Nicola Franchetto, ICT Legal Consulting & Partner, CloudWATCH2
CloudWATCH Summit - 20th September 2017 TQ, Amsterdam
• Introduction to the GDPR
• CloudWATCH 2 Legal Guides
• GDPR: Key definitions, substantive principles, game changers and methodology
With the General Data Protection Regulation soon upon us, all service providers need to sit up and take note. The session provides expert guidance how to strategically plan your compliance with the GDPR and NIS Directives. We’ll look at the steps companies and public administrations should take in terms of contracts, managing risk assessment and compliance tools.
The General Data Protection Regulation (GDPR) is a comprehensive reform of the EU's 1995 data protection regulation that strengthens and unifies online privacy rights and data protection for EU citizens. Key changes include stricter rules around data breaches, higher fines of up to 4% of global turnover for non-compliance, and a single law across the EU instead of different national laws. Organizations must notify breaches to authorities within 72 hours and encrypt personal data to avoid notifying individuals affected in high risk breaches. The GDPR takes effect in 2018.
The document summarizes the key changes between the Data Protection Act and the new General Data Protection Regulation (GDPR) that takes effect in 2018. Some of the major changes include stricter consent requirements, increased accountability and governance responsibilities, larger fines for noncompliance, and new data subject rights around access, erasure, and portability. It recommends organizations form working groups, obtain specialist knowledge, and get certified to ensure compliance with the GDPR before enforcement begins in 2018.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The General Data Protection Regulation (GDPR) is a comprehensive reform of the EU's 1995 data protection regulation that strengthens and unifies online privacy rights and data protection for EU citizens. Key changes include stricter rules around data breaches, higher fines of up to 4% of global turnover for non-compliance, and a single law across the EU instead of different national laws. Organizations must notify breaches to authorities within 72 hours and encrypt personal data to avoid notifying individuals affected in high risk breaches. The GDPR takes effect in 2018.
The document summarizes the key changes between the Data Protection Act and the new General Data Protection Regulation (GDPR) that takes effect in 2018. Some of the major changes include stricter consent requirements, increased accountability and governance responsibilities, larger fines for noncompliance, and new data subject rights around access, erasure, and portability. It recommends organizations form working groups, obtain specialist knowledge, and get certified to ensure compliance with the GDPR before enforcement begins in 2018.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
MRS Company Partners have access to an exclusive group, the Operations Network. This Network holds free quarterly meetings to discuss a variety of topics to help your organisation. It is a great opportunity to network and learn new things.
CEE CMS Data Protection webinar series - Part 1CMSLondon
This webinar aims to provide you with an overview of the various national personal data protection frameworks that exist in CEE, particularly in Bulgaria, Czech Republic, Hungary, Poland, Romania, Russia, Slovakia, and Ukraine. CMS have provided legal assistance in each of these jurisdictions for many years.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
CEE CMS Data Protection webinar series - Part 2CMSLondon
This document summarizes a webinar on data protection held on April 2nd, 2014. It covered several topics: demystifying big data and the privacy issues it raises; ensuring cookie compliance; rules around security breaches; hot topics in workplace privacy like bring your own device policies and whistleblowing; and an overview of the draft EU Data Protection Regulation. The webinar provided guidance on these issues and emphasized the need for organizations to review their policies and practices to ensure compliance. It also noted ongoing negotiations around the EU regulation and implications for the future of data protection.
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
This document provides an overview of the legal and ethical framework for the WITDOM project, which involves processing personal data in untrusted cloud environments. It discusses key European data protection and cybersecurity legislation and their application to new computing environments. Specifically, it examines the 1995 EU Data Protection Directive, the proposed General Data Protection Regulation, and the 2013 Network and Information Security Directive. It also assesses ethical guidelines to support human values like privacy, security and justice. The document identifies legal issues, principles and potential requirements or barriers to managing and protecting personal data in untrusted domains.
MRS Code of Conduct 2019 - Changes to Fair DataMRS
The document summarizes changes made to the MRS Code of Conduct and Fair Data principles and checklist to comply with new GDPR requirements. Key changes include broadening the scope of the Code, expanding principles to address privacy by design and transparency, clarifying definitions, revising rules around vulnerable individuals and secondary data use, and strengthening data accountability and security requirements. The Fair Data principles and checklist were also updated to address new areas like risk assessments and international data transfers. Overall the revisions aim to better protect individual rights and ensure all MRS member activities meet the new GDPR standards.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
This document discusses the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018 and requires companies to appoint a Data Protection Officer (DPO) if they employ over 250 people or their core business involves regular monitoring of personal data. It outlines the responsibilities of a DPO, which include advising on GDPR compliance, implementing data protection policies, handling access requests, and acting as an independent point of contact for data regulation authorities. The document promotes Datum Solutions as an outsourced DPO provider that can help companies comply with GDPR in a cost-effective manner using experts in data protection law.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
The document discusses accountability under the GDPR and what it means for boards and senior management. It explains that the GDPR introduces the principle of accountability which requires organizations to demonstrate compliance with GDPR requirements. It also discusses specific GDPR requirements including data protection audits, impact assessments, policies and procedures, training, and appointing a data protection officer. The accountability principle means organizations need to implement comprehensive governance measures and have a culture of privacy.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
This document provides an overview of trends and issues from the Information Commissioner's Office (ICO), including key statistics on Data Protection Act (DPA) complaints and enforcement actions. Common data protection failures seen by the ICO include a lack of training, inadequate policies and procedures, and failure to implement appropriate technical solutions like encryption. The ICO has a range of regulatory and enforcement options, including civil monetary penalties (CMPs), with a framework that considers the seriousness, aggravating/mitigating factors, financial impact, objectives, and consistency with past cases. An example CMP of £50,000 issued to Amber UPVC Fabrications Ltd is described.
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
The document discusses Janrain's services to help clients prepare for the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It offers a GDPR Primer for a basic overview of requirements and identification of needs and gaps. It also offers a more in-depth GDPR Readiness Assessment to evaluate specific requirements for customer identity and access management processes. The assessment involves analyzing compliance, developing a prioritized remediation plan, building stakeholder consensus on the plan, and assisting with implementation of programs and technologies like Janrain's to achieve compliance.
The GDPR document discusses the General Data Protection Regulation, which came into effect in 2018. It aims to increase transparency around how companies collect and use personal data from EU citizens. All companies that manage or process EU citizen data must comply. Non-compliance can result in fines up to 20 million Euros or 4% of annual turnover. The GDPR established new principles around data transparency, usage consent, security, and rights to access and delete personal data. It also created new roles like the mandatory Data Protection Officer for large companies handling sensitive data.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
Before 25 May, 2020, the European Commission will present the first official evaluation of the GDPR, two years after the entry into application of the new regulation. The European Data Protection Board has given their view, as have the EU Member States. During this webinar, we will discuss the first lessons learned from the GDPR, including from the private sector.
In addition, as is custom during the quarterly updates, we will provide you with an overview of the new guidelines from the European Data Protection Board and enforcement action from the various supervisory authorities. In addition, we will take a look beyond the European Union’s borders at what is happening in the Middle East and Africa.
This webinar will review:
- The lessons learned in the first two years the GDPR has been in effect;
- The guidelines of the European Data Protection Board;
- The enforcement of the GDPR at national and European level;
- Data protection developments in Africa and the Middle East;
- How TrustArc can support you stay up-to-date on data protection and privacy compliance in the EMEA region.
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
MRS Company Partners have access to an exclusive group, the Operations Network. This Network holds free quarterly meetings to discuss a variety of topics to help your organisation. It is a great opportunity to network and learn new things.
CEE CMS Data Protection webinar series - Part 1CMSLondon
This webinar aims to provide you with an overview of the various national personal data protection frameworks that exist in CEE, particularly in Bulgaria, Czech Republic, Hungary, Poland, Romania, Russia, Slovakia, and Ukraine. CMS have provided legal assistance in each of these jurisdictions for many years.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
CEE CMS Data Protection webinar series - Part 2CMSLondon
This document summarizes a webinar on data protection held on April 2nd, 2014. It covered several topics: demystifying big data and the privacy issues it raises; ensuring cookie compliance; rules around security breaches; hot topics in workplace privacy like bring your own device policies and whistleblowing; and an overview of the draft EU Data Protection Regulation. The webinar provided guidance on these issues and emphasized the need for organizations to review their policies and practices to ensure compliance. It also noted ongoing negotiations around the EU regulation and implications for the future of data protection.
20150630_D6 1_Legal and EthicalFrameworkand Privacy and Security PrinciplesLisa Catanzaro
This document provides an overview of the legal and ethical framework for the WITDOM project, which involves processing personal data in untrusted cloud environments. It discusses key European data protection and cybersecurity legislation and their application to new computing environments. Specifically, it examines the 1995 EU Data Protection Directive, the proposed General Data Protection Regulation, and the 2013 Network and Information Security Directive. It also assesses ethical guidelines to support human values like privacy, security and justice. The document identifies legal issues, principles and potential requirements or barriers to managing and protecting personal data in untrusted domains.
MRS Code of Conduct 2019 - Changes to Fair DataMRS
The document summarizes changes made to the MRS Code of Conduct and Fair Data principles and checklist to comply with new GDPR requirements. Key changes include broadening the scope of the Code, expanding principles to address privacy by design and transparency, clarifying definitions, revising rules around vulnerable individuals and secondary data use, and strengthening data accountability and security requirements. The Fair Data principles and checklist were also updated to address new areas like risk assessments and international data transfers. Overall the revisions aim to better protect individual rights and ensure all MRS member activities meet the new GDPR standards.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
This document discusses the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018 and requires companies to appoint a Data Protection Officer (DPO) if they employ over 250 people or their core business involves regular monitoring of personal data. It outlines the responsibilities of a DPO, which include advising on GDPR compliance, implementing data protection policies, handling access requests, and acting as an independent point of contact for data regulation authorities. The document promotes Datum Solutions as an outsourced DPO provider that can help companies comply with GDPR in a cost-effective manner using experts in data protection law.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
The document discusses accountability under the GDPR and what it means for boards and senior management. It explains that the GDPR introduces the principle of accountability which requires organizations to demonstrate compliance with GDPR requirements. It also discusses specific GDPR requirements including data protection audits, impact assessments, policies and procedures, training, and appointing a data protection officer. The accountability principle means organizations need to implement comprehensive governance measures and have a culture of privacy.
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Security of personal data
- Data protection officer
View the webinar here: https://www.youtube.com/watch?v=u285y9hhgOo
Data Protection Reform: What Businesses Need to know About GDPR and its Impac...MediaPost
General Data Protection Regulation (“GDPR”) kicks in next year, and brands will be expected to comply with these consumer privacy rules. In this session, Claire Stockill, Solicitor at Irwin Mitchell LLP will explain what these rules mean for B2C email marketers. The presentation will explore the effects GDPR will have on consent, the need for increased transparency, fines associated with non-compliance and a look at the results of a recent YouGov survey on GDPR readiness.
This webinar gives an overview of:
- The regulation landscape
- Territorial scope
- Remedies, liabilities and penalties
- Privacy notices
- The right of data subject
- Consent
- Data processing
- Profiling or "automated individual decision-making"
- International marketing and data transfers
A recording of this webinar is available here:
https://www.youtube.com/watch?v=Vr_CT24v2iI
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
U.S. healthcare organizations must soon comply with the EU’s General Data Protection Regulation (GDPR) - which goes far beyond the Health Insurance Portability and Accountability Act (HIPAA) - or face major fines. Here’s a guide to get started.
This document provides an overview of trends and issues from the Information Commissioner's Office (ICO), including key statistics on Data Protection Act (DPA) complaints and enforcement actions. Common data protection failures seen by the ICO include a lack of training, inadequate policies and procedures, and failure to implement appropriate technical solutions like encryption. The ICO has a range of regulatory and enforcement options, including civil monetary penalties (CMPs), with a framework that considers the seriousness, aggravating/mitigating factors, financial impact, objectives, and consistency with past cases. An example CMP of £50,000 issued to Amber UPVC Fabrications Ltd is described.
Janrain Identity Cloud GDPR Assessment Kit Sean Bailey
The document discusses Janrain's services to help clients prepare for the EU's General Data Protection Regulation (GDPR) which takes effect in May 2018. It offers a GDPR Primer for a basic overview of requirements and identification of needs and gaps. It also offers a more in-depth GDPR Readiness Assessment to evaluate specific requirements for customer identity and access management processes. The assessment involves analyzing compliance, developing a prioritized remediation plan, building stakeholder consensus on the plan, and assisting with implementation of programs and technologies like Janrain's to achieve compliance.
The GDPR document discusses the General Data Protection Regulation, which came into effect in 2018. It aims to increase transparency around how companies collect and use personal data from EU citizens. All companies that manage or process EU citizen data must comply. Non-compliance can result in fines up to 20 million Euros or 4% of annual turnover. The GDPR established new principles around data transparency, usage consent, security, and rights to access and delete personal data. It also created new roles like the mandatory Data Protection Officer for large companies handling sensitive data.
Revising policies and procedures under the new EU GDPRIT Governance Ltd
This webinar covers:
- An overview of the regulatory landscape
- Territorial scope
- Remedies, liabilities and penalties
- Principles of the EU GDPR
- Policies - GDPR reference
- What if we don't have policies in place?
- What policies are required?
- How to develop a policy?
A recording of this webinar is available here:
https://www.youtube.com/watch?v=tzsXsf1058Q&feature=youtu.be
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
Before 25 May, 2020, the European Commission will present the first official evaluation of the GDPR, two years after the entry into application of the new regulation. The European Data Protection Board has given their view, as have the EU Member States. During this webinar, we will discuss the first lessons learned from the GDPR, including from the private sector.
In addition, as is custom during the quarterly updates, we will provide you with an overview of the new guidelines from the European Data Protection Board and enforcement action from the various supervisory authorities. In addition, we will take a look beyond the European Union’s borders at what is happening in the Middle East and Africa.
This webinar will review:
- The lessons learned in the first two years the GDPR has been in effect;
- The guidelines of the European Data Protection Board;
- The enforcement of the GDPR at national and European level;
- Data protection developments in Africa and the Middle East;
- How TrustArc can support you stay up-to-date on data protection and privacy compliance in the EMEA region.
GDPR - Context, Principles, Implementation, Operation, Impact on Outsourcing,...Alan McSweeney
The topics covered in this presentation are:
• Context of GDPR - this contains information on other directives and regulations relating to GDPR to provide details on its wider content
• Personal Information - this reiterates what is meant by personal information and so what is covered by GDPR
• Principles of GDPR - this identifies some of the key principles that underpin GDPR and will affect its operation and the particular provisions of the GDPR intended to give effect to those principles
• Implementing and Operating GDPR - this discusses approaches to operationalising GDPR within organisations
• GDPR and Outsourcing - this contains details on the particular topic of outsourcing that will be impacted by GDPR
• Data Governance - this puts GDPR into wider Data Governance context
• Data Ethics- this briefly discusses the wider issue of data ethics in the context of GDPR
The impact of GDPR cannot really be estimated or quantified at this stage. There is a wider regulatory context for GDPR. The range of data compliance regulations is only growing. Achieving GDPR compliance has the potential to be very expensive, especially for larger organisations. GDPR compliance should be addressed in the context of wider data governance. Existing methodologies should be reused where possible.
The document discusses preparations for the implementation of the GDPR on May 25th 2018. It notes that nearly full implementation will be impossible by the deadline and that a short transition period is needed, during which infringements should not automatically lead to sanctions. The focus should be on advice. It also discusses establishing consistent sanctions across EU states for GDPR infringements, but concludes that adopting firm penalties is not possible and that sanctions must take into account specific circumstances of controllers/processors and EU member states.
EU Update: Applying the new SCCs, or ‘just’ the complete GDPR?TrustArc
This document summarizes a webinar on navigating data privacy challenges related to cross-border data transfers. The webinar covered recent developments regarding EU adequacy decisions for the UK and South Korea, the new EU standard contractual clauses (SCCs), guidance from the European Data Protection Board on conducting data transfer risk assessments, and potential supplementary measures to address risks. Key points included an overview of the new SCCs and their scope, enforcement trends regarding SCCs by European data protection authorities, factors to consider in conducting data transfer risk assessments, and countries with limitations on cross-border data flows. The webinar concluded with a question and answer session.
Beyond the EU: DORA and NIS 2 Directive's Global ImpactPECB
The global implications of DORA and NIS 2 Directive are significant, extending beyond the European Union.
Amongst others, the webinar covers:
• DORA and its Implications
• Nis 2 Directive and its Implications
• How to leverage directive and regulation as a marketing tool and competitive advantage
• How to use new compliance framework to request additional budget
Presenters:
Christophe Mazzola - Senior Cyber Governance Consultant
Armed with endless Excel files, a meme catalog worthy of the best X'os (formerly twittos), and a risk register to make your favorite risk manager jealous, I swapped my computer scientist cape a few years ago for that of a (cyber) threat hunter with the honorary title of CISO.
Ah, and I am also a quadruple senior certified ISO27001/2/5, Pas mal non ? C'est francais.
Malcolm Xavier
Malcolm Xavier has been working in the Digital Industry for over 18 Years now. He has worked with Global Clients in South Africa, United States and United Kingdom. He has achieved Many Professional Certifications Like CISSP, Google Cloud Practitioner, TOGAF, Azure Cloud, ITIL v3 etc.
His core competencies include IT strategy, cybersecurity, IT infrastructure management, data center migration and consolidation, data protection and compliance, risk management and governance, and IS program development and management.
Date: April 25, 2024
Tags: Information Security, Digital Operational Resilience Act (DORA)
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: Digital Operational Resilience Act (DORA) - EN | PECB
NIS 2 Directive - EN | PECB
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
The document summarizes key aspects of the General Data Protection Regulation (GDPR) taking effect in May 2018 and recommendations for organizations to comply. It outlines the GDPR's 5 main duties: rights of EU data subjects, security of personal data, lawfulness and consent, accountability of compliance, and data protection by design and default. The document recommends organizations assess risks, identify necessary policies, processes, and technologies, and leverage IBM's solutions framework and experience helping clients in various industries prepare for the GDPR.
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
The document discusses the new EU General Data Protection Regulation (GDPR) which introduces more stringent data protection rules and fines of up to 4% of global annual revenue. It will apply from 2018, replacing the previous directive. Organizations need to review their compliance and determine what investments are needed to address the new requirements regarding rights for individuals, accountability, security, and more. The GDPR will have a significant impact and those unprepared risk substantial fines.
'Connected healthcare - connected to legality?'Lucy Woods
In January 2016, we held a Legal SIG (special interest group) at the London HQ of Olswang. Speakers included Juma El-Awaisi of Braci, Ross McKean of Olswang and Ken Munro of Pen Test Partners. Ken's presentation was interactive so slides are coming soon!
Presentation at Data protection in the Western Balkans and the Eastern Partnership Region. High-level exchange and learning week organised by SIGMA, GIZ, RCC and ReSPA.
The document discusses the EU General Data Protection Regulation (GDPR), which took effect in May 2018. It provides the following key points:
- The GDPR replaced the previous EU data protection directive and directly applies across all EU member states. It aims to give individuals more control over their personal data.
- Key aspects of the GDPR include expanded territorial reach, requirements for data protection officers, increased accountability and privacy by design principles, strengthened rights for data subjects, and larger maximum fines for noncompliance.
- Companies need to review their data processing activities, legal bases for processing, consent mechanisms, security, breach response plans, and privacy notices to ensure compliance with the extensive new obligations and standards introduced by the GD
Nick Stringer - Five Key Things EU General Data Protection Regulation (GDPR) ...Nick Stringer
The EU General Data Protection Regulation (GDPR) aims to update existing EU data protection laws to reflect today's digital world, give citizens greater control over personal data, and streamline rules across EU markets. Key aspects of the GDPR include a broader definition of personal data, new obligations for transparency and accountability, tougher user consent requirements, and fines of up to 20 million euros or 4% of annual global turnover for non-compliance. The GDPR will apply directly in all EU markets from May 2018 and have global significance by applying to individuals located in the EU regardless of where data is processed.
The new EU regulatory landscape - How might it impact digital advertising?Nick Stringer
The GDPR will have a significant impact on the media industry. It expands the definition of personal data, applies globally if targeting or monitoring EU individuals, increases penalties for noncompliance up to 4% of revenue, and makes using personal data harder commercially. While compliance will be easier for companies with direct user relationships, preparation is needed as the GDPR takes effect in May 2018 and a new ePrivacy law is also proposed to align with its strict consent standards.
GDPR- Get the facts and prepare your businessMark Baker
The GDPR will become law on May 25, 2018 and requires any organization that collects or processes personal data from EU citizens to comply with new privacy regulations. It mandates breach reporting within 72 hours of discovery and fines of up to 20 million euros for noncompliance. It also introduces the principle of "data protection by design" which requires privacy to be built into new systems and processes from the start. To prepare, organizations need to review technologies and processes for breach detection and reporting, and make privacy protections a fundamental part of their operations and systems.
Privacy is not a choice and it should not be the price played for our access to internet. We live in an era where everything is digitalized and anybody and everybody, from a child to a 70 year old accesses the same on a regular basis. Great advances in the technological field constitute a greater danger to the privacy of every individual. The constant question that arises is whether the data principal consents to the information provided and disseminated Mercerization of personal information has opened pits of security breaches and data privacy problems. When one consents to provide his data, does he consent to the dissemination of the same The very idea that consumers must make a trade off between privacy and security has been wiped away by the very enactment of the General Data Protection Regulation. This paper stands as proof that, GDPR is the answer to all the data privacy questions and problems faced by the society. The author briefs through the history of enactment EU GDPR and its necessity. The paper brings out both the endless advantages of GDPR as well as the few disadvantages present. The extensive research on GDPR has prompted the author to attract attention to the key changes seen after the implementation of GDPR and the robust data privacy regime built by its awakening. The main cerebration of the authors by referring to the above submissions is that GDPR is a need of the hour and is for the betterment of the society as a whole. Pranaya Dayalu | M. Punnagai ""GDPR: A Privacy Regime"" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-3 | Issue-4 , June 2019, URL: https://www.ijtsrd.com/papers/ijtsrd23460.pdf
Paper URL: https://www.ijtsrd.com/humanities-and-the-arts/other/23460/gdpr-a-privacy-regime/pranaya-dayalu
What is the new data protection regulation GDPR and why should you care? Jesp...Exove
What is the new data protection regulation GDPR and why should you care? by Jesper Nevalainen, Bird & Bird
Exove and Bird & Bird seminar on Nov 23rd 2016: "GDPR - Practical Effects on Digital Business - juridical, technical, and customer point of view"
General Data Protection Regulation (GDPR) Implications for Canadian Firmsaccenture
The General Data Protection Regulation (GDPR) represents significant challenges for financial institutions to comply with the new data processing and record keeping requirements. This Accenture Finance & Risk presentation explores the impact of GDPR on Canadian firms, including lessons learned from our work with clients and knowledge gained that can be used for an effective GDPR journey.
The GDPR will directly apply across the EU from May 2018, replacing the previous data protection directive. It expands the scope of regulations and increases accountability for organizations. Individual rights are also enhanced, including rights to access, rectify, and erase personal data. Non-compliance can result in fines of up to 20 million euros or 4% of annual global turnover. Organizations should begin compliance projects now to assess risks, strengthen policies, and appoint data protection officers. The GDPR aims to harmonize data protection and modernize rules for an increasingly digital world.
Similar to Become legally compliant using CloudWATCH2 Legal Guides (20)
Trusted and transparent cloud services for innovation and growth in Europe CloudWATCH Consortium
• James Mitchell, Strategic Blue & CloudWATCH2
• Szymon Błaszczyk, 7bulls.com
• Marco van den Akker, Cloud Evangelist
• David Wallom, Oxford e-Research
All you need to know about the economic, financial and market dynamics shaping the cloud computing market in Europe, and globally, over the next 5 years.
Why standardise? The business case for the adoption of cloud standardsCloudWATCH Consortium
CloudWATCH Summit - 20th September 2017 TQ, Amsterdam
Chair – David Wallom, University of Oxford
Dr. Wolfgang Ziegler, Fraunhofer Institute for Algorithms and Scientific Computing (SCAI)
Bruno Chenard, CENELEC - European Committee for Electrotechnical Standardization
Arthur van der Wees, Arthur's Legal
Cedric Thomas, OW2
Security certifications and interoperability standards are essential for ensuring that cloud-based services can be trusted by end-users and become a unique selling point for providers. This session will demystify the standards landscape offering guidance on adopting essential standards allowing you to stay safe and avoid vendor lock-in.
Frank Sullivan at CloudWATCH Summit 2017
The CW2 Market & Technology Readiness Level (“MTRL”) framework provides start-ups and R&I projects with a holistic view of how to mature your innovative ideas in a simple way - with a single score. It offers you a faster way to assess, measure and support technology projects. We’ll bring together EC funded projects and TQ start-ups to pitch their ideas, and advice on developing a business case starting with the end user problem being addressed, advice on packaging the ‘big idea’ and enabling the cross pollination of ideas for business models between projects as a source of valuable feedback.
ESSENTIALS TOWARDS A SECURE AND RESILIENT CLOUD FOR THE DIGITAL SINGLE MARKET
Reducing frictions between cloud buyers and sellers, and building trust in the Digital Single Market. We set the scene for a resilient cloud market, and discuss the value of services that lead to greater trust and uptake of cloud services.
The document summarizes key aspects of the EU's General Data Protection Regulation (GDPR) that takes effect in May 2018, including:
- It expands the territorial scope of EU data protection law and sets a higher standard for consent.
- It establishes principles of accountability, data protection by design/default, and data protection impact assessments to demonstrate compliance.
- It strengthens individual rights around access, rectification, erasure, data portability, and objection to processing.
- It imposes new rules around international data transfers and increases maximum fines for noncompliance.
- Organizations should review their governance, policies, procedures and consent mechanisms to prepare for the GDPR's requirements.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Synopsis On Annual General Meeting/Extra Ordinary General Meeting With Ordinary And Special Businesses And Ordinary And Special Resolutions with Companies (Postal Ballot) Regulations, 2018
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
This document briefly explains the June compliance calendar 2024 with income tax returns, PF, ESI, and important due dates, forms to be filled out, periods, and who should file them?.
What are the common challenges faced by women lawyers working in the legal pr...lawyersonia
The legal profession, which has historically been male-dominated, has experienced a significant increase in the number of women entering the field over the past few decades. Despite this progress, women lawyers continue to encounter various challenges as they strive for top positions.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
7. Key definitions (i)
7
Controller - retained
The natural or legal person, public authority, agency or other body which, alone or jointly with others,
determine the purposes and means of the processing of personal data.
Processor- retained
A natural or legal person, public authority, agency or other body which processes personal data on behalf of
the controller.
Consent - amended
Any freely given, specific, informed and unambiguous indication of the data subject's wishes by which he or
she, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data
relating to him or her.
Main establishment – new
As regards a controller with establishments in more than one Member State, the place of its central
administration in the Union, unless the decisions on the purposes and means of the processing of
personal data are taken in another establishment of the controller in the Union and the latter
establishment has the power to have such decisions implemented, in which case the establishment having
taken such decisions is to be considered to be the main establishment.
8. Key definitions (ii)
8
Personal Data – retained (but mind the EU case law)
Any information relating to an identified or identifiable natural person ('data subject').
Special – i.e., sensitive – Data - amended
Data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union
membership, and the processing of genetic data, biometric data for the purpose of uniquely identifying a
natural person, data concerning health or data concerning a natural person's sex life or sexual orientation.
Pseudonymization - new
The processing of personal data in such a manner that the personal data can no longer be attributed to a
specific data subject without the use of additional information, provided that such additional information is
kept separately and is not subject to technical and organisation measures to ensure that the personal data
are not attributed to an identified or identifiable natural person.
34. 34
ICTLC I Senior Associate
Avv. NICOLA FRANCHETTO, LL.M. – Senior Associate
Nicola Franchetto is a qualified ICT, Privacy & Data Protection lawyer – Senior Associate at ICT
Legal Consulting, Fellow of the European Privacy Association (Brussels) and the Italian
Institute for Privacy (Rome).
He obtained an LL.M. (Master of Laws) in Information Technology and Intellectual Property at
the Institute for Legal Informatics (IRI) (University of Hannover) (DE). Franchetto poses a very
strong expertise on Data Security and Information Technology, effectively he operates in ICT
Legal Consulting as man in the middle between the legal and the IT practical aspects related
to personal data processing. Cloud computing, Big Data, Analytics and Internet of Things are
areas in which he has developed significant experience.