This document summarizes a webinar about how U.S. companies can comply with the General Data Protection Regulation (GDPR). The webinar was presented by several attorneys from Jackson Lewis P.C., including Preston Clark, Joseph Lazzarotti, Jason Gavejian, and Mary Costigan. They discussed key aspects of GDPR compliance, such as definitions of personal data, the territorial scope and jurisdiction of GDPR, requirements for data protection officers, individual rights and responsibilities, data security obligations, and potential enforcement actions for noncompliance. The goal was to help companies understand GDPR requirements and take initial steps to assess how it applies to their operations.
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
There are general rules that cover data protection compliance. One is consent, where one should obtain consent before acquiring, holding, or using personal data wherever possible. It is also necessary to be careful with sensitive personal data, such as those pertaining to race, political opinion, health status, religious belief, sexuality, and criminal offense. https://securechannelsinc.blogspot.com/2017/09/basic-rules-for-data-protection.html
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...LexisNexis
Slides from the CLE webinar: "2017 Legislative Preview: An Early Look at Opportunities and Risks" .
You may download the full webinar recording free at http://www.lexisnexis.com/trial/uslm178836.asp
Secure channels inc. basic rules for data protection complianceSecure Channels Inc.
There are general rules that cover data protection compliance. One is consent, where one should obtain consent before acquiring, holding, or using personal data wherever possible. It is also necessary to be careful with sensitive personal data, such as those pertaining to race, political opinion, health status, religious belief, sexuality, and criminal offense. https://securechannelsinc.blogspot.com/2017/09/basic-rules-for-data-protection.html
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...LexisNexis
Slides from the CLE webinar: "2017 Legislative Preview: An Early Look at Opportunities and Risks" .
You may download the full webinar recording free at http://www.lexisnexis.com/trial/uslm178836.asp
The Evolving Landscape of Collaborative Law EthicsJeffrey Fink
As Collaborative Law expands and evolves, the ethical and professional responsibility considerations are becoming more complex. This presentation (originally for the American Bar Association, Dispute Resolution Section, Collaborative Law Committee) gives a 30,000 foot view of the state of the field as of January 2017.
Donors, Data Privacy & Security, and Doing What’s “Right”Bloomerang
https://bloomerang.co/resources/webinars/
T. Clay Buck and Ryan Woroniecki will show you how to safeguard your data, keep your donors happy, and protect yourself and your org.
Baringa Partners is hosting a roundtable discussion on the General Data Protection Regulation (GDPR) / EU-US Privacy Shield and its implications for US firms. The discussion will take place over breakfast on Thursday, October 26, 2017 in the private suite at The Wayfarer, Midtown. GDPR and the EU-US Privacy Shield: implications for US firms. For RSVP or more information, contact alexandra.kruse@baringa.com
Baringa invites you to participate in a roundtable discussion on the General Data Protection Regulation (GDPR) / EU-US Privacy Shield and its implications for US firms. The discussion will take place over breakfast on Thursday, October 26, 2017 in the private suite at The Wayfarer, Midtown.
Stephen Whitney Slides:
On January 28, 2016, Canada, along with many countries, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.
MaRS Discovery District and Privacy Horizon have teamed up to offer this special program for entrepreneurs and startup companies. Learn what you need to know to turn privacy into a competitive advantage.
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
Privacy is more of a priority than ever. With new, heavy-hitting regulations being introduced nationally and globally (such as GDPR and CCPA), as well as news about high-profile data breaches and mishandling of private information by companies, it’s not hard to see why.
The key to a successful privacy program is to manage your information throughout its lifecycle with strong governance rooted in policy. In this presentation, learn about the tools, strategies, and techniques public and private organizations are using to identify, manage, and dispose of personal data.
Bridging the Gap Between Privacy and RetentionInfoGoTo
This slideshare explores the vital connection between privacy and retention and explores some tools and approaches that can help organizations successfully manage them in tandem.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
Data democratization and data protection are conflicting forces that both need to be addressed through data governance and security by defining, deploying, and auditing data access control policies. Yet there is a latent “governance gap”: the individuals in the organization accountable for articulating and specifying data policies do not have enough knowledge of the systems to understand how policies are to be implemented, and the technologists who understand the system are not familiar enough with data policy drivers to appropriately define and deploy data protection policies.
This webinar is a must for personnel with an analytics and technology mandate to learn about the root causes of this governance gap and consider ideas for closing the gap.
On-Demand here: https://tdwi.org/webcasts/2021/07/arch-all-closing-the-governance-gap-enabling-governed-self-service-analytics.aspx
Learn about:
- Different roles tasked with managing data policies
- Root causes of the governance gap
- Establishing bridges among the different personas - privacy and compliance teams, data stewards, security teams, IT teams, data users
- Simplifying data policy governance
- Governed self-service analytics and data sharing
- Definitions of data sources and data assets and how to enable delegated policy administration
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
Presentación del Webinar de nuestra hermana Mind Your Privacy y Cardinal Path
En el actual escenario digital, más que nunca los analistas, marketeros y demás profesionales de datos deben conocer los cambios en las normativas nacionales e internacionales así como una serie de principios básicos para respetar la privacidad y la protección de los que sus datos recogen.
Digital Marketing meets Privacy
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
In an increasingly digital world, where personal data has become a valuable commodity, data privacy compliance has emerged as a critical concern for organizations across industries.
The Evolving Landscape of Collaborative Law EthicsJeffrey Fink
As Collaborative Law expands and evolves, the ethical and professional responsibility considerations are becoming more complex. This presentation (originally for the American Bar Association, Dispute Resolution Section, Collaborative Law Committee) gives a 30,000 foot view of the state of the field as of January 2017.
Donors, Data Privacy & Security, and Doing What’s “Right”Bloomerang
https://bloomerang.co/resources/webinars/
T. Clay Buck and Ryan Woroniecki will show you how to safeguard your data, keep your donors happy, and protect yourself and your org.
Baringa Partners is hosting a roundtable discussion on the General Data Protection Regulation (GDPR) / EU-US Privacy Shield and its implications for US firms. The discussion will take place over breakfast on Thursday, October 26, 2017 in the private suite at The Wayfarer, Midtown. GDPR and the EU-US Privacy Shield: implications for US firms. For RSVP or more information, contact alexandra.kruse@baringa.com
Baringa invites you to participate in a roundtable discussion on the General Data Protection Regulation (GDPR) / EU-US Privacy Shield and its implications for US firms. The discussion will take place over breakfast on Thursday, October 26, 2017 in the private suite at The Wayfarer, Midtown.
Stephen Whitney Slides:
On January 28, 2016, Canada, along with many countries, will celebrate Data Privacy Day. Recognized by privacy professionals, corporations, government officials, academics and students around the world, Data Privacy Day highlights the impact that technology is having on our privacy rights and underlines the importance of valuing and protecting personal information.
MaRS Discovery District and Privacy Horizon have teamed up to offer this special program for entrepreneurs and startup companies. Learn what you need to know to turn privacy into a competitive advantage.
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Iron Mountain
Privacy is more of a priority than ever. With new, heavy-hitting regulations being introduced nationally and globally (such as GDPR and CCPA), as well as news about high-profile data breaches and mishandling of private information by companies, it’s not hard to see why.
The key to a successful privacy program is to manage your information throughout its lifecycle with strong governance rooted in policy. In this presentation, learn about the tools, strategies, and techniques public and private organizations are using to identify, manage, and dispose of personal data.
Bridging the Gap Between Privacy and RetentionInfoGoTo
This slideshare explores the vital connection between privacy and retention and explores some tools and approaches that can help organizations successfully manage them in tandem.
EMMA’s EMEA Regional Director Joseph Yammine explains how the EU’s General Data Protection Regulation applies to the Health Care Industry and how you can prepare your team to follow the regulation and avoid any data breaches.
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsPrivacera
Data democratization and data protection are conflicting forces that both need to be addressed through data governance and security by defining, deploying, and auditing data access control policies. Yet there is a latent “governance gap”: the individuals in the organization accountable for articulating and specifying data policies do not have enough knowledge of the systems to understand how policies are to be implemented, and the technologists who understand the system are not familiar enough with data policy drivers to appropriately define and deploy data protection policies.
This webinar is a must for personnel with an analytics and technology mandate to learn about the root causes of this governance gap and consider ideas for closing the gap.
On-Demand here: https://tdwi.org/webcasts/2021/07/arch-all-closing-the-governance-gap-enabling-governed-self-service-analytics.aspx
Learn about:
- Different roles tasked with managing data policies
- Root causes of the governance gap
- Establishing bridges among the different personas - privacy and compliance teams, data stewards, security teams, IT teams, data users
- Simplifying data policy governance
- Governed self-service analytics and data sharing
- Definitions of data sources and data assets and how to enable delegated policy administration
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...PECB
By embracing the importance of GDPR and leveraging ISO/IEC 27701, you can enhance your data protection practices, achieve compliance, and minimize the risk of penalties.
Amongst others, the webinar covers:
Importance of Data Protection
Understanding Data Collection and Challenges
Introduction to GDPR
Key Principles of GDPR
Who does GDPR Apply to and Its Global Implications
Introduction to ISO/IEC 27701
Implementing ISO/IEC 27701
Privacy by Design
Dealing with IT on a Daily Basis
Building Awareness and Training
Audit, Data Discovery, and Risk Assessments
Presenters:
Mike Boutwell
Mike Boutwell is a Senior Information Security Specialist with over 15 years of experience in security and 10 years of risk management experience, primarily focused on financial services. He excels in collaborating with CISOs and other executive leadership to build and implement security frameworks aligned with business objectives and developing enterprise-wide security requirements. Mike has a strong track record of securing assets worth over $1 quadrillion and delivering $100M+ projects.
Mike is a certified CISSP, CISA, CGEIT, ISO 27001 Senior Lead Implementer, ISO 27001 Senior Lead Auditor, ISO 38500 Senior Lead IT Governance Manager, ISO 27032 Senior Lead Cyber Security Manager, and Certified Non-Executive Director.
Lisa Goldsmith
Lisa Goldsmith is the founder of LJ Digital and Data Consultancy. Lisa has over 23 years’ experience of supporting leadership teams in membership, charity, and wider not-for-profit organisations to simplify their IT and digital strategy that allows them to sleep soundly at night, knowing their systems and processes are fit for purpose, GDPR compliant, secure and that they deliver value to staff, members, and stakeholders.
Prior to starting her own consultancy, Lisa gained extensive experience working for membership organisations and has knowledge and expertise at all levels of operations from working within careers and qualifications teams, as Membership Manager, as Head of Digital & IT for delivering large-scale digital, IT and GDPR compliance projects and serving on several Senior Leadership Teams. Lisa is also currently a Trustee of the BCLA and Groundwork East.
Date: June 27, 2023
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/en/education-and-certification-for-individuals/iso-iec-27701
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternational/
Slideshare: http://www.slideshare.net/PECBCERTIFICATION
YouTube video: https://youtu.be/lfJrSLaGDtc
Website: https://bit.ly/437GOnG
Presentación del Webinar de nuestra hermana Mind Your Privacy y Cardinal Path
En el actual escenario digital, más que nunca los analistas, marketeros y demás profesionales de datos deben conocer los cambios en las normativas nacionales e internacionales así como una serie de principios básicos para respetar la privacidad y la protección de los que sus datos recogen.
Digital Marketing meets Privacy
Introduction to US Privacy and Data Security: Regulations and RequirementsFinancial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
Part of the webinar series: CYBERSECURITY & DATA PRIVACY 2022
See more at https://www.financialpoise.com/webinars/
Dovetail Software (hr.dovetailsoftware.com) sponsors this informative and important webinar hosting experts Grant D. Petersen (ogletree.com/) and Estella Cohen (trustarc.com/) who shared information with HR practitioners and Organizations that need to be GDPR compliant by May 25, 2018.
Here's the link to view the recording: http://hr.dovetailsoftware.com/dsadmin/2018/01/31/hr-gdpr-preparing-2018-compliance/
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
In an increasingly digital world, where personal data has become a valuable commodity, data privacy compliance has emerged as a critical concern for organizations across industries.
Changes to EU data protection legislation are imminent and could have potentially devastating consequences for your business. Don’t be caught by surprise!
The DMA is keeping in close touch with developments as the European Parliament and Council prepare to debate this business-critical piece of legislation this autumn.
Caroline Roberts, Director of Public Affairs at the DMA will provide an update on the draft EU Data Protection Regulation and the DMA's lobbying activity.
Kathryn Wynn, Senior Associate at Pinsent Masons will discuss Big Data: Identifying the Opportunities and Overcoming the Legal Obstacles
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Financial Poise
The United States has no federal data security or privacy law covering all businesses or all U.S. citizens. Instead, federal agencies and individual states have created their own patchwork of laws and regulations which must be evaluated for their application to a business.
This webinar will help you navigate the overlapping and sometimes confusing system of laws and regulations which may impact your business, ranging from emerging state-level privacy legislation to the numerous data breach notification statutes to cybersecurity regulations with extraterritorial effect.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-us-privacy-and-data-security-regulations-and-requirements-2021/
Towards data responsibility - how to put ideals into actionMindtrek
Track | Sustainable and Future-proof Tech
Mikko Eloholma Accelerator of Digital skills, TIEKE
Mindtrek Conference
3rd of October 2023.
Tampere, Finland
www.mindtrek.org
7 Key GDPR Requirements & the Role of Data GovernanceDATUM LLC
GDPR is less than a year away. How is your organization making sure it will avoid penalties, fines and punishments? All organizations need to familiarize themselves with the new GDPR requirements and data subject rights as the first step to preventing fines and penalties. This presentation will look at the key requirements of GDPR and certain “best practices” approaches towards company-wide compliance. This presentation was given by Jonathan Adams, Research Director, at the MDM & Data Governance Summit on October 12, 2017 in New York City.
The events of 2016-2017 have left many campus practitioners and administrators feeling as though they've been through a whirlwind.
During this 60-minute webinar, Holly Rider-Milkovich, Senior Director of Prevention Education at EVERFI will be presenting on the 2017 State of Sexual Assault on College Campuses.
Using research and data from EVERFI along with other national resources, this webinar will look at the past year and consider:
* What trends are emerging that affect campus sexual assault prevention efforts?
* What new research and practices are being employed across the country to support effective sexual violence prevention?
* What developments at the state and national level may impact prevention efforts in higher education in the coming year?
* What colleges and universities can do now to develop resilient, strategic, effective prevention efforts for their students, staff, and faculty in light of recent and anticipated changes at the state and federal level.
We all have good and bad thoughts from time to time and situation to situation. We are bombarded daily with spiraling thoughts(both negative and positive) creating all-consuming feel , making us difficult to manage with associated suffering. Good thoughts are like our Mob Signal (Positive thought) amidst noise(negative thought) in the atmosphere. Negative thoughts like noise outweigh positive thoughts. These thoughts often create unwanted confusion, trouble, stress and frustration in our mind as well as chaos in our physical world. Negative thoughts are also known as “distorted thinking”.
This is a presentation by Dada Robert in a Your Skill Boost masterclass organised by the Excellence Foundation for South Sudan (EFSS) on Saturday, the 25th and Sunday, the 26th of May 2024.
He discussed the concept of quality improvement, emphasizing its applicability to various aspects of life, including personal, project, and program improvements. He defined quality as doing the right thing at the right time in the right way to achieve the best possible results and discussed the concept of the "gap" between what we know and what we do, and how this gap represents the areas we need to improve. He explained the scientific approach to quality improvement, which involves systematic performance analysis, testing and learning, and implementing change ideas. He also highlighted the importance of client focus and a team approach to quality improvement.
Welcome to TechSoup New Member Orientation and Q&A (May 2024).pdfTechSoup
In this webinar you will learn how your organization can access TechSoup's wide variety of product discount and donation programs. From hardware to software, we'll give you a tour of the tools available to help your nonprofit with productivity, collaboration, financial management, donor tracking, security, and more.
Ethnobotany and Ethnopharmacology:
Ethnobotany in herbal drug evaluation,
Impact of Ethnobotany in traditional medicine,
New development in herbals,
Bio-prospecting tools for drug discovery,
Role of Ethnopharmacology in drug evaluation,
Reverse Pharmacology.
Unit 8 - Information and Communication Technology (Paper I).pdfThiyagu K
This slides describes the basic concepts of ICT, basics of Email, Emerging Technology and Digital Initiatives in Education. This presentations aligns with the UGC Paper I syllabus.
How to Make a Field invisible in Odoo 17Celine George
It is possible to hide or invisible some fields in odoo. Commonly using “invisible” attribute in the field definition to invisible the fields. This slide will show how to make a field invisible in odoo 17.
Read| The latest issue of The Challenger is here! We are thrilled to announce that our school paper has qualified for the NATIONAL SCHOOLS PRESS CONFERENCE (NSPC) 2024. Thank you for your unwavering support and trust. Dive into the stories that made us stand out!
The Art Pastor's Guide to Sabbath | Steve ThomasonSteve Thomason
What is the purpose of the Sabbath Law in the Torah. It is interesting to compare how the context of the law shifts from Exodus to Deuteronomy. Who gets to rest, and why?
The Art Pastor's Guide to Sabbath | Steve Thomason
EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. Company needs to know
1. May 17, 2018
How to Comply with GDPR
Requirements: What every U.S.
Company needs to know
Preston Clark, J.D.
Joseph Lazzarotti,
Jason Gavejian &
Mary Costigan
2. Webinar Basics
1 Please ask questions
2 Full presentation will be sent out immediately following event
3 Webinar recording will be sent out next week
4 Post webinar communication plan
4. Your Presenters
President of EVERFI’s Conduct & Culture division that
powers online compliance training programs for over 1,500
organizations worldwide. Preston was formerly Assistant
General Counsel for the University of Miami.
Preston Clark, J.D.
President at EVERFI
As a Certified Information Privacy Professional (CIPP), Mr
Gavejian focuses on the matrix of laws governing privacy,
security, and management of data. He is co-author of, and
regular contributor to, the firm’s Privacy Blog.
Jason C. Gavejian
Principal, Jackson Lewis
Advises multinational, national and regional companies on
emerging privacy and cybersecurity issues, including best
practices and preventive safeguards. Is also a Certified
Information Privacy Professional (CIPP) with IAPP.
Mary T. Costigan
Associate, Jackson Lewis
Founder and co-lead of the firm’s Privacy, e-Communication and
Data Security Practice, edits the firm’s Privacy Blog, and is a
Certified Information Privacy Professional (CIPP) with
International Association of Privacy Professionals (IAPP).
Joseph J. Lazzarotti
Principal, Jackson Lewis
5. • Represents management exclusively in every aspect of employment,
benefits, labor, and immigration law and related litigation, as well as
government relations in NYS & NYC.
• Over 800 attorneys in 57 locations nationwide
• Current caseload of over 6,500 litigations, approximately 650 class
actions.
• Founding member of L&E Global.
• A leader in educating employers about the laws of equal opportunity,
Jackson Lewis understands the importance of having a workforce that
reflects the various Communities it serves
About Jackson Lewis P.C.
6. Lawyer’s Disclaimer
Jackson Lewis P.C. has prepared the materials
contained in this presentation for the participants’
reference and general information in connection with
education seminars presented by the firm and its
attorneys. Attendees should consult with counsel
before taking any actions that could affect their legal
rights and should not consider these materials or
discussions about these materials to be legal or other
advice regarding any specific matter.
8. • Adopted on April 14, 2016, by the EU Commission and
Parliament
• Replaces the 1995 Data Protection Directive (Directive
95/46/EC)
• Effective May 25, 2018
• Broader jurisdiction, greater harmonization, increased
penalties
The General Data Protection Regulation
(GDPR)
9. • Establishment
• Offering Goods and Services…Targeting
• Monitoring Behavior
• Resident v. Citizen
Jurisdiction, Territorial Scope
11. • Divergent historical context, purpose
• Personal data
• Very broad: Any information relating to an
identified or identifiable natural person
• Sensitive information
• Personal information
Personal Data v. Personal Information
13. • Processing Means:
• Any operation or set of operations that are:
• Performed on personal data or on sets of personal data
• Whether on not by automated means
• Includes:
• Collection, recording, organization, structuring, storage,
adaption or alteration, retrieval, consultation, use, disclosure
by transmission, dissemination or otherwise making
available, alignment or combination, restriction, erasure or
destruction
Processing
15. • Appoint if core activities are:
• regular and systematic monitoring of data subjects on
a large scale, or
• processing special categories of data or data relating
to criminal convictions/offenses on a large scale
• Union representative v. DPO
• More stringent laws in member states
Data Protection Officer
16. WHAT ARE OUR BASIC
RESPONSIBILITIES AND
OBLIGATIONS?
17. • Data controller v. data processor
• Privacy impact assessment
• Notice
• Privacy by design
• Individual’s rights
• Recording processing activities
Responsibilties and Obligations
19. • What is a breach
• When to report to Supervisory Authority
• When to report to affected individuals
• Risk of harm exception
• Interactions with U.S. breach notification
requirements
Data Breaches
22. WHAT DO WE NEED TO
DO ABOUT DATA
SECURITY? ARE THERE
ANY SPECIAL
REQUIREMENTS?
23. • No specific framework or technologies required.
• Pseudonymization and encryption
• Privacy by design
• Data processor agreements
• Breach detection
Data Security
24. CAN OUR U.S. EMPLOYEES
ACCESS PERSONAL DATA
OF DATA SUBJECT IN THE
EU?
25. • Lawful basis
• “Adequate safeguards”
• Privacy Shield
• Model contracts
• Binding corporate rules
Accessing EU Data
27. • Investigatory authority
• “Effective, proportionate and dissuasive”
• Level 1 fines - up to greater of 10,000,000 EUR or 2% of total worldwide
annual turnover.
• Level 2 fines - up to greater of 20,000,000 EUR or 4% of total worldwide
annual turnover.
• Judicial remedies
Enforcement
29. • Getting started
• Map your data
• Assess application and compliance
requirements
• Prepare employees (training)
• Coordinate with U.S. and other jurisdictions
• Document your steps
Take-Aways
31. Thank You!
President of EVERFI’s Conduct & Culture division that
powers online compliance training programs for over 1,500
organizations worldwide. Preston was formerly Assistant
General Counsel for the University of Miami.
Preston Clark, J.D.
President at EVERFI
As a Certified Information Privacy Professional (CIPP), Mr
Gavejian focuses on the matrix of laws governing privacy,
security, and management of data. He is co-author of, and
regular contributor to, the firm’s Privacy Blog.
Jason C. Gavejian
Principal, Jackson Lewis
Advises multinational, national and regional companies on
emerging privacy and cybersecurity issues, including best
practices and preventive safeguards. Is also a Certified
Information Privacy Professional (CIPP) with IAPP.
Mary T. Costigan
Associate, Jackson Lewis
Founder and co-lead of the firm’s Privacy, e-Communication and
Data Security Practice, edits the firm’s Privacy Blog, and is a
Certified Information Privacy Professional (CIPP) with
International Association of Privacy Professionals (IAPP).
Joseph J. Lazzarotti
Principal, Jackson Lewis
32. May 17, 2018
How to Comply with GDPR
Requirements: What every U.S.
Company needs to know
Preston Clark, J.D.
Joseph Lazzarotti,
Jason Gavejian, &
Mary Costigan