Digitalisation of Companies: What an in-house counsel needs to know
|
|
- Darlene Boone
- 5 years ago
- Views:
Transcription
1 Digitalisation of Companies: What an in-house counsel needs to know Christopher Götz, Simmons & Simmons Roderick Kirwan, VEON 18 May 2017
2 Digitalisation of Companies Automatisation of production processes along the entire value creation chain, e.g. - Industry 4.0 : Production & marketing process - FinTech : Robo advisor, SmartContracts, Blockchain - InsurTech : mere online insurance broker Taking advantage of opportunities offered by the internet, e.g. - Use of storage space in the cloud - Use of SaaS tools (e.g. MS Office 365, Salesforce, Workday) - Coffee machine connected to internet (IoT) 2 / L_LIVE_EMEA2: v1
3 Legal challenges IT contract law Data protection law Rights in respect of company data IT security 3 / L_LIVE_EMEA2: v1
4 Legal challenges 1. IT contract law Data processing requires modern and efficient IT systems and infrastructure Establish own infrastructure Use of third-party systems Commissioning external service provider with Establishment of IT infrastructure Software development Maintenance of IT systems Regular upgrades IT-Outsourcing: Cloud computing & hosting by external service provider Internet connection is sufficient Scalability 4 / L_LIVE_EMEA2: v1
5 Status quo: Company owned IT infrastructure Lack of investments in modernising IT infrastructure in the past Companies currently use extremely outdated IT systems ( legacy systems ): historically grown IT systems with the following hallmarks: - insufficient documentation - outdated operating environment - security gaps / vulnerabilities increasing problems in case of company mergers As regards software: Open Source Software non-compliance with license requirements* dangerous security gaps / vulnerabilities (in particular with FinTechs*) * Open source security and risk analysis 2017 of Black Duck Software 5 / L_LIVE_EMEA2: v1
6 Example: German finance and insurance industry Newspaper article, 5 April 2017 Devastating findings : Director of German Federal Financial Supervisory Authority ( BaFin ) criticizes IT security gaps of German banks and insurers 6 / L_LIVE_EMEA2: v1
7 IT contract law Establishment of modern and efficient IT systems and IT infrastructure is essential! Conclusion of adequate agreements with service providers is crucial! Cloud computing & hosting: Contract for work? Service contract? Lease contract! 7 / L_LIVE_EMEA2: v1
8 IT contract law Cloud computing & Hosting (amongst others): Availability Back ups (Who carries out back ups? How often?) Data protection related particularities: Commissioned data processing agreement Cross-border data transfer IT security Exit management: What happens to data after termination of the agreement? 8 / L_LIVE_EMEA2: v1
9 IT contract law Cloud computing & hosting: Availability of systems Examples for availability ( Service levels ) Availability 365 days / year 24h /day Availability 99,99% Availability 99,9 % Availability 99,18% Availability 91,78% = 100% Availability No downtime Permitted downtime: 52 minutes per year Permitted downtime: 8h 46 minutes per year Permitted downtime: 3 days per year Permitted downtime: 30 days per year 9 / L_LIVE_EMEA2: v1
10 Contractual particularities of IT outsourcing Security trader companies / Finance sector / Stock exchange Question: material / non-material outsourcing? Risk analysis! Material outsourcing Outsourcing agreement - audit rights, data protection, exit management, IT security - audit rights of BaFin / German Central Bank / European Central Bank Insurances Outsourcing agreement important: sectors health, accident, life Sec. 203 para 1 no. 6 German Criminal Code! 10 / L_LIVE_EMEA2: v1
11 Example: German finance and insurance industry Newspaper articles of December 2016: Waves of audits by Supervisory Authorities reveals long list of deficiencies with German regional banks ( Landesbanken ) 11 / L_LIVE_EMEA2: v1
12 Legal challenges 2. Data protection law Applicable, if personal data is collected, processed or used - processing = transfer of data and access to data - customer, supplier and employee data (name, address, etc.) - unique device ID - dynamic IP address (Breyer./. BRD, European Court of Justice - C-582/14) Digitalisation without processing of personal data is impossible Important: processing of personal data is only permitted, if a statutory permission is applicable or if the data subject validly consented to it Exceptions from requirement of a statutory permission or consent? 12 / L_LIVE_EMEA2: v1
13 Data protection law No group company privilege Commissioned data processing: Data transfer / data processing is privileged, if 1. Commissioned data processing agreement is concluded, Sec. 11 German Federal Data Protection Act ( BDSG ) / Art. 28 EU General Data Protection Regulation ( GDPR ) 2. Data processor = acting on behalf of data controller ( puppet) - data processor entirely bound by data controller s instructions! - data processor not having any discretion! Issue: affiliate outsources its IT to parent company (HR) 13 / L_LIVE_EMEA2: v1
14 Data protection law Characteristics of cross-border transfer of personal data within EU / EEA outside EU / EEA requires statutory permission; or consent Exception: privileged commissioned data processing (Sec. 11 BDSG / Art. 28 EU GDPR) requires 1. statutory permission; or consent (even in case of commissioned data processing!) and 2. adequate level of data protection EU Standard Contractual Clauses 14 / L_LIVE_EMEA2: v1
15 Data protection law Applicability of GDPR as of 25 May 2018 as of 25 May 2018 the GDPR replaces the BDSG and any other national data protection laws of the EU Member States Basic principle: statutory permission or consent Marketplace principle (if EU citizens are envisaged)! Privacy by design further documentation obligations Reporting obligation for data breaches (72h) in case of violations, companies may be subject to fines of up to 4% of the company s annual turnover or EUR 20 Mio the higher amount is relevant 15 / L_LIVE_EMEA2: v1
16 Legal challenges 3. Rights in respect of company data Possibilities to protect company data? Ownership in data? currently: no data property in the sense of German civil law but: Protection of data through Contract law Unfair Competition law Criminal law Database law 16 / L_LIVE_EMEA2: v1
17 Rights in respect of company data Database law Database : collection of existing data or other independent works or materials, which are arranged in a systematic or methodical way; and are individually accessible by electronic or other means Sec. 87a et seq. German Copyright Act ( UrhG ) includes data which is stored on a storage medium without order, if the data is connected to an index system 17 / L_LIVE_EMEA2: v1
18 Rights in respect of company data Database sui generis Database is protected, if a significant investment is made in the acquisition, review; or display of the database content Right owner: The person bearing the economic risk of creating the database (may also be a legal person!) 18 / L_LIVE_EMEA2: v1
19 Rights in respect of company data Scope of protection Protection against extraction or re-utilization of the whole content or a substantial part of it (evaluated qualitatively or quantitatively) or a non-substantial part in case of - repeated and systematic extraction; and - no regular use of the database - no unreasonable impairment of affected interest of the creator of the database Data extraction : temporary or permanent transfer of (at least) a part of the database content to another data carrier 19 / L_LIVE_EMEA2: v1
20 Legal challenges 4. IT Security Newspaper article in 2016: Assessment of Cyber Risk Management of Companies 77% of the companies do not assess the cyber risks relating to them, their suppliers or customers 68% of the companies are not aware of the financial consequences of a cyber attack 20 / L_LIVE_EMEA2: v1
21 IT Security Implementation of adequate technical and organizational measures Purpose: Ensuring Secrecy of company data Integrity of IT systems permanent availability of IT systems Contractual arrangements (commissioned data processing agreement) Statutory requirements for IT standards and risk management procedures, e.g. Sec. 9 BDSG (and its Annex), Sec. 11 BDSG Sec. 28, 32, 35, 44 et seq. GDPR Sec. 109 TKG (incl. catalogue) Sec. 11 para 1a EnWG (incl. catalogue) Sec. 13 TMG MaRisk German Cyber Security Act Non-compliance may lead to contractual penalties or sanctions by supervisory authorities 21 / L_LIVE_EMEA2: v1
22 German Cyber Security Act German Cyber Security Act in force since 25 July 2015 Content Addressees: Amendments to existing legislation: BSIG (= Law on the Federal Agency for Security in Information Technology) TKG (German Telecommunications Act) EnWG (German Energy Act) TMG (German Telemedia Act) Operators of critical infrastructures, Sec. 2 para 10 BSIG 22 / L_LIVE_EMEA2: v1
23 German Cyber Security Act Critical Infrastructures according to Sec. 2 para 10 BSIG Systems, plants or parts thereof operating in the following sectors: Energy, Information technology and telecommunication, Transport and traffic, Health, Water, Nutrition or Finance and insurance of particular importance for the functioning of the community Impairment / failure would lead to substantial shortage of supply or danger for public safety 23 / L_LIVE_EMEA2: v1
24 German Cyber Security Act Specification of critical infrastructures for the above sectors subsequently by regulations Regulation for sectors energy, water, nutrition, information technology and telecommunication ( BSI-Kritis-Regulation ) in force since 3 May 2016 basis for assessment whether a critical infrastructure is at hand: - minimum of 500,000 citizens depend on the services - Determination of measurable thresholds: 24 / L_LIVE_EMEA2: v1
25 German IT Security Act Measurable thresholds for sectors energy, water, IT and telecom Operators of processing facilities with a minimum amount of 22 Mio. m 3 processed drinking water / year; Operators of (electricity) transmission grids with a minimum extracted output of 3,700 GWh / year; Housing (operator of a data center) with a contractually agreed output of 5 MW / year Content Delivery Networks (e.g. MS Azure, Amazon Web Services) with a minimum amount of 75,000 TByte delivered data volume / year 25 / L_LIVE_EMEA2: v1
26 German IT Security Act Sector finance and insurance? Draft bill of German Federal Ministry of the Interior ( 1 st Regulation relating to the amendment of the BSI-Kritis Regulation ) dated 23 February 2017: Cash supply: System to connect to an interbanking payment system (Clearing and settlement):18 Mio. service related transactions / year Card-based payments: Clearing and settlement system with minimum of 21 Mio. transactions / year Conventional payments: Clearing and settlement system with minimum amount of 100 Mio. transactions / year 26 / L_LIVE_EMEA2: v1
27 German IT Security Act Clearing and settlement of securities and derivates: Security clearing house / settlement system: 850,000 transactions / year Depot-keeping system: 850,000 transactions / year Insurance services: Contract management system (life insurance): 500,000 insured events / year Contract management system (health insurance): 2 Mio. insured events / year Contract management system (non-life insurance): 500,000 damage claims / year The regulation shall be passed shortly (probably May 2017) 27 / L_LIVE_EMEA2: v1
28 German Cyber Security Act Obligations under the German Cyber Security Act, Sec. 8a, 8b BSIG Within six months following the regulation adoption date: Designation of a contact person, with whom the Federal Office for Information Security ( BSI ) is able to interact anytime Important: No transition periods for energy suppliers, operators of telemedia services and telecommunications network provders, Sec. 8c para 2 and 3 BSIG Within two years following the regulation adoption date: Implementation of TOMs to avoid malfunction of IT infrastructure Protection of systems in accordance with state-ofthe-art technology Security audits / certifications every 2 years Reporting obligation for any (potential) substantial malfunction Any violation may lead to sanctions of up to EUR 100,000 / reputational damage! 28 / L_LIVE_EMEA2: v1
29 BE TRULY FREE Roderick Kirwan, Head of Legal Digital Digitalisation of Companies: What an in-house counsel needs to know Simmons & Simmons, 18 May 2017 VEON Ltd 2017
30 +200M MOBILE CUSTOMERS
31 VEON IS ACTIVE IN RUSSIA 12 COUNTRIES UKRAINE KAZAKHSTAN ITALY GEORGIA UZBEKISTAN TAJIKISTAN KYRGYZSTAN ALGEIRA ARMENIA PAKISTAN BANGLADESH
32 OUR BRANDS Bangladesh Armenia Georgia Kazakhstan Russia Uzbekistan Tajikistan Kyrgystan Algeria Ukraine Pakistan Italy
33 DIGITAL REINVENTION
34 VEON is leading the personal internet revolution by bringing contextual entertainment and services to the mobile phones of frontier markets
35 TELCO TECH Slow Bureaucratic Vendor dependent Asset Heavy Passive Data Agile Entrepreneurial Internal Developers Asset Light Active Data
36 Culture eats Strategy You Chat, We Pay To Be Truly Free
37 CULTURE & RELATIONSHIPS
38 FULL SUITE PLATFORM BE FREE ON VEON Account Management Chat & Communicate Identity & Payments Marketplace Content
39 CONTEXTUA L INTERNET App eco-system is broken Notification screen is the new frontier Mindshare is the new currency Smart concierge service
40 LEGAL CHALLANGES VEON s experience illustrates Christopher s challenges I will look at two: Platform ecosystem and IT contracts Data Privacy VEON Ltd 2017
41 BEING A PLATFORM Is it a TelCo, OTT or both? TelCo partnership Platform ecosystem and IT contracts Asset light, service rich Presentation title Client name 41
42 ON DATA LAKES All data is not equal All data is not free (to share) Consent, validity & purpose Black letter law v Black arts 42
43 Key Contacts Christopher Götz Rechtsanwalt T E christopher.goetz@simmons-simmons.com Roderick Kirwan Head of Legal - Digital T +44(0) E Roderick.Kirwan@veon.com Follow us on 43 / L_LIVE_EMEA2: v1
44 Digitalisation of Companies: What an in-house counsel needs to know 18 May 2017
45 simmons-simmons.com elexica.com This document is for general guidance only. It does not contain definitive advice. SIMMONS & SIMMONS and S&S are registered trade marks of Simmons & Simmons LLP. Simmons & Simmons is an international legal practice carried on by Simmons & Simmons LLP and its affiliated practices. Accordingly, references to Simmons & Simmons mean Simmons & Simmons LLP and the other partnerships and other entities or practices authorised to use the name Simmons & Simmons or one or more of those practices as the context requires. The word partner refers to a member of Simmons & Simmons LLP or an employee or consultant with equivalent standing and qualifications or to an individual with equivalent status in one of Simmons & Simmons LLP s affiliated practices. For further information on the international entities and practices, refer to simmonssimmons.com/legalresp. Simmons & Simmons LLP is a limited liability partnership registered in England & Wales with number OC and with its registered office at CityPoint, One Ropemaker Street, London EC2Y 9SS. It is authorised and regulated by the Solicitors Regulation Authority. A list of members and other partners together with their professional qualifications is available for inspection at the above address. Simmons & Simmons LLP Simmons & Simmons is an international legal practice carried on by Simmons & Simmons LLP and its affiliated partnerships and other entities. 0 / B_LIVE_EMEA1: v1
Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology
Cyber Security Law --- How does it affect the business operations in China? Xun Yang Of Counsel, Commercial IP and Technology 8 December 2016 The Matrix (1999) 1 / L_LIVE_APAC1:5433168v1 World Internet
More informationCyber Security Law --- Are you ready?
Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in
More informationPRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology
PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber
More informationDisruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise
Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationHOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA
HOT TOPICS IN DATA PRIVACY REGULATION IN RUSSIA Ksenia Andreeva Anastasia Dergacheva Vasilisa Strizh November 27, 2018 2018 Morgan, Lewis & Bockius 2017 Morgan, Lewis & Bockius Contents News from the Russian
More informationInternational Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018
International Legal Regulation of Cybersecurity U.S.-German Standards Panel 2018 Dr. Dennis-Kenji Kipker University of Bremen Washington DC, 10.04.2018 Gefördert vom FKZ: 16KIS0213 bis 16KIS0216 Slide
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationThe NIS Directive and Cybersecurity in
The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationDeveloping Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?
Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite? Minnesota RIMS 39 th Annual Seminar Risk 2011-2012: Can You Hack
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationA Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions
May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media
More informationCyber Diligence. EY Deals Forum Ian McCaw EY Transaction Advisory Services
Cyber Diligence EY Deals Forum 2018 Ian McCaw EY Transaction Advisory Services Finance & Commercial Diligence 2 B COMPANY: Power Life INDUSTRY: ENERGY REVENUE: 192m EBITDA: 875k (35% growth in 5 years)
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationGDPR compliance: some basics & practical to do list
GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations
More informationSecure Messaging Mobile App Privacy Policy. Privacy Policy Highlights
Secure Messaging Mobile App Privacy Policy Privacy Policy Highlights For ease of review, Everbridge provides these Privacy Policy highlights, which cover certain aspects of our Privacy Policy. Please review
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationDistribution in the New Digital World: The EU s Digital Single Market Strategy. Peter Meyer George Morris Ajit Kainth
Distribution in the New Digital World: The EU s Digital Single Market Strategy Peter Meyer George Morris Ajit Kainth 26 May 2016 Introduction Different digital distribution models Digital single market
More informationRegulating Cyber: the UK s plans for the NIS Directive
Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon
More information8. AUTOMATED DECISION MAKING DURING DATA PROCESSING FURTHER INFORMATION FURTHER INFORMATION AND GUIDANCE CONTACT US...
Contents 1. DEFFINITIONS... 2 2. INTRODUCTION... 2 3. WHO WE ARE... 2 4. JUSTIFICATION FOR PROCESSING PERSONAL DATA... 2 5. LAWFUL BASIS FOR COLLECTING AND PROCESSING PERSONAL DATA... 3 5.1 LEGITIMATE
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationData Processing Agreement
Data Processing Agreement Merchant (the "Data Controller") and Nets (the "Data Processor") (separately referred to as a Party and collectively the Parties ) have concluded this DATA PROCESSING AGREEMENT
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationSection I. GENERAL PROVISIONS
LAW OF THE RUSSIAN FEDERATION NO. 5151-1 OF JUNE 10, 1993 ON CERTIFICATION OF PRODUCTS AND SERVICES (with the Additions and Amendments of December 27, 1995, March 2, July 31, 1998) Federal Law No. 154-FZ
More informationEuropean Union Agency for Network and Information Security
Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency
More informationPublic vs private cloud for regulated entities
Public vs private cloud for regulated entities DC2: Restricted use The cloud is for everyone but not for everything 2 Opportunity enabler DC2: Restricted use Flexibility SAAS Public Accessibility Agility
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationSANMINA CORPORATION PRIVACY POLICY. Effective date: May 25, 2018
SANMINA CORPORATION PRIVACY POLICY Effective date: May 25, 2018 This Privacy Policy (the Policy ) sets forth the privacy principles that Sanmina Corporation and its subsidiaries (collectively, Sanmina
More informationIncentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO
White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating
More informationEU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationSCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E
EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationCyber Crime Seminar 8 December 2015
Cyber Crime Seminar Cyber Security & Financial Services in a changing regulatory landscape John Salmon Partner, Pinsent Masons LLP @uktisa Cyber Security and Financial Services: A changing regulatory landscape
More informationCore Elements of HIPAA The Privacy Rule establishes individuals privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates The
More informationIntroductory guide to data sharing. lewissilkin.com
Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationKey issues for digital product distribution and online sales in the EU. Charles Bankes Peter Meyer Ombline Ancelin Ajit Kainth
Key issues for digital product distribution and online sales in the EU Charles Bankes Peter Meyer Ombline Ancelin Ajit Kainth 10 May 2016 Agenda EU Digital Single Market Strategy Online distribution of
More informationDATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System
DATA PRIVACY & PROTECTION POLICY POLICY This Data Privacy & Protection Policy applies to ELMO Software Limited s Cloud HR & Payroll applications and platform (collectively, the Services ), elmosoftware.com.au
More informationLegal compliance requests for social networks, as shown by greydate.com, a mock social community network site, based on German law / EC Directives
Legal compliance requests for social networks, as shown by greydate.com, a mock social community network site, based on German law / EC Directives by Oliver M. Habel, PhD, teclegal Habel Rechtsanwälte
More informationTalenom Plc. Description of Data Protection and Descriptions of Registers
Talenom Plc. Description of Data Protection and Descriptions of Registers TALENOM DESCRIPTION OF DATA PROTECTION Last updated 14 March 2018 Scope Limitations Data protection principles Personal data Registers
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationIn Accountable IoT We Trust
In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design
More informationSubject: Kier Group plc Data Protection Policy
Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationEco Web Hosting Security and Data Processing Agreement
1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have
More informationGraff Search Limited ( Graff Search ) is a recruitment agency and recruitment business.
Graff Search Privacy Policy Graff Search Limited ( Graff Search ) is a recruitment agency and recruitment business. Graff Search is committed to safeguarding the privacy of our candidates, clients and
More informationPrivacy Notice for Business Partners
We, an affiliate of the Glatfelter group ( Glatfelter, Company, us, we, or our ), are committed to protecting your personal data responsibly and in compliance with applicable privacy and data protection
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationWhat is cloud computing? The enterprise is liable as data controller. Various forms of cloud computing. Data controller
A guide to CLOUD COMPUTING 2014 Cloud computing Businesses that make use of cloud computing are legally liable, and must ensure that personal data is processed in accordance with the relevant legislation
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle
More informationNEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES
NEW INNOVATIONS NEED FOR NEW LAW ENFORCEMENT CAPABILITIES Kristina Doda & Aleksandar Vanchoski Budapest, CEPOL conference 2017 New technologies - new social interactions and economic development - need
More informationData Processor Agreement
Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958
More informationChapter 1. Purpose, definitions and application
Regulation on toll service provision for tolls and ferry tickets (the Toll service provider Regulation) Legal authority: Laid down by Royal Decree on dd.mm.yyyy pursuant to the Act of 21 June 1963 no.
More informationTop Five Privacy and Data Security Issues for Nonprofit Organizations
Top Five Privacy and Data Security Issues for Nonprofit Organizations Julia K. Tama, Esq. Jeffrey S. Tenenbaum, Esq. Association of Corporate Counsel Nonprofit Organizations Committee Legal Quick Hit MAY
More informationPrivacy Policy of
Privacy Policy of www.bitminutes.com This Application collects some Personal Data from its Users. Owner and Data Controller BitMinutes Inc Owner contact email: privacy@bitminutes.com Types of Data collected
More informationGDPR Compliant. Privacy Policy. Updated 24/05/2018
GDPR Compliant Privacy Policy Updated 24/05/2018 Overview This privacy policy is in compliance with the General Data Protection Act which aims to empower all EU citizens data privacy and to reshape the
More informationCatalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1
Catalent, Inc. Privacy Policy, effective May 25, 2018 1. This Policy This Privacy Policy (this Policy ) is issued by Catalent, Inc. on behalf of itself and its domestic and international subsidiaries and
More informationPrivacy Policy GENERAL
Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationTerms and Conditions for Allegion Data Processing and Transfer
Terms and Conditions for Allegion Data Processing and Transfer These Terms and Conditions for Allegion Data Processing and Transfer ("Addendum") is entered into by and between YOU ("Supplier"); and (ii)
More informationDATA PROTECTION LAWS OF THE WORLD. Germany
DATA PROTECTION LAWS OF THE WORLD Germany Downloaded: 25 November 2017 GERMANY Last modified 26 January 2017 LAW The main legal source of data protection in Germany is the Federal Data Protection Act (
More informationContributed by Djingov, Gouginski, Kyutchukov & Velichkov
Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationGeneral Data Protection Regulation Frequently Asked Questions (FAQ) General Questions
General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationData Protection System of Georgia. Nina Sarishvili Head of International Relations Department
Data Protection System of Georgia Nina Sarishvili Head of International Relations Department 14/12/2016 Legal Framework INTERNATIONAL INSTRUMENTS CoE 108 Convention AP on Supervisory Authorities and Trans-
More informationHow Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner
How Cybersecurity Initiatives May Impact Operators Ross A. Buntrock, Partner ross.buntrock@agg.com 202.669.0495 Agenda Rise in Data Breaches Effects of Increase in Cybersecurity Threats Cybersecurity Framework
More informationPlus500UK Limited. Website and Platform Privacy Policy
Plus500UK Limited Website and Platform Privacy Policy Website and Platform Privacy Policy Your privacy and trust are important to us and this Privacy Statement (Statement) provides important information
More informationFAQ about the General Data Protection Regulation (GDPR)
FAQ about the General Data Protection Regulation (GDPR) 1. When does the GDPR come into force? The GDPR was promulgated 25 May 2016 and comes into effect 25 May 2018. 2. Is there a transition period? We
More informationCLEPA Conference: "Warranty in a Digital World"
& CLEPA Conference: "Warranty in a Digital World" Legal aspects of warranty contracts in the automotive industry Dr. Christian Kessel Bird & Bird LLP Frankfurt am Main, 19 September 2018 Agenda 1. Setting
More informationNEWSFLASH GDPR N 8 - New Data Protection Obligations
GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine
More informationNew cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017
in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationWorld Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018
World Wide Jobs Ltd t/a Findmyexpert.com Privacy Policy 12 th April 2018 We understand that you are aware of and care about your own personal privacy interests and we take that seriously. This Privacy
More informationPrivacy Policy Effective May 25 th 2018
Privacy Policy Effective May 25 th 2018 1. General Information 1.1 This policy ( Privacy Policy ) explains what information Safety Management Systems, 2. Scope Inc. and its subsidiaries ( SMS ), it s brand
More informationDevelopments in Global Data Protection & Transfer: How They Impact Third-Party Contracts
Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com
More informationDATA PROTECTION AND PRIVACY POLICY
DATA PROTECTION AND PRIVACY POLICY Data Protection Act London Capital Group (Cyprus) Limited (LCG) may process information relating to you, including holding such information in a manual format or electronic
More informationNYDFS Cybersecurity Regulations
SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy
More informationJefferies EMEA Privacy Notice
Jefferies International Limited Vintners Place 68 Upper Thames St London United Kingdom Jefferies EMEA Privacy Notice 1. Introduction This Privacy Notice explains what we do with your personal data. It
More informationDISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects
DISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects The company SORMA S.p.A., with registered office in Mestre (VE), 30174, Via Don Tosatto, no. 8, as the data controller
More informationAIRMIC ENTERPRISE RISK MANAGEMENT FORUM
AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business
More informationNetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty
SOLVING BUSINESS ISSUES NetApp Private Storage for Cloud: Solving the issues of cloud data privacy and data sovereignty How the combination of NetApp and Equinix ensures your data remains safe, secure
More informationCompliance is, in general, the compliance of requirements with appropriate resources.
is, in general, the compliance of requirements with appropriate resources. Definition / content Objectives Activities In the narrow sense: _ with external specifications KWG, WpHG, GWG, financial embargos,
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationNew Spanish Regulation Tightens Up Data Protection Requirements RAFI AZIM-KHAN, JOHN NICHOLSON, ALESSANDRO LIOTTA, AND DOMINIC HODGKINSON
New Spanish Regulation Tightens Up Data Protection Requirements RAFI AZIM-KHAN, JOHN NICHOLSON, ALESSANDRO LIOTTA, AND DOMINIC HODGKINSON The Spanish government has enacted a new regulation that further
More informationcybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services
Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2
More informationTIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE
TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE Association of Corporate Counsel NYC Chapter 11/1 NYC BDO USA, LLP, a Delaware limited liability partnership,
More informationThe GDPR and NIS Directive: Risk-based security measures and incident notification requirements
The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant
More informationHong Kong s Personal Data (Privacy) Ordinance
Asia Privacy Bridge Forum 11 May 2016 Hong Kong s Personal Data (Privacy) Ordinance Fanny Wong Deputy Privacy Commissioner for Personal Data Hong Kong, China The Personal Data Landscape in Asia 2011 2003
More informationWEBSITE PRIVACY POLICY
WEBSITE PRIVACY POLICY INTRODUCTION Welcome to the Octopus Group s privacy policy ( Privacy Policy ) Octopus Group respects your privacy and is committed doing the right thing when it comes to protecting
More information