Knowing and Implementing the GDPR Part 3
|
|
- Arabella Jordan
- 6 years ago
- Views:
Transcription
1 Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017
2 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education IAPP Ruth Boardman Partner Bird and Bird LLP London Office 2
3 What we covered in Part 1 Current EU privacy regime, and what s changing GDPR s scope Definition of personal data, pseudonymity, anonymity Rights of data subjects Types of consent Definition of legitimate interests New rules for Trans-border data flow 3
4 What we covered in Part 2 Mandatory DPO, when required, role and responsibilities Documentation requirements Operationalizing consent Children and getting parental consent 4
5 What we ll cover in Part 3 Security Breach notification Accountability Data Protection by Design and by Default Data Protection Impact Assessments Complaints, the One-Stop Shop, and the enforcement process 5
6 GDPR security principle applies to processors & controllers. The key elements (below) are the same as under the Directive 6
7 GDPR calls out some 'new' examples of points to consider (Art. 32) Pseudonymisation and encryption Confidentiality, integrity, availability and resilience Timely restoration Testing & evaluating effectiveness of t.o.m.s 7
8 Must protect personal data against these risks Data destruction Loss Alteration Disclosure Access 8
9 Controllers must report data breaches to DPAs and individuals; processors report to controllers To supervisory authorities To individuals Notify within 72 hours High (and unmitigated) risk to individuals Exemption if not likely to result in prejudice to individuals Not required if data effectively encrypted Separate reporting obligations under the N.I.S. Directive for: - Essential service providers (= significant) impact on services - Digital service provider (= substantial) impact on services May also be other breach reporting obligations (e.g. to the F.C.A. in the UK) 9
10 Breach Notification What s in the notification? - Nature of the breach, including how many records and data subjects - DPO s contact information - Likely consequences of the breach - How the controller will address the breach, including mitigation efforts If breach is likely to result in a high risk to data subjects, notify them as well, unless: - Controller implements tech controls to make data unintelligible - Controller makes high risk unlikely - Notification would require disproportionate effort (use public statement instead) Must also keep an internal record of data breaches (see sample on next slide) 10
11 11
12 Actions Review: - Information security policy(ies) all areas of data risk covered? - Third party information security assessment procedures - Employee & contract staff on-boarding process - Breach reporting policy check threshold for reporting 12
13 Accountability: a risk-based approach, but compliance by accident will not work Must be able to demonstrate compliance with the Regulation: - Lawfulness, fairness, transparency - Purpose limitation - Data quality (incl. storage limitation) - Integrity and confidentiality (Security) - Data transfers Can include policies, codes and certification. Must be effective to ensure compliance and be able to demonstrate this (e.g. internal audit) 13
14 Accountability includes some of the measures considered earlier Record of Processing Activities (Art.30) Privacy by design & by default (Art. 25) Privacy Impact Assessment (Art.33) Independent Data Protection Officer (Art. 37) For each purpose: What the purpose is Data subjects Data categories Recipients Countries Retention periods T.O.M.s Design systems to be compliant Design systems to process the minimum data (for the minimum period) reasonably necessary to achieve the purpose Privacybydesign.ca For 'risky' processing CNIL PIA manual Required by Member States Core activities require regular and systematic monitoring of individuals on a large scale Core activities include processing of special data or offence data on a large scale 14
15 Privacy by design and by default requires technical and organisational measures "to integrate the requirements of this Regulation" into processing (A.25) PRIVACY BY DESIGN t.o.m.s. to integrate GDPR safeguards into processing PRIVACY BY DEFAULT Privacy settings to be set to the minimum PRIVACY BY (friends, DESIGN not friends of friends or public) Pseudonymisation & data minimisation Least privilege access principle, self-serve access rights or portability rights, minimum necessary authentication rules Applied to amount of data, extent of processing, retention, access 15
16 Ways of embedding privacy by design Technical measures Policies Reviews (process and peer) Training Certification 16
17 Data Protection Impact Assessments required for "high risk" processing as below (can also be required by supervisory authorities) Significant decisions using entirely automated processing, involving systematic & extensive evaluation of personal aspects Systematic description of processing Assessment of proportionality Risk assessment and mitigation Unmitigated risk see D.P.A. Large scale processing of sensitive or offence data Systematic and large scale monitoring of a publicly accessible area 17
18 Actions System review process DPIA process if needed Data protection training for IS professionals and business system owner 18
19 19
20 Actions by supervisory authorities National only matter Local DPA OR More than 1 Member State affected & EU main establishment "lead" authority based on "main establishment" Concerned authorities Local courts (may refer to CJEU if relevant tests met) Decision remitted to local DPAs EDPB as arbiter CJEU review 20
21 Actions Procedures for dealing with individuals and training on these Know your lead data protection authority(ies) 21
22 Questions & Answers Contact: Omer Tene Vice President Research & Education IAPP Ruth Boardman Partner Bird and Bird LLP London Office 22
23 THANK YOU! To our speakers, and to all of you in the virtual audience. 23
24 Knowing and Implementing the GDPR Three Part Series Recent Programs: Part 1: Aired on 21 February, 2017 View here: Knowing and Implementing the GDPR: Part 1 Part 2: Aired on 9 March, 2017 View here: Knowing and Implementing the GDPR: Part 2 24
25 Web Conference Participant Feedback Survey Please take this quick (2 minute) survey to let us know how satisfied you were with this program and to provide us with suggestions for future improvement. Click here: Thank you in advance! For more information: 25
26 Attention IAPP Certified Professionals: This IAPP web conference may be applied toward the continuing privacy education (CPE) requirements of your CIPP/US, CIPP/E, CIPP/G, CIPP/C, CIPT or CIPM credential worth 1.0 credit hours. IAPP-certified professionals who are the named participant of the registration will automatically receive credit. If another certified professional has participated in the program but is not the named participant then the individual may submit for credit by submitting the continuing education application form at submitceu. Continuing Legal Education Credits: The IAPP provides certificates of attendance to web conference attendees. Certificates must be self-submitted to the appropriate jurisdiction for continuing education credits. Please consult your specific governing body s rules and regulations to confirm if a web conference is an eligible format for attaining credits. Each IAPP web conference offers either 60 or 90 minutes of programming. 26
27 A recording of this program will be posted on the IAPP website approximately 48 hours following the live broadcast. For questions on this or other IAPP Web Conferences or recordings or to obtain a copy of the slide presentation please contact: Dave Cohen, CIPP/E, CIPP/US Knowledge Manager International Association of Privacy Professionals (IAPP) dave@iapp.org
Breach Notification in the GDPR Era. Speakers: Sam Pfeifle, IAPP Dennis Holmes, PwC
Breach Notification in the GDPR Era Speakers: Sam Pfeifle, IAPP Dennis Holmes, PwC Welcome Sam Pfeifle, Content Director, IAPP sam@iapp.org Dennis Holmes, Lawyer, Cybersecurity and Data Protection Legal
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationRequirements for a Managed System
GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the
More informationCIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification
CIPP/E CIPT Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification The CIPP/E + CIPT credentials shows you ve got the knowledge to build your organization s privacy
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationCIPP/G (Certified Information Privacy Professional US Government)
CIPP/G (Certified Information Privacy Professional US Government) Course Description (image) The Certified Information Privacy Professional/Government (CIPP/G) is the first publicly available privacy certification
More informationFirst aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018
First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationSCHOOL SUPPLIERS. What schools should be asking!
SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated
More informationADMA Briefing Summary March
ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From
More informationAdtech and GDPR What to consider when choosing your partner
Adtech and GDPR What to consider when choosing your partner 1 Agenda What to avoid and What to do Where is Adform on GDPR Posibilities for advertisers 2 This is about GDPR, not the unknown eprivacy update
More informationGDPR is coming in less than 2 months Are you ready?
GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationIAPP-OneTrust Research: Bridging ISO to GDPR
IAPP-OneTrust Research: Bridging ISO 27001 to GDPR Introduction Privacy is hot. Security knows the feeling. Much as the move to digital products and services necessitated a new profession of information
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationInformation Security. How to be GDPR compliant? 08/06/2017
Information Security How to be GDPR compliant? CREOBIS 08/06/2017 1 Alain Cieslik What Is the Difference Between Security and Privacy? Security: The primary goal of InfoSec is to protect confidentiality,
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationEco Web Hosting Security and Data Processing Agreement
1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationData Breach Notification: what EU law means for your information security strategy
Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements
More informationGeneral Data Protection Regulation (GDPR) Key Facts & FAQ s
General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationBHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD
BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT HIRINGBOSS HOLDINGS PTE LTD This DPA is entered into between the Controller and the Processor and is incorporated into and governed by the terms of the Agreement. 1. Definitions
More informationThe GDPR and NIS Directive: Risk-based security measures and incident notification requirements
The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant
More informationImplementing the new GDPR: what does it mean for Universities?
Implementing the new GDPR: what does it mean for Universities? Case study Alumni Portal Cosimo Monda Director - European Centre on Privacy and Cybersecurity Maastricht University Twitter: @ecpcmaastricht
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationGDPR compliance: some basics & practical to do list
GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationBreach Notification Form
Breach Notification Form Report a breach of personal data to the Data Protection Commission Use this form if you are a Data Controller that wishes to contact us to report a personal data breach that has
More informationGDPR: A GUIDE TO READINESS
SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services
More informationSword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017
Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World September 20, 2017 The information and opinions expressed by our panelists today are their own, and do not necessarily represent the views of
More informationPRIVACY NOTICE. Privacy notice. What personal data we collect and the Legal Basis. Who are we? The personal data we would collect from/process on you
Page: 1 of 5 Privacy notice Who are we? The (ILC) is an independent chapter and affiliate of ISACA International, engaged in the promotion of the education of its members for the improvement and development
More informationData Warehouse Risk Assessment (GDPR)
Data Warehouse Risk Assessment (GDPR) The new data protection law is effective from 25.05.2018. Individuals will have more control of their personal data and organisations will have to implement a risk
More informationIntroductory guide to data sharing. lewissilkin.com
Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external
More informationPrivacy Policy. MIPS Website Privacy Policy. Document Information. Contact Details. Version 1.0 Version date March 2018.
Privacy Policy MIPS Website Privacy Policy Version 1.0 Version date March 2018 Document Information Prepared for Users of MIPS websites Prepared by MIPS NV Date 27/02/2018 Contact Details Joffrey WILLEM
More informationGDPR: A technical perspective from Arkivum
GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationDATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection
DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE 2016 Saviour Cachia Commissioner for Information and Data Protection Conception of DPA Council of Europe ETS 108 Convention on the protection of
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationGetting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions
Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationArkadin Data protection & privacy white paper. Version May 2018
Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data
More informationData Processing Agreement
Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data
More informationPRIVACY POLICY PRIVACY POLICY
PRIVACY POLICY 1 A. GENERAL PART 1.1. COLLECTION AND PROCESSING OF USER DATA Within the scope of the availability of the website hosted in www.alpinushotel.com and of the services and communications made
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationGeneral Data Protection Regulation Frequently Asked Questions (FAQ) General Questions
General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into
More informationImpacts of the GDPR in Afnic - Registrar relations: FAQ
Impacts of the GDPR in Afnic - Registrar relations: FAQ Background The adoption of Regulation (Eu) 2016/679 of the European Parliament and of the Council of April 27, 2016 on the protection of natural
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationWonde may collect personal information directly from You when You:
Privacy Policy Updated: 17th April 2018 1. Scope At Wonde, we take privacy very seriously. We ve updated our privacy policy ( Policy ) to ensure that we communicate to You, in the clearest way possible,
More informationDesigning GDPR compliant software
Designing GDPR compliant software 1 Alain Cieslik Agenda o GDPR Summary o What does compliance with GDPR mean? o Example of GDPR Accountability o Consent & Purpose Management o What does security mean
More informationBIOEVENTS PRIVACY POLICY
BIOEVENTS PRIVACY POLICY At Bioevents, your privacy is important. Below you will find our privacy policy, which covers all personally identifiable data shared through Bioevents websites. Our privacy policy
More informationGDPR Let s get operational
ISACA - GDPR 24.11.2016 1 GDPR Let s get operational Alain Herrmann (Technology) 2 Overview I. Basic concepts and abbreviations II. Scope of the GDPR III. New approach of the GDPR IV. Accountability V.
More informationPROJECT BACKGROUND AND RATIONALE
PROJECT BACKGROUND AND RATIONALE The political agreement on the EU General Data Protection Regulation (GDPR) has been reached and the new Regulation will be on the books by the end of the first quarter
More informationUWTSD Group Data Protection Policy
UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful
More informationGLOBAL DATA PROTECTION POLICY
GLOBAL DATA PROTECTION POLICY BRS UK Version 1.0 TABLE OF CONTENTS SCOPE 2 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 2 Compliance with the European data protection law and any additional applicable
More informationData Protection Policy
The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this
More informationTHE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon
THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES Forum financier du Brabant wallon 14.12.2017 Data Protection should be part of every company s or organisation s DNA Do you process
More informationDISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects
DISCLOSURE PURSUANT TO ART. 13 EU REGULATION No. 2016/679 (GDPR) Customers and prospects The company SORMA S.p.A., with registered office in Mestre (VE), 30174, Via Don Tosatto, no. 8, as the data controller
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationThe Impact of GDPR Compliance on IT and Security
The Impact of GDPR Compliance on IT and Security Experts on Panel Bojana Bellamy President Centre for Information Policy Leadership Vibhav Agarwal Director MetricStream 2017 MetricStream, Inc. All Rights
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationMOBILE.NET PRIVACY POLICY
MOBILE.NET PRIVACY POLICY As the operator of the Mobile.net website (https://mobile.net.ltd/) (Website), ADX Labs, LLC. (Company, we or us) is committed to protecting and respecting your privacy. The data
More informationData Protection Policy
Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please
More informationCliniSys Website Privacy Policy
CliniSys Website Privacy Policy Version 1.0 Document Information Prepared for: Users of the CliniSys Website Prepared by: CliniSys Solutions Limited Date: 13 February 2018 Contact Details: Matthew Fouracre,
More informationProhire Software Systems Limited ("Prohire")
Prohire Software Systems Limited ("Prohire") White paper on Prohire GDPR compliance measures 11 th May 2018 Contents 1. Overview 2. Legal Background 3. How Prohire complies 4. Wedlake Bell 5. Conclusion
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationPreparing for the GDPR
Preparing for the GDPR 1 February 2018 EXPECT EXCELLENCE DUBLIN BELFAST LONDON NEW YORK SILICON VALLEY arthurcox.com The EU General Data Protection Regulation (known as the GDPR ) will replace the current
More informationGLOBAL DATA PROTECTION POLICY
GLOBAL DATA PROTECTION POLICY Last update: April 2nd, 2018 SCOPE 3 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 3 Compliance with the European Data Protection Law and any additional applicable data
More informationNEWSFLASH GDPR N 8 - New Data Protection Obligations
GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine
More informationGENERAL DATA PROTECTION REGULATION (GDPR)
GENERAL DATA PROTECTION REGULATION (GDPR) Date: 01/02/17 Vendor Assessment Contents Introduction 2 Transparency 2 Collection and Purpose Limitation 4 Quality 4 Privacy Program Management 5 Security for
More informationIAPP Privacy Certification
Page 1 of 14 IAPP Privacy Certification Continuing Privacy Education (CPE) Policy Overview All CIPP (CIPP/US, CIPP/C, CIPP/E, CIPP/G CIPP/A), CIPM and CIPT holders must meet two minimum requirements over
More informationGDPR and the Privacy Shield
GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More information1 Privacy Statement INDEX
INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related
More informationPRIVACY NOTICE (TIER 4)
Page: 1 of 6 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for
More informationWEBSITE PRIVACY POLICY
WEBSITE PRIVACY POLICY INTRODUCTION Welcome to the Octopus Group s privacy policy ( Privacy Policy ) Octopus Group respects your privacy and is committed doing the right thing when it comes to protecting
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationPriv ac y Policy. Last upda ted:
Priv ac y Policy Last upda ted: 05.2014 This Privacy Policy describes the policies and procedures of ZET / Adrian Zingg / ZetApps and any subsidiaries and affiliated entities (together, Company, we or
More informationAll data subjects whose personal data is collected, in line with the requirements of the GDPR.
Page: 1 of 8 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for
More informationGDPR - Are you ready?
GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review
More informationBlue Alligator Company Privacy Notice (Last updated 21 May 2018)
Blue Alligator Company Privacy Notice (Last updated 21 May 2018) Who are we? Blue Alligator Company Limited (hereafter referred to as BAC ) is a company incorporated in England with company registration
More information