EU GDPR: The General Data Protection Regulation

Similar documents
You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Jefferies EMEA Privacy Notice

Islam21c.com Data Protection and Privacy Policy

Georgia Institute of Technology EU GDPR Lawful Basis Form

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

Data Processing Agreement DPA

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Staff and Recruitment Privacy Notice Your personal information

Creative Funding Solutions Limited Data Protection Policy

Rights of Individuals under the General Data Protection Regulation

Data Protection Policy

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

General Data Protection Regulation (GDPR) Key Facts & FAQ s

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Data processing policy

Technical Requirements of the GDPR

TINOPOLIS PRIVACY NOTICE

UWTSD Group Data Protection Policy

RVC DATA PROTECTION POLICY

DATA PROTECTION A GUIDE FOR USERS

Motorola Mobility Binding Corporate Rules (BCRs)

Introductory guide to data sharing. lewissilkin.com

Implementing the new GDPR: what does it mean for Universities?

Privacy Notice - Stora Enso s Supplier and Stakeholder Register. 1 Purpose

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

Data protection. Data protection. Kacper Szkalej 1. Structure. Data protection. Media Law, KTH. Definition? Data protection = data processing rules

PRINCIPLES OF PROTECTION OF PERSONAL DATA (GDPR) WITH EFFICIENCY FROM

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

Data Protection Policy

DATA PROTECTION POLICY THE HOLST GROUP

TREND MICRO PRIVACY POLICY

Cognizant Careers Portal Privacy Policy ( Policy )

Brasenose College ICT Systems Privacy Notice (v1.2)

What personal data or information do we collect? The personal information we collect may include:

1 Privacy Statement INDEX

GLOBAL DATA PROTECTION POLICY

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

PRIVACY POLICY FOR THE LIDC 2018 INTERNATIONAL CONGRESS

GDPR Data Protection Policy

UM General Privacy Statement

Privacy Notice - Stora Enso s Customer and Sales Register. 1 Controller

Subject: Kier Group plc Data Protection Policy

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

Privacy Shield Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

DATA PROTECTION POLICY

Element Finance Solutions Ltd Data Protection Policy

A practical guide to using ScheduleOnce in a GDPR compliant manner

Down Under Centre Employment Hub - Privacy Policy Introduction

GLOBAL DATA PROTECTION POLICY

Extension Architecture Privacy Notice

The Corporate Website and the Product Websites are together referred to hereafter as the website.

Data Protection Policy

EU DATA PROTECTION COMPLIANCE WHEN SECURING SAAS APPLICATIONS

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

All you need to know and do to comply with the EU General Data Protection Regulation

Privacy Notice. General Information Protection Regulation ( GDPR )

PS Mailing Services Ltd Data Protection Policy May 2018

RECRUITMENT DATA PROTECTION NOTICE. AImotive Ltd.

UWC International Data Protection Policy

PRIVACY NOTICE EFFECTIVE FROM 25 MAY 2018

Privacy Notice For Ghana International Bank Plc customers

Privacy and Data Protection Policy

1. Right of access. Last Approval Date: May 2018

Cova Security Gates Ltd Privacy Notice. Unit C1, Sussex Manor Business Park, Crawley, West Sussex, RH10 9NH, United Kingdom

CAPGEMINI BINDING CORPORATE RULES

Privacy Notice - General Data Protection Regulation ( GDPR )

Kährs Group s Privacy Policy

PRIVACY POLICY. Marlin Hawk Limited of 10 Throgmorton Avenue, London EC2N 2DL, tel

The British Museum. Data Protection Code of Practise. 1 Introduction

If you have any questions about this notice, please contact the Head Master.

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

Privacy Policy. This document describes the privacy policy of United TLD Holdco Ltd (T/A Rightside Registry).

INFORMATION TO BE GIVEN 2

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Privacy Policy of

You can find a brief summary of this Privacy Policy in the chart below.

Frequently Asked Questions

Michael Robinson Associates Limited is committed to protecting your personal information. This policy

Data Protection Policy

EventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation

Data Protection. Guidance Notes

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

PRIVACY POLICY. 1. Definitions and Interpretation In this Policy the following terms shall have the following meanings:

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Arkadin Data protection & privacy white paper. Version May 2018

PRIVACY POLICY SECTION 1 CONTACTS

Our Privacy Statement

Office of John Howell MP Data Protection Policy

Transcription:

EU GDPR: The General Data Protection Regulation A Brief Overview Duke Privacy

The General Data Protection Regulation Became effective May 25, 2018. Formally codifies privacy as a fundamental right and protects the flow of personal data.

GDPR Requirements: Have a legal basis for processing the personal information of covered data subjects. Have a legal basis for transferring the personal information of covered data subjects to the U.S. Document and provide data subjects specific notice of processing and transfer activities and the legal bases to do so. Respond to data subjects rights requests. Provide notice of breaches of personal data.

The GDPR Applies to Entities Established in the European Economic Area (the 28 EU states plus, Iceland, Liechtenstein and Norway) who process personal data of EA/EEA data subjects. Outside of the EEA who process the personal data of EA/EEA data subjects in the course of offering goods or services (even when free) or where behavior of the data subjects is monitored.

Personal Data is Defined Broadly Personal data : Any information relating to an identified or identifiable natural person. (GDPR Art. 4(1)) Special categories of personal data : Race, ethnicity, political opinions, religious or philosophical beliefs, trade union membership, health, sexual orientation or sex life. (GDPR Art. 9(1))

The GDPR Applies to Two Groups A controller is an entity that, alone or jointly with others, determines the purposes and means of processing data. (GDPR Art. 4(7)) e.g., acting as a collaborator as part of a research project. A processor is an entity that processes personal data on behalf of the controller. (GDPR Art. 4(8)) e.g., acting as a fee-for-service laboratory.

How the GDPR Applies to Universities in the U.S. GDPR applies if: The university has an establishment in the EEA and acts as a data controller or processor The university offers goods or services to individuals in the EEA The university monitors the behavior of individuals in the EEA

Application Examples Establishment: Study Abroad programs Offering of goods and services: Recruiting students and faculty in the EEA. University press or corporate education targeting customers in the EEA. Monitoring behavior: Online education programs that include participants in the EEA and use cookies to track student participation. Tracking giving history of alumni and other donors in EEA member states.

Legal Bases to Process Personal Data The data subject has given consent to processing. The processing is necessary for the performance of a contract to which the data subject is a party. The processing is necessary for compliance with a legal obligation. The processing is necessary to protect vital interests of the data subject or a natural person.

Legal Bases to Process Personal Data The processing is necessary for a task carried out in the public interest. The processing is necessary for the legitimate interests of the controller or a third party, except where such interests are overridden by the interest or fundamental rights and freedoms of the data subject.

Legal Bases to Process Special Categories The Data Subject has given explicit consent of the data subject to processing. The processing is necessary to protect the vital interests of the data subject or another natural person where the data subject is physically or legally incapable of giving consent. The processing is necessary for reasons of public interest in the area of public health. The processing is necessary for scientific or historical research purposes.

Legal Bases for Data Transfer Explicit consent of the data subject to the transfer of personal data to the U.S. Model contractual clauses impose certain requirements of EU data privacy law with respect to data transferred under contract. Data transfers necessary to protect the vital interests of the data subject - generally considered to be life and death situations. Codes of Conduct Binding Corporate Rules and Privacy Shield not applicable to Duke

The GDPR provides the following rights for individuals: The right to be informed. The right of access. The right to rectification. The right to erasure. The right to restrict processing. The right to data portability. The right to object. Rights in relation to automated decision making and profiling.

Data Protection Officer The GDPR requires that data controllers and processors with core activities that put them in scope designate a Data Protection Officer (DPO) to oversee the measures taken for GDPR compliance. The Duke DPO is: David J. Falcone Director of Privacy, Ethics and Compliance University Compliance Officer

Questions? Contact Duke Privacy: privacy@duke.edu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback