This document summarizes a webinar on data protection held on April 2nd, 2014. It covered several topics: demystifying big data and the privacy issues it raises; ensuring cookie compliance; rules around security breaches; hot topics in workplace privacy like bring your own device policies and whistleblowing; and an overview of the draft EU Data Protection Regulation. The webinar provided guidance on these issues and emphasized the need for organizations to review their policies and practices to ensure compliance. It also noted ongoing negotiations around the EU regulation and implications for the future of data protection.
CEE CMS Data Protection webinar series - Part 1CMSLondon
This webinar aims to provide you with an overview of the various national personal data protection frameworks that exist in CEE, particularly in Bulgaria, Czech Republic, Hungary, Poland, Romania, Russia, Slovakia, and Ukraine. CMS have provided legal assistance in each of these jurisdictions for many years.
This document provides an overview of trends and issues from the Information Commissioner's Office (ICO), including key statistics on Data Protection Act (DPA) complaints and enforcement actions. Common data protection failures seen by the ICO include a lack of training, inadequate policies and procedures, and failure to implement appropriate technical solutions like encryption. The ICO has a range of regulatory and enforcement options, including civil monetary penalties (CMPs), with a framework that considers the seriousness, aggravating/mitigating factors, financial impact, objectives, and consistency with past cases. An example CMP of £50,000 issued to Amber UPVC Fabrications Ltd is described.
This document provides an agenda and summaries for a legal update event on data protection hosted by Pinsent Masons. The event will cover the current position of the EU Draft Data Protection Regulation and potential changes, consumer rights legislation, and ICO guidance on direct marketing. Speakers will discuss the impact of these regulations and guidance on businesses, including increased compliance obligations, sanctions for non-compliance, and restrictions on data processing and direct marketing. The event aims to help businesses understand and prepare for new data protection laws and regulations.
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
The document provides IAB Europe's position on the proposed ePrivacy Regulation. Some key points:
- IAB Europe recommends amending Article 8(1) to fully align it with the GDPR's principles-based approach to lawful processing, rather than imposing rigid consent requirements.
- It recommends maintaining clarification from the ePrivacy Directive that access to online services can be conditional on consent to non-necessary data processing for monetization.
- IAB Europe warns against mandating browser options to block processing as it could break many services and irritate users.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
The document summarizes the key changes between the Data Protection Act and the new General Data Protection Regulation (GDPR) that takes effect in 2018. Some of the major changes include stricter consent requirements, increased accountability and governance responsibilities, larger fines for noncompliance, and new data subject rights around access, erasure, and portability. It recommends organizations form working groups, obtain specialist knowledge, and get certified to ensure compliance with the GDPR before enforcement begins in 2018.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
The document summarizes a workshop on data privacy that took place from February 25-27, 2019 in Dana Point, California. It included sessions on what Europe can teach US companies about location data and privacy, and what makes the EU's General Data Protection Regulation (GDPR) effective. One session provided an overview of the history and key aspects of the GDPR, including the rights it provides to individuals and obligations it places on companies that process personal data. Another case study example explored different scenarios around collecting and processing audience measurement data and the rules that would apply in each scenario.
CEE CMS Data Protection webinar series - Part 1CMSLondon
This webinar aims to provide you with an overview of the various national personal data protection frameworks that exist in CEE, particularly in Bulgaria, Czech Republic, Hungary, Poland, Romania, Russia, Slovakia, and Ukraine. CMS have provided legal assistance in each of these jurisdictions for many years.
This document provides an overview of trends and issues from the Information Commissioner's Office (ICO), including key statistics on Data Protection Act (DPA) complaints and enforcement actions. Common data protection failures seen by the ICO include a lack of training, inadequate policies and procedures, and failure to implement appropriate technical solutions like encryption. The ICO has a range of regulatory and enforcement options, including civil monetary penalties (CMPs), with a framework that considers the seriousness, aggravating/mitigating factors, financial impact, objectives, and consistency with past cases. An example CMP of £50,000 issued to Amber UPVC Fabrications Ltd is described.
This document provides an agenda and summaries for a legal update event on data protection hosted by Pinsent Masons. The event will cover the current position of the EU Draft Data Protection Regulation and potential changes, consumer rights legislation, and ICO guidance on direct marketing. Speakers will discuss the impact of these regulations and guidance on businesses, including increased compliance obligations, sanctions for non-compliance, and restrictions on data processing and direct marketing. The event aims to help businesses understand and prepare for new data protection laws and regulations.
IAB Europe position on the proposal for an ePrivacy regulationIAB Europe
The document provides IAB Europe's position on the proposed ePrivacy Regulation. Some key points:
- IAB Europe recommends amending Article 8(1) to fully align it with the GDPR's principles-based approach to lawful processing, rather than imposing rigid consent requirements.
- It recommends maintaining clarification from the ePrivacy Directive that access to online services can be conditional on consent to non-necessary data processing for monetization.
- IAB Europe warns against mandating browser options to block processing as it could break many services and irritate users.
The document provides an overview of the new General Data Protection Regulation (GDPR) that takes effect in May 2018 and impacts all businesses in the EU. It outlines key aspects of the regulation including requirements for appropriate security of personal data, restrictions on processing of biometric and sensitive data, rights of data subjects to access and correct their data, rules around breach notification, and penalties for noncompliance that can reach 4% of global annual turnover. It also requires the appointment of an independent data protection officer at organizations that conduct large-scale processing of personal data.
The document summarizes the key changes between the Data Protection Act and the new General Data Protection Regulation (GDPR) that takes effect in 2018. Some of the major changes include stricter consent requirements, increased accountability and governance responsibilities, larger fines for noncompliance, and new data subject rights around access, erasure, and portability. It recommends organizations form working groups, obtain specialist knowledge, and get certified to ensure compliance with the GDPR before enforcement begins in 2018.
The GDPR replaces the EU Data Protection Directive and introduces stricter regulations around personal data processing and privacy. It applies to all companies that handle the personal data of EU residents, regardless of the company's location. Under the GDPR, companies face heavier obligations like obtaining consent to collect personal data, appointing a data protection officer, implementing security measures, notifying about data breaches, and heavy fines for noncompliance. It also expands individuals' privacy rights regarding their personal data.
LSA19: What Europe Can Teach U.S. Companies About Location and Data Privacy W...Localogy
The document summarizes a workshop on data privacy that took place from February 25-27, 2019 in Dana Point, California. It included sessions on what Europe can teach US companies about location data and privacy, and what makes the EU's General Data Protection Regulation (GDPR) effective. One session provided an overview of the history and key aspects of the GDPR, including the rights it provides to individuals and obligations it places on companies that process personal data. Another case study example explored different scenarios around collecting and processing audience measurement data and the rules that would apply in each scenario.
The General Data Protection Regulation (GDPR) is a comprehensive reform of the EU's 1995 data protection regulation that strengthens and unifies online privacy rights and data protection for EU citizens. Key changes include stricter rules around data breaches, higher fines of up to 4% of global turnover for non-compliance, and a single law across the EU instead of different national laws. Organizations must notify breaches to authorities within 72 hours and encrypt personal data to avoid notifying individuals affected in high risk breaches. The GDPR takes effect in 2018.
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
The document provides an overview of the General Data Protection Regulation (GDPR) from a legal perspective. It summarizes the key changes and obligations under the GDPR, including expanded territorial scope, strengthened rights for data subjects, requirements for controllers and processors, data security measures, data breach notification, and increased administrative fines for noncompliance. The presentation emphasizes that organizations should take action to ensure compliance with the GDPR, which applies starting May 25, 2018.
This document provides an overview of the General Data Protection Regulation (GDPR) from a legal perspective. It discusses key changes and obligations under the GDPR, including territorial scope, lawfulness of processing, rights of data subjects, roles of controllers and processors, data security requirements, and sanctions for noncompliance. The GDPR aims to strengthen and harmonize data protection across the EU by directly applying in all member states and ensuring free flow of personal data. It applies from May 25, 2018 and organizations should take action now to ensure compliance.
This document summarizes a legal update meeting on the EU Data Protection Regulation. The meeting agenda included presentations on the future of the EU Data Protection Regulation and how it will impact direct marketing practices. Key points from the presentations include:
- The current EU Data Protection Directive is outdated and a new Regulation is being negotiated that would impose stricter consent requirements, rights for individuals, and sanctions for non-compliance.
- Explicit consent may be required for all data processing and marketing under the new Regulation.
- Individuals may have new rights like "the right to be forgotten" and easier access to their personal data.
- Businesses need to prepare for potential fines of up to 2% of global annual turnover for violations
The GDPR is a new EU regulation that protects personal data and privacy rights. It applies broadly to any organization that handles EU citizens' data. Key provisions include:
- Significant fines for non-compliance up to €20 million or 4% annual global turnover
- Rights for data subjects to access, correct, and delete their personal data
- Mandates for consent, privacy by design, and data protection officers.
- Breach notification requirements for reporting certain data incidents within 72 hours.
This document provides an introduction to the General Data Protection Regulation (GDPR). It begins by defining GDPR and explaining why it is important. It describes the evolution of GDPR from earlier data protection directives and regulations. It then defines several key terms related to GDPR, such as personal data, sensitive data, processing, pseudonymisation, and anonymisation. It outlines the structure of GDPR including its 11 chapters and 99 articles. It also describes various roles defined in GDPR such as controller, processor, data protection officer, and supervisory authority. Finally, it summarizes the six key GDPR principles and six lawful bases for processing personal data.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
The document provides an overview of a data protection seminar, including:
- The agenda which covers understanding data protection law, practical tips for marketers, and a question period.
- An introduction to why data protection is important for protecting information, avoiding reputational damage, making good business sense, and avoiding enforcement actions.
- A summary of the key aspects of the Data Protection Act 1998 and Privacy and Electronic Communications Regulation 2003, including definitions, principles, and rules regarding marketing communications.
- Practical tips for marketers regarding data capture, obtaining permissions, and regaining lost permissions in compliance with regulations.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
The General Data Protection Regulations (GDPR)
Lighting is no longer a stand-alone building or urban service, existing in isolation from other systems and services. Lighting is being driven by increasingly technologically advanced controls. Whether this is the move towards smart cities or the Internet of Things, small domestic systems or urban big data, security and privacy is becoming a matter of concern.
As we move into an interconnected future we need to understand the implications on how we process and use increasing amounts of data, including current legal requirements given in documents such as the General Data Protection Regulation and The Cybersecurity Act.
This presentation gives an overview of these issues and how they may affect the lighting industry.
By speaker: Peter Thorns BSc(Hons) CEng FCIBSE FSLL - Head of Strategic Lighting Applications, Thorn Lighting Ltd
This document discusses regulatory issues related to moving data centers to Romania. It outlines key considerations under Romanian law regarding applicable data protection law, data security requirements, and compliance with law enforcement disclosure requests. Specifically, it notes that Romanian data protection law applies to non-EU entities with equipment in Romania, and that data security must be ensured through both contractual and factual safeguards. It also describes the Romanian authorities that can request access to data and issues around challenging such requests.
The document discusses the new EU General Data Protection Regulation (GDPR) which provides stricter rules around data protection and privacy for all EU member states. Some key points:
- The GDPR replaces all current EU data protection laws and provides a two year transition period for businesses to comply.
- It strengthens individual rights around access to personal data and how it is processed.
- For businesses, it establishes one consistent law for all EU states and tougher sanctions for non-compliance up to 4% of global revenue.
- Businesses must demonstrate accountability and compliance with principles like data minimization, security safeguards, and breach reporting within 72 hours.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
The General Data Protection Regulation (GDPR) is a comprehensive reform of the EU's 1995 data protection regulation that strengthens and unifies online privacy rights and data protection for EU citizens. Key changes include stricter rules around data breaches, higher fines of up to 4% of global turnover for non-compliance, and a single law across the EU instead of different national laws. Organizations must notify breaches to authorities within 72 hours and encrypt personal data to avoid notifying individuals affected in high risk breaches. The GDPR takes effect in 2018.
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
The document provides an overview of the General Data Protection Regulation (GDPR) from a legal perspective. It summarizes the key changes and obligations under the GDPR, including expanded territorial scope, strengthened rights for data subjects, requirements for controllers and processors, data security measures, data breach notification, and increased administrative fines for noncompliance. The presentation emphasizes that organizations should take action to ensure compliance with the GDPR, which applies starting May 25, 2018.
This document provides an overview of the General Data Protection Regulation (GDPR) from a legal perspective. It discusses key changes and obligations under the GDPR, including territorial scope, lawfulness of processing, rights of data subjects, roles of controllers and processors, data security requirements, and sanctions for noncompliance. The GDPR aims to strengthen and harmonize data protection across the EU by directly applying in all member states and ensuring free flow of personal data. It applies from May 25, 2018 and organizations should take action now to ensure compliance.
This document summarizes a legal update meeting on the EU Data Protection Regulation. The meeting agenda included presentations on the future of the EU Data Protection Regulation and how it will impact direct marketing practices. Key points from the presentations include:
- The current EU Data Protection Directive is outdated and a new Regulation is being negotiated that would impose stricter consent requirements, rights for individuals, and sanctions for non-compliance.
- Explicit consent may be required for all data processing and marketing under the new Regulation.
- Individuals may have new rights like "the right to be forgotten" and easier access to their personal data.
- Businesses need to prepare for potential fines of up to 2% of global annual turnover for violations
The GDPR is a new EU regulation that protects personal data and privacy rights. It applies broadly to any organization that handles EU citizens' data. Key provisions include:
- Significant fines for non-compliance up to €20 million or 4% annual global turnover
- Rights for data subjects to access, correct, and delete their personal data
- Mandates for consent, privacy by design, and data protection officers.
- Breach notification requirements for reporting certain data incidents within 72 hours.
This document provides an introduction to the General Data Protection Regulation (GDPR). It begins by defining GDPR and explaining why it is important. It describes the evolution of GDPR from earlier data protection directives and regulations. It then defines several key terms related to GDPR, such as personal data, sensitive data, processing, pseudonymisation, and anonymisation. It outlines the structure of GDPR including its 11 chapters and 99 articles. It also describes various roles defined in GDPR such as controller, processor, data protection officer, and supervisory authority. Finally, it summarizes the six key GDPR principles and six lawful bases for processing personal data.
New General Data Protection Regulation (Agnes Andersson Hammarstrand)Nordic APIs
This is a session given by Agnes Andersson Hammarstrand at Nordic APIs 2016 Platform Summit on October 25th, in Stockholm Sweden.
Description:
This spring a new EU General Data Protection Regulation was adopted to replace the current personal data legislations. Companies that break the rules risk fines of up to 4 % of the worldwide group turnover. The new regulations entail a large number of news that all companies should be informed about. Among other things, IT systems need to be adapted to privacy under the principles of privacy by design.
Agnes Hammarstrand, partner at Delphi Law firm and expert within IT and online provides an introduction to the new regulations and what you need to do.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Social business software is all about sharing content and data in a “collaborative” way to identify internal or external experts. Most of these data must be considered as personal data which is related to an individual person.
Implementing social business technologies in enterprises often leads to discussion with data protection supervisors how to be compliant with EU data protection law. This discussion gets even more challenging if you consider using social business applications in “the cloud” which might the only choice in the near future due IBMs “Cloud First” or Microsoft’s “Cloud only” delivery model.
This session will give you an overview
- about EU data protection regulations
- its implications for using social business systems
- special considerations for using cloud based social business systems
The document provides an overview of a data protection seminar, including:
- The agenda which covers understanding data protection law, practical tips for marketers, and a question period.
- An introduction to why data protection is important for protecting information, avoiding reputational damage, making good business sense, and avoiding enforcement actions.
- A summary of the key aspects of the Data Protection Act 1998 and Privacy and Electronic Communications Regulation 2003, including definitions, principles, and rules regarding marketing communications.
- Practical tips for marketers regarding data capture, obtaining permissions, and regaining lost permissions in compliance with regulations.
ESET Quick Guide to the EU General Data Protection RegulationESET
The General Data Protection Regulation (GDPR) is an EU-wide reform of data protection laws and policies that will take effect in 2018. It aims to strengthen and unify data protection for individuals within the EU. Key changes include requirements for companies to notify customers of data breaches, higher fines for noncompliance, and "data protection by design" where privacy is built into products from the start. The GDPR requires organizations to implement encryption and other security measures to protect personal data and ensure its confidentiality.
GIG Working Paper 02/2017 - The Definition of Personal DataIAB Europe
This second output of the GIG focuses on the definition of Personal Data under the GDPR, explaining how it will affect companies in the online advertising space.
The General Data Protection Regulations (GDPR)
Lighting is no longer a stand-alone building or urban service, existing in isolation from other systems and services. Lighting is being driven by increasingly technologically advanced controls. Whether this is the move towards smart cities or the Internet of Things, small domestic systems or urban big data, security and privacy is becoming a matter of concern.
As we move into an interconnected future we need to understand the implications on how we process and use increasing amounts of data, including current legal requirements given in documents such as the General Data Protection Regulation and The Cybersecurity Act.
This presentation gives an overview of these issues and how they may affect the lighting industry.
By speaker: Peter Thorns BSc(Hons) CEng FCIBSE FSLL - Head of Strategic Lighting Applications, Thorn Lighting Ltd
This document discusses regulatory issues related to moving data centers to Romania. It outlines key considerations under Romanian law regarding applicable data protection law, data security requirements, and compliance with law enforcement disclosure requests. Specifically, it notes that Romanian data protection law applies to non-EU entities with equipment in Romania, and that data security must be ensured through both contractual and factual safeguards. It also describes the Romanian authorities that can request access to data and issues around challenging such requests.
The document discusses the new EU General Data Protection Regulation (GDPR) which provides stricter rules around data protection and privacy for all EU member states. Some key points:
- The GDPR replaces all current EU data protection laws and provides a two year transition period for businesses to comply.
- It strengthens individual rights around access to personal data and how it is processed.
- For businesses, it establishes one consistent law for all EU states and tougher sanctions for non-compliance up to 4% of global revenue.
- Businesses must demonstrate accountability and compliance with principles like data minimization, security safeguards, and breach reporting within 72 hours.
On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
Data Protection Rules are Changing: What Can You Do to Prepare?Lumension
The European Union’s proposed new data protection regulation aims to update Europe’s data protection laws and to provide a more consistent data protection framework across the Continent.
But the new regulation, which replaces the EU’s existing data protection directive and member states’ data protection laws, will put some new demands on organisations holding personal data. Breach disclosure and “the right to be forgotten” will force businesses to update their data protection and retention policies.
This presentation will:
- Review the current EU laws, and contrast them with laws in other parts of the world;
- Examine the arguments for strengthening data protection in Europe, and the likely outcomes;
- Look at what security teams should already be doing to put themselves ahead of legislative changes;
- Outline strategies and technologies organisations need to meet current and future data protection requirements
- Help infosecurity teams to explain the changes – and their consequences – to their boards
The Evolution of Data Privacy: 3 things you didn’t knowSymantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation has been designed to update the current directive which was drafted in a time that was in technology terms, prehistoric. It’s time to evolve.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
The document summarizes key points from a legal update seminar on the proposed EU Data Protection Regulation. It discusses proposed changes such as expanded definitions of personal data, the need for explicit consent, the right to be forgotten, data breach notification requirements, and enhanced sanctions for noncompliance. The proposed regulation would significantly impact how companies process and protect personal data.
The Evolution of Data Privacy - A Symantec Information Security Perspective o...Symantec
The European Union’s proposed General Data Protection Regulation (GDPR) has left even the most informed confused. This new regulation is designed to update the current legislation which was drafted in a time that was in technology terms, prehistoric.
The Data Protection Directive, drafted back in 1995, harks back to a time when data processing was more about filing
cabinets than data rack enclosures. It’s time to evolve.
The document discusses key priorities for boards to consider regarding implementation of the General Data Protection Regulation (GDPR). It provides an overview of the new requirements under GDPR, including expanded individual data rights for EU citizens, increased fines for noncompliance, and broader territorial scope. The document advises boards to ensure proper oversight of their organization's GDPR compliance programs, including regular reporting on status, audits, investigations and market developments. Directors could face liability for failing to oversee GDPR compliance risks.
Privacy Regulations and Your Digital SetupPiwik PRO
How Will the New Privacy Regulations Affect Your Digital Set-up? In less than 2 years from now, Europe’s new data privacy law will come into effect, changing the way organizations handle information of their users. General Data Protection Regulation will heavily impact usage of digital tools for customer insights and analytics.
This presentation was created by the Piwik PRO Team for a webinar session with Aurelie Pols. Webinar recording is available on: https://youtu.be/dPOvbbZ3vdo
Presentatie Giorgos Rossides, Europese CommissieEuropadialoog
The document discusses the need to update EU data protection rules for the 21st century due to new challenges from globalization and technologies. It notes problems citizens face with insufficient control over their personal data online and difficulties exercising their data rights. It also discusses problems businesses face from fragmented rules and inconsistent enforcement across EU states. The main proposed changes under the new regulation aim to put citizens in control of their data and establish consistent rules to create a digital single market while strengthening enforcement.
This document summarizes key points from a presentation about proposed changes to the EU's Data Protection Regulation. It discusses expanded definitions and new requirements for consent, data breaches, subject access requests and more. Consent would need to be explicit under the new rules. IP addresses and cookies may be defined as personal data, affecting digital marketing. Data subjects could request deletion of data. Organizations would face stricter security rules and larger fines for noncompliance. The impact on direct marketing could be significant.
The GDPR document outlines new data protection laws that will take effect in the European Union on May 25th, 2018. The key points are:
1) The GDPR aims to give citizens control over their personal data and simplify rules for businesses.
2) It establishes clear principles for data handling including lawfulness, transparency, storage limitation, and accountability.
3) Individuals are given new rights regarding their data, such as access, rectification, erasure, and objection to processing.
4) Businesses must comply with the single set of rules to reduce costs and protect EU citizen data.
Data protection & security breakfast briefing master slides 28 june-finalDr. Donald Macfarlane
The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed practical strategies for organizations to build a culture of data protection compliance, including data discovery, classification, retention, and disposal. Speakers included experts from IBM, law firms, and other companies to discuss analytics and best practices to help organizations adhere to new rules and regulations.
Data Protection & Security Breakfast Briefing - Master Slides_28 June_finalDr. Donald Macfarlane
The document summarizes an IBM breakfast briefing on data protection, security, and regulatory updates. The briefing covered the changing EU General Data Protection Regulations and implications for organizations, including increased fines for noncompliance. It also discussed privacy rights for individuals, such as the "right to be forgotten" and access to their own data. The briefing addressed how analytics can help adhere to new rules and regulations.
This document provides a summary of a presentation on data protection law and the proposed EU Data Protection Regulation. Key points from the proposed regulation discussed include expanded definitions of personal data, the requirement for explicit consent, the right to be forgotten, increased accountability and security breach notification requirements, more sanctions for non-compliance, and the direct coverage of data processors. Impacts on practices like profiling, use of IP addresses and cookies, and responding to access requests are also covered. The presentation provides timelines for the regulation and discusses lobbying efforts regarding the proposals.
Wsgr eu data protection briefing march 20 2013 - finalValentin Korobkov
1. The document outlines a presentation given in Moscow on the European Union's privacy and data protection legal framework.
2. It provides an overview of the key EU directives and regulations governing privacy, including the upcoming EU Data Protection Regulation, and discusses the regulatory approach of focusing on individuals' rights and informational self-determination.
3. The presentation also examines issues around implementing privacy compliance in practice and focuses on selected issues like secrecy of communications, user identification, and security requirements.
20131009 aon security breach legislationJos Dumortier
The document discusses recent EU legislation around security breach notification duties. It summarizes that the 2009 EU ePrivacy Directive first introduced security breach notification requirements for telecom providers and ISPs. Recent EU proposals aim to expand these duties to other sectors by 1) extending notification to data protection authorities and individuals under the 2012 General Data Protection Regulation and 2) requiring notifications for public administrations and critical infrastructure operators under the 2013 Network and Information Security Directive. The proposals seek to increase harmonization of security breach response across EU member states but questions remain around practical implementation details.
Discussion of the main elements of the draft Data Protection Regulation: what difference will it make to industry practice and user rights to control their data?
Impact of GDPR on the pre dominant business model for digital economiesEquiGov Institute
A brief description of the impact the General Data Protection Regulation (GDPR) could have on the proposed move towards a digital economy, especially for the Caribbean
Data security and cyber risks - In house lawyers forum 2013, Richard NicholasBrowne Jacobson LLP
This document summarizes key points about data security and cyber risks, including recent developments in data protection law and fines issued by regulatory authorities. It discusses the differences between data protection and data security, as well as the legal requirements for appropriate technical and organizational security measures. Statistics on the financial costs of cybercrime to both individuals and businesses in the UK are presented. The document concludes by offering advice on how to prepare for and respond to a data breach.
Similar to CEE CMS Data Protection webinar series - Part 2 (20)
सुप्रीम कोर्ट ने यह भी माना था कि मजिस्ट्रेट का यह कर्तव्य है कि वह सुनिश्चित करे कि अधिकारी पीएमएलए के तहत निर्धारित प्रक्रिया के साथ-साथ संवैधानिक सुरक्षा उपायों का भी उचित रूप से पालन करें।
What are the common challenges faced by women lawyers working in the legal pr...lawyersonia
The legal profession, which has historically been male-dominated, has experienced a significant increase in the number of women entering the field over the past few decades. Despite this progress, women lawyers continue to encounter various challenges as they strive for top positions.
Defending Weapons Offence Charges: Role of Mississauga Criminal Defence LawyersHarpreetSaini48
Discover how Mississauga criminal defence lawyers defend clients facing weapon offence charges with expert legal guidance and courtroom representation.
To know more visit: https://www.saini-law.com/
The Future of Criminal Defense Lawyer in India.pdfveteranlegal
https://veteranlegal.in/defense-lawyer-in-india/ | Criminal defense Lawyer in India has always been a vital aspect of the country's legal system. As defenders of justice, criminal Defense Lawyer play a critical role in ensuring that individuals accused of crimes receive a fair trial and that their constitutional rights are protected. As India evolves socially, economically, and technologically, the role and future of criminal Defense Lawyer are also undergoing significant changes. This comprehensive blog explores the current landscape, challenges, technological advancements, and prospects for criminal Defense Lawyer in India.
Matthew Professional CV experienced Government LiaisonMattGardner52
As an experienced Government Liaison, I have demonstrated expertise in Corporate Governance. My skill set includes senior-level management in Contract Management, Legal Support, and Diplomatic Relations. I have also gained proficiency as a Corporate Liaison, utilizing my strong background in accounting, finance, and legal, with a Bachelor's degree (B.A.) from California State University. My Administrative Skills further strengthen my ability to contribute to the growth and success of any organization.
Guide on the use of Artificial Intelligence-based tools by lawyers and law fi...Massimo Talia
This guide aims to provide information on how lawyers will be able to use the opportunities provided by AI tools and how such tools could help the business processes of small firms. Its objective is to provide lawyers with some background to understand what they can and cannot realistically expect from these products. This guide aims to give a reference point for small law practices in the EU
against which they can evaluate those classes of AI applications that are probably the most relevant for them.
Sangyun Lee, 'Why Korea's Merger Control Occasionally Fails: A Public Choice ...Sangyun Lee
Presentation slides for a session held on June 4, 2024, at Kyoto University. This presentation is based on the presenter’s recent paper, coauthored with Hwang Lee, Professor, Korea University, with the same title, published in the Journal of Business Administration & Law, Volume 34, No. 2 (April 2024). The paper, written in Korean, is available at <https://shorturl.at/GCWcI>.
Receivership and liquidation Accounts
Being a Paper Presented at Business Recovery and Insolvency Practitioners Association of Nigeria (BRIPAN) on Friday, August 18, 2023.
Genocide in International Criminal Law.pptxMasoudZamani13
Excited to share insights from my recent presentation on genocide! 💡 In light of ongoing debates, it's crucial to delve into the nuances of this grave crime.
Business law for the students of undergraduate level. The presentation contains the summary of all the chapters under the syllabus of State University, Contract Act, Sale of Goods Act, Negotiable Instrument Act, Partnership Act, Limited Liability Act, Consumer Protection Act.
Lifting the Corporate Veil. Power Point Presentationseri bangash
"Lifting the Corporate Veil" is a legal concept that refers to the judicial act of disregarding the separate legal personality of a corporation or limited liability company (LLC). Normally, a corporation is considered a legal entity separate from its shareholders or members, meaning that the personal assets of shareholders or members are protected from the liabilities of the corporation. However, there are certain situations where courts may decide to "pierce" or "lift" the corporate veil, holding shareholders or members personally liable for the debts or actions of the corporation.
Here are some common scenarios in which courts might lift the corporate veil:
Fraud or Illegality: If shareholders or members use the corporate structure to perpetrate fraud, evade legal obligations, or engage in illegal activities, courts may disregard the corporate entity and hold those individuals personally liable.
Undercapitalization: If a corporation is formed with insufficient capital to conduct its intended business and meet its foreseeable liabilities, and this lack of capitalization results in harm to creditors or other parties, courts may lift the corporate veil to hold shareholders or members liable.
Failure to Observe Corporate Formalities: Corporations and LLCs are required to observe certain formalities, such as holding regular meetings, maintaining separate financial records, and avoiding commingling of personal and corporate assets. If these formalities are not observed and the corporate structure is used as a mere façade, courts may disregard the corporate entity.
Alter Ego: If there is such a unity of interest and ownership between the corporation and its shareholders or members that the separate personalities of the corporation and the individuals no longer exist, courts may treat the corporation as the alter ego of its owners and hold them personally liable.
Group Enterprises: In some cases, where multiple corporations are closely related or form part of a single economic unit, courts may pierce the corporate veil to achieve equity, particularly if one corporation's actions harm creditors or other stakeholders and the corporate structure is being used to shield culpable parties from liability.
San Remo Manual on International Law Applicable to Armed Conflict at Sea
CEE CMS Data Protection webinar series - Part 2
1. 2nd of April 2014
CMS CEE Data Protection Webinar series
PART 2
Digital Legal Guardians
2. 2nd of April 2014
Your
presenters
today
Hungary
Dóra Petrányi
Hungary
Márton Domokos
Poland
Marcin Lewoszewski
Romania
Marius Petroiu
Russia
Elena Baryshnikova
Ukraine
Nataliya
Nakonechna
Ukraine
Olga Belyakova
4. 2nd of April 2014
Agenda
- Demystifying Big Data
- Cookie Compliance
- Rules on security breach
- Workplace Privacy
- The New EU Data Protection Regulation
- Check List
5. Cyber criminals hack smart fridge to
send out spam
Internet of Things will
impact law
”Big Data” gets bigger Big data, big legal trouble?
Complex & extensive
cloud computing
Targeting the
$100 Billion Cloud Market
Mobile content revolution
App Generation will lead to
$77bn in revenues by 2017
Wearable technologies
How Google Glass Is Redefining
Tech Etiquette
e-health
Oral B's smart toothbrush lets
dentists spy on your brushing
Introduction
Trends in privacy and the risk landscape
6. Microsoft Working On New Tracking
Technology To Replace Cookies
More personal advertising
Finalisation of the EU
Regulation
Reding: „Full Speed on EU Data
Protection Reform 2014”
Strong push on compliance
(whitleblowing)
New Whistleblowing Law Generates
New Data Privacy Issues in Hungary
Fines, recovery costs and
reputation
Facebook-WhatsApp Risks
Sparking Privacy Probes
Tarns-Atlantic tensions
EU data protection reform could
start 'trade war'
Introduction
Trends in privacy and the risk landscape
8. Demystifying Big Data (1) “The next big thing”
− BIG = source, speed, volume - advanced algorithms
− New sources (e.g., web data, tweets, social media, email, text
messages, instant messages, chat)
− Unanticipated insights and low storage cost
− To revolutionize business, science, research and education
Legal guidance how to demonstrate legitimacy…
Fraud prevention Network security
Exploring consumer
expectations
Energy efficiency
9. Demystifying Big Data (2) Data privacy issues
Accountability
Does it require consent?
Any error in
the process?
Data security
measures?
How to minimise the data collection?
Legitimate data
processing purpose?
Prohibited decisions?
10. Demystifying Big Data (3) „Regulatory changes may
require recalibration” Big Data issues in our practice
1. Personalized recommendations, targeted marketing and other services to
identifiable users or mobile devices.
2. What is “personal data”? e.g. anonymous data, health, location
3. What shall the privacy notice contain?
4. What about reminders?
5. Get explicit opt-in or rely on implied consent?
6. Opt-out options?
7. Permitted combination of information?
8. No personalized services but still collecting data to improve algorithms?
Monitoring procedures relation Big Data projects
12. Directive 2002/58/EC on Privacy
and Electronic Communications
WD 02/2013 Providing Guidance
on Obtaining Consent for Cookies
Opinion 04/2012 on Cookie
Consent Exemption
Opinion 2/2010 on Online
Behavioural Advertising
„The use of e-communications
networks to store information or
to gain access to information
stored in the terminal
equipment of a subscriber or
user is only allowed on
condition that the subscriber or
user concerned is provided
with clear and comprehensive
information.” (Article 5 (3))
Cookie Compliance (1)
14. Cookie Compliance (3) Verification of internal
practice
− Types of cookies?
− Purpose and technology?
− Personal data processing? How long?
− Further processing (pl.: combination of data)?
− Data transfer (third party cookies)?
− Is it necessary to obtain prior, informed consent?
− Data privacy notice?
− Separate policy + link, format, positioning?
− Third party agreements? (advertisement)
− Data Protection Registry?
− Handling users’ requests?
15. Poland: Russia: Romania: Ukraine:
Opt-in
Non specific guidance
DPA: brief privacy
information on cookie
placement is sufficient
No specific regulation
Companies place the
cookie policies on their
websites to protect
their interests
DPA: official position
is not present
Opt in: No specific
guidance. DPA: brief
privacy information
on cookie placement
is sufficient
No specific regulation
DPA:
- user’s consent on
processing of his personal
data using ‘cookies’
- clear privacy statement
with reference to detailed
privacy policy
Cookie Compliance (4) CEE Overview
Hungary: Slovakia: Bulgaria: Czech Republic:
Opt-in
Non specific guidance
DPA: brief privacy
information on cookie
placement is sufficient
Opt-in (the setting of
the internet browser
allowing cookies is
considered as previous
consent)
Brief privacy
information on cookie
placement is sufficient
No specific
regulation re
cookies
Failure to fully implement
opt-in scheme
Arguable if cookies are
considered as personal
data or not
17. 17
Security Breach Notifications
Hungary Czech
Republic
Slovakia Bulgaria
Sector? Telcos only Telcos only Telcos only
Providers of publicly
available electronic
communications services
Specific
rules?
In line with Regulation
611/2013/EU
In line with Regulation
611/2013/EU.
In line with
Regulation
611/2013/EU
Electronic Communications
Act (notification to the Data
Protection Authority within 3
days vs 24 hours in the
Regulation 611/2013/EU)
Poland Romania Ukraine Russia
Sector?
Telcos only
Providers of Telco services N/A
N/A
Specific
rules?
In line with Regulation
611/2013/EU
Law 506/2004 on
processing personal data in
the Telco field
N/A
Amendments to the Data
Protection Law providing
that data processors must
inform DPA on breaches are
being prepared now.
19. Workplace privacy
“Hot” data privacy topics (2)
− Russia
− Issue: Monitoring of private
correspondence on corporate
devices possible?
− Internal policies and notifications
on the monitoring to be signed by
employees
− Russia
− Issue: Monitoring of private
correspondence on corporate
devices possible?
− Internal policies and notifications
on the monitoring to be signed by
employees
Romania
− Interviews / background checks:
scope needs to be limited:
reasonable & necessary
− New DPA rules on CCTV
− Criminal Code: correspondence
secrecy
Romania
− Interviews / background checks:
scope needs to be limited:
reasonable & necessary
− New DPA rules on CCTV
− Criminal Code: correspondence
secrecy
Ukraine
− No specific regulation.
− CCTV and access to corporate e-
mail account require employee’s
consent
Ukraine
− No specific regulation.
− CCTV and access to corporate e-
mail account require employee’s
consent
Hungary
− Labour Code permits monitoring and
transfer to processors
− Updated employee privacy notices
− New rules on CCTV use
− DPA fine re employee laptop access
− New whistleblowing law
Hungary
− Labour Code permits monitoring and
transfer to processors
− Updated employee privacy notices
− New rules on CCTV use
− DPA fine re employee laptop access
− New whistleblowing law
20. Workplace privacy
“Hot” data privacy topics
Slovakia
− Emails or phone calls employees to
be informed of the extent of control
methods, implementation and
duration in advance.
− Discussion with the employees´
representative
Slovakia
− Emails or phone calls employees to
be informed of the extent of control
methods, implementation and
duration in advance.
− Discussion with the employees´
representative
Bulgaria
− Amendment on Labour Code
dated 2011 allow video
surveillance for monitoring work
process and observing working
time. Employees shall provide
their explicit consent!
Bulgaria
− Amendment on Labour Code
dated 2011 allow video
surveillance for monitoring work
process and observing working
time. Employees shall provide
their explicit consent!
− Czech Republic
− New case law on monitoring:
strengthening the position of
employers re breach of work
duties; stressing the duty of
loyalty of employees.
− Monitoring must not be excessive.
− Czech Republic
− New case law on monitoring:
strengthening the position of
employers re breach of work
duties; stressing the duty of
loyalty of employees.
− Monitoring must not be excessive.
Poland
− No specific regulation
− Good practice: information to
employees about monitoring
and its extent
Poland
− No specific regulation
− Good practice: information to
employees about monitoring
and its extent
21. Workplace privacy “Hot” data privacy topics:
Bring Your Own Device (BYOD) (1)
− Personal devices used for employment / professional purposes vs.
company devices
− Private and corporate data are accessed with one device
− Employer expects control over the data and the device
− Control = remote access + administration rights (mobile device
management’ security updates, lock access, data removal)
− Best practice:
• BYOD guidelines / update of existing policies (acceptable use, device
management) + training
• Separating corporate and private data + alternatives (virtual
solutions)
• ICO Guidance
Revise / review BYOD policies and watch out for regulatory developments
22. Workplace privacy “Hot” data privacy topics:
Bring Your Own Device (BYOD) (2)
Hungary Czech
Republic
Romania Ukraine
Consent? No Yes No Yes
Privacy notice? Yes Yes
Internal rules regulate
issues e.g. privacy,
security
Yes
Works council
involvement?
Yes No
Iimplemented in
consultation with
employees’
representatives
No
Poland Slovakia Bulgaria Russia
Consent? Yes Yes No N/A
Privacy notice? Yes Yes Yes N/A
Works Council
Involvement?
No No No
Internal rules on
privacy and security
may cover such use
23. Workplace privacy
“Hot” data privacy topics:
Whistleblowing (1) – best practices
Whistleblowing
Data privacy information
No encouragement of anonymity
Data transfer to advisors
Data transfer outside the EEA
Protection of whistleblowers’ identity
Accounting and auditing + related matters
Limited data collection and retention (2 months)
Rights of the incriminated
Notification to / approval by the DPA?
Consequences of misuse
24. 24
Workplace privacy
“Hot” data privacy topics:
Whistleblowing (2)
– local requirements
Is there a specific
law on
whistleblowing
hotlines?
Act CLXV of 2013
on Complaints and
Public Interest
Disclosure
Proposed only for
the banking sector
(pending
parliament
procedure)
Only in the public
sector
(whistleblowing in
general)
NO
Is there a specific
regulatory
guidance on
whistleblowing
hotlines?
NO NO NO NO
Notification to /
approval by the
DPA?
YES
In non-regulated
sectors
YES NO
Hungary Czech Republic Romania Ukraine
25. Workplace privacy
“Hot” data privacy topics:
Whistleblowing (3)
– local requirements
Is there a specific
law on
whistleblowing
hotlines?
NO NO NO
NO
Is there a specific
regulatory
guidance on
whistleblowing
hotlines?
NO NO NO NO
Notification to /
approval by the
DPA?
Yes (notification) YES NO YES
Poland Slovakia Bulgaria Russia
26. 26
Workplace privacy
“Hot” data privacy topics:
Whistleblowing (4)
- new law in Hungary
− Translation and publication of the internal rules
− Registration with the DPA
− Article 29 Working Party Opinion 1/2006
− Sensitive data shall not be processed
− Enhance permitted data transfers
− Outside the EEA: data transfer agreement + ‘adequate protection’
− Specific deadlines for the investigation and data retention
− Mandatory notifications to whistleblowers and the reported
− Mandatory notification to criminal authorities
Verify the operation of whistleblowing and watch out for regulatory developments
27. Workplace privacy
“Hot” data privacy topics:
Whistleblowing (5)
- new law in Hungary
Act CLXV of 2013 on Complaints and Public Interest Disclosures
Translation and publication of the
internal rules
Registration with the DPA
Sensitive data shall not be
processed
Works’ council consultation
Mandatory notification to criminal
authorities
Outside the EEA: data transfer
agreement + ‘adequate protection’
Specific deadlines for the
investigation and data retention
Enhances permitted data transfers
29. The draft
EU Data Protection Regulation (1)
Status and next steps
March 2014
June 2013
October
2013
Trilogue
negotiations
November
2013
December
2013
January
2014
European Parliament's formal approval
NSA mass surveillance
activities: ”reforms vital to counter PRISM data access” (Reding)
„breakthrough”: EU LIBE compromise package
EC, Council and Euro MPs
EC calls for Safe Harbor reforms
Justice Ministers failed to agree on one-stop-shop:
”leading lawyers have public catfight”
EDPS calls Germany to take the lead in negotiating
New deadline: end of 2014
30. The draft
EU Data Protection Regulation (2)
− 18 months of ”intense negotiations and fierce
lobbying” - across sectors, B2B, B2C, 100 pages,
4,000 amendments
− Specific rules are not clear: further interpretation,
guidance, industry-specific measures (is it really a
Regulation?)
− Extra-territorial effect may cause trans-Atlantic tensions
− Likely to revolutionize and reshape privacy
− Direct effect
− ”data protection” or ”data protectionism”?
31. The draft
EU Data Protection Regulation (3)
− One-stop-shop: instead of regulatory patchwork of 28
countries, will make the life of company groups easier
BUT: what is the ”main establishment”? competence of
local DPAs will also remain
- More consumer rights & DPA Power: Fine up to EUR 100
million 5% of yearly worldwide turnover)
− Less administration: no more Data Protection Registry
BUT consultation obligation
− Explicit consent: Not required: contracting, compliance, legitimate
interests
BUT: ”significant imbalance” test
32. The draft
EU Data Protection Regulation (4)
− Profiling: only upon consent/contract; prohibited: only upon
sensitive data - may affect Big Data
- Data transfers outside the EU: More practical (e.g.: „Binding
Corporate Rules”, „European Data Protection Seal”), BUT
restricts ”frequent or massive” transfers + regulatory
requests.
− Data Protection Officer: mandatory: for companies processing
data more than 5,000 individuals/year; independent, 2-4
years
− Privacy Notices: More detailed than now + standardised
format using icons
34. The draft
EU Data Protection Regulation (6)
adopt policies, implement measures, keep extensive
documentation, data security requirements, perform
privacy impact assessments, comply with prior
authorisation / consultation by DPA, designate a Data
Protection Officer, bi-annual update of policies
Risk assessment: e.g. data amount type,
automatics, industry (e-health!)
”to the entire lifecycle management of data”
bi-annual update
Accountability
Data privacy impact
assessment
35. The draft
EU Data Protection Regulation (7)
data, copy, link
Independently from the formatData Portability
Right to erasure
Data breach
notification
in all industries – to regulator: immediately; to
customers: only in serious cases
Documentation + database
Privacy By Design Privacy by Design / Default
36. Checklist (1)
(* - also to comply with DP Regulation)
− ”Data discovery” – reviewing the scope of data collected.
− Transparent / accessible policies and governance framework.*
− Documentation of data flows and processes.*
− Drafting / reviewing agreements, consents, NDAs and
confidentiality provisions re data processing and data transfer.
− Revise / review DPA notifications.
− ”Traditional” outsourcing. Make sure you are compliant with
”traditional” issues and watch out for the new trends and new
issues…
− New models of outsourcing – the Cloud. Watch out for regulatory
developments and the expectations in case of contracting.
37. Checklist (2)
- Big Data - watch out for regulatory developments and the
expectations in case of contracting.
- Ensure compliance in „usual” workplace privacy topics.
- Revise / review BYOD and social media policies.
- Verify whistleblowing hotlines, especially in Hungary.
- Reviewing access rights procedures.
- Data breach notifications: implementing internal rules.
- Data portability: identify security issues re transmission / access.
38. Any questions? Would like to know more?
Contact us!
Dóra Petrányi - Hungary
CEE Data Protection Lead Partner
dora.petranyi@cms-cmck.com
+36 1 483 4820
Márton Domokos – Hungary
marton.domokos@cms-cmck.com
+36 1 483 4824
Marcin Lewoszewski – Poland
marcin.lewoszewski@cms-cmck.com
+48 22 520 5525
Marius Petroiu – Romania
marius.petroiu@cms-cmck.com
+40 21 407 3 889
Elena Baryshnikova - Russia
elena.baryshnikova@cmslegal.ru
+7 495 786 40 99
Nataliya Nakonechna – Ukraine
nataliya.nakonechna@cms-cmck.com
+380 44 391 7 729
Olga Belyakova – Ukranie
olga.belyakova@cms-cmck.com
+380 44 391 7 727
39. Thank you for your attention!
Please complete our feedback box that opens automatically when this
presentation closes.
You can download our CMS CEE Guide to Data Protection
& webinar materials from our website
www.cms-cmck.com