The EU’s General Data Protection Regulation (GDPR) takes effect on May 25, 2018. GDPR significantly increases the requirements imposed on companies touching the personal data of EU citizens, and also increases oversight by the EU member states’ data protection authorities. And the consequences of non-compliance under GDPR are massive—the greater of €20 million or four percent of the company’s worldwide turnover.
GDPR Compliance: What You Need to Know Before May 2018Infosec
Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.
In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements
To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
General Data Protection Regulation (GDPR) is taking effect in May 2018
What does GDPR actually mean for organizations and data?
What's in Scope?
When must organizations be ready?
Article 15: Right of Access
Article 16: Right of Correction
Article 17: Right to be forgotten
Article 20: Right of Portability
Article 21: Right to object
Article 8: Children under 16
Article 24: Responsibility of the controller
Article 28: Data processor
Article 32: Technical measures
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
GDPR Compliance: What You Need to Know Before May 2018Infosec
Scheduled to come into effect May 25, 2018, the General Data Protection Regulation (GDPR) has struck fear into compliance officers around the world. Much confusion surrounds this new regulation as organizations everywhere work to understand its new requirements and adjust business processes accordingly.
In this webinar, we review:
-- Key GDPR requirements
-- Data types regulated under GDPR
-- How GDPR impacts EU and non-EU businesses
-- Steps to becoming GDPR compliant
-- Consequences of non-compliance
-- How SecurityIQ helps you meet security awareness GPDR requirements
To learn more about SecurityIQ, visit: https://securityiq.infosecinstitute.com/
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
The GDPR (DSGVIO) is effective since 25th of May. This brief presentation about privacy law in Europe gives an overview to the GDPR (DSGVO) and and an outlook to privacy regulations.
(presentation from the 18th of June 2018 in "Factory Berlin".
General Data Protection Regulation (GDPR) is taking effect in May 2018
What does GDPR actually mean for organizations and data?
What's in Scope?
When must organizations be ready?
Article 15: Right of Access
Article 16: Right of Correction
Article 17: Right to be forgotten
Article 20: Right of Portability
Article 21: Right to object
Article 8: Children under 16
Article 24: Responsibility of the controller
Article 28: Data processor
Article 32: Technical measures
GDPR From Implementation to OpportunityDean Sappey
GDPR presents new challenges for law firms across Europe. This presentation explains the implications of GDPR and simple strategies to ensure firms are compliant for its launch in May 2018
Impact of GDPR on Data Collection and ProcessingPromptCloud
This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.
This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.
I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.
General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.
Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.
Important Definitions and Notes from the presentation:
GDPR
The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
Have you missed the deadline with your GDPR preparedness?
If you're struggling to get caught up with compliance, this short presentation can help you focus on the key things you'll need to consider and do.
Read more at our blog post here: https://privacypolicies.com/blog/prepare-gdpr/
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
Understand what GDPR is and how it affects US companies.
- Take the 3-Question Test to see if it really applies to you
- Follow a 4-part framework for updating your privacy policy
- Learn why your CRM may be a problem
- Get a full checklist on how to become compliant today
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
Impact of GDPR on Data Collection and ProcessingPromptCloud
This presentation covers how GDPR will impact various aspects of user data collection and processing along with the way to achieve compliance with the regulations.
This presentation was prepared to accompany my talk at Montreal All Girls Hack Night.
I think that Data and Privacy should be the foundation for all businesses moving forward to maintain a healthy Digital life for everyone.
General Data Protection Regulation plays a great role in to enforcing such acts that ensure Data Protection and Privacy of the users. GDPR is a very brief topic, but in this presentation I will share with you some core values of GDPR and some basic actions that you can take to make your business compliant to GDPR.
Note: This is not a legal advice. This information is collected from different resources. All the guides and resources used in the presentation are listed below.
Important Definitions and Notes from the presentation:
GDPR
The General Data Protection Regulation (GDPR) (EU) is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA).
Strengthening current personal data protection regulation (EU 95/46), GDPR lays down rules relating to protection of natural persons with regard to processing and free movement of personal data. It applies to all entities in EU member states processing personal data by automated means and processing which form part of a filing system. Application of GDPR will be supervised in Belgium by the privacy commission.
Have you missed the deadline with your GDPR preparedness?
If you're struggling to get caught up with compliance, this short presentation can help you focus on the key things you'll need to consider and do.
Read more at our blog post here: https://privacypolicies.com/blog/prepare-gdpr/
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
Preparing for the new General Data Protection Regulation? Here is a presentation to help you to engage your employees with their new information security requirements. In this ppt presentation, you will find out: why GDPR, steps to manage compliance, important information security facts and some of the key articles.
What is GDPR, the EU’s new facts protection law? What is the GDPR? Europe’s new information privateness and safety regulation consist of heaps of pages’ really worth of new necessities for companies around the world. This GDPR summary can help you understand the law and determine what components of it follow to you. The General information Protection Regulation (GDPR) is the toughest privacy and safety regulation in the world.
Understand what GDPR is and how it affects US companies.
- Take the 3-Question Test to see if it really applies to you
- Follow a 4-part framework for updating your privacy policy
- Learn why your CRM may be a problem
- Get a full checklist on how to become compliant today
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force, replacing all existing data protection regulations.
Payroll bureaus process large amounts of personal data in relation to their customers, their customers’ employees, and their own employees. Consequently, the GDPR will impact most if not all areas of the business and the impact it will have cannot be overstated.
BrightPay hosted a free CPD accredited webinar alongside Bright Contracts where we discussed everything that accountants, bookkeepers and payroll bureaus need to know about GDPR.
For more information visit https://www.brightpay.co.uk
Gdpr demystified - making sense of the regulationJames Mulhern
Slightly out dated introduction to GDPR, that tries to move away from the headlines on fines and emphasises the global nature of the regulation, the numerous forms of lawful processing and the absolute need to manage privacy and be transparent. Goes on to show how using public cloud can help solve part of the problem.
What does GDPR actually mean to you as a business, what are the rights of individuals and how do you have to apply them, around Subject Access Request, Right to Erasure / be Forgotten, Consent and Opt In and Out and Personally Identifiable Information and Personal Data
What's Next - General Data Protection Regulation (GDPR) ChangesOgilvy Consulting
The General Data Protection Regulation is the biggest change to the law on data in years. This webinar features Vicky Brown, Deputy General Counsel at WPP, and Paul King, Head of Data at OgilvyOne discussing what it is, why it matters and what companies are doing.
Data Privacy and Data Protection: Rotary’s Compliance with GDPRRotary International
As stewards of personal data for more than 1.2 million Rotarians and friends of Rotary worldwide, Rotary takes data privacy and protection seriously. To ensure compliance with the European Union's new privacy law, the General Data Protection Regulation (GDPR), we will apply these standards globally. Find out more about these efforts and how they affect data privacy and protection for Rotary.
What does the GDPR mean for charity communicators? | Scotland Networking Grou...CharityComms
David Freeland, senior policy officer at the Scottish Information Commissioner’s Office
Visit the CharityComms website to view slides from past events, see what events we have coming up and to check out what else we do: www.charitycomms.org.uk
After ensuring compliance as a controller and processor of data, Reddico created this presentation for the team - offering further guidance and information on our processes and how we've complied. For accuracy purposes, some information comes directly from the ICO's guidelines.
It, Legal, Marketing and sales departments are all affected by the European Union's General Data Protection Regulation (EU GDPR). EU GDPR is more than an IT governance issue, it impacts the IT architecture and the user journey of your online and offline data capture processes.
Key marketing impacts of the GDPR - Rosemary Smith, Director, Opt-4Adestra
From May 2018, the GDPR will affect all processing of personal data including email marketing. This session will outline the key impacts on marketing consent and profiling, and provide practical ideas on how to make your email campaigns legal.
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
The GDPR changes are fast approaching and time is running out to prepare yourself and your data. GDPR is an important topic that you will need to know inside out for your business and marketing to succeed. CommuniGator can help you get fully prepared for its arrival.
We are here to answer YOUR GDPR questions to arm you with everything you need to ensure you are compliant come May 2018.
Find out how the new data law will affect your B2B marketing abilities. We answer all your questions with a Q&A section from our experts in the field – so you can really get to grips with the changes.
We cover:
- The good the bad and the ugly of GDPR
- Your own checklist to becoming compliant
- How to get your existing data ‘double opted-in’
- Answers to your burning questions!
Charity Law Updates for 2018: Making the Most of ChangeIBB Law
January 2018 welcomes the Kingston Smith and IBB Solicitors annual charities update to bring you up to speed with the legal and regulatory developments in the Charity Sector.
For advice on developments in the Charity Sector please see:
https://www.ibblaw.co.uk/sector/charities
For charity law experts see:
https://www.ibblaw.co.uk/service/charities
Rosie Brass, senior solicitor in the Charities team at IBB, will provide an overview of the legal framework for the GDPR. Then Dan Fletcher, Director (Fundraising), at Kingston Smith, will guide attendees on how to make the most of the GDPR and use the changes to improve their data management. Dan will also discuss practical ways to use the changes to improve fundraising and marketing for the better. For more information on GDPR please see: https://www.ibblaw.co.uk/insights/blog/are-you-ready-general-data-protection-regulation
In the second half of the seminar, Mahmood Ramji and Luke Holt from the Kingston Smith Charities team will provide an update on accounting, including looking at the recent SORP information sheet and the expected future timeline for new SORP iterations, followed by an overview of another 2017 hot topic - charity fraud, including cybercrime. Mahmood will also share details of the most pertinent areas we have been discussing with our clients during 2017. Looking forward into 2018, Luke will highlight the main points from the Lords Select Committee on Charities and how the sector may adapt as a result. Following the release of the third edition of the Charity Governance Code, Luke will also discuss the main areas of consideration and significant changes from previous versions. They will then conclude with a look at the new CC32 Independent Examination guidance and its key amendments.
The last part of the presentation will be provided by Paul Ridout, who heads the IBB Charities practice and will talk briefly about some recent regulatory action by the Charity Commission, including the deployment of some of the new powers brought in by the Charities (Protection and Social Investment) Act 2016. He will also address the tricky issue of serious incident reporting, in the light of the Commission’s recent changes to its guidance to trustees about what needs to be reported, and when.
General Data Protection Regulation (GDPR) for Identity ArchitectsWSO2
https://wso2.com/solutions/regulatory-compliance/gdpr/
The EU General Data Protection Regulation (GDPR) has many identity architects uniquely positioned to help their organizations to comply with the ruling.
Effective from 25th May 2018, the regulation 2016/679 of the European parliament and of the council, replaces the Data Protection Directive 95/46/EC and is designed to harmonize data privacy laws across Europe. It aims to protect and empower all EU residents' data privacy and to reshape the way organizations across the region approach data privacy. GDPR is also quite prominent due to the heavy penalties introduced for violators — which could be as much as 4% of the annual global turnover or €20 million (whichever is greater).
In this webinar we will discuss all technical aspects of the regulation and what steps you as an identity architect can take to ensure that your security strategy is primed for GDPR.
Are you ready for the General Data Protection Regulation?
VILT has compiled this Frequently Asked Questions document. Read about what it is and how we can help.
Companies operating with employees in the U.S. need to be aware of state and federal employment laws. Employees can be a business’s greatest asset, but it may seem that there is a potential employment pitfall at every turn. The consequences of mishandling issues can be costly and time-consuming.
On June 13, 2019, Winston hosted the inaugural Nordic Session – “Avoiding Employment Law Landmines” presented by Monique Ngo-Bonnici, Jason Campbell, and Nordic Session hosts Uri Doron and Jared Manes. The presenters discussed employment litigation trends and provided practical strategies on a number of labor and employment-related issues.
More information, including an audio recording, is available here:
https://www.winston.com/en/thought-leadership/the-nordic-sessions-avoiding-employment-law-landmines.html
Latest Developments Regarding Arbitration in Hong Kong and Mainland ChinaWinston & Strawn LLP
The arbitration landscape is ever-changing, with new legislation being promulgated, cases coming up, and ideas being tested. In part three of this series, Partner Terence Wong explored the latest developments regarding arbitration in Hong Kong and Mainland China, including a case handed down by the Court of Final Appeal, and a decision of the Indian Court dealing with the split of the China International Economic and Trade Arbitration Commission (CIETAC), which may have an impact on the enforcement of CIETAC arbitral awards in other jurisdictions.
Contact Winston & Strawn for more information about this presentation: https://www.winston.com/en/thought-leadership/latest-developments-regarding-arbitration-in-hong-kong-and-mainland-china.html
Recent Trends in Regulatory Actions Impacting Banks and Financial InstitutionsWinston & Strawn LLP
This presentation addresses recent trends in regulatory actions impacting banks and financial institutions. It focuses on how attendees can minimize their impact on their respective organizations as a lawyer, leader of a line of business, member of the Board of Directors, or a risk management, compliance, finance, and internal audit professional.
The presentation also addresses trends in formal enforcement actions, observations related to recent regulatory agency matters, and noteworthy recent public enforcement matters. It includes lessons learned in preventing matters requiring attention from turning into formal actions and best practices in conducting lookback reviews.
More information, including an audio recording, is available here: https://www.winston.com/en/thought-leadership/recent-trends-in-regulatory-actions-impacting-banks-and-financial-institutions.html.
For better or worse, electronic data is at the heart of many legal investigations. Therefore, it is becoming increasingly important for lawyers to have a basic understanding of computer forensics including:
- what computer forensics is and what types of things can a computer forensic expert do;
- types of mistakes lawyers or IT professionals make that can corrupt, alter, or destroy evidence that is key to investigations;
what types of electronic evidence exists;
- ways to work efficiently and effectively with a computer forensic expert; and
- when to consider hiring and how to choose a computer forensic expert as part of an investigation
Learn more from Winston & Strawn and listen to the presentation here: https://www.winston.com/en/thought-leadership/computer-forensics-what-every-lawyer-needs-to-know.html.
Maximizing Deductions in Light of the Section 162(m) GuidanceWinston & Strawn LLP
Winston & Strawn’s Employee Benefits & Executive Compensation Practice hosted “Maximizing Deductions in Light of the Section 162(m) Guidance” on September 6, 2018.
The IRS recently issued Notice 2018-68 providing much anticipated guidance on the key issues with respect to the Section 162(m) amendments added by the Tax Cuts and Jobs Act.
Partners Michael Melbinger, Nyron Persaud, and Ruth Wimer presented this webinar focused on understanding the impact of Notice 2018-68, including:
- Brief overview of the changes in Section 162(m) as a result of the Tax Act
- In depth discussion and analysis of Notice 2018-68: Covered employee, written binding contract, material modification
- “To do” list for maximizing deductions going forward
- Alternative compensation strategies
- Proxy Statement Reporting
- Accounting issues
Learn more here: https://www.winston.com/en/thought-leadership/maximizing-deduction-in-light-of-the-section-162m-guidance.html.
Regulators on the Move – Recent Treasury and Comptroller Actions: How They Af...Winston & Strawn LLP
The U.S. Treasury and Comptroller of the Currency recently published reports and announced major initiatives of impact to financial institutions. What should directors know about these initiatives and how do they impact financial institution strategy? This webinar discussed those issues, addressed likely competition from fintech firms, and focused on the following topics:
- U.S. Department of the Treasury report on “Nonbank - Financial, Fintech, and Innovation”
OCC’s fintech charter
- Recent efforts by institutions to eliminate holding company regulations
Contact Winston & Strawn for more information about this presentation:
https://www.winston.com/en/thought-leadership/regulators-on-the-move-recent-treasury-and-comptroller-actions-how-they-affect-you.html
Winston & Strawn's Employee Benefits & Executive Compensation Practice hosted an eLunch to discuss key issues faced by plan sponsors during IRS and DOL audits of retirement plans. The most common problem areas identified by IRS and DOL agents were addressed, with practical tips for plan sponsors on how to establish and maintain internal controls to help avoid compliance errors. Topics included:
-The most significant issues DOL agents focus on during audits, including missing participants, late payroll deposits, and missed employee communications
-The most significant issues IRS agents focus on during audits, including definitions of compensation, age 70-1/2 distributions, employee eligibility requirements, and properly updated plan documents
-Steps employers can take in order to improve their internal controls for compliance with IRS and DOL requirements
Contact Winston & Strawn for more information about this presentation:
https://www.winston.com/en/thought-leadership/irs-and-dol-audit-issues-for-retirement-plans.html
Solutions to Section 301 Tariffs on Products from China—Managing the Shock of...Winston & Strawn LLP
As part of an on-going international trade dispute between the United States and China, on July 6, 2018, the U.S. Trade Representative (USTR) imposed additional 25% tariffs on the importation of products from China that fall within 818 different classifications of the Harmonized Tariff Schedule of the United States (HTSUS). Since that time, the USTR has proposed additional 25% tariffs on an another large group of tariff classifications, and the week of July 9 proposed additional 10% tariffs on a third set of tariff classifications. These additional tariffs are based on an investigation under Section 301 of the Trade Act of 1974 into the government of China’s acts, policies, and practices related to technology transfer, intellectual property, and innovation.
These Section 301 tariffs are a financial shock to many Chinese suppliers and their U.S. customers and may even drive some companies out of business. However, there are procedures available for seeking removal of certain HTSUS classes of goods from the Section 301 tariffs, other procedures for seeking exemptions of particular products from those tariffs, and if necessary, supply chains can be reconfigured to avoid those tariffs.
Contact Winston & Strawn for more information about this presentation: https://www.winston.com/en/thought-leadership/solutions-to-section-301-tariffs-on-products-from-chinamanaging-the-shock-of-25-increase-in-cost-of-goods.html.
Best Practices for Anti-Bribery and Anti-Corruption (ABAC) ComplianceWinston & Strawn LLP
Winston & Strawn hosted a webinar titled “Best Practices for Anti-Bribery and Anti-Corruption (ABAC) Compliance.”
The interactive webinar focused on the following ABAC compliance topics:
- Anti-bribery and anti-corruption authorities
- Essential elements of a comprehensive and effective compliance program
- Implementing your compliance program in real-world scenarios
- Problem management and escalation protocol
Winston & Strawn partners Peter Crowther, Nicholas Usher, and Eva Davis hosted a discussion on the latest developments in international corporate transactions and antitrust/competition law.
Among other topics, they discussed current market practices for U.S. companies doing transactions in Europe, as well as key takeaways from some of the recent matters they have handled.
Winston & Strawn presented “Recent Legislation Impacting Dodd-Frank Requirements: What Financial Institution Directors Need to Know.” This webinar included a discussion of recent legislative changes to Dodd-Frank, what the FRB and OCC are focused on, other bank regulatory developments, and how these affect directors.
Trade Secret Protection: Practical Advice on Protecting and Defending Your Or...Winston & Strawn LLP
Winston's Global Privacy & Data Security Task Force presented an interactive webinar focused on some of the practical ways to prevent theft of key information, investigation tips, and strategies to defend against the use of that information after a theft.
Cryptocurrency Crackdown: What You Need to Know about Enhanced IRS/Government...Winston & Strawn LLP
With a newly assembled team of specialized investigators, the Internal Revenue Service (IRS) has dedicated substantial resources to investigating cryptocurrency use in tax evasion. According to the IRS, any taxpayer who has engaged in a virtual currency transaction without properly reporting it has failed to comply with U.S. tax law.
As John Doe Summonses seeking the identities of investors are served on cryptocurrency trading exchanges, significant IRS civil and criminal investigations will ensue. The New York Attorney General’s Office has announced an investigation into the policies and practices of cryptocurrency trading exchanges. The SEC, CFTC, and other regulators have announced initiatives as well.
Winston & Strawn hosted “Cryptocurrency Crackdown: What You Need to Know about Enhanced IRS/Government Scrutiny of Cryptocurrency Transactions.” The program examined the IRS’s newest substantive and procedural initiatives regarding cryptocurrency transactions, the reporting obligations that U.S. taxpayers must follow, corrective steps that may still be taken to mitigate exposure, and appropriate tax structuring of these transactions.
The program also provided an overview of the latest developments in regulatory investigations.
In 2017, Nevada became the 36th state to ratify the The Equal Rights Amendment (ERA). This spring, Illinois could become the 37th. With one additional state ratification—and one more vote in Congress—our Constitution could finally guarantee equality to all people regardless of sex.
“The Equal Rights Amendment: Legal Issues and Implications” was designed to answer recurring questions about the legal implications of the ratification effort, including why ratifying the ERA is still important and necessary, what the ERA would (and would not) accomplish, and why it is not too late.
https://www.winston.com/en/equal-rights-amendment.html
For a few brief months in late 2017, the five-member National Labor Relations Board (NLRB) operated at full-strength and with a Republican majority for the first time in a decade. The “new” NLRB’s case outcomes were consequential, and included reversals of several perceived pro-labor decisions from the prior Obama NLRB. Then, Chairman Miscimarra’s term expired in December, and the NLRB settled back into a 2-2 equipoise. Looking ahead, employers will likely not wait long for another shift in the NLRB’s political make-up, as President Trump’s latest nominee, Republican John Ring, awaits confirmation by the Senate.
Winston & Strawn Partners Bill Miossi and Derek Barella review the NLRB’s late 2017 flurry of activity and likely issues and agenda items to be taken up by the Trump NLRB in 2018.
2018 Hot Topics for Health & Welfare Plans, Fringe Benefits, and Withholding ...Winston & Strawn LLP
Winston & Strawn’s Employee Benefits & Executive Compensation Practice presented an eLunch titled “2018 Hot Topics for Health & Welfare Plans, Fringe Benefits, and Withholding Rates.”
This presentation featured a discussion of the following hot button issues:
- Updates on Affordable Care Act (ACA) employer shared responsibility
- Tax Act changes to the ACA
- Tax Act changes to fringe benefit rules
- Tax Act changes to employer tax withholding rates, including for bonuses and other supplemental payments
The Real Deal Webinar Series: Delaware Law Developments/Recent Judicial Decis...Winston & Strawn LLP
The presentation included a discussion of current issues and recent judicial decisions affecting M&A transactions and corporate governance for Delaware companies from a transactional perspective.
The Real Deal Webinar Series: Practical Advice from a Former Chief Compliance...Winston & Strawn LLP
The presentation included a discussion of practical steps in-house lawyers can take to build, grow, and measure their corporate compliance program, and why such programs are important for companies, especially those preparing for a sale.
This program includes Board of Director highlights of the current M&A environment, an update of current issues in Director and Officers (D&O) liability insurance, and cautionary observations on recent litigation developments. The panel addressed each of these topics in the context of the current regulatory changes, the economy, buy and sell side perspectives, and particular challenges for board fiduciary duties.
How to Obtain Permanent Residency in the NetherlandsBridgeWest.eu
You can rely on our assistance if you are ready to apply for permanent residency. Find out more at: https://immigration-netherlands.com/obtain-a-permanent-residence-permit-in-the-netherlands/.
Responsibilities of the office bearers while registering multi-state cooperat...Finlaw Consultancy Pvt Ltd
Introduction-
The process of register multi-state cooperative society in India is governed by the Multi-State Co-operative Societies Act, 2002. This process requires the office bearers to undertake several crucial responsibilities to ensure compliance with legal and regulatory frameworks. The key office bearers typically include the President, Secretary, and Treasurer, along with other elected members of the managing committee. Their responsibilities encompass administrative, legal, and financial duties essential for the successful registration and operation of the society.
PRECEDENT AS A SOURCE OF LAW (SAIF JAVED).pptxOmGod1
Precedent, or stare decisis, is a cornerstone of common law systems where past judicial decisions guide future cases, ensuring consistency and predictability in the legal system. Binding precedents from higher courts must be followed by lower courts, while persuasive precedents may influence but are not obligatory. This principle promotes fairness and efficiency, allowing for the evolution of the law as higher courts can overrule outdated decisions. Despite criticisms of rigidity and complexity, precedent ensures similar cases are treated alike, balancing stability with flexibility in judicial decision-making.
ALL EYES ON RAFAH BUT WHY Explain more.pdf46adnanshahzad
All eyes on Rafah: But why?. The Rafah border crossing, a crucial point between Egypt and the Gaza Strip, often finds itself at the center of global attention. As we explore the significance of Rafah, we’ll uncover why all eyes are on Rafah and the complexities surrounding this pivotal region.
INTRODUCTION
What makes Rafah so significant that it captures global attention? The phrase ‘All eyes are on Rafah’ resonates not just with those in the region but with people worldwide who recognize its strategic, humanitarian, and political importance. In this guide, we will delve into the factors that make Rafah a focal point for international interest, examining its historical context, humanitarian challenges, and political dimensions.
DNA Testing in Civil and Criminal Matters.pptxpatrons legal
Get insights into DNA testing and its application in civil and criminal matters. Find out how it contributes to fair and accurate legal proceedings. For more information: https://www.patronslegal.com/criminal-litigation.html
WINDING UP of COMPANY, Modes of DissolutionKHURRAMWALI
Winding up, also known as liquidation, refers to the legal and financial process of dissolving a company. It involves ceasing operations, selling assets, settling debts, and ultimately removing the company from the official business registry.
Here's a breakdown of the key aspects of winding up:
Reasons for Winding Up:
Insolvency: This is the most common reason, where the company cannot pay its debts. Creditors may initiate a compulsory winding up to recover their dues.
Voluntary Closure: The owners may decide to close the company due to reasons like reaching business goals, facing losses, or merging with another company.
Deadlock: If shareholders or directors cannot agree on how to run the company, a court may order a winding up.
Types of Winding Up:
Voluntary Winding Up: This is initiated by the company's shareholders through a resolution passed by a majority vote. There are two main types:
Members' Voluntary Winding Up: The company is solvent (has enough assets to pay off its debts) and shareholders will receive any remaining assets after debts are settled.
Creditors' Voluntary Winding Up: The company is insolvent and creditors will be prioritized in receiving payment from the sale of assets.
Compulsory Winding Up: This is initiated by a court order, typically at the request of creditors, government agencies, or even by the company itself if it's insolvent.
Process of Winding Up:
Appointment of Liquidator: A qualified professional is appointed to oversee the winding-up process. They are responsible for selling assets, paying off debts, and distributing any remaining funds.
Cease Trading: The company stops its regular business operations.
Notification of Creditors: Creditors are informed about the winding up and invited to submit their claims.
Sale of Assets: The company's assets are sold to generate cash to pay off creditors.
Payment of Debts: Creditors are paid according to a set order of priority, with secured creditors receiving payment before unsecured creditors.
Distribution to Shareholders: If there are any remaining funds after all debts are settled, they are distributed to shareholders according to their ownership stake.
Dissolution: Once all claims are settled and distributions made, the company is officially dissolved and removed from the business register.
Impact of Winding Up:
Employees: Employees will likely lose their jobs during the winding-up process.
Creditors: Creditors may not recover their debts in full, especially if the company is insolvent.
Shareholders: Shareholders may not receive any payout if the company's debts exceed its assets.
Winding up is a complex legal and financial process that can have significant consequences for all parties involved. It's important to seek professional legal and financial advice when considering winding up a company.
NATURE, ORIGIN AND DEVELOPMENT OF INTERNATIONAL LAW.pptxanvithaav
These slides helps the student of international law to understand what is the nature of international law? and how international law was originated and developed?.
The slides was well structured along with the highlighted points for better understanding .
3. • General Data Protection Regulation
•Effective May 25, 2018
•Replaces the current Directive
•Penalties
•Up to the greater of €20 million or four percent of
the company’s worldwide turnover
The Basics
3
4. 1. Decide if GDPR Applies to You
2. Determine Where Your Data Comes From
and Where it Goes
3. Establish Mechanisms to Allow Data
Subjects to Exercise Their Rights
4. Update Your Data Breach Response Plans
and Privacy Notice
5. Prepare to be Accountable
Five Things You Can Do Now To Prepare
4
6. • GDPR applies to companies involved in the processing of
personal data of individuals located in the EU
In a Nutshell
6
7. • Any operation or set of operations which is performed on
personal data or on sets of personal data
What is Processing?
7
8. • Any information relating to an identified or identifiable natural
person
• Conceptually quite broad
• Online identifiers
• Cookie information
• Location Data
• Device IDs
• Sensitive personal data
What is Personal Data?
8
9. Should a company that has no “on the ground”
operations in the EU really care about GDPR?
10. Controller or Processor?
• Determines the purposes
and means of the
processing of personal data
Controller
• Processes personal data on
behalf of the controllerProcessor
10
11. What Companies Have to Comply?
11
1
• A controller or processor that maintains an “establishment” in
the EU if that EU establishment processes personal data,
regardless of whether the processing actually takes place in the
EU
2
• A controller or processor not established in the EU “where the
processing activities are related to offering goods or services to
data subjects in the [EU]”
3
• A controller or processor not established in the EU if that the
entity processing personal data of data subjects in the EU and
that processing is related to the “monitoring” of “behavior” of
data subjects within the EU
12. • What languages do you use?
• What currencies do you accept?
• At whom do you direct your advertising?
Do You Direct Your Processing Activities to EU
Data Subjects?
12
13. • Consider online behavioral advertising
• Other Internet profile
• Offline profiling
• Employee monitoring
Are You Monitoring Behavior of EU Data
Subjects?
13
14. • Activities not covered under EU law;
• Activity of a EU Member State in furtherance of a common
foreign or security policy of the EU;
• Activity performed by a natural person in furtherance of a purely
personal or household activity;
• Processing by the EU itself; and
• Activity performed by national authorities to prevent, investigate,
or prosecute criminal offenses, or in furtherance of a judicial
function.
When is GDPR Not Applicable?
14
15. •Does GDPR apply to my organization?
•GDPR applies where an organization processes
information relating to EU residents and answer to any of
the following questions is “yes”:
• The organization has an establishment in the EU;
• The processing relates to the organization’s offering of goods or
services to EU residents; or
• The processing relates to monitoring or profiling of EU residents
Recap
15
17. • You need to get a handle on your data flows since under GDPR,
personal formation may be used only for the purpose for which it
was collected
• Consider:
• Whose data do you have?
• What data elements are included?
• Where is it stored?
• Why do you have it and how long will you keep it?
• What processors and sub-processors are you using?
The Value of the Data Map
17
18. Do you have a lawful basis for processing EU
personal data?
18
Necessary for
performance of a
contract with the data
subject
Necessary for
compliance with a
legal obligation
Necessary to protect
“vital interests”
Necessary for the
performance of a task
in the public interest
Legitimate interests
that aren’t overridden
by the data subject’s
interests
Consent
19. • Legitimate Interest requires a balancing of the legitimate interests
of the controller against the interests and fundamental rights of
the data subject.
• Consent requirements:
• Voluntary, affirmative statement or act
• Freely given
• Specific
• Informed
• Subject to being withdrawn by data subjects
“Legitimate Interest”? Consent?
19
20. • Racial or ethnic origin
• Political opinions
• Religious affiliation
• Philosophical beliefs
• Union membership
• Health
• Sexual orientation
• Genetic data
• Biometric data
Do you have a lawful basis for processing EU
SENSITIVE personal data?
20
21. Using a Third Party Processor?
21
Only give to them for limited/specific purpose
Make sure they give level of protection required
Make sure they use information consistent with your obligations
Require them to notify you if they can’t live up to their requirements
• You act only on our instructions
• You give appropriate safeguards
• You will help us respond to people who exercise rights
Have a contract in place that says:
• Stop them from further processing
If they notify you they can’t live up to their obligations, then:
23. EU Data Transfer Restrictions, Unless:
23
Consent
Binding Corporate Rules
Model Clauses
Decision of Adequacy
24. Decision of Adequacy
24
EntireCountry
• Andorra
• Argentina
• Canada
• Faeroe Islands
• Guernsey
• Israel
• Isle of Man
• Jersey
• New Zealand
• Switzerland
• Uruguay
SafeHarbor
• For US
companies
• ECJ decision
ruled no longer
adequate Oct.
2015
• Renewals will
stop Oct. 31,
2016
PrivacyShield
• Replaces Safe
Harbor
• Started
accepting
applications
Aug. 1, 2016
25. How Does Privacy Shield Differ From US Law?
25
US
Marketing opt-
outs narrow
(CAN-SPAM,
TCPA, etc.)
Email opt-out can
be provided only
at time of sending
message
Shield
Opt-out of
marketing
regardless of type
of delivery
Let people
exercise
marketing opt-
out anytime
Compliance with
Privacy Shield’s
Principles
26. Privacy Shield vs. Model Clauses
26
Model Clauses Privacy Shield
Internal training and review requirements
DoC and FTC scrutiny and clear enforcement
procedure
Mandatory arbitration
Modeled off of EU Directive
Specific to data set described as being transferred
Registration required with some DPAs
Can tailor easily to one data transfer set
27. Privacy Shield vs. Consent
27
Consent Privacy Shield
Works only if have direct relationship with
individual
Criticized by some DPAs as inadequate, especially
in HR context
Requires specific language when communicating
data practices
28. Privacy Shield vs. BCRs
28
BCRs Privacy Shield
Applies only to intra-company transfers
Must be approved by DPA
Application process can take several years
Would need supporting procedures to
implement and effectuate
Core principles adhere to the EU Data Privacy
Directive
Application to a US regulatory body
29. There are Principles; What Do They Really Mean?
29
Notice
Choice
Accountability
& Onward
Transfer
Security
Data Integrity
& Purpose
Limitation
Access
Recourse,
Enforcement,
& Liability
30. • GDPR limits the use of “automatic processing”—or data
processing done without any “human intervention
• Individuals have the “right” not to be the subject to decisions based solely on
automated processing, including profiling
• “Profiling” consists of any automated processing of personal data
used to evaluate a data subject’s personal characteristics (e.g.,
health, interests, work performance)
• Controllers are required to inform a data subject of the use of profiling
techniques—regardless of whether the profiling is done through automated
or manual processing
Automatic Processing and Profiling
30
32. • To constitute consent, an affirmative action or step must be taken
(e.g., checking a box, written signature, etc.)
• GDPR drafters specifically indicated that “silence, pre-ticked [pre-checked]
boxes, or inactivity should not…constitute consent.”
• Requests for consent should also not be buried within other language
• Companies will have difficulty providing that consent was valid if
there is a power discrepancy between the individual and the
organization
• After obtaining valid consent, individuals may still withdraw their
consent at any time, and by a method that is at least as
convenient as it was to give consent
Consent and Withdrawal of Consent
32
33. Keeping Track of Consent
33
Activity Method of Consent Post-Consent Opt-Out
Signing up for email
newsletters
Online, un-checked, check box that describes
how information will be used and explains right
to opt out and how
Using the mechanism that was initially described, like having a
mechanism in the message being sent that lets a person “click” to
opt out or letting people email optout@company.com to opt out
Credit checks for new
customers
Clear consent document, separate and apart
from other agreements that clearly discloses
the purpose of the credit check, the
information that will be collected, how it will be
used, and any third-party vendors that may
receive the information.
In the consent agreement, provide opt-out instructions and a point
of contact for any questions relating to opt outs (likely the DPO).
Payment processing Obtain consent when initially opening the
account via a specific consent-agreement to
collect and process payment information.
In each purchase order provide opt-out instructions and a point of
contact for any questions relating to opt outs (likely the DPO).
34. • Upon request, companies must provide individuals with:
• A confirmation regarding whether the company is processing personal
information relating to them. If yes, then must inform:
• Why
• What categories
• Length of storage
• Sources of data
• Sharing
• Automated processing
• A copy of the personal information
• The ability to complain to the DPA
• The ability to correct, amend, or delete
Give People Access to Information
34
35. • Requires data controllers to erase a data subject’s personal
information upon request in the following circumstances:
• the data is no longer necessary for the original purposes of collection
• the data subject has withdrawn consent for the processing
• the data subject objects to data processing and there are no
“overriding legitimate grounds” for the data processing
• the data was unlawfully processed
• an EU Member State’s law requires erasure of the information, or
• the data subject is a child
The Right to Be Forgotten
35
36. • GDPR mimics the Privacy Directive in ensuring that data subjects
can obtain corrections of incomplete or inaccurate personal data
from the controller.
• The controller must make such corrections “without undue delay.”
The Right to Rectify and Restrict
36
37. • Companies must give personal data about the requestor that the
company maintains in a “commonly used and machine-readable
format”
• According to guidance issued by WP29, individuals do not have
the right to request data that they themselves did not provide to a
company
• In other words, inferred or derived data (e.g., a credit score calculated by a
company based on information provided by the person) falls outside the
scope of the right to data portability
Data Portability
37
38. Security
38
Reasonable and appropriate measures
Encrypt data in motion
Encrypt data accessible through Internet
Firewalls
Password protocols
Access rights protocols
Real-time protection anti-virus/malware
software
Intrusion detection
To protect information from:
Loss
Misuse
Unauthorized access
Unauthorized disclosure
Unauthorized alteration
Unauthorized destruction
40. • Data controllers and Processors are subjection to personal data
breach notification obligations
• Broader breach trigger than US notification laws
• Notification within 72 hours (!)
• Non-compliance can lead to significant administrative fines - 10
million Euros or 2% of total worldwide annual turnover
Breach Obligations
41
41. • No reporting if:
• The breach is unlikely to result in a high risk TOthe rights and freedoms of
data subjects;
• Appropriate technical and organisational protection were in place at the time
of the incident (e.g. encrypted data); or
• This would trigger disproportionate efforts
Exceptions to Breach Obligations
42
42. 1. What personal information you collect (including sources of
data)
2. Purposes for collecting
3. With whom you share and why
4. Cross-border data transfers
5. Contact info
6. Access/correction/erasure rights
7. Rights regarding choice and consent withdrawal
8. Right to complain
9. Etc.
Update Your Privacy Notices
43
43. How Does This Differ From US Law?
44
US
State
requirements
(CA, DE) but not
as detailed
Sector-specific
requirements
(HIPAA, GLB)
GDPR
Required
45. • Whichever EU country is host to the most significant decisions
about the company’s data processing will be the company’s
“main establishment,” and that country’s DPA will be your
principal regulator.
• Brexit complication?
• The UK ICO has stated that it is in the processing of working with the UK
government to provide advice regarding the application of GDPR both
before and after Brexit.
Determine the Lead EU Country
46
46. Retention and Storage Considerations
47
Use consistent with
notice
Keep only as long
as you need for
purposes for which
provided
Destroy after you
don’t need (or
return)
Make sure
information is
reliable
Modify/delete if
told by person of
an error
Update if get a
“returned to
sender”
47. Data Protection Officer Required?
48
Local law
Regular
monitoring of
data subjects
Sensitive data
on large scale
48. • GDPR requires those with no physical EU presence establish a
“representative” in the EU
If No DPO, Designated Representatives?
49
49. • Processing likely to result in high risk to individuals?
• WP29 guidance provides factors controllers should consider in
evaluating whether a PIA is necessary:
• an action that meets less than two of these factors would not require a PIA:
• Evaluation or scoring. For example, grading employees or screening credit
applicants.
• Automated decision making with significant effect on a person. For example,
the automated refusal of credit.
• Systematic monitoring
• Processing Sensitive Personal Data
• Large-scale processing
• Combining or matching separate datasets
• Processing affecting vulnerable individuals. Processing using untested
technology.
• Bootstrapping
Privacy Impact Assessment?
50