Emergency Compliance DG Special Case DAMA INDIANA

Size: px
Start display at page:

Download "Emergency Compliance DG Special Case DAMA INDIANA"

Transcription

1 1 Emergency Compliance DG Special Case DAMA INDIANA

2 Agenda 2 Overview of full-blown data governance (DG) program Emergency compliance with a specific regulation We'll use GDPR as an example What is GDPR and what needs to be demonstrated GDPR profoundly affects marketing Streamlining DG for GDPR You may be able to leverage some existing tools Starter kit items Links GDPR Glossary

3 What is Data Governance? 3 DG is a business initiative Ensure high quality, trustable data Data quality rules Protect critical and sensitive data Requires data definitions to increase understanding Improves business operations Better decisions

4 Partial List of Data Governance Deliverables 4 Team Staffing Data Quality Rules Project Charter Data Quality Issues and Resolution Metadata Management Definitions Data Classification Policies Organization and Team Structure Data Security Policies Stewardship Data Access Policies Group Permissions Data Privacy Policies Data Compliance Policies Data Quality Policies Data Management Projects and Services Data Architecture and Data Integration Data warehouse And Business Intelligence

5 What If No Time for Full Blown DG? 5 Full blown DG normally takes a long time Deals with entire DG framework Normally requires expensive tools Large team Confusing priorities What to do? Our example will be the General Data Protection Regulation (GDPR)

6 What is the General Data Protection Regulation (GDPR)? 6 EU regulation to strengthen personal data protection Update of the EU Data Protection Directive (DPD) that redefines Personal data Individual rights Enforcement Heavy penalties Data Controllers vs. Data Processors Information governance and security Data breach notification and penalties Global Impact Companies worldwide

7 What Is Personal Data? 7 Any information relating to an identified or identifiable natural person ( data subject ); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identification number or to one or more factors specific to his physical, physiological, mental, economic, cultural or social identity. Many Types of Personal Data

8 Traditional Identifiers 8 Name Location data SSN Passport number Drivers license Credit card number Birthdate Telephone number Etc.

9 Digital Identifiers 9 IP address Cookies Mobile device ID Etc.

10 Biometric & Genetic Identifiers 10 Biometric Fingerprint scan Facial scan Retina scan Genetic Gene sequences

11 New Categories 11 Racial or ethnic origin Political opinions Religious or philosophical beliefs Trade union membership Health information

12 Other Requirements to Track 12 Explicitly give/withdraw consent for personal data usage Right to be forgotten (erasure) Right to see data Right to rectification Right to restrict processing The systems that process personal data Locations where personal data is processed Recipients of personal data (Access) Security methods for personal data Pseudonymization of personal data Rights related to automated decision-making & profiling Why should you care?

13 GDPR Affects Business Processes Customer Relationship Management Personal data to collect and store Personal data storage Personal data processing Personal data presented and transferred Personal data accessed Marketing Change from Opt Out to Opt In & prove it Similar proof for third-party data purchases All Software Privacy by default & privacy by design 13

14 3 Pieces of Data Identify You 14 DOB, postal code and gender virtual identity guarantee Web browsers provide at least 3 pieces of data Latest surveillance techniques all but impossible to detect or stymie HTTP injection Browser fingerprinting Let s see how GDPR affects typical analytics

15 By Gender and Location 15

16 Children By Gender, Location & Year 16 Geography City: Assens: Enrollment by Gender Boys Girls

17 By Gender, Location, Product Details Cars Sold by Year Geography City: Assens: Enrollment by Gender Boys Girls 17

18 GDPR Effect on Analytics 18 Cars Sold by Year Geography City: Assens: Enrollment by Gender

19 DG/GDPR Seems Overwhelming 19 GDPR requires a subset of DG processes and deliverables GDPR can be the foundation for DG Where to start? Instead of trying to do everything at once, Just do a slice

20 Laser Focus on GDPR 20 Concentrate only on the aspects relevant to GDPR Charter & Policies Classific -ation Security Access Privacy Compliance QG Dimensions DQ Rules & Issue Resolution Steward -ship Team Size GDPR Effort

21 How to Focus on GDPR Only Deals with People 21 Only data principles for people Limited Number of Elements Prioritize Systems Customer Facing First Small Team Single Priority Limited Issues/ Reports Scope

22 You May Already Have Tools to Help 22 Metadata repositories Data modeling tools Data dictionaries ETL Tools Etc. You may have to purchase a metadata tool You may have to build some tools

23 Consolidate 23 Bring GDPR compliance events into data warehouse Single source for compliance reporting

24 Links 24 Sample data protection policy Note only for an example. Seek professional advice when creating your own data protection policy MQFggtMAA&url=https%3A%2F%2Fiapp.org%2Fmedia%2Fpdf%2Fresource_center%2FITDonut_sample-DP-policytemplate.docx&usg=AOvVaw2WBMsY6DepF1k9HFMEysvY GDPR Home Page QFghyMAs&url=http%3A%2F%2Fwww.eugdpr.org%2F&usg=AOvVaw3QjjIT_L1TTLht3mTczeeZ GDPR assessment 99BQMQFggtMAA&url=https%3A%2F%2Fiapp.org%2Fmedia%2Fpdf%2Fresource_center%2FITDonut_sample-DP-policytemplate.docx&usg=AOvVaw2WBMsY6DepF1k9HFMEysvY Wikipedia on GDPR %2F%2Fen.wikipedia.org%2Fwiki%2FGeneral_Data_Protection_Regulation&usg=AOvVaw1iLbD0uYrznG2xM9SwFDyy

25 GDPR Glossary (1) Binding Corporate Rules (BCRs) a set of binding rules put in place to allow multinational companies and organisations to transfer personal data that they control from the EU to their affiliates outside the EU (but within the organisation) 25 Biometric Data any personal data relating to the physical, physiological, or behavioral characteristics of an individual which allows their unique identification Consent freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data Data Concerning Health any personal data related to the physical or mental health of an individual or the provision of health services to them Data Controller the entity that determines the purposes, conditions and means of the processing of personal data Data Erasure also known as the Right to be Forgotten, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data Data Portability the requirement for controllers to provide the data subject with a copy of his or her data in a format that allows for easy use with another controller (more info here) Data Processor the entity that processes data on behalf of the Data Controller Data Protection Authority national authorities tasked with the protection of data and privacy as well as monitoring and enforcement of the data protection regulations within the Union Data Protection Officer an expert on data privacy who works independently to ensure that an entity is adhering to the policies and procedures set forth in the GDPR (more info here) Data Subject a natural person whose personal data is processed by a controller or processor Delegated Acts non legislative acts enacted in order to supplement existing legislation and provide criteria or clarity Derogation an exemption from a law Directive a legislative act that sets out a goal that all EU countries must achieve through their own national laws Encrypted Data personal data that is protected through technological measures to ensure that the data is only accessible/readable by those with specified access Enterprise any entity engaged in economic activity, regardless of legal form, including persons, partnerships, associations, etc. Filing System any specific set of personal data that is accessible according to specific criteria, or able to be queried Genetic Data data concerning the characteristics of an individual which are inherited or acquired which give unique information about the health or physiology of the individual Group of Undertakings a controlling undertaking and its controlled undertakings

26 GDPR Glossary (2) 26 Main Establishment the place within the Union that the main decisions surrounding data processing are made; with regard to the processor Personal Data any information related to a natural person or Data Subject, that can be used to directly or indirectly identify the person Personal Data Breach a breach of security leading to the accidental or unlawful access to, destruction, misuse, etc. of personal data Privacy by Design a principle that calls for the inclusion of data protection from the onset of the designing of systems, rather than an addition Privacy Impact Assessment a tool used to identify and reduce the privacy risks of entities by analysing the personal data that are processed and the policies in place to protect the data Processing any operation performed on personal data, whether or not by automated means, including collection, use, recording, etc. Profiling any automated processing of personal data intended to evaluate, analyse, or predict data subject behavior Pseudonymisation the processing of personal data such that it can no longer be attributed to a single data subject without the use of additional data, so long as said additional data stays separate to ensure non attribution Recipient entity to which the personal data are disclosed Regulation a binding legislative act that must be applied in its entirety across the Union Representative any person in the Union explicitly designated by the controller to be addressed by the supervisory authorities Right to be Forgotten also known as Data Erasure, it entitles the data subject to have the data controller erase his/her personal data, cease further dissemination of the data, and potentially have third parties cease processing of the data Right to Access also known as Subject Access Right, it entitles the data subject to have access to and information about the personal data that a controller has concerning them Subject Access Right also known as the Right to Access, it entitles the data subject to have access to and information about the personal data that a controller has concerning them Supervisory Authority a public authority which is established by a member state in accordance with article 46 Trilogues informal negotiations between the European Commission, the European Parliament, and the Council of the European Union usually held following the first readings of proposed legislation in order to more quickly agree to a compromise text to be adopted.

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Islam21c.com Data Protection and Privacy Policy

Islam21c.com Data Protection and Privacy Policy Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach

More information

GLOBAL DATA PROTECTION POLICY

GLOBAL DATA PROTECTION POLICY GLOBAL DATA PROTECTION POLICY BRS UK Version 1.0 TABLE OF CONTENTS SCOPE 2 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 2 Compliance with the European data protection law and any additional applicable

More information

GLOBAL DATA PROTECTION POLICY

GLOBAL DATA PROTECTION POLICY GLOBAL DATA PROTECTION POLICY Last update: April 2nd, 2018 SCOPE 3 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 3 Compliance with the European Data Protection Law and any additional applicable data

More information

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal What is GDPR? GDPR (General Data Protection Regulation) is Europe s new privacy law. Adopted in April 2016, it replaces the 1995 Data Protection Directive and marks the biggest change in data protection

More information

Technical Requirements of the GDPR

Technical Requirements of the GDPR Technical Requirements of the GDPR Purpose The purpose of this white paper is to list in detail all the technological requirements mandated by the new General Data Protection Regulation (GDPR) laws with

More information

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location. 1 3 5 What is GDPR? The European Union s ( EU ) General Data Protection Regulation ( GDPR ) replaces the 1995 Data Protection Directive, and while the new requirement became effective May 25, 2018, Data

More information

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into

More information

CommuniGator. Your GDPR. Compliance Checklist

CommuniGator. Your GDPR. Compliance Checklist CommuniGator Your GDPR Compliance Checklist The impact of the EU GDPR on your business As of April 2016, the EU General Data Protection Regulation was adopted but it does not come into force until 25th

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

A practical guide to using ScheduleOnce in a GDPR compliant manner

A practical guide to using ScheduleOnce in a GDPR compliant manner A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling

More information

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of

More information

Rights of Individuals under the General Data Protection Regulation

Rights of Individuals under the General Data Protection Regulation Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3

More information

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms: Last updated: 20/04/2018 Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of VITO (Vlakwa). The

More information

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ): Privacy Policy Introduction Ikano S.A. ( Ikano ) respects your privacy and is committed to protect your Personal Data by being compliant with this privacy policy ( Policy ). In addition to Ikano, this

More information

ADMA Briefing Summary March

ADMA Briefing Summary March ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From

More information

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

Data Privacy Notice. Madsen Advisory Limited (Madsen) is committed to protecting and respecting your privacy. Data Privacy Notice 1.INTRODUCTION Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy. We pledge to handle your data fairly and legally at all times and are committed

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

Data Processing Agreement DPA

Data Processing Agreement DPA Data Processing Agreement DPA between Clinic Org. no. «Controller». and Calpro AS Org. nr. 966 291 281. «Processor» If the parties have executed a Data Management Agreement, the Date Management Agreement

More information

General Data Protection Regulation for ecommerce. Reach Digital - 18 december 2017

General Data Protection Regulation for ecommerce. Reach Digital - 18 december 2017 General Data Protection Regulation for ecommerce Reach Digital - 18 december 2017 GDPR for ecommerce This document is intended to determine the recommendations and responsibilities for an ecommerce merchant

More information

Georgia Institute of Technology EU GDPR Lawful Basis Form

Georgia Institute of Technology EU GDPR Lawful Basis Form Georgia Institute of Technology EU GDPR Lawful Basis Form Introduction Beginning May 25, 2018, some of Georgia Tech s activities will be subject to more stringent regulations governing the use of personal

More information

the processing of personal data relating to him or her.

the processing of personal data relating to him or her. Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Hotel & Pensionat Björkelund. The use of

More information

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union; PRIVACY NOTICE INTRODUCTION During the operation of the website data controller processes the data of persons registered on the website in order to be able to provide them with adequate services. Service

More information

Cognizant Careers Portal Privacy Policy ( Policy )

Cognizant Careers Portal Privacy Policy ( Policy ) Cognizant Careers Portal Privacy Policy ( Policy ) Date: 22 March 2017 Introduction This Careers Portal Privacy Policy ("Policy") applies to the Careers portal on the Cognizant website accessed via www.cognizant.com/careers

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Data Subject Requests Procedure

Data Subject Requests Procedure Subject Requests Procedure Subject Requests Procedures Issued By: Legal Effective Date: Review Date:.0 Contents 1. Introduction... 3 2. Purpose... 3 3. Responsibilities... 3 3.1 All Staff and Volunteers...

More information

Data processing policy

Data processing policy Data processing policy MBM Adventures Kft. Data protection policy I. The data controller and his/her availabilities MBM Adventures Kft (registered seat: 1068 Budapest, Király utca 80, website: www.mbmadventures.com,

More information

Privacy Policy GENERAL

Privacy Policy GENERAL Privacy Policy GENERAL This document sets out what information Springhill Care Group Ltd collects from visitors, how it uses the information, how it protects the information and your rights. Springhill

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000 GDPR: The basics What is GDPR? The EU General Data Protection Regulation (GDPR) is the biggest European shake-up of data protection in a generation. It s the culmination of two decades of experience of

More information

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM 25.5.2018 Through our Privacy Policy ("Policy"), we inform the entities of the data we process our personal data, as well as all the

More information

PRIVACY POLICY PRIVACY POLICY

PRIVACY POLICY PRIVACY POLICY PRIVACY POLICY 1 A. GENERAL PART 1.1. COLLECTION AND PROCESSING OF USER DATA Within the scope of the availability of the website hosted in www.alpinushotel.com and of the services and communications made

More information

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018 GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine

More information

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE A WAY TO STRENGTHEN DATA PRIVACY The General Data Protection Regulation is a unified framework of data privacy rules, accepted by the WHAT IS THE GDPR? European

More information

Motorola Mobility Binding Corporate Rules (BCRs)

Motorola Mobility Binding Corporate Rules (BCRs) Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,

More information

DATA PROTECTION A GUIDE FOR USERS

DATA PROTECTION A GUIDE FOR USERS DATA PROTECTION A GUIDE FOR USERS EN Contents Introduction 5 Data protection standards - making a difference in the European Parliament 7 Data protection the actors 8 Data protection the background 9 How

More information

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR). MBNL Landlord Privacy Notice This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR). SUMMARY This Privacy Notice applies to: users of our website

More information

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1 Catalent, Inc. Privacy Policy, effective May 25, 2018 1. This Policy This Privacy Policy (this Policy ) is issued by Catalent, Inc. on behalf of itself and its domestic and international subsidiaries and

More information

Requirements for a Managed System

Requirements for a Managed System GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the

More information

Contract Services Europe

Contract Services Europe Contract Services Europe Procedure for Handling of Page 1 of 10 1. INTRODUCTION This procedure document supplements the data request and subject access request (SAR) provisions set out in DPS Contract

More information

Privacy Policy Hafliger Films SpA

Privacy Policy Hafliger Films SpA Hafliger Films SpA, with registered office at Via B. Buozzi no. 14-20089 Rozzano (MI), has for many years considered it of fundamental importance to protect the personal details of customers and suppliers,

More information

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record. 1. Introduction 1.1 From time to time Business & Risk Solutions Pty Ltd ("the Company") is required to collect, hold, use and/or disclose personal information relating to individuals (including, but not

More information

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd. RECRUITMENT DATA PROTECTION NOTICE AImotive Ltd. Effective from 25 May 2018 Dear Applicant! Thank you for inquiring about the AImotive Ltd! Please, read our recruitment data protection notice the purpose

More information

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot What You Need to Know About Addressing GDPR Data Subject Rights in Pivot Not Legal Advice This document is provided for informational purposes only and must not be interpreted as legal advice or opinion.

More information

General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of

General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of General Data Protection Regulation BT s amendments to the proposed Regulation on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

Privacy Policy CARGOWAYS Logistik & Transport GmbH

Privacy Policy CARGOWAYS Logistik & Transport GmbH Privacy Policy CARGOWAYS Logistik & Transport GmbH We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the CARGOWAYS

More information

Privacy Shield Policy

Privacy Shield Policy Privacy Shield Policy Catalyst Repository Systems, Inc. (Catalyst) has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection. This

More information

Personal Data Protection Policy

Personal Data Protection Policy PALEOLOGOS S.A. Personal Data Protection Policy Date of entry into force of this policy May 17, 2018 The primary objective of this policy is to provide general guidelines regarding the protection of Personal

More information

EU DATA PROTECTION COMPLIANCE WHEN SECURING SAAS APPLICATIONS

EU DATA PROTECTION COMPLIANCE WHEN SECURING SAAS APPLICATIONS White Paper EU DATA PROTECTION COMPLIANCE WHEN SECURING SAAS APPLICATIONS Introduction Palo Alto Networks takes data protection very seriously. Complying with data protection requirements and enabling

More information

The Corporate Website and the Product Websites are together referred to hereafter as the website.

The Corporate Website and the Product Websites are together referred to hereafter as the website. PRIVACY POLICY Version July 2018 The website www.advanzia.com (hereafter, the Corporate Website ) and the following associated websites listed below: www.gebuhrenfrei.com www.free.at www.cartezero.fr www.advanziakonto.com

More information

Wonde may collect personal information directly from You when You:

Wonde may collect personal information directly from You when You: Privacy Policy Updated: 17th April 2018 1. Scope At Wonde, we take privacy very seriously. We ve updated our privacy policy ( Policy ) to ensure that we communicate to You, in the clearest way possible,

More information

Arkadin Data protection & privacy white paper. Version May 2018

Arkadin Data protection & privacy white paper. Version May 2018 Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data

More information

Jefferies EMEA Privacy Notice

Jefferies EMEA Privacy Notice Jefferies International Limited Vintners Place 68 Upper Thames St London United Kingdom Jefferies EMEA Privacy Notice 1. Introduction This Privacy Notice explains what we do with your personal data. It

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

PRIVACY NOTICE (TIER 4)

PRIVACY NOTICE (TIER 4) Page: 1 of 6 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for

More information

PRIVACY POLICY. I. Data controller. II. Definitions

PRIVACY POLICY. I. Data controller. II. Definitions PRIVACY POLICY MEDUZA Kereskedelmi, Idegenforgalmi, Vendéglátóipari Korlátolt Felelősségű Társaság (registered seat: 1061 Budapest, Jókai tér 9.; tax number: 10592229-2-42; hereinafter: Company ) shall

More information

Security Information for SAP Asset Strategy and Performance Management

Security Information for SAP Asset Strategy and Performance Management Master Guide SAP Asset Strategy and Performance Management Document Version: 2.0 2018-03-09 Security Information for SAP Asset Strategy and Performance Management Typographic Conventions Type Style Example

More information

PRIVACY POLICY SECTION 1 CONTACTS

PRIVACY POLICY SECTION 1 CONTACTS PRIVACY POLICY SECTION 1 CONTACTS Topics related to personal data collection and processing are the responsibility of the Person in Charge for Personal Data Processing. Any communication on this topic

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Breach Notification Form

Breach Notification Form Breach Notification Form Report a breach of personal data to the Data Protection Commission Use this form if you are a Data Controller that wishes to contact us to report a personal data breach that has

More information

Data protection. Data protection. Kacper Szkalej 1. Structure. Data protection. Media Law, KTH. Definition? Data protection = data processing rules

Data protection. Data protection. Kacper Szkalej 1. Structure. Data protection. Media Law, KTH. Definition? Data protection = data processing rules Data protection Media Law, KTH Kacper Szkalej, LL.M. kacper.szkalej@jur.uu.se Structure Background Legal framework EU National Administrative framework Data Protection Authorities The Internet and social

More information

INNOVENT LEASING LIMITED. Privacy Notice

INNOVENT LEASING LIMITED. Privacy Notice INNOVENT LEASING LIMITED Privacy Notice Table of Contents Topic Page number KEY SUMMARY 2 ABOUT US AND THIS NOTICE 3 USEFUL WORDS AND PHRASES 4 WHAT INFORMATION DO WE COLLECT? 4 WHY DO WE PROCESS YOUR

More information

Emsi Privacy Shield Policy

Emsi Privacy Shield Policy Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (

More information

Subject: Kier Group plc Data Protection Policy

Subject: Kier Group plc Data Protection Policy Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective

More information

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us. CNH Industrial Privacy Policy General Terms The CNH Industrial Group appreciates your interest in its products and your visit to this website. The protection of your privacy in the processing of your personal

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement This Data Processing Agreement ( the Agreement or DPA ) constitutes the obligations for TwentyThree ApS Sortedam Dossering 5D 2200 Copenhagen N Denmark (hereinafter The Data Processor

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller

More information

Privacy Notice. General Information Protection Regulation ( GDPR )

Privacy Notice. General Information Protection Regulation ( GDPR ) Privacy Notice General Information Protection Regulation ( GDPR ) Please read the following information carefully. This privacy notice contains information about the information collected, stored and otherwise

More information

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with

More information

Creative Funding Solutions Limited Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with

More information

CEM Benchmarking Privacy Policy

CEM Benchmarking Privacy Policy CEM Benchmarking Privacy Policy Final Draft: 18/05/18 Next Review Date: 22/05/19 Page 1 Contents Page 1 Outline 3 2 Categories of personal data 3 3 Sources of personal data 3 4 Purposes 4 5 Lawful basis

More information

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR.

GDPR Privacy Policy. The data protection policy of AlphaMed Press is based on the terms found in the GDPR. GDPR Privacy Policy PRIVACY POLICY The privacy and security of data are a priority for AlphaMed Press and our management and staff. While accessing and using our website does not require your submission

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

It is the policy of DMNS Networks PTE LTD (the Company ) to protect the privacy of the users of our Website and Services.

It is the policy of DMNS Networks PTE LTD (the Company ) to protect the privacy of the users of our Website and Services. Privacy Policy It is the policy of DMNS Networks PTE LTD (the Company ) to protect the privacy of the users of our Website and Services. The use of our Website is possible without any indication of your

More information

Privacy Policy. 1. Definitions

Privacy Policy. 1. Definitions Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Austro Control. The use of the Internet

More information

All data subjects whose personal data is collected, in line with the requirements of the GDPR.

All data subjects whose personal data is collected, in line with the requirements of the GDPR. Page: 1 of 8 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for

More information

EU GDPR: The General Data Protection Regulation

EU GDPR: The General Data Protection Regulation EU GDPR: The General Data Protection Regulation A Brief Overview Duke Privacy The General Data Protection Regulation Became effective May 25, 2018. Formally codifies privacy as a fundamental right and

More information

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests.

1.7 The Policy sets out the manner by which the University will respond to Subject Access Requests. 1 Introduction 1.1 Article 15 of the General Data Protection Regulations (GDPR) provides individuals (Data Subjects) with the right to access personal information so that they are fully informed of the

More information

Privacy Policy. As of May 7, 2018

Privacy Policy. As of May 7, 2018 Privacy Policy As of May 7, 2018 We are delighted that you have shown interest in our Website, located at , (the Website ), which is Ubex AI AG (the Company ). Data protection is

More information

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY VIACOM INC. PRIVACY SHIELD PRIVACY POLICY Last Modified and Effective as of October 23, 2017 Viacom respects individuals privacy, and strives to collect, use and disclose personal information in a manner

More information

Link Exhibitions Privacy Policy

Link Exhibitions Privacy Policy Link Exhibitions Privacy Policy 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner

More information

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers; 65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment

More information

KSi Malta Privacy Policy

KSi Malta Privacy Policy KSi Malta Privacy Policy CONTENTS KSi Malta Privacy Policy 6 Details about the data controller & Scope 6 How information is collected from you 7 Legal basis of data processing 8 What information we collect

More information

UWTSD Group Data Protection Policy

UWTSD Group Data Protection Policy UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful

More information

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2 NWQ Capital Management Pty Ltd Privacy Policy March 2017 Page 1 of 8 Privacy and Spam Policy NWQ Capital Management Pty Ltd s Commitment NWQ Capital Management Pty Ltd (NWQ) is committed to providing you

More information

Data subject ( Customer or Data subject ): individual to whom personal data relates.

Data subject ( Customer or Data subject ): individual to whom personal data relates. Privacy Policy 1. Information on the processing of personal data We hereby inform you in this document about the principles and procedures for processing your personal data and your rights, in accordance

More information

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts POLICY STATEMENT Adkin is committed to protecting and respecting the privacy of all of our clients. This Policy

More information

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group Notice Whose Personal Data do we collect? Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice For the purposes of applicable data protection and privacy laws, The Stonhard Group, a division of Stoncor Group, Inc. ( The

More information

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy Flip Out Trampoline Arena Franchises Pty Ltd Suite 9, 308 High Street, Penrith NSW 2750 PO Box 1850, Penrith 2751 1300 FLIP OUT FLIPOUT Privacy Charter We will handle any information we collect about you

More information

Our Data Privacy Statement Scope Responsibilities

Our Data Privacy Statement Scope Responsibilities At Pupil Asset we have always taken data privacy seriously. We have embraced the new EU GDPR legislation and how it reinforces existing data protection law. We should all want and expect to know who is

More information

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions

Privacy Policy Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH Kühnreich & Meixner GmbH 1. Definitions Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Kühnreich & Meixner GmbH. The use of the

More information

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd Our Commitment Ten Tigers Grain Marketing Pty Ltd and Ten Tigers Pty Ltd are committed to providing you with the highest levels of client service.

More information