not ification – t o DP A for local mat t ers • Larger role for European DP As and individuals and redress for Dat a Prot ect ion Board • Direct obligat ions and individuals (EDPB) liabilit y for processor • Risk-based approach • Account abilit y – Privacy • S ome reduct ion of Programme administ rat ive burden • Int ernal record of (no nat ional regist rat ion processing of processing or prior • DP Officer aut horisat ion) • BCRs, seals and cert ifications T MAY 25 TH – GDPR OBLIGATIONS 6 POS , GOVERNANCE, AND RES PONS E WEBINAR

  7. Territorial S cope EU Businesses Non-EU Businesses • The GDPR applies if personal • The GDPR applies when a data are processed in the business “ targets” individuals context of the activities of in the EU (by offering them their establishment in the EU products or services), or monitor the behavior of • Based on the concept of individuals in the EU “ establishment” • What is “ targeting” ? • Irrespective of where the actual processing takes • What is “ monitoring” ? place T MAY 25 TH – GDPR OBLIGATIONS 7 POS , GOVERNANCE, AND RES PONS E WEBINAR

  8. Data S ubj ect Rights Access Obj ection Portability Profiling/ Restriction Erasure automated decisions T MAY 25 TH – GDPR OBLIGATIONS 8 POS , GOVERNANCE, AND RES PONS E WEBINAR

  9. Fines & S anctions • Controllers and processors subj ect to administrative fines for non- compliance • High fines of up to: ‒ 20 million euros, or ‒ “ in case of an undertaking” up to 4% of total worldwide annual turnover of the preceding financial year, whichever is higher • Fines should take into account: ‒ Gravity and duration of the violation, and ‒ Any mitigating measures taken by companies • Criminal sanctions also available and will continue to be determined at national level T MAY 25 TH – GDPR OBLIGATIONS 9 POS , GOVERNANCE, AND RES PONS E WEBINAR

  10. Primary Legal Considerations T MAY 25 TH – GDPR OBLIGATIONS 10 POS , GOVERNANCE, AND RES PONS E WEBINAR

  11. Legal Basis for Processing • Personal data may be processed under the GDPR only if there is a legal basis to do so • Legal bases include: ‒ Consent ‒ Performance of a contract ‒ Compliance with a legal obligation ‒ Legitimate Interests T MAY 25 TH – GDPR OBLIGATIONS 11 POS , GOVERNANCE, AND RES PONS E WEBINAR

  12. GDPR Transparency Requirements • Transparency is an explicit requirement • Personal data must be processed fairly, lawfully and in a transparent manner ‒ The Controller is responsible for demonstrating compliance with transparency obligations ‒ The Controller must provide information to individuals in a concise, transparent, intelligible and easily accessible form, using clear and plain language ‒ Individuals must be made aware of data processing, purposes, risks, rules, safeguards and rights ‒ Further reinforced by and linked to requirements for consent, notice, legitimate interest, publishing DPO contacts T MAY 25 TH – GDPR OBLIGATIONS 12 POS , GOVERNANCE, AND RES PONS E WEBINAR

  13. Privacy Notice Requirements • Controllers must provide certain information to individuals when: ‒ Obtaining data directly from the individuals, and ‒ When obtaining personal data about the individual from third parties • This information must include: ‒ Controller/ representative identity and DPO identity/ contact details ‒ Purposes of processing and legal basis ‒ When processing based on legitimate interests, an explanation ‒ Whether provision of data is mandatory ‒ Information about recipients of data and data retention periods ‒ Explanation of individual rights ‒ Information regarding cross-border transfers ‒ Existence of automated decision taking and logic behind it T MAY 25 TH – GDPR OBLIGATIONS 13 POS , GOVERNANCE, AND RES PONS E WEBINAR

  14. Accountability Requirements Data Codes of Internal Protection conduct and records certifications Officer Data Data protection Protection by impact Design and by assessments Default T MAY 25 TH – GDPR OBLIGATIONS 14 POS , GOVERNANCE, AND RES PONS E WEBINAR 14

  15. Approach to GDPR T MAY 25 TH – GDPR OBLIGATIONS 15 POS , GOVERNANCE, AND RES PONS E WEBINAR

  16. Holistic GDPR Implementation • • Access requests • Data Protection Readiness and forms Officer S ervices assessment • • • Business processing Response iGRC mechanisms • • POS Compliance Information • Rectification & inventory • Policy erasure • Management Risks • Accuracy • Vendors Dat a • Account abilit y & Obj ections • S pecial categories Transfers & Organizat ional Technical Measures Measures S ubj ect Monit oring & Readiness, Access Right s Governance Dat a Mapping • • Records retention & Transfers to data & Regist ers erasure subj ects • Awareness & • Transfers to DPA’ s/ S A’ s training 3 rd party transfers • • Website policies • International transfers • Privacy notices • Info. security policies • Data protection • Data breach response & policies notifications T MAY 25 TH – GDPR OBLIGATIONS 16 POS , GOVERNANCE, AND RES PONS E WEBINAR

  17. Path to Compliance • GDPR is a combination of evolving and new requirements • GDPR requires an ongoing compliance obligation • Management buy-in is critical • Continued compliance means ‒ Ongoing diligence Ongoing understanding of your data processing activities o Conduct ongoing gap analyses against GDPR requirements o Continue to remediate based on the gap analysis o ‒ Ongoing Remediation Execute strategic remediation on an ongoing basis o Continue to implement underlying changes o T MAY 25 TH – GDPR OBLIGATIONS 17 POS , GOVERNANCE, AND RES PONS E WEBINAR

  18. Minimizing Your Exposure Post- May 25 T MAY 25 TH – GDPR OBLIGATIONS 18 POS , GOVERNANCE, AND RES PONS E WEBINAR

  19. Minimizing Exposure People Informat ion Meet DPO Requirement s management Policies & PoS & ERP procedures Compliance Process GDPR LIFECYCLE Dat a S AR t ransfers & Management st orage Technology Cont racts & Training & t hird part y awareness Management T MAY 25 TH – GDPR OBLIGATIONS 19 POS , GOVERNANCE, AND RES PONS E WEBINAR

  20. S ecurity: Risk Assessment and S afeguards Obligat ions S ecurit y measures • Applies to • Technical controllers and safeguards processors • Organisational • Must evaluate safeguards risks of • Policies and processing procedures • Must put in place adequate security measures T MAY 25 TH – GDPR OBLIGATIONS 20 POS , GOVERNANCE, AND RES PONS E WEBINAR

Recommend

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner

GDPR Obligations & Rules Introduction to Privacy and the GDPR Simone Fischer-Hbner CC-BY-4.0 Advising, Monitoring, Enforcing European Data Protection Board Art. 68 - 73 (replacing the Art. 29 Working Party) advise Supervisory

626 views • 8 slides
Accountability and Governance evidence To what extent can an agreed RMP act as evidence

Accountability and Governance evidence To what extent can an agreed RMP act as evidence

RMPs and GDPR Accountability and Governance evidence To what extent can an agreed RMP act as evidence of compliance with GDPR obligations around accountability and governance? Article 5(2) Accountability Principle The

362 views • 13 slides
Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands

Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands

Obligations of a controller A walk through the GDPR Regina Becker ELIXIR-LU ELIXIR AllHands TeC Meeting 6. June 2018 First things first steemkr.com The heart of the GDPR The most important principles Lawfulness Fairness Art. 6

485 views • 15 slides
EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda

Reaz Khedarun and Ian Davis EU GDPR PRACTICAL IMPLEMENTATION GUIDE - OPPORTUNITIES AND THREATS bd@gemserv.com Agenda Implications and opportunities of GDPR New obligations and liabilities for suppliers How GDPR compliance can

437 views • 24 slides
GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB

GDPR General Data Protection Regulation DR. Rafi us Shan, Chief Cyber Security , KP CERC KPITB GDPR TIMELINE Definitions GDPR is a set of EU laws that come into affect on May 25th 2018. GDPR rules are designed to give more control over

587 views • 30 slides
EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018

EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018

EU GDPR and Security Compliance for the DBA Santa Clara, California | April 23th 25th, 2018 Meet Your Presenters Tyler Duzan Jeff Sandstrom Product Manager for MySQL Product Manager for MongoDB Software at Percona Software at

772 views • 40 slides
Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think!

Openstack compliance with GDPR Official Courseware 25th of May 2018 is closer than you think! Vincenzo Di Somma CISSP vincenzo.di.somma@canonical.com @vds Agenda Introduction Why should we care? What should we do? Introduction

670 views • 43 slides
Non-interventional post-authorisation safety studies: definition, obligations and requirements

Non-interventional post-authorisation safety studies: definition, obligations and requirements

Non-interventional post-authorisation safety studies: definition, obligations and requirements Presented by: Annalisa Rubino, PhD Pharmacovigilance and Risk Management Sector An agency of the European Union Post-authorisation safety studies

702 views • 12 slides
GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data

GDPR How does it apply to me? What is GDPR? It is the LAW! What is GDPR? The General Data Protection Regulation Came into force on May 25 th Replaces the current 1995 Data Protection Directive and Data Protection Act (1998). What is GDPR?

570 views • 18 slides
GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin

GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin

GDPR for Practice Managers General Data Protection Regulation Dr Nick Lowe Stephen Toulmin (Senior Executive Lead) Lancashire & Cumbria Consortium of LMCs www.nwlmcs.org April-May 2018 GDPR Day : which one are you? 25th May 2018 Sorted ?

1.64k views • 55 slides
GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster

GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster

GFDRRs role in post disaster response: Opportunities and Challenges Focus Day Post Disaster Response and Recovery Frameworks ACP House Brussels, 9 June 2017 Francis Ghesquiere Manager, Head of GFDRR Secretariat The Global Facility for

355 views • 10 slides
Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What

Data Protection. IT issues and Solutions Ian Bernhardt Head of Governance & Compliance GDPR: The Journey Today Privacy Notice v What information is being collected? v Who is collecting it? v How is it collected? v Why is it being collected?

198 views • 18 slides
Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are

Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are

Brendan Tobin | Head of Growth @ecanvasserapp GDPR and AI: Salvation or Damnation? 1. How are political parties using AI? 2. How are political parties responding to GDPR? 3. How to build a post-GDPR political practice? 4. What is the

233 views • 7 slides
SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6

SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6

SME Assist Meeting Your Obligations Post-market monitoring Faye Lux SME Assist 6 December 2019 Disclaimer This material is provided to you solely for the purpose of providing a record of todays presentation. The presentation is

744 views • 22 slides
Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018

Whois in a post-GDPR world - The Norwegian model Hilde Thunem ccNSO Tech Day 22. October 2018 Norid collects and processes customer data To ensure that private individuals and organisations can register Norwegian domain names and maintain

432 views • 17 slides
- Friday April 25th, 2014- 1 Migrants, active players in development "Migrants are

- Friday April 25th, 2014- 1 Migrants, active players in development "Migrants are

Thematic meeting on migrants in a crisis context Paris, April 24th and 25th, 2014 SESSION 3 - THE CONTRIBUTION MADE BY DIASPORAS IN A TIME OF CRISIS AND POST-CRISIS / Group 2 - Contribution of diasporas to development in a post-crisis period

244 views • 12 slides
Hui a-Rohe - Post Settlement Governance Entity Wednesday 27 th March 2013 Ngmotu Purpose of the

Hui a-Rohe - Post Settlement Governance Entity Wednesday 27 th March 2013 Ngmotu Purpose of the

egoti Hui a-Rohe - Post Settlement Governance Entity Wednesday 27 th March 2013 Ngmotu Purpose of the Hui To discuss the development of the Post Settlement Governance Entity An opportunity for you to provide feedback and input into

687 views • 20 slides
Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett

garjoh_canuck Data minimization & concentration: Intended and unintended consequences of the GDPR Garrett Johnson (Boston U) Scott Shriver (U Colorado Boulder) GDPR Impact GDPR General Data Protection Regulation EU EEA Brexit GDPR

833 views • 27 slides
Guiding Principles of COVID-19 Response As approved in the 25th IATF Department of Health,

Guiding Principles of COVID-19 Response As approved in the 25th IATF Department of Health,

Guiding Principles of COVID-19 Response As approved in the 25th IATF Department of Health, Philippines 1 Strategic Directions GUIDING PRINCIPLES for new normal National Action Plan STRATEGIES 1. Whole-of-government, whole-of-system,

657 views • 50 slides
Global governance for sustainable development in the post-2015 era Diane Elson Panel discussion

Global governance for sustainable development in the post-2015 era Diane Elson Panel discussion

Global governance for sustainable development in the post-2015 era Diane Elson Panel discussion organized by the CDP 26 March 2014 United Nations Headquarters, New York 1 Global governance and global rules for development in the post-2015 era

443 views • 8 slides
Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does

Presentation by Michalis Mantzaris, PhD Introduction to General Data Protection Regulation (GDPR) Presentation Structure What is the GDPR? When and where does it apply? Consisting elements and Guideline provision Key changes and

605 views • 23 slides
Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do

Overview What is the GDPR? What are the main changes? Risks? What do you need to do to be compliant? Data Breaches How does the GDPR affect you? Steps to Compliance Summary What is the GDPR? q The EU's General Data

355 views • 17 slides
PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles

GENERAL DATA PROTECTION REGULATIONS May 2018 GDPR What is GDPR What is different Principles of of GDPR How does it effect school How are school preparing How does it effect individual staff How can

475 views • 12 slides
GDPR Fund Implementation update Richard Bullen Fund Governance & Performance Manager 12

GDPR Fund Implementation update Richard Bullen Fund Governance & Performance Manager 12

Local Government Pension Scheme (LGPS) GDPR Fund Implementation update Richard Bullen Fund Governance & Performance Manager 12 July 2018 www.wiltshirepensionfund.org.uk Local Government Pension Scheme (LGPS) Introduction A recap

439 views • 9 slides

More recommend