PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI
|
|
- Harriet May
- 5 years ago
- Views:
Transcription
1 PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI Jarkko Reittu Data Protection Officer and Legal Counsel University of Helsinki, Administrative Services 1
2 MY BACKGROUND JARKKO REITTU Master s degree in physics (2005) and law (2013), bar examination (2015) Senior DSP SW Specialist at Nokia Networks ( ) R&D work with 2G/3G/4G Radio Network Controller (RNC), Media Gateway (MGW) and Base Station I-HSPA Also integrating and testing network security protocols e.g. IPsec, IKE and SSH to embedded systems Testing mobile network data security Legal counsel at university s research services since 2013 IPR law, contract law and competition law Designated Data Protection Officer since 5/2016 2
3 GOAL: DOCUMENTED DATA PROTECTION COMPLIANCE = ACCOUNTABILITY WHAT UH IS GOING TO DO TO REACH THE GOAL? 1. Analyze the legal framework 2. Analyze the personal data processing activities 3. Identify and document privacy risks, including risks in agreements 4. Create and update necessary Data Protection Rules, Policies and Processes 5. Create the General Data Processing Agreement 6. Provide necessary infrastructure and services for the researchers and other employees 7. Create Communication Plans and Communicate 8. Create Data Protection and Data Security Training for employees 9. Handle Data Security and Data Breach Notification in 72 hours 10. Monitor compliance with the GDPR continuously 11. Report regularly to the University s Management 3
4 ANALYZE THE LEGAL FRAMEWORK It is not just about the GDPR National regulation: Personal Data Act, Act on the Openness of Government Activities, Act on the Status and Rights of Patients, Biobank Act, Medical Research Act, Universities Act, etc. etc. Other EU regulation: e.g. epd COM(2017) 10, DPD (680/2016), Privacy Shield COM(2016)4176 Challenge: The GDPR interpretation is unclear in some aspects Waiting for the WP29 Guidelines e.g. regarding the Extent of Consent in the Scientific Research as this may have a major impact to research done with sensitive patient data and biobank research Waiting for guidance from Finnish Data Protection officials e.g. regarding the 72 hours Data Breach reporting obligation Waiting for national derogations to the GDPR Articles 15 (Right to Access Data), 16 (Right to rectification), 18 (Right to restriction of processing) and 21 (Right to object) concerning Scientific Research as stated in the Article 89 UH cooperates with Ministry of Justice, Ministry of Education and Culture and Ministry of Finance National legislation work is done in pieces; How to ensure that national data protection legislation stays coherent? 4
5 ANALYZE THE PERSONAL DATA PROCESSING ACTIVITIES AND IDENTIFY RISKS It is estimated, that there are thousands separate activities where personal data is processed. Therefore automated self-service process is needed that meets following requirements: 1. Data mapping: collect basic information to identify processing activities 2. Analyze and check the compliance of processing activities 3. Maintain a record of processing operations under university s responsibility UH is researching different options Tools for the IT services already in use, part of IT portfolio management Challenge: Gathering info from all data processing activities done in research How to commit all researchers? Is university or researcher the controller? Who is responsible in the court? One Solution: a web based application that it is integrated to the general research contract management process 5
6 THE RESEARCH CONTRACT MANAGEMENT PROCESS AND DATA PROTECTION Question: Where shall authorities focus their limited resources? 1. To the universities that does not appointed the DPO 2. To the projects and activities that are not approved by university s DPO 1. Finnish universities are jointly creating a self-regulation instrument for privacy, similar to Ethics self-assessment done in the Horizon 2020 Programme 2. UH has started a lean project for the Research Contract Management Process that shall cover also data protection Initial screening shall be done by researchers themselves. Cases shall be directed to DPO and other legal counsels only when needed Documented DPO s approval Records shall be maintained by the person responsible for the data processing activity Head of units (signatories) shall get a contract cover note that gives a green/red light for all relevant legal aspects, including data protection and data security 6
7 IDENTIFY AND DOCUMENT PRIVACY RISKS University of Helsinki has started a evaluation pilot project where UH shall assess the data protection risks at the Institute for Molecule Medicine Finland (FIMM, part of UH), because FIMM is considered to be high risk unit due the nature data processed Data Protection Impact Assessment pilot is done in the 2 day workshop facilitated by a private company Report and follow up in the SaaS based tool Based on the experience gathered from pilot, PIAs shall be extended to the all units in the university Our goal: a documented overview of all data protection risks in the university UH shall take necessary actions based on risk evaluation as data protection is never ending job! 7
8 CREATE GENERAL DATA PROCESSING AGREEMENT (DPA) Obligation for a [written] agreement is stated in the GDPR Article 28 (3): Processing by a processor shall be governed by a contract or other legal act under Union or Member State law, that is binding on the processor with regard to the controller and that sets out the subject-matter and duration of the processing, the nature and purpose of the processing, the type of personal data and categories of data subjects and the obligations and rights of the controller. Covers both data protection and data security requirements set in GDPR Can be included as appendix to agreements Application may be challenging with big players like Microsoft or Google, but their model agreements should cover data protection issues in the satisfactory level. First draft of the data processing agreement is ready and applied 8
9 CREATE RULES, POLICIES AND PROCESSES FOR DATA PROTECTION Existing Policies and Rules covers mainly the Data Security Information Security Policy Acceptable use policy for University of Helsinki (IT Services) Research Data Policy Research Ethics Research Data Management Guide Data Protection Policies and Rules Code of Conduct concerning Data Protection in the Education is ready and almost approved by data protection authority Code of Conduct concerning Data Protection in Research is done together with Aalto University Data Protection shall be part of new Research Contract Management Process Close cooperation with other Finnish universities and data protection authority 9
10 CREATE DATA PROTECTION AND DATA SECURITY TRAINING FOR EMPLOYEES Data Protection and Security is whole organization s issue: everybody must understand the purpose behind the data protection legislation and why privacy is important University of Helsinki has created a web based training module that covers basics in data protection and data security In first phase, the training module shall be mandatory for all administrative personnel Later the training will be introduced to researchers and other personnel There has been discussion, that data protection should be included to the student s basic education, at least on the PhD level, as data management is researcher s basic skill. Data Security is already covered in the ICT Driving License course that is mandatory for all students 10
11 HANDLE DATA SECURITY AND 72 HOUR DATA BREACH NOTIFICATION PROCESS Data Security Team is mainly responsible for University s Data Security 72 hour Data Breach Notification requirement as stated in GDPR Article 33 Data Security Team is responsible for implementing notification process Open issues What supervisory authority expects to be notified How notification shall be done Waiting for guidance from supervisory authority 11
12 MONITOR COMPLIANCE WITH THE GDPR Privacy risks and data processes shall be monitored actively Regular meetings with data security team, data management planning team, legal counsels, research funding advisors, library etc. Close cooperation with other DPOs, Helsinki University Central Hospital, supervisory authorities and government bodies Regular reporting directly to director of administration Tools for following privacy issues and reporting Producing yearly privacy statements for the university Management 12
13 QUESTIONS? 13
EXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills
More informationBHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD
BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationPrivacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016
Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Pēteris Zilgalvis, J.D., Head of Unit for Health and Well-Being, DG CONNECT Table of Contents 1. Context
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationData Processing Agreement DPA
Data Processing Agreement DPA between Clinic Org. no. «Controller». and Calpro AS Org. nr. 966 291 281. «Processor» If the parties have executed a Data Management Agreement, the Date Management Agreement
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationGDPR and the Privacy Shield
GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark
More informationEco Web Hosting Security and Data Processing Agreement
1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have
More informationEU GDPR: The General Data Protection Regulation
EU GDPR: The General Data Protection Regulation A Brief Overview Duke Privacy The General Data Protection Regulation Became effective May 25, 2018. Formally codifies privacy as a fundamental right and
More informationGDPR and DPO. DPO and DPM. Michel Gerdes DPO DFN-CERT Services GmbH DFN-CERT Services GmbH GDPR and DPO: Slide 1
GDPR and DPO DPO and DPM Michel Gerdes DPO DFN-CERT Services GmbH 27.09.2017 2017 DFN-CERT Services GmbH GDPR and DPO: Slide 1 ToC The DPO Role according to GDPR Data Protection at research institutions
More informationImplementing the new GDPR: what does it mean for Universities?
Implementing the new GDPR: what does it mean for Universities? Case study Alumni Portal Cosimo Monda Director - European Centre on Privacy and Cybersecurity Maastricht University Twitter: @ecpcmaastricht
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the
More informationPROJECT BACKGROUND AND RATIONALE
PROJECT BACKGROUND AND RATIONALE The political agreement on the EU General Data Protection Regulation (GDPR) has been reached and the new Regulation will be on the books by the end of the first quarter
More informationGovernment Resolution No of February 15, Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security
Government Resolution No. 2443 of February 15, 2015 33 rd Government of Israel Benjamin Netanyahu Resolution: Advancing National Regulation and Governmental Leadership in Cyber Security It is hereby resolved:
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationGDPR compliance: some basics & practical to do list
GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationThe GDPR and NIS Directive: Risk-based security measures and incident notification requirements
The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationHow the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015
How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015 Claudia Prettner, Unit for Health and Well-Being, DG CONNECT Table of
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationHaaga-Helia University of Applied Sciences Privacy Notice for Student Administration
Haaga-Helia University of Applied Sciences Privacy Notice for Student Administration In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30) Created
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationData Processing Agreement
Data Processing Agreement This Data Processing Agreement ( the Agreement or DPA ) constitutes the obligations for TwentyThree ApS Sortedam Dossering 5D 2200 Copenhagen N Denmark (hereinafter The Data Processor
More informationHaaga-Helia University of Applied Sciences Privacy Notice for the Laura Recruitment Service
Haaga-Helia University of Applied Sciences Privacy Notice for the Laura Recruitment Service In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13, 14 and 30)
More informationArkadin Data protection & privacy white paper. Version May 2018
Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationHaaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service
Haaga-Helia University of Applied Sciences Privacy Notice for JUSTUS publication data storage service In compliance with the requirements of the EU General Data Protection Regulation (GDPR, Articles 13,
More informationARE YOU READY FOR GDPR?
SQL Security Whitepaper ARE YOU READY FOR GDPR? BY BOB FULLAM AND STEPHEN STOUT Demonstrate Compliance with IDERA SQL Security Suite OVERVIEW The European Union s General Data Protection Regulation (GDPR)
More informationGoogle Ads Data Processing Terms
Google Ads Data Processing Terms Google and the counterparty agreeing to these terms ( Customer ) have entered into an agreement for the provision of the Processor Services (as amended from time to time,
More informationData Protection System of Georgia. Nina Sarishvili Head of International Relations Department
Data Protection System of Georgia Nina Sarishvili Head of International Relations Department 14/12/2016 Legal Framework INTERNATIONAL INSTRUMENTS CoE 108 Convention AP on Supervisory Authorities and Trans-
More informationMANUAL OF UNIVERSITY POLICIES PROCEDURES AND GUIDELINES. Applies to: faculty staff students student employees visitors contractors
Page 1 of 6 Applies to: faculty staff students student employees visitors contractors Effective Date of This Revision: June 1, 2018 Contact for More Information: HIPAA Privacy Officer Board Policy Administrative
More informationFIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT
FIRSTBEAT TECHNOLOGIES OY DESCRIPTION OF PERSONAL DATA PROCESSING FOR PARTNERS - FIRSTBEAT LIFESTYLE ASSESSMENT Description of personal data processing in the Firstbeat Lifestyle Assessment service of
More informationSCHOOL SUPPLIERS. What schools should be asking!
SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated
More informationTHE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon
THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES Forum financier du Brabant wallon 14.12.2017 Data Protection should be part of every company s or organisation s DNA Do you process
More informationTalenom Plc. Description of Data Protection and Descriptions of Registers
Talenom Plc. Description of Data Protection and Descriptions of Registers TALENOM DESCRIPTION OF DATA PROTECTION Last updated 14 March 2018 Scope Limitations Data protection principles Personal data Registers
More informationPRIVACY ACROSS THE POND
PRIVACY ACROSS THE POND GDPR, PRIVACY SHIELD AND BREXIT OH MY! ACC NATIONAL CAPITAL REGION 2017 DATA PRIVACY AND SECURITY CONFERENCE SEPTEMBER 13, 2017 Michelle Beistle, CIPP/E/US Jessica Retka Gretchen
More informationPRIVACY NOTICE 1. Introduction
PRIVACY NOTICE 1. Introduction The protection of the privacy and personal data of our customers, partners and employees is important to us and we work hard to ensure to always process personal data in
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationPRIVACY POLICY (extended) Personal Data Act (523/1999) 10 and 24 EU General Data Protection Regulation 2016/679
PRIVACY POLICY (extended) Personal Data Act (523/1999) 10 and 24 EU General Data Protection Regulation 2016/679 Date of issue 24.5.2018 1 Registrar Name Regional Council of South Ostrobothnia Address Kampusranta
More informationCTI BioPharma Privacy Notice
CTI BioPharma Privacy Notice Effective: 29 November 2018 Introduction and Scope CTI BioPharma Corp. ( CTI, our, us ) takes the protection of your personal data very seriously. This Privacy Notice (this
More information1. Right of access. Last Approval Date: May 2018
Page 1 of 5 I. PURPOSE The European Union s General Data Protection Regulation (GDPR) provides greater data protection for individuals in the European Union (EU). This comprehensive regulation, effective
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationG DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know
G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than
More informationFabric Data Processing and Security Terms Last Modified: March 27, 2018
Fabric Data Processing and Security Terms Last Modified: March 27, 2018 The customer agreeing to these terms ( Customer ), and Google LLC (formerly known as Google Inc.), Google Ireland Limited, Google
More informationGeneral Data Protection Regulation Frequently Asked Questions (FAQ) General Questions
General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationDirective on security of network and information systems (NIS): State of Play
Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationCisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th
Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationEU data security and privacy trends
EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationA practical guide to using ScheduleOnce in a GDPR compliant manner
A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationDEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy
DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of
More informationFileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved
FileFacets for GDPR Solution Overview for Compliance Copyright 2017 FileFacets Corporation. All rights reserved Contents FileFacets Overview... 3 GDPR Key Changes... 4 Key Changes to Policy... 4 Key Changes
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationGDPR is coming in less than 2 months Are you ready?
GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO
More informationSCALA FUND ADVISORY PRIVACY POLICY
SCALA FUND ADVISORY PRIVACY POLICY Last updated 25 May 2018 1 INTRODUCTION This document describes how Scala Fund Advisory Oy (hereinafter Scala ) processes the personal data of Scala s business partners
More informationGeneral Data Protection Regulation (GDPR) NEW RULES
General Data Protection Regulation (GDPR) NEW RULES AGENDA A. GDPR : general overview B. Sectorial topics and concerns GDPR GENERAL OVERVIEW 1. GDPR : WHAT IS IT AND WHY CARE? 27 April 2016 : Approval
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationGDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018
GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into
More informationDATA PROTECTION LAWS OF THE WORLD. Bahrain
DATA PROTECTION LAWS OF THE WORLD Bahrain Downloaded: 7 April 2018 BAHRAIN Last modified 25 January 2017 LAW There is currently no standalone data protection law in Bahrain. A draft is being reviewed before
More informationData Processing Agreement
Data Processing Agreement Addendum to the Main Contract between Simonsen Chartering Aps Christiansmindevej 74 CBR no.: 20702206 (hereinafter referred to as the Shipping Company ) and 3 rd party processing
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationData Processing Agreement
Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT
More informationNEWSFLASH GDPR N 8 - New Data Protection Obligations
GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine
More informationNetworking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud
Networking Session - A trusted cloud ecosystem How to help SMEs innovate in the Cloud ICT2015, 21 October 2015 Lisbon, Portugal Dr. Paolo Balboni, Partner at ICT Legal Consulting & Scientific Director
More informationData Security and Privacy at Handshake
Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationIntroductory guide to data sharing. lewissilkin.com
Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationThe University of British Columbia Board of Governors
The University of British Columbia Board of Governors Policy No.: 118 Approval Date: February 15, 2016 Responsible Executive: University Counsel Title: Safety and Security Cameras Background and Purposes:
More informationPrivacy Policy. You may exercise your rights by sending a registered mail to the Privacy Data Controller.
Privacy Policy Revision date: April, 26th 2018 Privacy and security of personal data are of utmost importance to epresspack and we strive to ensure that our technical and organisational measures we have
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationGEOLOGICAL SURVEY OF FINLAND 1 (8) PRIVACY POLICY EU General Data Protection Regulation, articles 12 14
1 (8) EU General Data Protection Regulation, articles 12 14 14 May 2018 GTK/151/00.19/2016 Juoni case management system Data controller Contact person in matters related to the register Contact details
More informationProhire Software Systems Limited ("Prohire")
Prohire Software Systems Limited ("Prohire") White paper on Prohire GDPR compliance measures 11 th May 2018 Contents 1. Overview 2. Legal Background 3. How Prohire complies 4. Wedlake Bell 5. Conclusion
More information2. Which personal data is processed by SF Studios and from which source does the personal data originate?
PRIVACY NOTICE 1. Introduction The protection of the privacy and personal data of our customers, partners and employees is important to us and we work hard to ensure to always process personal data in
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More information