SlideShare a Scribd company logo

GDPR Readiness: Role of the DPO

Download as PPTX, PDF
Morgan McKinley
Morgan McKinley

On Tuesday 16th January 2018, Morgan McKinley were privileged to have Paul Jordan, European Managing Director at the IAPP, deliver an engaging seminar on the topic of the Data Protection Officer and its requirements under GDPR. Being a drastic change in regulations, GDPR is a hot topic at the moment and is due to come into full force on 25th May this year. The event was well attended, with professionals from a range of industries coming to soak up Paul’s extensive knowledge and ask the burning GDPR questions relevant to their specific situation.

Recruiting & HR
1 of 28
www.iapp.org GDPR Readiness: Role of the DPO GDPR Event - Morgan McKinley – London Paul Jordan Tuesday 16 January, 2018
www.iapp.org 2 Overview • General DPO requirements under the GDPR: legitimacy of the DPO role • International Research findings in Data Protection
www.iapp.org 3 The growth of an industry
www.iapp.org 4 Data Protection Officers (Art. 37–39) are to ensure compliance within organisations. They have to be appointed for all public authorities and for companies where the “core activities”: - regularly and systematically monitor data subjects on a large scale, or - process on a large scale special categories of data (Art. 9 and 10). Data Protection Officers Art. 37–39
www.iapp.org 5 - Core Activities: Key operations necessary to achieve business goals + processing which forms an inextricable part of the business activity. - Large Scale: Recital 91 mentions “processing operations which aim to process considerable amounts of personal data at national, regional or supranational level which could affect a large number of data subjects and which are likely to result in a high risk”. What does ‘core activities’ and ‘large scale’ mean?
www.iapp.org DPD 6 SECTION IX NOTIFICATION Article 18 Obligation to notify the supervisory authority 1. (…) 2. Member States may provide for the simplification of or exemption from notification only in the following cases and under the following conditions: • (…) • Where the controller, in compliance with the national law which governs him, appoints a personal data protection official, responsible in particular: •for ensuring in an independent manner the internal application of the national provisions taken pursuant to this Directive •for keeping the register of processing operations carried out by the controller, containing the items of information referred to in Article 21 (2), thereby ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the processing operations. Article 20 Prior checking 1. (…) 2. Such prior checks shall be carried out by the supervisory authority following receipt of a notification from the controller or by the data protection official, who, in cases of doubt, must consult the supervisory authority. SECTION 4 DATA PROTECTION OFFICER Article 37 Designation of the data protection officer 1. The controller and the processor shall designate a data protection officer in any case where: a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10. GDPR
www.iapp.org Data Protection Officers 7 Nature and challenges • The DPO is similar but not the same as a Compliance Officer as they are also expected to be proficient at managing IT processes, data security (including dealing with cyber- attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations. • Monitoring of DPOs will be the responsibility of the Regulator rather than the Board of Directors of the organisation that employs the DPO: the independence factor. • Internally, the DPO will need to create their own support team and will also be responsible for their own continuing professional development as they need to be relatively independent of the organisation that employs them, effectively acting as a ‘business enabler’ within organisations.
www.iapp.org 8
www.iapp.org Data Protection Officer 9 Qualifications Art. 37 (5): ‘The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.’ • Certifications: CIPP/E (EU data protection legislation), CIPM (data protection practices, [D]PIAs, Program mgt) • Further qualifications & continuous education
www.iapp.org 10 CIPP/E EU laws and regulations The global standard for the go- to person for privacy laws, regulations and frameworks CIPM Operations The first and only privacy certification for professionals who manage day-to-day operations
www.iapp.org Data Protection Officer 11 Responsibilities (Art. 39) • Counsel the entity in regard to applicable data protection laws • Monitor compliance with applicable data protection (GDPR) provisions and alignment with internal policies, including the assignment of responsibilities, • Awareness-raising and training of staff involved in the processing operations • Conduction of data protection audits and [D]PIAs • Cooperate and communicate with the responsible regulatory authority
www.iapp.org Data Protection Officer 12 Data Protection Risk Management (Art. 39 (2)): ‘The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.’
www.iapp.org Privacy Risks Notice and Consent Data Loss Data Usage Individuals’ Rights Data Transfers Third Parties Over- retention of data 13
www.iapp.org Key Risk Impacts Financial Impact Reputational Impact Regulatory Impact 14
www.iapp.org Data Protection Officer 15 Positioning in the company (Art. 38) 1) Proper and timely involvement in all relevant aspects to be ensured by the controller 2) Support by sufficient resources and access to data and systems and allowance of further qualification 3) Independence of instructions and protection against sanctioning by controller as employer 4) Point of contact for data subjects 5) Professional secrecy and interest protection
www.iapp.org Accountability & GDPR Accountability is a Key Principle The new accountability principle in Article 5(2) requires the controller to demonstrate compliance with the principles relating to personal data and states explicitly that this is the controllers responsibility 16
www.iapp.org Demonstrating Accountability ****** Demonstrate compliance by implementing appropriate technical and organisational measures Maintain relevant documentation Appoint a data protection officer, if appropriate Implementing measures that meet principles of data protection by design and data protection by default 17
www.iapp.org Outsourcing the DPO? 18 Shared and external DPOs (Art. 37 (2)): ‘A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.’ (Art. 37 (6)): ‘The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.’
www.iapp.org CPO vs. DPO 19 Considerations • Is this mandatory DPO the lead data protection and privacy voice in the organisation? • Does the DPO’s role in working with the regulator make it difficult for the DPO to engage in high-level strategic conversations? • Would appointing external counsel as DPO create conflict when working with the lead privacy voice in the organisation? • Remember Art. 38 (3): ‘The controller and processor shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks.’
www.iapp.org 20
www.iapp.org 21
www.iapp.org 22
www.iapp.org 23
www.iapp.org 24
www.iapp.org 25
www.iapp.org 26
www.iapp.org 27
www.iapp.org 28 For questions or to request additional information: Paul Jordan Managing Director, Europe, IAPP pjordan@iapp.org +32.(0)2.761.66.86 www.iapp.org

Recommended

Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Chris Doolittle
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data PrivacyMaganathin Veeraragaloo
 

Recommended

Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127
Privacy_Engineering_Privacy Assurance_Lecture-Ecole_Polytechnic_Nice_SA-20150127Frank Dawson
 
Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Addressing analytics, data warehouse and Big Data challenges beyond database ...
Addressing analytics, data warehouse and Big Data challenges beyond database ...Chris Doolittle
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processingTim Gough
 
New opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsNew opportunities and business risks with evolving privacy regulations
New opportunities and business risks with evolving privacy regulationsUlf Mattsson
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Cloud and Data Privacy
Cloud and Data PrivacyCloud and Data Privacy
Cloud and Data PrivacyMaganathin Veeraragaloo
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparationPromapp Solutions
 
Data protection
Data protectionData protection
Data protectionRaviPrashant5
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
Data Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewData Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewDVV Solutions Third Party Risk Management
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
GDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowGDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowRachel Roach
 
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Codemotion
 
Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 

More Related Content

What's hot

GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!Fintan Swanton
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranDr. Sami Zahran
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Codemotion
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...Ulf Mattsson
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesUlf Mattsson
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyMicrosoft Österreich
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPRPaul O'Carroll
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparationPromapp Solutions
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPRJessvin Thomas
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRImogenRutherford
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
GDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowGDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowRachel Roach
 
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Codemotion
 

What's hot (20)

GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Quick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami ZahranQuick Introduction to the EU GDPR by Sami Zahran
Quick Introduction to the EU GDPR by Sami Zahran
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
Pronti per la legge sulla data protection GDPR? No Panic! - Domenico Maracci,...
 
May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...May 6 evolving international privacy regulations and cross border data tran...
May 6 evolving international privacy regulations and cross border data tran...
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
ISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniquesISACA Houston - Practical data privacy and de-identification techniques
ISACA Houston - Practical data privacy and de-identification techniques
 
Beginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) JourneyBeginning your General Data Protection Regulation (GDPR) Journey
Beginning your General Data Protection Regulation (GDPR) Journey
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
Data protection
Data protectionData protection
Data protection
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law
 
Getting Ready for GDPR
Getting Ready for GDPRGetting Ready for GDPR
Getting Ready for GDPR
 
Data Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewData Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service Overview
 
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianHow to keep out of trouble with GDPR: The case of Facebook, Google and Experian
How to keep out of trouble with GDPR: The case of Facebook, Google and Experian
 
Data Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPRData Protection: Transitioning to the GDPR
Data Protection: Transitioning to the GDPR
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
GDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to KnowGDPR & Your Cloud Provider - What You Need to Know
GDPR & Your Cloud Provider - What You Need to Know
 
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
Pronti per la legge sulla data protection GDPR? No Panic! - Stefano Sali, Dom...
 

Similar to GDPR Readiness: Role of the DPO

Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...PECB
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Georges Ataya
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analyticsbrunomase
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityEQS Group
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Ulf Mattsson
 
Kyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte Consultants Ltd.
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceMongoDB
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers Gary Dodson
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceIT Governance Ltd
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaUlf Mattsson
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farPECB
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...IT Governance Ltd
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessMark Baker
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 

Similar to GDPR Readiness: Role of the DPO (20)

Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...Legal obligations and responsibilities of data processors and controllers und...
Legal obligations and responsibilities of data processors and controllers und...
 
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...Business impact of new EU General Data Protection Regulation (GDPR) on organi...
Business impact of new EU General Data Protection Regulation (GDPR) on organi...
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 
Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17Intro ataya inauguration event 12 dec 17
Intro ataya inauguration event 12 dec 17
 
GDPR and Analytics
GDPR and AnalyticsGDPR and Analytics
GDPR and Analytics
 
The general data protection act overview
The general data protection act overviewThe general data protection act overview
The general data protection act overview
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
 
Impact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A SecurityImpact of GDPR on Third Party and M&A Security
Impact of GDPR on Third Party and M&A Security
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...Evolving international privacy regulations and cross border data transfer - g...
Evolving international privacy regulations and cross border data transfer - g...
 
Kyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered ServicesKyte GDPR Compliance - Offered Services
Kyte GDPR Compliance - Offered Services
 
How MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR complianceHow MongoDB can accelerate a path to GDPR compliance
How MongoDB can accelerate a path to GDPR compliance
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
GDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to complianceGDPR challenges for the healthcare sector and the practical steps to compliance
GDPR challenges for the healthcare sector and the practical steps to compliance
 
A practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpaA practical data privacy and security approach to ffiec, gdpr and ccpa
A practical data privacy and security approach to ffiec, gdpr and ccpa
 
The GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so farThe GDPR: Common misunderstandings and lessons learned so far
The GDPR: Common misunderstandings and lessons learned so far
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
GDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your businessGDPR- Get the facts and prepare your business
GDPR- Get the facts and prepare your business
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 

More from Morgan McKinley

When should your business hire a contractor?
When should your business hire a contractor?When should your business hire a contractor?
When should your business hire a contractor?Morgan McKinley
 
The changing face of contracting: IR35 in the private sector
The changing face of contracting: IR35 in the private sectorThe changing face of contracting: IR35 in the private sector
The changing face of contracting: IR35 in the private sectorMorgan McKinley
 
Preview - HR magazine - The future of Performance Management
Preview - HR magazine - The future of Performance ManagementPreview - HR magazine - The future of Performance Management
Preview - HR magazine - The future of Performance ManagementMorgan McKinley
 
H rmag winter2018-p24-27-morganmckinley-200
H rmag winter2018-p24-27-morganmckinley-200H rmag winter2018-p24-27-morganmckinley-200
H rmag winter2018-p24-27-morganmckinley-200Morgan McKinley
 
What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?Morgan McKinley
 
Why onboard contractors into your organisation? | M3S Total Talent Solutions
Why onboard contractors into your organisation? | M3S Total Talent SolutionsWhy onboard contractors into your organisation? | M3S Total Talent Solutions
Why onboard contractors into your organisation? | M3S Total Talent SolutionsMorgan McKinley
 
The public perception of Brexit in 2018
The public perception of Brexit in 2018The public perception of Brexit in 2018
The public perception of Brexit in 2018Morgan McKinley
 
What are the differences between European and Irish CVs?
What are the differences between European and Irish CVs?What are the differences between European and Irish CVs?
What are the differences between European and Irish CVs?Morgan McKinley
 
Future proofing the development community in Toronto
Future proofing the development community in TorontoFuture proofing the development community in Toronto
Future proofing the development community in TorontoMorgan McKinley
 
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~Morgan McKinley
 
Bonus for balance | Achieving gender equality: where do we start?
Bonus for balance | Achieving gender equality: where do we start?Bonus for balance | Achieving gender equality: where do we start?
Bonus for balance | Achieving gender equality: where do we start?Morgan McKinley
 
UK Working Hours Survey 2016
UK Working Hours Survey 2016UK Working Hours Survey 2016
UK Working Hours Survey 2016Morgan McKinley
 
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeries
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeriesMastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeries
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeriesMorgan McKinley
 
Change and the Finance Function
Change and the Finance FunctionChange and the Finance Function
Change and the Finance FunctionMorgan McKinley
 
Living and Working in Asia
Living and Working in AsiaLiving and Working in Asia
Living and Working in AsiaMorgan McKinley
 
Living and Working in Australia
Living and Working in AustraliaLiving and Working in Australia
Living and Working in AustraliaMorgan McKinley
 
Morgan McKinley Brochure
Morgan McKinley BrochureMorgan McKinley Brochure
Morgan McKinley BrochureMorgan McKinley
 

More from Morgan McKinley (20)

When should your business hire a contractor?
When should your business hire a contractor?When should your business hire a contractor?
When should your business hire a contractor?
 
The changing face of contracting: IR35 in the private sector
The changing face of contracting: IR35 in the private sectorThe changing face of contracting: IR35 in the private sector
The changing face of contracting: IR35 in the private sector
 
Preview - HR magazine - The future of Performance Management
Preview - HR magazine - The future of Performance ManagementPreview - HR magazine - The future of Performance Management
Preview - HR magazine - The future of Performance Management
 
H rmag winter2018-p24-27-morganmckinley-200
H rmag winter2018-p24-27-morganmckinley-200H rmag winter2018-p24-27-morganmckinley-200
H rmag winter2018-p24-27-morganmckinley-200
 
What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?What's happening to London Compliance jobs in 2018?
What's happening to London Compliance jobs in 2018?
 
Why onboard contractors into your organisation? | M3S Total Talent Solutions
Why onboard contractors into your organisation? | M3S Total Talent SolutionsWhy onboard contractors into your organisation? | M3S Total Talent Solutions
Why onboard contractors into your organisation? | M3S Total Talent Solutions
 
The public perception of Brexit in 2018
The public perception of Brexit in 2018The public perception of Brexit in 2018
The public perception of Brexit in 2018
 
What are the differences between European and Irish CVs?
What are the differences between European and Irish CVs?What are the differences between European and Irish CVs?
What are the differences between European and Irish CVs?
 
Future proofing the development community in Toronto
Future proofing the development community in TorontoFuture proofing the development community in Toronto
Future proofing the development community in Toronto
 
GDPR FAQ'S
GDPR FAQ'SGDPR FAQ'S
GDPR FAQ'S
 
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~
Poll: Your thoughts on cigarette breaks at work 世論調査 ~スモ休について~
 
Bonus for balance | Achieving gender equality: where do we start?
Bonus for balance | Achieving gender equality: where do we start?Bonus for balance | Achieving gender equality: where do we start?
Bonus for balance | Achieving gender equality: where do we start?
 
Gender pay gap
Gender pay gapGender pay gap
Gender pay gap
 
UK Working Hours Survey 2016
UK Working Hours Survey 2016UK Working Hours Survey 2016
UK Working Hours Survey 2016
 
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeries
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeriesMastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeries
Mastering Mindfulness at Work with life coach Talane Miedaner | #SuccessSeries
 
Change and the Finance Function
Change and the Finance FunctionChange and the Finance Function
Change and the Finance Function
 
Living and Working in Asia
Living and Working in AsiaLiving and Working in Asia
Living and Working in Asia
 
Living and Working in Australia
Living and Working in AustraliaLiving and Working in Australia
Living and Working in Australia
 
2012 Salary Survey
2012 Salary Survey2012 Salary Survey
2012 Salary Survey
 
Morgan McKinley Brochure
Morgan McKinley BrochureMorgan McKinley Brochure
Morgan McKinley Brochure
 

Recently uploaded

Unlocking Organizational Potential: The Essence of Human Resource Management ...
Unlocking Organizational Potential: The Essence of Human Resource Management ...Unlocking Organizational Potential: The Essence of Human Resource Management ...
Unlocking Organizational Potential: The Essence of Human Resource Management ...Sabuj Ahmed
 
SQL Interview Questions and Answers for Business Analyst
SQL Interview Questions and Answers for Business AnalystSQL Interview Questions and Answers for Business Analyst
SQL Interview Questions and Answers for Business AnalystHireQuotient
 
Ways to Make the Most of Temporary Part Time Jobs
Ways to Make the Most of Temporary Part Time JobsWays to Make the Most of Temporary Part Time Jobs
Ways to Make the Most of Temporary Part Time JobsSnapJob
 
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)twfkn8xj
 
15 Best Employee Retention Strategies.pdf
15 Best Employee Retention Strategies.pdf15 Best Employee Retention Strategies.pdf
15 Best Employee Retention Strategies.pdfAlex Vate
 
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...Webinar - Payscale Innovation Unleashed: New features and data evolving the c...
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...PayScale, Inc.
 
Webinar - How to Choose and Use Salary Data
Webinar - How to Choose and Use Salary DataWebinar - How to Choose and Use Salary Data
Webinar - How to Choose and Use Salary DataPayScale, Inc.
 
Austin Recruiter Network Meeting April 25, 2024
Austin Recruiter Network Meeting April 25, 2024Austin Recruiter Network Meeting April 25, 2024
Austin Recruiter Network Meeting April 25, 2024Dan Medlin
 
Public Relations jobs in New York City with Phifer & Company
Public Relations jobs in New York City with Phifer & CompanyPublic Relations jobs in New York City with Phifer & Company
Public Relations jobs in New York City with Phifer & CompanyPhiferCompany
 
Copy of Periodical - Employee Spotlight (8).pdf
Copy of Periodical - Employee Spotlight (8).pdfCopy of Periodical - Employee Spotlight (8).pdf
Copy of Periodical - Employee Spotlight (8).pdfmarketing659039
 
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdf
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdfThe Great American Payday Prepare for a (Relatively) Bumpy Ride.pdf
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdfJasper Colin
 
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?hxwwranl
 
Intern Welcome LinkedIn Periodical (1).pdf
Intern Welcome LinkedIn Periodical (1).pdfIntern Welcome LinkedIn Periodical (1).pdf
Intern Welcome LinkedIn Periodical (1).pdfmarketing659039
 
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝soniya singh
 
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...makika9823
 
Employee Engagement Trend Analysis.pptx.
Employee Engagement Trend Analysis.pptx.Employee Engagement Trend Analysis.pptx.
Employee Engagement Trend Analysis.pptx.ShrayasiRoy
 
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan
 

Recently uploaded (20)

Unlocking Organizational Potential: The Essence of Human Resource Management ...
Unlocking Organizational Potential: The Essence of Human Resource Management ...Unlocking Organizational Potential: The Essence of Human Resource Management ...
Unlocking Organizational Potential: The Essence of Human Resource Management ...
 
SQL Interview Questions and Answers for Business Analyst
SQL Interview Questions and Answers for Business AnalystSQL Interview Questions and Answers for Business Analyst
SQL Interview Questions and Answers for Business Analyst
 
Ways to Make the Most of Temporary Part Time Jobs
Ways to Make the Most of Temporary Part Time JobsWays to Make the Most of Temporary Part Time Jobs
Ways to Make the Most of Temporary Part Time Jobs
 
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)
(圣安德鲁斯大学毕业证学位证成绩单-留学生补办)
 
15 Best Employee Retention Strategies.pdf
15 Best Employee Retention Strategies.pdf15 Best Employee Retention Strategies.pdf
15 Best Employee Retention Strategies.pdf
 
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...Webinar - Payscale Innovation Unleashed: New features and data evolving the c...
Webinar - Payscale Innovation Unleashed: New features and data evolving the c...
 
Webinar - How to Choose and Use Salary Data
Webinar - How to Choose and Use Salary DataWebinar - How to Choose and Use Salary Data
Webinar - How to Choose and Use Salary Data
 
Austin Recruiter Network Meeting April 25, 2024
Austin Recruiter Network Meeting April 25, 2024Austin Recruiter Network Meeting April 25, 2024
Austin Recruiter Network Meeting April 25, 2024
 
Cheap Rate ➥8448380779 ▻Call Girls In Sector 29 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 29 GurgaonCheap Rate ➥8448380779 ▻Call Girls In Sector 29 Gurgaon
Cheap Rate ➥8448380779 ▻Call Girls In Sector 29 Gurgaon
 
Public Relations jobs in New York City with Phifer & Company
Public Relations jobs in New York City with Phifer & CompanyPublic Relations jobs in New York City with Phifer & Company
Public Relations jobs in New York City with Phifer & Company
 
Call Girls in Subhash Nagar ⎝⎝9953056974⎝⎝ Escort Delhi NCR
Call Girls in Subhash Nagar ⎝⎝9953056974⎝⎝ Escort Delhi NCRCall Girls in Subhash Nagar ⎝⎝9953056974⎝⎝ Escort Delhi NCR
Call Girls in Subhash Nagar ⎝⎝9953056974⎝⎝ Escort Delhi NCR
 
Copy of Periodical - Employee Spotlight (8).pdf
Copy of Periodical - Employee Spotlight (8).pdfCopy of Periodical - Employee Spotlight (8).pdf
Copy of Periodical - Employee Spotlight (8).pdf
 
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdf
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdfThe Great American Payday Prepare for a (Relatively) Bumpy Ride.pdf
The Great American Payday Prepare for a (Relatively) Bumpy Ride.pdf
 
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?
如何办RRC学位证,红河学院毕业证成绩单文凭怎么辨别?
 
Hot Sexy call girls in Preet Vihar🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Preet Vihar🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Preet Vihar🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Preet Vihar🔝 9953056974 🔝 Delhi escort Service
 
Intern Welcome LinkedIn Periodical (1).pdf
Intern Welcome LinkedIn Periodical (1).pdfIntern Welcome LinkedIn Periodical (1).pdf
Intern Welcome LinkedIn Periodical (1).pdf
 
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝
Model Call Girl in Keshav Puram Delhi reach out to us at 🔝8264348440🔝
 
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...
Escorts in Lucknow 9548273370 WhatsApp visit your hotel or office Independent...
 
Employee Engagement Trend Analysis.pptx.
Employee Engagement Trend Analysis.pptx.Employee Engagement Trend Analysis.pptx.
Employee Engagement Trend Analysis.pptx.
 
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
Authentic No 1 Amil Baba In Pakistan Amil Baba In Faisalabad Amil Baba In Kar...
 

GDPR Readiness: Role of the DPO

  • 1. www.iapp.org GDPR Readiness: Role of the DPO GDPR Event - Morgan McKinley – London Paul Jordan Tuesday 16 January, 2018
  • 2. www.iapp.org 2 Overview • General DPO requirements under the GDPR: legitimacy of the DPO role • International Research findings in Data Protection
  • 4. www.iapp.org 4 Data Protection Officers (Art. 37–39) are to ensure compliance within organisations. They have to be appointed for all public authorities and for companies where the “core activities”: - regularly and systematically monitor data subjects on a large scale, or - process on a large scale special categories of data (Art. 9 and 10). Data Protection Officers Art. 37–39
  • 5. www.iapp.org 5 - Core Activities: Key operations necessary to achieve business goals + processing which forms an inextricable part of the business activity. - Large Scale: Recital 91 mentions “processing operations which aim to process considerable amounts of personal data at national, regional or supranational level which could affect a large number of data subjects and which are likely to result in a high risk”. What does ‘core activities’ and ‘large scale’ mean?
  • 6. www.iapp.org DPD 6 SECTION IX NOTIFICATION Article 18 Obligation to notify the supervisory authority 1. (…) 2. Member States may provide for the simplification of or exemption from notification only in the following cases and under the following conditions: • (…) • Where the controller, in compliance with the national law which governs him, appoints a personal data protection official, responsible in particular: •for ensuring in an independent manner the internal application of the national provisions taken pursuant to this Directive •for keeping the register of processing operations carried out by the controller, containing the items of information referred to in Article 21 (2), thereby ensuring that the rights and freedoms of the data subjects are unlikely to be adversely affected by the processing operations. Article 20 Prior checking 1. (…) 2. Such prior checks shall be carried out by the supervisory authority following receipt of a notification from the controller or by the data protection official, who, in cases of doubt, must consult the supervisory authority. SECTION 4 DATA PROTECTION OFFICER Article 37 Designation of the data protection officer 1. The controller and the processor shall designate a data protection officer in any case where: a) the processing is carried out by a public authority or body, except for courts acting in their judicial capacity; b) the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale; or c) the core activities of the controller or the processor consist of processing on a large scale of special categories of data pursuant to Article 9 and personal data relating to criminal convictions and offences referred to in Article 10. GDPR
  • 7. www.iapp.org Data Protection Officers 7 Nature and challenges • The DPO is similar but not the same as a Compliance Officer as they are also expected to be proficient at managing IT processes, data security (including dealing with cyber- attacks) and other critical business continuity issues around the holding and processing of personal and sensitive data. The skill set required stretches beyond understanding legal compliance with data protection laws and regulations. • Monitoring of DPOs will be the responsibility of the Regulator rather than the Board of Directors of the organisation that employs the DPO: the independence factor. • Internally, the DPO will need to create their own support team and will also be responsible for their own continuing professional development as they need to be relatively independent of the organisation that employs them, effectively acting as a ‘business enabler’ within organisations.
  • 9. www.iapp.org Data Protection Officer 9 Qualifications Art. 37 (5): ‘The data protection officer shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil the tasks referred to in Article 39.’ • Certifications: CIPP/E (EU data protection legislation), CIPM (data protection practices, [D]PIAs, Program mgt) • Further qualifications & continuous education
  • 10. www.iapp.org 10 CIPP/E EU laws and regulations The global standard for the go- to person for privacy laws, regulations and frameworks CIPM Operations The first and only privacy certification for professionals who manage day-to-day operations
  • 11. www.iapp.org Data Protection Officer 11 Responsibilities (Art. 39) • Counsel the entity in regard to applicable data protection laws • Monitor compliance with applicable data protection (GDPR) provisions and alignment with internal policies, including the assignment of responsibilities, • Awareness-raising and training of staff involved in the processing operations • Conduction of data protection audits and [D]PIAs • Cooperate and communicate with the responsible regulatory authority
  • 12. www.iapp.org Data Protection Officer 12 Data Protection Risk Management (Art. 39 (2)): ‘The data protection officer shall in the performance of his or her tasks have due regard to the risk associated with processing operations, taking into account the nature, scope, context and purposes of processing.’
  • 13. www.iapp.org Privacy Risks Notice and Consent Data Loss Data Usage Individuals’ Rights Data Transfers Third Parties Over- retention of data 13
  • 15. www.iapp.org Data Protection Officer 15 Positioning in the company (Art. 38) 1) Proper and timely involvement in all relevant aspects to be ensured by the controller 2) Support by sufficient resources and access to data and systems and allowance of further qualification 3) Independence of instructions and protection against sanctioning by controller as employer 4) Point of contact for data subjects 5) Professional secrecy and interest protection
  • 16. www.iapp.org Accountability & GDPR Accountability is a Key Principle The new accountability principle in Article 5(2) requires the controller to demonstrate compliance with the principles relating to personal data and states explicitly that this is the controllers responsibility 16
  • 17. www.iapp.org Demonstrating Accountability ****** Demonstrate compliance by implementing appropriate technical and organisational measures Maintain relevant documentation Appoint a data protection officer, if appropriate Implementing measures that meet principles of data protection by design and data protection by default 17
  • 18. www.iapp.org Outsourcing the DPO? 18 Shared and external DPOs (Art. 37 (2)): ‘A group of undertakings may appoint a single data protection officer provided that a data protection officer is easily accessible from each establishment.’ (Art. 37 (6)): ‘The data protection officer may be a staff member of the controller or processor, or fulfil the tasks on the basis of a service contract.’
  • 19. www.iapp.org CPO vs. DPO 19 Considerations • Is this mandatory DPO the lead data protection and privacy voice in the organisation? • Does the DPO’s role in working with the regulator make it difficult for the DPO to engage in high-level strategic conversations? • Would appointing external counsel as DPO create conflict when working with the lead privacy voice in the organisation? • Remember Art. 38 (3): ‘The controller and processor shall ensure that the data protection officer does not receive any instructions regarding the exercise of those tasks.’
  • 28. www.iapp.org 28 For questions or to request additional information: Paul Jordan Managing Director, Europe, IAPP pjordan@iapp.org +32.(0)2.761.66.86 www.iapp.org