The document summarizes key aspects of the EU General Data Protection Regulation (GDPR) that took effect in May 2018. It notes that prior agreements like the EU-US Safe Harbor were invalidated, leading to the GDPR. The GDPR established strict rules for processing and transferring personal data of EU citizens. It requires organizations to implement measures to protect privacy and security, obtain consent, respond to requests, report breaches, designate data protection officers, and only use processors that comply. Non-compliance can result in severe penalties.
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Understanding the EU's new General Data Protection Regulation (GDPR)Acquia
In 2016, the European Union (EU) approved its General Data Protection Regulation (GDPR) to protect European citizens’ data. As a regulation, the GDPR does not require the implementation of legislation, and will immediately become an applicable law as of the 25th of May, 2018.
What is GDPR exactly trying to accomplish? According to the official documents, the goal is the “protection of natural persons with regard to the processing of personal data and on the free movement of such data.”
In short, organizations that conduct business in the EU will need to be compliant with GDPR, and must come to terms with the huge fines that non-compliance can carry. Fines can be up to €20M or 4% of the annual turnover. For companies that experience breaches that result in the loss of personal data (such as Talk Talk, which lost 170,000 people’s data), the fines will be tremendous.
Join us for discussion about GDPR to learn more about:
The principles that organizations that use personal data need to adhere to
The consequences organizations can face if that do not adhere to this new regulation
How your organization can prepare for the future
GDPR Guide: The ICO's 12 Recommended Steps To Take NowHackerOne
Recommendations from The United Kingdom's Information Commissioner's Office (ICO) to Prepare for May 2018.
The European General Data Protection Regulation, better known as GDPR, will take effect on May 25, 2018. When it does, every business, organization, or government agency that collects information on European Union (EU) citizens (in other words, just about everyone) will be forced to radically change how it manages customer data and security. If you don’t, the cost of noncompliance is significant: fines can reach up to €20M ($23.5M) or 4 percent of annual sales, whichever is higher.
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
General Data Protection Regulation (GDPR) - Moving from confusion to readinessOmo Osagiede
This GDPR primer highlights key aspects of the new EU regulation regarding the protection of EU citizens data. It also presents a basic approach and key activities for GDPR preparedness. Useful as a discussion starter with senior management.
Preparing for GDPR: What Every B2B Marketer Must KnowIntegrate
Considering the consequences of non-compliance (up to €20M/$24M or 4% worldwide annual revenue), this translates to a major problem for B2B marketers.
How can your team ensure its lead gen processes are GDPR-compliant without undermining demand generation performance?
View this deck to see how Julian Archer (Sr. Research Director, SiriusDecisions) and Scott Vaughan (CMO, Integrate) educate B2B marketers on: developing a comprehensive GDPR compliance strategy, putting your compliance strategy into action, and applying software to support your compliance measures.
To watch the on-demand version of the webinar, click here:
https://www.integrate.com/gdpr-compliance-b2b-marketing-webinar
25th May 2018 marks the enforcement date of EU’s General Data Protection Regulation. This new regulation strives to increase privacy for individuals and penalize businesses in breach. The complexity organizations face in managing consumer data is driving the growth of privacy tech solutions that decisively address a slew of privacy compliance challenges.
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Presentation slides from an NCVO webinar which took place on 18 October 2017.
Presentation by Gary Shipsey from Protecture, find out more about Protecture: https://www.protecture.org.uk/
View the webinar recording: https://youtu.be/D7wuDS4QZgQ
GDPR The New Data Protection Law coming into effect May 2018. What does it me...eHealth Forum
GDPR The New Data Protection Law coming into effect May 2018. What does it mean for hospitals?
Anthe Papageorgiou, Compliance Officer & Data Protection Officer at Henry Dunant Hospital Center
An In House Counsel and Privacy Practitioners update on the changed regulatory landscape.
The Privacy and Data Protection Act 2014 received Royal Assent on 2 September 2014.
The new legislation replaces the Information Privacy Act 2000, and the Commissioner for Law Enforcement Data Security Act 2005, with a unified scheme governing the handling of personal information and data by Victorian Public sector agencies.
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
GDPR is coming for you whether you’re ready or not. Companies must show compliance by May 25, 2018. Take a look at the presentation to learn more about the new law that is going to change the way data is handled across the world. Read about the how it affects you and the steps you can take to make sure you’re GDPR ready!
About Extentia Information Technology:
Extentia is a global technology and services firm that helps clients transform and realize their digital strategies. With a focus on enterprise mobility, cloud computing, and user experiences, Extentia strives to accomplish and surpass your business goals. Our team is differentiated by an emphasis on excellent design skills that we bring to every project. Extentia’s work environment and culture inspire team members to be innovative and creative, and to provide clients with an exceptional partnership experience.
www.extentia.com
Slides from Niall Rooney FP Logue presentation at Food & Drink Business Europe event at Citywest Dublin on 05/09/2019 - *For Information Only, Not Legal Advice*
This week, Europe's data protection rules will undergo their largest reform in several decades. The General Data Protection Regulation (GDPR) is set to replace the Data Protection Directive, effective as of May 25, 2018.
General Data Protection Regulation or GDPRNupur Samaddar
General Data Protection Regulation or GDPR,he way companies across the world will handle their customers' personal information and creating strengthened and unified data protection for all individuals within the EU.
Key Issues on the new General Data Protection RegulationOlivier Vandeputte
The General Data Protection Regulation is one of the most wide ranging pieces of legislation passed by the EU in recent years. The GDPR comes into effect on 25 May 2018. The new framework is ambitious, complex and strict. It presents any organization that has so far failed to begin preparations with a steep challenge to become GDPR compliant in time.
We have summarized the key issues in our GDPR brochure.
Protection of Personal Information Bill (POPI)Robert MacLean
A short presentation that focuses on the proposed POPI law, how it impacts businesses, technology, IT depts & the cloud. It was based on a draft so some aspects may have changed.
This presentation deals with insights on how an offshore IT organization has to get ready to align with General Data Protection Regulation issued by European union
GDPR compliance process and maturity/readiness assessment checklistEz Fahmy
Organizations in Europe have to finally comply to the new regulation by EU to protect EU users data. This is a high level description of the main entities and requirements of the GDPR compliance process that organizations in EU need to implement
An overview of GDPR data privacy and the impact on traditional information security practices, which was presented at SecureWorld Dallas, October, 2017
AML/BSA - introductory guide to compliance for gaming industry compliance personnel. How to comply with federal and state law by building a rigorous compliance system.
How to define the roles and responsibilities of your legal vs. compliance teams to avoid conflicts of interest and to avoid having your compliance team practice law without a license. Regulators and Bar Associations recognize the district roles of legal representative and adviser vs. that of compliance management.
Handbook for financial institutions on assessing and instituting critical security controls in their company. Detail analysis of process for controls and risks affecting companies.
Summary of the major points for compliance with the HIPAA Privacy Rule including how to identify if you're a covered entity, what information is included as PHI, checklist for helping your company comply.
HOA liens, priority, redemption, Mortgages, Deeds of Trust and more in Washington state. The interplay between the HOA statute, redemption statute, and the recording statute.
Illustration showing internal corporate workflow process for complaints and legal matters. From intake of customer complaint to e-discovery and resolution.
Summary of guidance for BSA/AML in USA and AML/CTF in Caymans. Compliance Officer and Money Laundering Reporting Officer. Banks & Financial Institutions. KYC and Transaction Red Flag tips. Board of Directors.
In 2020, the Ministry of Home Affairs established a committee led by Prof. (Dr.) Ranbir Singh, former Vice Chancellor of National Law University (NLU), Delhi. This committee was tasked with reviewing the three codes of criminal law. The primary objective of the committee was to propose comprehensive reforms to the country’s criminal laws in a manner that is both principled and effective.
The committee’s focus was on ensuring the safety and security of individuals, communities, and the nation as a whole. Throughout its deliberations, the committee aimed to uphold constitutional values such as justice, dignity, and the intrinsic value of each individual. Their goal was to recommend amendments to the criminal laws that align with these values and priorities.
Subsequently, in February, the committee successfully submitted its recommendations regarding amendments to the criminal law. These recommendations are intended to serve as a foundation for enhancing the current legal framework, promoting safety and security, and upholding the constitutional principles of justice, dignity, and the inherent worth of every individual.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
2. Prior to the EU GDPR, the US had entered into the
EU-US Mutual Legal Assistance Treaty (MLAT)
2003
Then there was the Safe Harbor Agreement which
set minimum requirements for US-EU
transactions, but…
The Court of Justice of the European Union (CJEU)
declared in Schrems that the Safe Harbor
Agreement was invalid because it failed to meet
the standards set forth by the EU. The level of
protection in the US was “inadequate” to protect
privacy because US public authorities had access
to the data on a generalized basis for any EU
citizen who’s data was transmitted to the US. This
“generalized, mass, and unlimited” surveillance
was contrary to EU’s privacy and data protection
requirements.
So on April 14, 2016, the EU GDPR became law
with an effective date of May 25, 2018.
https://www.eugdpr.org/
E Baker Law Firm Pllc
3. On July 12, 2016, the EU-US and Swiss-US (on January 12, 2017) entered into the
Privacy Shield Frameworks. This was enforced by the FTC and DOT under the False
Statements Act and or as a violation of 49 USC 41712, but ONLY if the US companies
voluntarily participated in the program.
In December 2016, the EU-US Umbrella Agreement was entered into with an
effective date of February 1, 2017. This transatlantic agreement set privacy and data
protection safeguards for personal information transferred between the EU and US
for prevention, investigation, detection and prosecution of criminal offenses.
VOLUNTARY AGREEMENTS / FRAMEWORKS
E Baker Law Firm Pllc
4. Identify workflow process / data
flow for personal information/data
subject to the EU GDPR
How data comes in,
How data is retained/stored,
How data is transmitted,
How data is transferred to third party?
Identify where the data is,
Who has access to the data,
Can / How do you retrieve data,
Can you delete the data upon request?
E Baker Law Firm Pllc
6. Lawful, fairly, transparent
Collected for specified, explicit,
legitimate purpose
Adequate, relevant, limited to
what is necessary
Accurate, up-to-date
Kept in form where identification
of data subjects is not longer than
necessary
Secure
Ability to demonstrate compliance
E Baker Law Firm Pllc
7. 1. Consent
a. Controller must be able to
demonstrate
b. If written consent, must be
“clearly distinguishable” from
other matters, intelligible, easily
accessible, clear and plain
language
c. Prior to consent, must be given
notice of right to withdraw
consent at any time
d. Freely given (e.g. was it
contingent upon performance of
contract or provision of service
and not necessary for that)
2. Necessary
3. Children – 15 years or
younger – must have consent
of holder of parental
responsibility (member states
may require younger age but
not cannot go below age 13)
E Baker Law Firm Pllc
8. Processing personal data prohibited for data:
related to race,
ethnic origin,
political opinion,
religious or philosophical beliefs,
trade union membership,
genetic data, biometric data for the purpose of
uniquely identifying a natural person,
health,
Sex life or sexual orientation
UNLESS
1. Explicit consent for specified purpose (except if
EU member state does not allow consent by
natural person)
2. Necessary
a. for employment, social protection law
b. To protect vital interests of data subject or another
natural person (when data subject not physically or
legally capable of consenting)
c. For establishment, exercise or legal defense or by
courts
d. Substantial public interest
e. Preventive or occupational medicine
f. Public interest in public health
g. Archiving purposes
3. Carried out in course of legitimate activities
with safeguards by not-for profit body
4. Data made public by data subject
E Baker Law Firm Pllc
9. Controller shall provide notice to
data subject in reference to Articles
13, 14, 15-22, 34:
concise
transparent
intelligible
easily accessible form
clear and plain language
in writing including
electronic means
without undue delay,
within 1 month of receipt of
request (or inform as to why will
not)
free of charge
may request additional
information to substantial identify
of data subject/requestor
E Baker Law Firm Pllc
10. Period for which the data will be stored
Existence of right to request from controller access to,
rectification of, or erasure of data or restriction of
processing concerning data or to object to processing as
well as right to data portability
Existence of right to withdraw consent at any time
(Article 6(1)(a), 9(2)(a))
Right to lodge complaint with supervisory authority
Whether the provision of personal data is statutory or
contractual, etc.
Existence of automated decision making (profiling,
meaningful information about logic involved,
significance, and envisaged consequences of processing)
If controller intends to further process the data for
purpose other than for which it was collected, controller
shall provide the data subject PRIOR to the further
processing with information on other purpose and the
above information.
E Baker Law Firm Pllc
11. Identify and contact details of controller
Contact details of data protection officer
Purpose for processing the data and legal basis
Categories of personal data concerned
Recipients or categories of recipients
If applicable, the fact that they data will be transferred to third party or international organization,
existence (or absence) of adequacy decision by Commission, reference to the appropriate or suitable
safeguards and means to obtain copy of them (or where they are available)
Period for which the data will be stored
Where the processing is based, legitimate interests pursued by controller or third party
Existence of right to request from controller access to, rectification of, or erasure of data or restriction
of processing concerning data or to object to processing as well as right to data portability
Existence of right to withdraw consent at any time (Article 6(1)(a), 9(2)(a))
Right to lodge complaint with supervisory authority
Where the personal data (what source) originated, whether it was from publicly accessible sources
Existence of automated decision making (profiling, meaningful information about logic involved,
significance, and envisaged consequences of processing)
E Baker Law Firm Pllc
12. Implement appropriate technical and
organisational measures to ensure
processing is performed in
compliance with GDPR
Implement policies
Adhere approved code of conduct or
certification mechanisms
Implement appropriate technical and
organisational methods such as
pseudonymisation designed to
implement data protection principles
(data minimisation) to protect the
rights of the data subject (1) at time
of determination of the means for
processing and (2) at the time of
processing
Maintain written (electronic) records
of processing activities (see Act for
details) (*not applicable to
companies with less than 250
employees unless high risk)
E Baker Law Firm Pllc
13. Designate DPO where processing is
by public authority,
Core activities are
regular and systematic monitoring of data
subjects on large scale
Processing on large scale special categories
of data and personal data relating to criminal
convictions or offences
Group may appoint one DPO if easily
accessible by each office
All other cases, unless required by
Member State law, “may” appoint
DPO
DPO shall have expert knowledge of
GDPR, practices, and have ability to
fulfill tasks (Art. 39)
May be staff member of Controller or
Processor or under contract
Contact details of DPO shall be
published and communicated to
supervisory authority
Responsibilities
Inform and advise controller, processor,
employees
Monitor compliance
Provide advice re data protection impact
assessment, monitor performance
Act as contact point for and cooperate with
supervisory authorityE Baker Law Firm Pllc
14. 1. Pseudonymisation, encryption of personal data
2. Ensure ongoing confidentiality, integrity,
availability, resilience of processing systems and
services
3. Ability to restore availability and access to data
in timely manner
4. Process for regular testing, assessing, evaluation
of effectiveness of technical and organisational
measure ensuring security
5. Code of Conduct or Approved Certification
Mechanism (Article 40, 42 respectively)
E Baker Law Firm Pllc
15. 1. Controller shall (without undue delay, where
feasible) within 72 hours after becoming aware of
breach notify the supervisory authority
2. Required notice provisions:
a. Nature of breach, categories, number affected
b. Name and contact of data protection officer
c. Consequences of breach
d. Measures to be taken (or taken) to address, mitigate
3. Controller shall document every breach
4. Notify* data subject if “high risk to rights and
freedoms”
No Notice required if data encrypted, subsequent
measures taken which make it likely there is no
high risk, or disproportionate effort required
(public communication instead)
E Baker Law Firm Pllc
16. Only processors providing sufficient guarantees to
implement appropriate technical and organisational
measures in such a manner that processing will meet
requirements of GDPR
No sub-processors without controller’s prior written
authorization
Shall be governed by contract (see details required) or law
Adherence to approved code of conduct or approved
certification mechanism
Maintain written (electronic) record of all categories of
processing activities carried out for controller (see Act for
details) (*not applicable to companies with less than 250
employees unless high risk)
E Baker Law Firm Pllc
17. For more information on how to bring your organisation into compliance with
the EU GDPR, data privacy, regulatory compliance, risk management, and or
setting up your workflow processes, policies, procedures. Please contact:
Elizabeth Baker, JD, CRCMP
Internationally certified Risk and Compliance Management Professional (EU, US)
ebakerjd@ebakerjdlaw.com
E Baker Law Firm Pllc