Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

Similar documents
Data Privacy for Multinationals: How to Build and Implement a Compliance Plan

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

Motorola Mobility Binding Corporate Rules (BCRs)

Introductory guide to data sharing. lewissilkin.com

DATA PROTECTION POLICY THE HOLST GROUP

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

Data Protection Policy

The British Museum. Data Protection Code of Practise. 1 Introduction

Subject: Kier Group plc Data Protection Policy

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

Islam21c.com Data Protection and Privacy Policy

UWTSD Group Data Protection Policy

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

General Data Protection Regulation (GDPR) Key Facts & FAQ s

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

HOW WE USE YOUR INFORMATION

DATA PROTECTION POLICY

UWC International Data Protection Policy

Data Protection Policy

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

DATA PROTECTION IN RESEARCH

Data Protection Policy

20/09/2013. Global Privacy and Data Protection: Practical Risk Assessment and Governance. Topics

Cognizant Careers Portal Terms of Use and Privacy Policy ( Policy )

GLOBAL DATA PROTECTION POLICY

Breach Notification Form

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

GLOBAL DATA PROTECTION POLICY

Technical Requirements of the GDPR

Strasbourg, 21 December / décembre 2017

The Data Protection Act 1998 and the Use of Personal Data for IT Administration

Data Protection Policy

Data processing policy

Cognizant Careers Portal Privacy Policy ( Policy )

EU GDPR: The General Data Protection Regulation

Catalent Inc. Privacy Policy v.1 Effective Date: May 25, 2018 Page 1

Data Privacy and Cybersecurity

Privacy Policy GENERAL

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Emergency Compliance DG Special Case DAMA INDIANA

VIACOM INC. PRIVACY SHIELD PRIVACY POLICY

PRIVACY STATEMENT. The Island with Bear Grylls (the Programme ) Introduction and main purposes

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Jefferies EMEA Privacy Notice

Cayman Islands Data Protection Law Guide Book

DATA PROTECTION POLICY

Data Protection. Guidance Notes

New Spanish Regulation Tightens Up Data Protection Requirements RAFI AZIM-KHAN, JOHN NICHOLSON, ALESSANDRO LIOTTA, AND DOMINIC HODGKINSON

GDPR. What is GDPR? GDPR is extraterritorial, meaning it applies to any company, processing EU resident data, irrespective of their location.

Data protection legal jungle or common sense Susan Healy. Religious Archives Group 22 Mar 2010

About the information we collect We collect and process personal data including but not limited to:-

Introduction to Personal Data Protection DCU Risk & Compliance Office October 2015

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

Privacy Policy... 1 EU-U.S. Privacy Shield Policy... 2

Data Protection Policy

MBNL Landlord Privacy Notice. This notice sets out how we handle landlord personal data as part of our General Data Protection policies (GDPR).

Creative Funding Solutions Limited Data Protection Policy

Developing Issues in Breach Notification and Privacy Regulations: Risk Managers Are you having the right conversation with the C Suite?

FLIPOUT Privacy Charter. We will handle any information we collect about you in accordance with our privacy Policy

This Privacy Policy governs our processing of all personal data provided to us at Environmental Essentials in relation to our E-learning services.

GDPR INFORMATION SEMINAR

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

A Homeopath Registered Homeopath

ADMA Briefing Summary March

THE DATA PROTECTION ACT (1998) AND YOUR CLUB/COUNTY ASSOCIATION

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

Key Customer Issues to Consider Before Entering into a Cloud Services Arrangement

Privacy Policy Wealth Elements Pty Ltd

PRIVACY NOTICE VOLUNTEER INFORMATION. Liverpool Women s NHS Foundation Trust

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

You can find a brief summary of this Privacy Policy in the chart below.

Privacy Notice. General Information Protection Regulation ( GDPR )

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Workday s Robust Privacy Program

Website and Marketing Privacy Policy

What is GDPR? Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

Data Privacy Notice. Madsen Advisory Limited ("Madsen") is committed to protecting and respecting your privacy.

The Data Protection Act 1998

The Role of the Data Protection Officer

KSi Malta Privacy Policy

CNH Industrial Privacy Policy. This Privacy Policy relates to our use of any personal information you provide to us.

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

Staff and Recruitment Privacy Notice Your personal information

PS Mailing Services Ltd Data Protection Policy May 2018

DATA PROTECTION POLICY

INNOVENT LEASING LIMITED. Privacy Notice

Arkadin Data protection & privacy white paper. Version May 2018

If you have any questions about this notice, please contact the Head Master.

Guardian Electrical Compliance Ltd DATA PROTECTION GDPR REGULATIONS POLICY

U.S. Private-sector Privacy Certification

Privacy Shield Policy

PRIVACY POLICY. 3.1 This policy does not apply to the collection, holding, use or disclosure of personal information that is an employee record.

Data Processing Agreement DPA

1 Privacy Statement INDEX

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

All you need to know and do to comply with the EU General Data Protection Regulation

Transcription:

Data Privacy for Multinationals: How to Build and Implement a Compliance Plan Augusta Speiser is responsible for guiding DENTSPLY Internationals efforts relating to ethics and compliance worldwide with particular focus on its European divisions. This includes leading and implementing DENTSPLY Internationals global data privacy compliance program as well as giving advice on specific data privacy issues relating to DENTSPLY s multijurisdictional business structure. 1

Janine Regan, a solicitor in the data protection team at Charles Russell Speechlys LLP, advises on global data protection compliance and outsourcing projects for multinationals in sectors such as financial services pharmaceutical, construction and marketing and advertising. Janine is also a Certified Information Privacy Professional for Europe. DENTSPLY S Global Footprint 12,000+ Employees Circa $3bn sales per annum Operations around the globe direct and through 3 rd parties Listed on US stock exchange Subject to global laws and regulations 2

Agenda Part 1: Overview of global data privacy legal framework; current laws and the future in respect of the proposed European Data Protection Regulation Part 2: Case study: A practical insight on how a multinational company has built a data privacy compliance plan including the benefits and challenges faced by that company Part 3: How to ensure that your data privacy program stands the test of time Part 1 Dentsply s drivers for a Data Privacy Project To optimise the use of personal data To prepare for the proposed general data protection Regulation To consolidate global approach to data privacy To reduce the risks of sensitive personal data being compromised 3

Part 1 Other drivers for a Data Privacy Project Remedial action after a data breach Regulatory action taken against other companies / competitors in their sector To save legal costs Current Why is data protection important in Europe? European Data Protection Directive 95/46/EC 28 different legislations on data protection, all based on the Directive Key definitions 4

Current Personal data (aka in the US as personally identifiable information ) means data which relate to a living individual who can be identified from those data, or from those data and other information which is in the possession of, or is likely to come into the possession of, the data controller Current Data subject means an individual who is the subject of personal data. 5

Current Sensitive personal data Racial or ethnic origin Political opinions Religious beliefs Trade Union Membership Physical or mental health condition Sexual life Criminal offences (sometimes) Note: does not usually include financial data Current Processing recording or holding the information or data or carrying out any operation or set of operations on the information or data Includes storing, viewing and hosting data 6

Current Data controller means.a person who (either along or jointly in common with other persons) determines the purposes for which and the manner in which any personal data are, or are to be, processed Current Data processor means any person who (other than an employee of the data controller) who processes the data on behalf of the data controller 7

Current International data transfers Model Contract Clauses Safe Harbor Certification The Principles Personal data must be processed fairly and lawfully Personal data shall be obtained only for one or more specified and lawful purposes, and shall not be further processed in any manner incompatible with that purpose or those purposes. Personal data shall be adequate, relevant and not excessive Personal data shall be accurate and, where necessary, kept up to date Personal data shall not be kept for longer than is necessary 8

The Principles Personal data shall be processed in accordance with the rights of data subjects (e.g. subject access rights) Appropriate technical and organisational measures shall be taken against unauthorised or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data. Personal data shall not be transferred to a country or territory outside the European Economic Area unless that country or territory ensures an adequate level of protection for the rights and freedoms of data BUT IT DOESN T END WITH EUROPE J 9

ARGENTINA M RUSSIA J 10

SOUTH KOREA J AND THAT S JUST TO NAME A FEW!! Malaysia Singapore Taiwan J 11

the USA US CAN SPAM ACT The Health Insurance Portability and Accountability Act Children s Online Privacy Protection Act The Gramm Leach Bliley Act the USA Federal Trade Commission Powers Investigative Authority Enforcement Authority notably $16,000 fines per violation Recent enforcement action 12

the USA the USA 13

Part 2 Case Study Privacy Map J 14

Compliance with Data Protection Directive and proposed Regulation 15

Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation 16

Data Mapping and Outsourcer Review White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation Data Mapping and Outsourcer Review Local Audit Questionnaire White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation 17

Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities Data transfer solution and intra-group data processing arrangements White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation 18

Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities Data transfer solution and intra-group data processing arrangements Data Protection Policies and Manual White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities Data transfer solution and intra-group data processing arrangements Data Protection Policies and Manual Organisational Structure White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation 19

Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities Data transfer solution and intra-group data processing arrangements Data Protection Policies and Manual Organisational Structure Training and Communication White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation Data Mapping and Outsourcer Review Local Audit Questionnaires Formalities with Data Protection Authorities Local Audit Questionnaires Data Protection Policies and Manual Organisational Structure Training and Communication White Paper + defining approach to project plan Optimize data, consolidate approach, reduce risks of SPD Compliance with Data Protection Directive and proposed Regulation 20

Part 2 Case Study Challenges and benefits Part 3 How to ensure that your data privacy program stands the test of time 21

Thank You! 22

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback