PROJECT BACKGROUND AND RATIONALE

Similar documents
The Impact of GDPR Compliance on IT and Security

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

CIPL Roundtable Accountable AI: Solutions for Data Privacy and Innovation in Europe. Brussels Tech Summit

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

A Modern European Data Protection Framework

GDPR: A QUICK OVERVIEW

A PRE-WORKSHOP TUTORIAL ON THE APEC CROSS-BORDER PRIVACY RULES AND THE APEC PRIVACY RECOGNITION FOR PROCESSORS

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Implementing the new GDPR: what does it mean for Universities?

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Knowing and Implementing the GDPR Part 3

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

EU General Data Protection Regulation (GDPR) Achieving compliance

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

EU policy and the way forward for smart meters and smart grids

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

The Global Context of Sustainable Development Data

ENISA s Position on the NIS Directive

General Data Protection Regulation (GDPR) NEW RULES

HEALTH INFORMATION INFRASTRUCTURE PROJECT: PROGRESS REPORT

INSPIRE status report

GDPR and the Privacy Shield

Our agenda. The basics

Adtech and GDPR What to consider when choosing your partner

Data Protection System of Georgia. Nina Sarishvili Head of International Relations Department

Accelerate GDPR compliance with the Microsoft Cloud

Cybersecurity & Digital Privacy in the Energy sector

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

PRIVACY ACROSS THE POND

EXAM PREPARATION GUIDE

General Data Protection Regulation (GDPR)

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

GDPR - Are you ready?

GDPR compliance: some basics & practical to do list

Data Management and Security in the GDPR Era

Kick-off Meeting DPIA Test phase

The NIS Directive and Cybersecurity in

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR Are you ready?

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

SCHOOL SUPPLIERS. What schools should be asking!

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

WHO-ITU National ehealth Strategy Toolkit

Council of the European Union Brussels, 23 November 2016 (OR. en)

Developing and Implementing Data Protection Law: Malaysia and Beyond

European Diplomatic Programme. The EU Global Strategy: from Vision to Action

European Diplomatic Programme. The EU Global Strategy: from Vision to Action

The prospects of data breach laws in 18 European countries

NEWSFLASH GDPR N 8 - New Data Protection Obligations

EU GDPR: The General Data Protection Regulation

The Global Connector

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

DIPLOMA CENTRE Certificate in Data Protection Practice.

General Data Protection Regulation (GDPR) Key Facts & FAQ s

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Privacy Seals: A way forward for building trust. The EuroPriSe project. 1

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

Certifications, Seals and Marks under the GDPR and Their Roles as Accountability Tools and Cross-Border Data Transfer Mechanisms

Data Protection in Switzerland Update Following the Safe Harbor Decision. 21 October 2015 / 6 February 2016 Christian Wyss

Report from UN-GGIM: Europe A year in review

A Regulator s Perspective on Accountability and How to Incentivise It

This report was prepared by the Information Commissioner s Office, United Kingdom (hereafter UK ICO ).

Regulating Cyber: the UK s plans for the NIS Directive

A comprehensive approach on personal data protection in the European Union

GDPR is coming in less than 2 months Are you ready?

General Data Protection Regulation (GDPR)

Guidelines 1/2018 on certification and identifying certification criteria in accordance with Articles 42 and 43 of the Regulation 2016/679

ENFORCEMENT POWERS. The EU Perspective. Olivier Proust. Associate Hunton & Williams LLP

The Africa-EU Energy Partnership (AEEP) The Role of Civil Society and the Private Sector. 12 February, Brussels. Hein Winnubst

10007/16 MP/mj 1 DG D 2B

Towards a European e-competence Framework

Report of the Working Group on mhealth Assessment Guidelines February 2016 March 2017

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

U.S. Japan Internet Economy Industry Forum Joint Statement October 2013 Keidanren The American Chamber of Commerce in Japan

United4Health session Regulatory Framework Trends & Updates. Nicole Denjoy COCIR Secretary General Wed. 7 May 2014, Berlin (Germany)

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

G8 Lyon-Roma Group High Tech Crime Subgroup

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

WORKSHOP WITH STAKEHOLDERS ON THE CONNECTION NETWORK CODES NATIONAL IMPLEMENTATION GUIDANCE DOCUMENTS

ICT Legal Consulting on GDPR: the possible value of certification in data protection compliance and accountability

The Role of the Data Protection Officer

Motorola Mobility Binding Corporate Rules (BCRs)

CNPD Course: Data Protection Basics

Towards a European Cloud Computing Strategy

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

In Accountable IoT We Trust

BHConsulting. Your trusted cybersecurity partner

PS Mailing Services Ltd Data Protection Policy May 2018

Technology and data privacy Global perspectives

July 13, Via to RE: International Internet Policy Priorities [Docket No ]

European Open Science Cloud Implementation roadmap: translating the vision into practice. September 2018

Transcription:

PROJECT BACKGROUND AND RATIONALE The political agreement on the EU General Data Protection Regulation (GDPR) has been reached and the new Regulation will be on the books by the end of the first quarter of 2016. Organisations will have a two year period (spring 2016-spring 2018) to assess the impact of the Regulation on their activities, devise and execute implementation strategies and make changes to their business processes, compliance infrastructures and IT systems to reflect the new requirements. The new regime will bring changes not only to organisations, but also to the data protection authorities and how they oversee, supervise and enforce the new rules in Europe. Some of the immediate impacts of the GDPR relate to its jurisdictional and extraterritorial reach; new requirements concerning privacy impact assessments, privacy by design, pseudonymisation, data breach notification, data processor obligations, organisational accountability and data protection officers, data protection principles, rights of individuals; legal liability, remedies, fines; and the roles and powers of data protection authorities. Importantly, despite the ambition to harmonise data protection rules across Europe, the GDPR leaves a significant margin of maneuver to Member States in its application. It also gives both the EU Commission and the new European Data Protection Board (EDPB) powers to enact implementing regulations and guidance. To address these changes, the Centre for Information Policy Leadership (CIPL) is launching a special project in March 2016 the CIPL PROJECT ON GDPR IMPLEMENTATION. The rationale for the project is the need for a constructive and expert dialogue between industry, regulators and key policy makers, that will inform and build bridges between different stakeholders, help develop consistent and forward thinking interpretations of the new requirements and devise best practices for implementing the requirements. Consistent interpretation, implementation, oversight and enforcement of the new rules across the EU Member States are all critical to the success of the GDPR and the European Single Digital Market Strategy. Finally, the GDPR and the way it which it is implemented will have a significant influence on other countries and regions around the world as they develop their data privacy regimes. 1 CIPL Project on GDPR Implementation

PROJECT OBJECTIVES The project aims to establish a forum for an expert dialogue between industry representatives, DPAs, the European Data Protection Supervisor (EDPS), the EU Commission, Member States representatives and academic experts through a series of workshops, webinars and white papers with the following specific objectives: Informing and advancing constructive and forward-thinking interpretations of key GDPR requirements; Facilitating consistency in the interpretation of the GDPR across the EU; Facilitating consistency in the further implementation of the GDPR by Member States, EU Commission and EDPB; Examining best practices, as well as challenges, in the implementation of the key GDPR requirements; Sharing industry experiences and views to benchmark, coordinate and streamline the implementation of new compliance measures; and Examining how the new GDPR requirements should be interpreted and implemented to advance the European Digital Single Market strategy and data-driven innovation, while protecting the privacy of individuals and respecting the fundamental right to data protection. PROPOSED PROJECT FOCUS TOPICS The specific topics to be covered in the project will be ultimately decided by the project Steering Committee, DPAs and other project stakeholders. (See 5 Buckets on page 3) The proposed topics of focus include application of the law to controllers and processors, main establishment and one-stop-shop (OSS), pseudonymisation, legitimacy (consent, legitimate interest-based processing), further processing for new purposes, profiling, risk management, privacy impact assessments, data breach notification, cross-border data transfer mechanisms, demonstrating accountability, privacy seals and certifications, and the new powers, responsibilities and working of DPAs and the EDPB. 2 CIPL Project on GDPR Implementation

PROPOSED PROJECT FOCUS TOPICS 5 BUCKETS 1. Data Privacy Programmatic Management Accountability and its elements under the GDPR for controllers and processors Appointment and role of the DPO Assessing risk under the GDPR - privacy impact assessments, privacy by design, breach notification Evidencing and demonstrating accountability externally Privacy seals, certifications, codes of conduct Harmonisation and consistent implementation 2. Core Principles and Concepts Legitimacy (consent /age of consent, legitimate interest), decisions based on profiling, transparency, purpose limitation, pseudonymisation 3. Individual Rights Data portability, new aspects of data erasure and right to object, transparency 4. International Data Transfers Adequacy decisions, BCRs, Model Contracts, the new EU-US Privacy Shield, derogations, seals and certifications, Art. 48, interoperability with non-eu mechanisms 5. Relationship with DPAs, Enforcement and Sanctions Smart Regulation Main establishment, One Stop Shop and relationship with EU DPAs Role and powers of the EU DPAs Role and powers of the European Data Protection Board Consistency procedure Sanctions and liability Links with EU strategy for Digital Single Market and Smart Regulation 3 CIPL Project on GDPR Implementation

PROJECT PRELIMINARY TIMELINE January 2016 Formation of project Steering Committee and discussion with project stakeholders March 2016 Official launch of the project 16 March 2016 Workshop I: Towards a Successful and Consistent Implementation of the GDPR Amsterdam, The Netherlands *Co-hosted by the Dutch Ministry of Security and Justice April 2016 Formation of initial project priorities subgroups 6 May 2016 Publication of Workshop I Report 24 May 2016 Webinar: Deep Dive on Risk and High Risk in the GDPR 22 June 2016 Webinar: Deep Dive into the Role of the DPO under the GDPR July 2016 Formation of mid-term project priorities subgroups Spring-Summer 2016 White paper(s) and written submission(s) 19 September 2016 Workshop II: The Role of the Data Protection Officer (DPO) and Risk and High Risk under the GDPR, Paris, France 4 CIPL Project on GDPR Implementation

20 September 2016 CIPL Industry GDPR Implementation Roundtable hosted by Orange S.A., Paris, France 27 October 2016 Webinar: Understanding Certifications, Seals and Marks under the GDPR 8 November 2016 CIPL GDPR Project Working Session on Seals, Certifications, and Codes of Conduct under the GDPR, Brussels, Belgium 6-7 March 2017 Workshop III: GDPR Implementation: Status, Key Challenges and Understanding the Core Principles of Transparency, Consent and Legitimate Interest, Madrid, Spain 14 June 2017 CIPL GDPR Project Senior Leaders Working Session on Smart Data Protection - How Should DPAs Set their Strategic Priorities? Dublin, Ireland CONTACT US To learn more about the project and ways to get involved, please contact: Bojana Bellamy, President +44 (0)20 7220 5703 BBellamy@hunton.com Markus Heyder, Vice President & Senior Policy Counselor 202-419-2005 MHeyder@hunton.com Richard Thomas, Global Strategy Advisor Richard.Thomas@which.net Hielke Hijmans, Senior Policy Advisor HHijmans@hunton.com Ann Kristin Glenster, Consultant AKGlenster@hunton.com 5 CIPL Project on GDPR Implementation

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback