GDPR just took effect in the EU and most companies, there and in the US, are confused about what it is and what they are supposed to do. We provide a brief look at the regulations and how they might affect US companies.
GDPR: What It Is and How (and Which) US Companies Are AffectedJames C. Roberts III
The EU's GDPR that just went into effect turns privacy regulation on its head--from the perspective of the US. GDPR can affect US companies--not only those with a presence (office or sub) in the EU, but otherwise. It's still a mystery and a controversy just how it affects US companies, though.
The document provides an overview of the General Data Protection Regulation (GDPR). It discusses key aspects of GDPR such as what it is, who it applies to, lawful bases for processing data, data subject rights, and steps for achieving compliance. Specifically, GDPR is a new EU privacy law that gives more control to individuals over their personal data and imposes fines on companies that don't comply. It applies broadly to any organization that handles EU citizens' data.
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
The document provides an overview of privacy law in the EU and abroad. It summarizes the key aspects of the EU Data Directive, including its general principles, requirements for data processing and transfers, and oversight and enforcement regime. It then discusses mechanisms for transferring data from the EU to other countries, including the US-EU Safe Harbor framework and model contracts. Finally, it briefly outlines some other worldwide privacy laws, including in Canada and Japan.
This document summarizes key points from a presentation about proposed changes to the EU's Data Protection Regulation. It discusses expanded definitions and new requirements for consent, data breaches, subject access requests and more. Consent would need to be explicit under the new rules. IP addresses and cookies may be defined as personal data, affecting digital marketing. Data subjects could request deletion of data. Organizations would face stricter security rules and larger fines for noncompliance. The impact on direct marketing could be significant.
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
This is a new set of slides, adapted after the 10/21/2013 LIBE Committee vote on the proposed amendments to the Regulation. Quite a few of the original GDPR rules have changed so far.
GDPR: What It Is and How (and Which) US Companies Are AffectedJames C. Roberts III
The EU's GDPR that just went into effect turns privacy regulation on its head--from the perspective of the US. GDPR can affect US companies--not only those with a presence (office or sub) in the EU, but otherwise. It's still a mystery and a controversy just how it affects US companies, though.
The document provides an overview of the General Data Protection Regulation (GDPR). It discusses key aspects of GDPR such as what it is, who it applies to, lawful bases for processing data, data subject rights, and steps for achieving compliance. Specifically, GDPR is a new EU privacy law that gives more control to individuals over their personal data and imposes fines on companies that don't comply. It applies broadly to any organization that handles EU citizens' data.
General Data Protection Regulation for OpsKamil Rextin
A brief on GDPR & Hubspot for Marketing & Marketing Ops.
This PPT provides a brief background on GDPR & how to implement GDPR compliance with Hubspot , Facebook & Google Analytics
Privacy Practice Fundamentals: Understanding Compliance Regimes and RequirementsAnitafin
This is the presentation from the class I taught at the University of Toronto Faculty of Information Sciences graduate school - a major challenge to capture the concepts in less than 3 hours!
The document provides an overview of privacy law in the EU and abroad. It summarizes the key aspects of the EU Data Directive, including its general principles, requirements for data processing and transfers, and oversight and enforcement regime. It then discusses mechanisms for transferring data from the EU to other countries, including the US-EU Safe Harbor framework and model contracts. Finally, it briefly outlines some other worldwide privacy laws, including in Canada and Japan.
This document summarizes key points from a presentation about proposed changes to the EU's Data Protection Regulation. It discusses expanded definitions and new requirements for consent, data breaches, subject access requests and more. Consent would need to be explicit under the new rules. IP addresses and cookies may be defined as personal data, affecting digital marketing. Data subjects could request deletion of data. Organizations would face stricter security rules and larger fines for noncompliance. The impact on direct marketing could be significant.
The EU Data Protection Reform's Impact on Cross Border e-Discovery: new Devel...AltheimPrivacy
This is a new set of slides, adapted after the 10/21/2013 LIBE Committee vote on the proposed amendments to the Regulation. Quite a few of the original GDPR rules have changed so far.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
Check out this link for the latest version: http://www.slideshare.net/EDiscoveryMap/the-eu-data-protection-reforms-impact-on-cross-border-ediscovery-27629797
The European Commission's proposal for a new General Data Protection Regulation (GDPR), represents the most significant global development in data protection law since Directive 95/46. It will considerably impact cross-border e-discovery in the EU.
The Information Commissioner calls - what to expect and how to react, May 201...Browne Jacobson LLP
This workshop covered ICO investigations into breaches of the current Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (as amended).
We covered the following topics:
- the ICO’s powers, procedures and policies
- recent cases and ICO priorities
- your rights and obligations
- the benefits and pitfalls of proactive breach notification
- areas of risk and how to address them
- protecting legal privilege
- managing the risks under the Freedom of Information Act, and
- the major changes brought in by the forthcoming General Data Protection Regulation.
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
This document summarizes a legal update event held by the DMA (Direct Marketing Association) on data protection. It includes:
- An agenda for the day covering upcoming changes to EU data protection laws and their implications for direct marketing.
- A summary of proposed changes in the EU's draft Data Protection Regulation, including stricter consent requirements, increased data subject rights like the "right to be forgotten", and heavier sanctions for non-compliance.
- An analysis of how these changes may impact direct marketing practices, such as the need to obtain explicit consent, review existing databases and consent language, and increase compliance costs.
This document provides a summary of a presentation on data protection law and the proposed EU Data Protection Regulation. Key points from the proposed regulation discussed include expanded definitions of personal data, the requirement for explicit consent, the right to be forgotten, increased accountability and security breach notification requirements, more sanctions for non-compliance, and the direct coverage of data processors. Impacts on practices like profiling, use of IP addresses and cookies, and responding to access requests are also covered. The presentation provides timelines for the regulation and discusses lobbying efforts regarding the proposals.
The document summarizes the key aspects of the UK's Freedom of Information Act 2005. It outlines what public bodies are covered by the act, what information can be requested, the exemptions for releasing information both absolute and qualified, how to make an FOI request including best practices, the costs limits, and the appeals process if a request is denied. Resources like WhatDoTheyKnow.com are also provided to help citizens utilize their right to access public information through FOI requests.
Safe Harbor is a framework that allows the transfer of personal data from the EU to the US in compliance with EU data privacy laws. It provides a bridge between differing US and EU privacy approaches through voluntary self-certification to its principles by organizations doing business between the regions. The principles address issues like notice, choice, security and enforcement to protect EU citizens' privacy rights when their data is transferred to the less restrictive US context. While initially controversial, Safe Harbor has helped enable transatlantic data flows for many companies over the past 15 years.
US – EU Safe Harbor for Cross-Border DataMark Aldrich
This document summarizes recent developments regarding the US-EU Safe Harbor framework for cross-border data transfers. It provides background on the Safe Harbor and outlines key events that have challenged its validity, including European court cases and actions by data protection authorities. These developments include a pending case before the European Court of Justice to determine the validity of Safe Harbor given revelations about US government surveillance programs. Several data protection authorities have also initiated enforcement actions against US companies that self-certified under Safe Harbor.
The document provides information about the Freedom of Information Act 2005 in the UK, including what it covers, exemptions, how to make requests, and tips for using FOI effectively. Some key points:
- The FOI Act allows the public to request information from over 100,000 public authorities like government departments, councils, health authorities, police, and publicly owned companies.
- There are exemptions for requests that would reveal sensitive national security, personal private information, or information intended for future publication.
- To make a request, an email should be sent to the FOI officer of the relevant authority clearly describing the information needed. Requests must be answered within 20 working days.
- Tips include
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
This document summarizes key privacy laws and strategies for handling personal information. It discusses expanding laws around use of private data, increased enforcement, and challenges for businesses to comply. Specific topics covered include North Carolina and Massachusetts privacy statutes, obligations for use and security of personal data, social media policies, and proactive risk management steps.
As the European Union (EU) has enacted the General Data Protection Regulation (GDPR), it is easy to perceive this regulation would apply to only multinational or European companies. GDPR will certainly impact businesses in EU; but it will extend its applicability for international businesses, even those based in the United States.
In this webinar, Daniel Cohen-Dumani and Anupam Goradia of Withum cover what exactly GDPR is and why it is important to your business. We also share practical tips and best practice on how to ensure your compliance.
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
The document discusses key aspects of preparing for and complying with the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. It outlines some of the major changes and requirements introduced by the GDPR, including its expanded territorial reach, new obligations for data processors, strengthened consent requirements, increased penalties for non-compliance, and the role of supervisory authorities. The document emphasizes that organizations must conduct assessments, secure resources and budgets, and implement technologies and processes to ensure they have a defensible position and are prepared to address the challenges and opportunities created by the GDPR.
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Be careful what you wish for: the great Data Protection law reform - Lilian E...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Lilian Edwards looked at the basics on what you need to know about the new regulation.
http://qonex.com/east-midlands-cyber-security-forum/
Data Protection and Academic Research: The New GDPR FrameworkDavid Erdos
These slides provide an overview of the new data protection framework for academic research under the GDPR, situating this within the broader context of ethical review. After outlining the broad scope and default duties of the GDPR, the slides look at the critical issue of distinguishing processing for “academic purposes” - common in humanities and social studies – from processing only for “research” – common in the biomedical and other “hard” sciences. Whilst the former is subject to wide and liberal derogations akin to journalism, the latter is subject to mandatory safeguards and limited (and often further safeguarded) derogations. The implications of all this for ensuring lawful processing is outlined focusing on purposes specification, transparency, legal vires, data export and discipline duties as regards processors and co-controllers. It is finally noted that article 23 of the GDPR could permit further flexibility in future through secondary legislation.
The EU Data Protection Reform's Impact on Cross Border E-discovery; updated h...AltheimPrivacy
Check out this link for the latest version: http://www.slideshare.net/EDiscoveryMap/the-eu-data-protection-reforms-impact-on-cross-border-ediscovery-27629797
The European Commission's proposal for a new General Data Protection Regulation (GDPR), represents the most significant global development in data protection law since Directive 95/46. It will considerably impact cross-border e-discovery in the EU.
The Information Commissioner calls - what to expect and how to react, May 201...Browne Jacobson LLP
This workshop covered ICO investigations into breaches of the current Data Protection Act 1998 and the Privacy and Electronic Communications Regulations 2003 (as amended).
We covered the following topics:
- the ICO’s powers, procedures and policies
- recent cases and ICO priorities
- your rights and obligations
- the benefits and pitfalls of proactive breach notification
- areas of risk and how to address them
- protecting legal privilege
- managing the risks under the Freedom of Information Act, and
- the major changes brought in by the forthcoming General Data Protection Regulation.
USA and Europe (EU) do have a different way of looking into privacy. This PPT is about who is responsible and what kind of rules are in place. This is a A Medved Consultants LLC Presentation. This may not be considered as a legal advice.
General Data Protection Regulation: what do you need to do to get prepared? -...IISPEastMids
At our Spring East Midlands Cyber Security event on the Impact of the General Data Protection Regulation, Helena Wootton looks at the things you need to do to get prepared for the new data protection regulation.
http://qonex.com/east-midlands-cyber-security-forum/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
This document summarizes a legal update event held by the DMA (Direct Marketing Association) on data protection. It includes:
- An agenda for the day covering upcoming changes to EU data protection laws and their implications for direct marketing.
- A summary of proposed changes in the EU's draft Data Protection Regulation, including stricter consent requirements, increased data subject rights like the "right to be forgotten", and heavier sanctions for non-compliance.
- An analysis of how these changes may impact direct marketing practices, such as the need to obtain explicit consent, review existing databases and consent language, and increase compliance costs.
This document provides a summary of a presentation on data protection law and the proposed EU Data Protection Regulation. Key points from the proposed regulation discussed include expanded definitions of personal data, the requirement for explicit consent, the right to be forgotten, increased accountability and security breach notification requirements, more sanctions for non-compliance, and the direct coverage of data processors. Impacts on practices like profiling, use of IP addresses and cookies, and responding to access requests are also covered. The presentation provides timelines for the regulation and discusses lobbying efforts regarding the proposals.
The document summarizes the key aspects of the UK's Freedom of Information Act 2005. It outlines what public bodies are covered by the act, what information can be requested, the exemptions for releasing information both absolute and qualified, how to make an FOI request including best practices, the costs limits, and the appeals process if a request is denied. Resources like WhatDoTheyKnow.com are also provided to help citizens utilize their right to access public information through FOI requests.
Safe Harbor is a framework that allows the transfer of personal data from the EU to the US in compliance with EU data privacy laws. It provides a bridge between differing US and EU privacy approaches through voluntary self-certification to its principles by organizations doing business between the regions. The principles address issues like notice, choice, security and enforcement to protect EU citizens' privacy rights when their data is transferred to the less restrictive US context. While initially controversial, Safe Harbor has helped enable transatlantic data flows for many companies over the past 15 years.
US – EU Safe Harbor for Cross-Border DataMark Aldrich
This document summarizes recent developments regarding the US-EU Safe Harbor framework for cross-border data transfers. It provides background on the Safe Harbor and outlines key events that have challenged its validity, including European court cases and actions by data protection authorities. These developments include a pending case before the European Court of Justice to determine the validity of Safe Harbor given revelations about US government surveillance programs. Several data protection authorities have also initiated enforcement actions against US companies that self-certified under Safe Harbor.
The document provides information about the Freedom of Information Act 2005 in the UK, including what it covers, exemptions, how to make requests, and tips for using FOI effectively. Some key points:
- The FOI Act allows the public to request information from over 100,000 public authorities like government departments, councils, health authorities, police, and publicly owned companies.
- There are exemptions for requests that would reveal sensitive national security, personal private information, or information intended for future publication.
- To make a request, an email should be sent to the FOI officer of the relevant authority clearly describing the information needed. Requests must be answered within 20 working days.
- Tips include
These slides explore the reforms to the UK General Data Protection Regulation (GDPR) proposed by the UK Government in Data: A New Direction. It is argued that they are both significant and unbalanced against the data subject but (aside potentially from the e-privacy rules) not generally radical. The great bulk of the proposed substantive changes to data protection could plausibly be justified under the derogation clauses available to EU Member States within the GDPR itself. Reforms to the integrity duties of controllers and others are more far-reaching. Nevertheless, their broad structure remains compatible with even the revised version of the Council of Europe framework, Data Protection Convention 108+, which both the EU and UK remain strongly committed to. Finally, the proposals to shift ICO supervision de jure away from a priority focus on individual data subject rights and complaints are difficult to square even with Convention 108+. Nevertheless, de facto the ICO far from acts as a legal champion for the data subject today. Indeed, despite receiving over 36,000 complaints from individuals during 2020-21, it issued just three fines under the GDPR (all concerning data security breaches) and just one injunctive enforcement notice.
This document summarizes key privacy laws and strategies for handling personal information. It discusses expanding laws around use of private data, increased enforcement, and challenges for businesses to comply. Specific topics covered include North Carolina and Massachusetts privacy statutes, obligations for use and security of personal data, social media policies, and proactive risk management steps.
As the European Union (EU) has enacted the General Data Protection Regulation (GDPR), it is easy to perceive this regulation would apply to only multinational or European companies. GDPR will certainly impact businesses in EU; but it will extend its applicability for international businesses, even those based in the United States.
In this webinar, Daniel Cohen-Dumani and Anupam Goradia of Withum cover what exactly GDPR is and why it is important to your business. We also share practical tips and best practice on how to ensure your compliance.
The EU Data Protection Regulation - what you need to knowSophos Benelux
De komende EU Data Beschermingsregulering vraagt van organisaties wereldwijd dat zij de data beveiligen die zij beheren en bezitten van Europese burgers. Het is algemeen aanvaard dat encryptie de beste methode is om te voldoen aan deze nieuwe regulering. Wanneer een lek ontstaat en u kunt aantonen dat alle persoonlijke data was versleuteld, verkleint de kans aanzienlijk dat u vanuit de EU een boete ontvangt.
Veel organisaties hebben geen idee wat deze nieuwe regulering inhoudt of hoe zij zich moeten voorbereiden op deze nieuwe regels. Behoort uw organisatie ook tot deze groep?
The document discusses key aspects of preparing for and complying with the EU General Data Protection Regulation (GDPR), which goes into effect on May 25, 2018. It outlines some of the major changes and requirements introduced by the GDPR, including its expanded territorial reach, new obligations for data processors, strengthened consent requirements, increased penalties for non-compliance, and the role of supervisory authorities. The document emphasizes that organizations must conduct assessments, secure resources and budgets, and implement technologies and processes to ensure they have a defensible position and are prepared to address the challenges and opportunities created by the GDPR.
Introduction to EU General Data Protection Regulation: Planning, Implementat...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data. The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Introduction to EU General Data Protection Regulation: Planning, Implementati...Financial Poise
The GDPR changed the way the world collects, stores, and sends personal data.The GDPR is a broad EU regulation that requires businesses to protect the personal data of EU citizens, whether the business itself is in the EU or elsewhere. Since its implementation in 2018, companies that collect data on EU citizens must comply with strict rules for the protection of personal data or face heavy fines for non-compliance. This webinar will provide an overview of GDPR’s applicability and requirements, as well as how your organization may meet those standards.
To view the accompanying webinar, go to: https://www.financialpoise.com/financial-poise-webinars/introduction-to-eu-general-data-protection-regulation-planning-implementation-and-compliance-2021/
Interact 2018 - GDPR for digital publishers, digital agencies and advertisersIAB Europe
Held in Milan on 23-24 May, IAB Europe’s annual 2-day conference Interact 2018 featured a training by Matthias Matthiesen, Director Public Policy & Privacy and Chris Hartsuiker, Public Policy Officer, IAB Europe. Which provisions in the General Data Protection Regulation are the most relevant to digital publishers and advertisers? What is the guidance of the European Data Protection Board (former Article 29 Working party) on these topics? This training session, provided by IAB Europe will provide insight into applying the GDPR to the digital advertising supply chain.
In general, the GDPR applies to any business that processes personal data by automated or manual processing
A strategic approach is introduced to regulating personal data and the normative foundations of the European Unions General Data Protection Regulation (GDPR)
Existing Requirements imposed by the 1995 Data Protection Directive are refined.
It does this by establishing a uniform framework for data protection legislation across the EU
How to keep out of trouble with GDPR: The case of Facebook, Google and ExperianPECB
Short description:
In this webinar, we will be exploring the current trends, predictions and other things of relevance to GDPR enforcement. Further, we will touch on the big fines such as Facebook, Google, Experian as well as guide you how to stay out of trouble with the regulation.
Main points covered:
• A summary of ICO enforcement action in the UK over the past 12 months
• What organizations got wrong?
• The big fines – Facebook and Experian
• Trends and predictions
• How to keep out of trouble with the regulator
Presenter:
Our presenter for this webinar, James Castro-Edwards is a partner and Head of Data Protection at Wedlake Bell LLP. James advises domestic and multinational organizations on data protection issues. His experience includes managing global data protection compliance projects for multinationals and advising domestic companies on complex data protection issues. He has also developed and delivered innovative data protection training programs for multinational clients, including a data protection officers’ training course which was accredited by a European government. James leads the firm’s outsourced data protection officer service, ProDPO.
James frequently speaks on data protection and cybersecurity issues and is widely published, having written articles for a wide variety of titles including The Times and The Guardian, and wrote The Law Society textbook on the General Data Protection Regulation (GDPR).
Recorded Webinar: https://youtu.be/QAF1XXTBFyg
GDPR & the Travel Industry: Practical recommendations for holiday rental ownersSpain-Holiday.com
What is GDPR? As a holiday rental property owner, Airbnb host or holiday rental agent, why does it matter to you?
You don't need to work at a large internet company like Facebook, Google or Amazon to be affected, or responsible for data protection.
As part of the travel & tourism industry, you probably have personal data on your guests such as name and email address at the very least. You may also have highly sensitive data such as financial details, date of birth and passport details.
The introduction of the new privacy regulation called the GENERAL DATA PROTECTION REGULATION, or GDPR, comes into effect from 25th May 2018.
This webinar aims to help you understand what your obligation in how you deal with the data from the customers, the penalties and risks for non-compliance and, most importantly, a step by step roadmap to becoming GDPR compliant as a small business owner in the holiday rental industry.
Alongside tips and practical advice, the webinar will explore the opportunities that the introduction of the new data protection law can have for you in the travel & tourism industry.
The presentation agenda will cover:
Introduction and overview to GDPR
GDPR and the Holiday Rental Industry
GDPR and You - Responsibilities, risks and benefits
Roadmap to GDPR compliance
GDPR applies to all businesses and organisations, big or small, offering products or services to citizens in the EU. Show your customers that you are committed to treating their personal data with respect and consideration by understanding how to become GDPR-ready for 25th May 2018.
The engaging white paper delivers the core facts you need to understand the fundamental nature of the GDPR regulations and what it means for your business and the management of its data.
Gdprplan.com affiliate huddle 10th may 2018Micky Khanna
The document provides 3 tips for implementing the GDPR by the deadline of May 25th, 2018. Tip 1 is to secure networks, assets, and people by ensuring websites and IT systems use HTTPS, implementing security procedures for premises, and establishing a BYOD policy. Tip 2 is to update contracts to clarify roles and responsibilities as controllers or processors of data. Tip 3 is to understand data protection laws outside of the EU to ensure compliance when transferring data internationally. The document also recommends training employees on security and GDPR requirements. It promotes an online GDPR training course to help organizations comply.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
This document provides an overview of Polar's approach to complying with the General Data Protection Regulation (GDPR). It discusses Polar's commitment to privacy, what GDPR is, some of the key challenges of implementation, and the processes and reviews Polar has put in place. The director introduces himself and his role at Polar, and then covers key aspects of GDPR including data subject rights, the definitions of controllers and processors, lawful bases for processing, and requirements around consent, documentation, accountability, and security.
The General Data Protection Regulation (GDPR) is a European Union law that strengthens and unifies data protection for individuals within the EU. It aims to give control to individuals over their personal data and simplify the regulatory environment for international business. Key provisions include strict rules on consent, rights of access and erasure, breach notification, and increased fines. Under GDPR, all companies that collect EU citizens' data must comply with regulations regarding how personal data is collected, processed, stored, and protected. [/SUMMARY]
The document discusses the transition from the Data Protection Act 1998 to the new General Data Protection Regulation (GDPR) that takes effect in May 2018. Some key points include:
- The GDPR has a wider territorial scope and applies to any organization that offers goods/services to individuals in the EU or monitors their behavior.
- Organizations must comply with new requirements for lawful processing of personal data, rights of data subjects, data protection officers, security breaches, and accountability.
- Non-compliance will result in significant fines of up to 20 million euros or 4% of global annual turnover, focusing minds on implementing a GDPR compliance strategy by the May 2018 deadline.
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
The document provides an overview of the General Data Protection Regulation (GDPR). It discusses key aspects of GDPR such as what it is, who it applies to, lawful bases for processing data, data subject rights, and steps for achieving compliance. Specifically, GDPR is a new EU privacy law that gives more control to individuals over their personal data and imposes fines on companies that don't comply. It applies broadly to any organization that handles EU citizens' data.
The European Union General Data Protection Regulation (“EU-GDPR”) will come into effect on May, 25th. Your company may think it does not have to worry about this because you are located in the United States, and you may be wrong. If your company processes or holds personal data for a person residing in a European Union country, your company will have to comply.
The Countdown is on: Key Things to Know About the GDPRCase IQ
The EU’s General Data Protection Regulation (GDPR) comes into effect on May 25th. This powerful legislation strengthens data privacy laws in Europe and has implications for companies all over the world that store, process or transfer the information of the EU’s citizens.
Failure to comply with the regulation can expose a company to fines based on global revenue and reputation damage, yet many companies are struggling to comply in time.
Join information security expert and CEO/Founder of AsTech Consulting, Greg Reber, as he walks participants through a plan for GDPR compliance.
After ensuring compliance as a controller and processor of data, Reddico created this presentation for the team - offering further guidance and information on our processes and how we've complied. For accuracy purposes, some information comes directly from the ICO's guidelines.
The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
Part 1 (of 3) deals with IP legal landmines that caused pretty severe problems for scaleups--this presentation is from the perspective of a scaleup team, i.e., it is not dense legalese.
This document provides a list of mentoring modules and presentations used by Global Capital to mentor startups, scaleups, and venture capitalists. The modules are divided into two parts: Part 1 addresses pre-funded startups and covers legal issues, intellectual property, forming the startup, managing the startup, developing technology, getting traction, and raising capital. Part 2 focuses on startups that have received funding and includes topics like building and managing the scaleup, team building, marketing, strategic alliances, international expansion, and additional rounds of venture capital funding. The presentations range from 30 minutes to two hours depending on the desired depth of content.
This presentation from last year argues that (1) the "hegemony of narrative" distracts attention from other opportunities in VR (now XR), which are (2) worlds, DIY tools and "corporate use" such as training and healthcare. Events since then have proven it to be largely true. "Narrative" (e.g., XR movies) are not a "wrong" investment, only a different one.
Global Capital 2011 Digital Trends & Licensing Implications January Febr...James C. Roberts III
This document discusses several digital trends and their implications for licensing. It begins by introducing the speaker and their firm, which provides both legal and strategic consulting services related to technology and content. Several trends are then summarized, including true convergence across platforms, increasing competition from online streaming services that is worrying telecom and cable companies, the rise of social media metrics and buttons, the growing importance of mobile, changes in startup funding, the increasingly global nature of IP, and new technologies like 3D printing and motion capture libraries. The document concludes by discussing some of the licensing issues that arise in relation to these trends, such as ensuring license scopes cover new platforms and uses, addressing representations and warranties, allocating ownership of user data, and managing
Global Capital Roundtable VCs & the US Market SUMMARY SLIDESJames C. Roberts III
This document summarizes a presentation about taking advantage of the US market. It discusses getting established in the US through state of incorporation, agreements, and legal entity types. It also covers current venture market trends like specialized funds and lean startups. Finally, it proposes developing a story and marketing plan for Italian startups to establish a US presence without leaving Italy.
The Librarian of Congress exercised his rulemaking authority to determine classes of works exempt from DMCA prohibitions on circumventing security technologies for purposes of fair use. This allows iPhone users to jailbreak their phones for personal use and allows documentary filmmakers to use short clips from DVDs for commentary and criticism. The basic principle is that access constraints should not preclude fair use such as commentary, education or criticism. A court ruling was also issued confirming these fair use principles.
The document provides guidance on creating an effective pitch deck for venture capitalists, recommending:
- The deck should be a PowerPoint presentation with no more than 15 slides, including a title slide and contact slide.
- Slides should have no more than 3 points each in at least 14 point font for readability.
- Key topics to cover include: market opportunity and problem solved, product/solution, competition, management team, funding needs, and use of funds.
- The goal is to compellingly pitch the opportunity in a few slides to get interest and a follow up meeting, not provide all details up front.
The document provides guidance on creating an effective pitch deck for venture capitalists, recommending it be a PowerPoint presentation with no more than 15 slides covering essential information like the market opportunity and solution, management team, costs, funding needs, and milestones. Key points are to keep it compelling with high level details rather than cramming in everything, and use a minimum 14 point font for readability.
The document provides guidelines for drafting social media policies for employees. It recommends taking a positive approach by providing guidance rather than punishments, and integrating social media policies into existing HR policies and training programs with some tweaks rather than creating new extensive policies. While there are risks to companies from employees' social media use, the risks are not as extreme as some claim and existing policies can often sufficiently address issues with minor adjustments.
This document summarizes key trends in digital technology and content licensing that were discussed during a licensing committee conference call in December 2009. It identifies several areas of change, including the continued weak global economy, disruption in the media industry from new technologies and business models, the rise of platforms like Google Chrome and cloud computing, increasing international regulation of privacy, attempts by Hollywood to expand ownership and collect more fees, and ongoing legal issues around patents and licensing practices.
1. The document discusses legal issues that are important to consider when valuing media assets in light of global trends.
2. It highlights how the scope of rights granted in licenses and the strength of representations and warranties impact valuation by determining the size of potential audiences across platforms.
3. Indemnification terms also impact valuation by shifting risks, such as infringement risks, to being assumed by either party.
Corporate Governance : Scope and Legal Frameworkdevaki57
CORPORATE GOVERNANCE
MEANING
Corporate Governance refers to the way in which companies are governed and to what purpose. It identifies who has power and accountability, and who makes decisions. It is, in essence, a toolkit that enables management and the board to deal more effectively with the challenges of running a company.
A Critical Study of ICC Prosecutor's Move on GAZA WarNilendra Kumar
ICC Prosecutor Karim Khan's proposal to its judges seeking permission to prosecute Israeli leaders and Hamas commanders for crimes against the law of war has serious ramifications and calls deep scrutiny.
2. THE EU GDPR
WHY US COMPANIES SHOULD CARE
JAMES C. ROBERTS III, ESQ.
GLOBALCAPITAL
GLOBAL CAPITAL STRATEGIC GROUP | GLOBAL CAPITAL LAW GROUP PC
3. WHO IS GLOBALCAPITAL?
Disruptive Tech Counsel
globalcaplaw.com
Our clients create, finance, distribute or implement disruptive tech
4. A FEW PROJECTS OF OURS
1st digital licenses
for Snoopy & for
Barney.
Outside corporate
counsel
Counsel on 1st music VR project
5. THIS IS NOT LEGAL ADVICE
For example,
1. You and we have not agreed to an engagement
2. We don’t know your particular situation--e.g., your
facts
6. THE PRESENTATION IS BASED ON
GENERALIZATIONS
• As an introduction to GDPR and its impact on US
companies, these slides include generalizations that
might not (probably do not) apply to all situations.
• There is a lot of disagreement about the application
of all of GDPR in all circumstances.
• Courts will change the current understanding.
8. WHAT IS THE GDPR?
• It is among the first regulations enforced at the EU
level
• Typically introduced at the EU level and implemented but
national laws by member states
• “Uniform” regulation of collection and use of all
“personal” data of EU citizens
9. (AT LEAST) THESE CORE PRINCIPLES OF GDPR
• “Data protection by design”
• EU Citizens own the data you collect, receive or use
• Companies need data “plumbing” to demonstrate that
their use of the data conforms to the regulations
10. US PRIVACY LAWS V. GDPR
• US privacy law is a patchwork of federal and state laws
• GDPR (largely) consolidates regulation & enforcement
• GDPR creates rights in the data and those rights are
controlled by the EU Citizens
• Requires certain legal bases for collecting, using &
sharing data, even after consent has been given
• Significant risk of substantial penalties
11. EXAMPLE: CONSENT
US privacy law:
• Consent can be inferred
• Once consent is received, data can be collected, used and
shared (largely) without risk
GDPR:
• EU Citizens must give informed and affirmative consent (or
there must be an alternative legitimate basis)
• EU Citizens can control data and its use
13. EU CITIZEN OWNERSHIP OF THE DATA
EU citizens own their data. Therefore:
• EU citizens have rights in their data that they can
exercise
• They can let you use (and create) data based on
“informed and affirmative” consent
• They can have you change the data, give you a copy,
erase it and forget them
14. THINK OF: THE EU CITIZEN AS DATA LICENSOR
The EU citizen:
• Owns his or her data
• Lets others use it only with affirmative consent (or other
legitimate basis)
• And “opt in” to specific uses.
As with any license, the owner may:
• Revoke consent (the license), or amend or request
removal of data.
15. CONTROLLER V. PROCESSOR
GDPR maintains the Controller/Processor distinction
• Controller determines the “purposes and means” of
processing data.
• Processor processes PII on behalf of the Controller.
• If the Controller is outside of the EU, it must appoint
an EU representative.
16. EXAMPLE: CONTROLLER V. PROCESSOR
P&G engages a market research firm
• Market research firm determines scope, goals,
means, message: includes NA, EU, ME.
• P&G approves.
• Market research firm is the controller.
• Passes the “purpose and means test.”
17. “LAWFUL BASIS” REQUIREMENT
• Processing must be ‘necessary’
• No “lawful basis” if you can reasonably achieve the
same purpose without the processing
18. OK TO COMMUNICATE RE: A CONTRACT
• Can communicate in anticipation of, and in relation
to, a contract (e.g., contacts for notice provisions or
fulfilling the contract)
• Does not permit wider use of personal data (e.g.,
newsletter, other marketing)
19. CONSENT: HOW DO YOU GET IT?
Consent is:
freely given, specific, informed and unambiguous
indication of the data subject's wishes by which he or
she, by statement or by a clear affirmative action,
signifies agreement to the processing of personal data
relating to him or her.
Be prepared to show your process meets these conditions
20. CONSENT: WHAT DOES IT MEAN?
Affirmative opt-in, i.e.
• no pre-ticked boxes or other default consent.
• Clear and specific statement of consent.
• Consent requests separate from other terms and
conditions.
• Vague or “overall” consent is not enough: specific
consent for specific things.
21. SAYING ADIOS TO CONSENT
User must be able to withdraw consent at any time
as easily as giving consent.
22. WHAT IS “PERSONAL DATA” UNDER GDPR?
“Personal Data” is (basically) any information that:
• Identifies or
• Could identify someone when combined with
other information
24. GDPR “OVERALL” REQUIREMENTS
• Have a legal reason (“lawful basis”) to collect and use the
data
• Consent is a lawful basis if it is clear and affirmative
consent
• Implement internal procedures: safeguards and training
• Keep it for the minimum period necessary
• The right to be forgotten is paramount, as is permanent
erasure
25. GDPR “OVERALL” REQUIREMENTS (2)
• Inform all EU citizen users of their rights
• Transborder transfer, processing & use subject to
GDPR
• Comply with data breach notifications
• Larger organizations (or ones collecting a lot of data)
must have a Data Officer
• Companies might have to conduct an impact analysis
and report it
26. COMPANIES OBLIGATIONS
Company obligations are based on the principles of:
• Collect the minimum amount of data for specific
purposes
• Keep it and use it for the shortest time possible
• Use the data only for those legitimate purposes
• Provide it to third parties under narrow circumstances
27. COMPANIES OBLIGATIONS (2)
• Do not transfer it outside of the EU & EEA, except
under specific conditions
• Always know what you have, where it is, who is using
it and what the basis of consent is
• Promptly and transparently respond to the exercise of
rights of EU Citizens
• (Other requirements such as internal training)
29. GDPR COVERS ALL EU CITIZENS
Covers data on EU citizens, irrespective of
location of collection/servers, etc.
• If a US company acquires EU citizen data but is
not in the EU, could be subject to GDPR
30. GDPR CAN APPLY TO US COMPANIES . . .
(Basically) depends on the extent of targeting
of, or involvement with, EU citizens
• Collects and/or processes EU citizens’ PII as a regular part of its
business
• E-commerce, payable in Euros and with local language
• Global surveys, especially if in a local language
• EU citizens get “hit” with cookies then GDPR applies
31. GDPR CAN APPLY TO SUBSIDIARIES
• US subsidiaries of EU companies are likely to be subject to
GDPR
• EU subsidiaries of US companies will definitely be subject
to GDPR
• Minority interests will likely trigger coverage
32. BASIC “SMELL TEST”
HOW MUCH OF YOUR BUSINESS DEPENDS ON EU CITIZENS?
• The higher the number—or the higher the percentage of your
business—the greater the risk.
• The bigger you are the greater the risk.
• The more control you have over collection, the greater the risk.
• Controlling or processing.
• Intentional or unintentional.
33. INCIDENTAL COLLECTION: IN THEORY, YES, BUT . . .
Global marketing, per se, that results in such info
unlikely to trigger GDPR
• Even though the law could permit the EU to chase you
34. BE CAREFUL: THIS IS JUST A GUESS
No one really knows how the EU data authorities will
respond.
35. IN OTHER WORDS:
ARE EU CITIZENS A TARGET MARKET FOR YOU?
Then building the data privacy structure implied by the
GDPR is probably a good idea.
36. GDPR: IT’S NOT JUST A PRIVACY POLICY
It’s more about:
• your “data plumbing” than about your privacy policy
(privacy notice)
• Your control of the data you collect and use, i.e.,
knowing what it is, the consent basis for it and where
it is.
• Your responsiveness to EU Citizens’ requests
• Your control through contract provisions of your
relationships with others in the data plumbing
38. SOME RELIEF . . . JUST DO IT.
Some companies are perfectly happy to implement
privacy policies and procedures “compliant” with
GDPR specifications.
It’s best practices. That’s good business.
39. SOME RELIEF . . .
• The EU/US Privacy Shield
• Model clauses/model contracts
40. THE EU/US PRIVACY SHIELD
The “privacy shield” permits companies to fulfill some of the
obligations under GDPR and “shield” themselves from (some)
risk. But
• [the company] “must include robust mechanisms for assuring
compliance with the Principles, recourse for individuals who are
affected by non-compliance with the Principles, and consequences
for the organization when the Principles are not followed.”
41. “MODEL CONTRACTS”
AKA BONDING CORPORATE RULES
Companies in a “group” or a “joint economic undertaking” can
enter into “binding corporate rules” to govern their
transatlantic data transfers under GDPR
• Good for parent/sub relationships
• Must apply with the relevant “data protection authority” at the
member state level
42. WHAT TO DO
• EU/US Privacy Shield and “Binding Corporate Rules” take
time and money and are a little tricky.
• Still not necessarily a bad idea. Some rigidity v. some
flexibility.
• Good for larger firms.