GDPR ESSENTIALS END-USER COMPLIANCE TRAINING. Copyright 2018 Logical Operations, Inc. All rights reserved.

Transcription

1 GDPR ESSENTIALS END-USER COMPLIANCE TRAINING 1

2 POTENTIAL MAXIMUM GDPR PENALTY 2

3 WHAT IS DATA PRIVACY?

4 MOST NOTABLE US/CA PRIVACY LAWS Federal Trade Commission Act, Sec4on 5 California Online Privacy Protec4on Act (CalOPPA) State data breach no4fica4on laws Health Insurance Portability and Accountability Act (HIPAA) CAN-SPAM and COPPA 4

5 GDPR NOT JUST FOR THE European Union (EU) 5

6 IAPP World s largest professional associa4on dedicated to privacy 40,000+ Members Worldwide in 110 countries 15,000+ Cer4fied Individuals IAPP s mission: To define, promote and improve the privacy profession globally 6

7 WHAT S REQUIRED?

8 WHAT DATA PRIVACY SKILLS ARE NEEDED?

9 GDPR AND TRAINING REQUIREMENTS Ar.cle 39: The data protec4on officer shall have at least the following tasks: (1b) to monitor compliance with this Regula4on, with other Union or Member State data protec4on provisions and with the policies of the controller or processor in rela4on to the protec4on of personal data, including the assignment of responsibili4es, awarenessraising and training of staff involved in processing opera4ons, and the related audits Ar.cle 47: (2h) the tasks of any data protec4on officer designated in accordance with Ar4cle 37 or any other person or en4ty in charge of the monitoring compliance with the binding corporate rules within the group of undertakings, or group of enterprises engaged in a joint economic ac4vity, as well as monitoring training and complaint-handling (2n) the appropriate data protec4on training to personnel having permanent or regular access to personal data Ar.cle 70: The Board shall ensure the consistent applica4on of this Regula4on. To that end, the Board shall, on its own ini4a4ve or, where relevant, at the request of the Commission, in par4cular: (1v) promote common training programmes 9

10 GDPR ESSENTIALS IAPP compliance elearning offering: GDPR Essen4als Two modules Data Privacy Essen4als General Data Protec4on Regula4on (GDPR) Es4mated training 4me is minutes Requires employee to pass inline assessments to receive passing score No tailoring/customiza4on to elearning content (can add addi4onal documents/links to CHOICE plaform) Available in the following languages: Bri4sh English French German Italian Universal Spanish 10

11 PROCESS 1. OTP must sign new OTP agreement which includes op4on to resell GDPR Essen4als 2. OTP can sell to any client with up to 50k employees globally; >50k employees op4on to refer to IAPP and receive 30% referral fee Ex: Facebook ~25k employees = Direct; Google ~85k employees = Referral 3. OTP to provide LO Customer Service with following for each client: a. Signed GDPR Essen4als client agreement (1 per client) b. Client global employee count c. Client website 4. Customer Service will process order providing a mul4-use key with the maximum number of uses within the 4er. For example, if 3,000 global employees mul4-use key with maximum of 5,000 redemp4ons is provided Note: GDPR Essen4als is available through LO CHOICE only not available to be delivered through any 3 rd party LMS systems; would need to refer to IAPP 5. LO to provide CHOICE compliance repor4ng to OTP (4 reports included, addi4onal provided at addi4onal fee) 11

12 Investment Min Employees Max Employees OTP Price Client SRP $3,900 $5, $5,265 $6, ,000 $7,020 $9,126 1,001 2,000 $9,126 $11,864 2,001 5,000 $12,285 $15,971 5,001 10,000 $17,550 $22,815 10,001 20,000 $25,272 $32,854 20,001 30,000 $31,590 $41,067 30,001 50,000 $35,100 $45,630 Note: Pricing is based on the number of global employees

13 Ques4ons?

14 THANK YOU! E: O: W:

15 SUPPORTING SLIDES 15

16 IAPP TRAINING & CERTIFICATION Cer4fied Informa4on Privacy Professional (CIPP) Privacy laws, regula4ons and frameworks: the What of data protec4on Cer4fied Informa4on Privacy Manager(CIPM) Implemen4ng privacy in an organiza4on: the How of privacy from a management perspec4ve Cer4fied Informa4on Privacy Technologist (CIPT) Implemen4ng privacy in applica4ons and systems: the How of privacy from a technology perspec4ve NOTE: CIPP, CIPM and CIPT are all accredited under ISO standards 16

17 DPO READY A 4-day program covering both the what and the how of informa4on privacy, providing both knowledge of privacy laws and prac4ces. 17

18 BENEFITS OF IAPP CERTIFICATION AND MEMBERSHIP IAPP cer4fica4ons are ANSI-accredited to rigorous ISO standards Membership provides support throughout a career, extending beyond the few days of training Access to a network of 40,000+ data protec4on professionals around the world Largest privacy and educa4onal events in the world (Washington, DC, Brussels, Toronto, Singapore and more) Daily e-news digest (The Daily Dashboard) for top privacy stories from Extensive online Resource Center and ongoing research Local KnowledgeNet (chapter) networking/educa4onal mee4ngs 18

19 GDPR INCIDENT RESPONSE REQUIREMENTS Ar.cle 33: No4fica4on of a personal data breach to the supervisory authority: (1) In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours arer having become aware of it Ar.cle 34: Communica4on of a personal data breach to the data subject (1) When the personal data breach is likely to result in a high risk to the rights and freedoms of natural persons, the controller shall communicate the personal data breach to the data subject without undue delay 19

20 INCIDENT RESPONSE PREPAREDNESS 20

21 CYBER & DATA PRIVACY COMBINED LEARNING PATH 21

22 CYBERSECURITY VS DATA PRIVACY OR IS IT? CYBERSECURITY Keeping Data Safe Protec4ng Maintaining Controlling DATA PRIVACY Security Collec4on Use Handling Sharing