SlideShare a Scribd company logo

General Data Protection Regulation Webinar 6

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater. Learning Outcomes: This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training. It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role. Webinar 6 • The role of the data protection officer (DPO). • What constitutes personal data. • Accountability, the privacy compliance framework and a personal information management system (PIMS).

1 of 21
Download to read offline
6/17/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 6 DPO and Personal Data About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
6/17/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,100 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
6/17/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
6/17/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 7 TODAY’S AGENDA Page 8 • The role of the data protection officer (DPO). • What constitutes personal data. • Accountability, the privacy compliance framework and a personal information management system (PIMS). 7 8
6/17/2020 5 DATA PROTECTION PRINCIPLES  Data processed lawfully, fairly and in a transparent manner ('lawfulness, fairness and transparency')  The inclusion of the principle of transparency is a new provision within the GDPR.  Data obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes  GDPR provisions include processing for public interest and/or scientific purposes, widening the scope for further processing. Archiving, scientific / historical research or statistical purposes would not been seen as incompatible with this purpose. However there would be a need to consider pseudo anonymising the data.  Data processed is adequate, relevant and limited to what is necessary  Data is accurate and, where necessary, kept up to date  Rights for individuals in the GDPR e.g. data erasure, data correction etc. which will impact on this principle  Data should not to be kept longer than is necessary for the purpose  GDPR expands the list of exceptions permitting the storage of data for longer periods where the data is being processed for archiving purposes in the public interest and/or scientific purposes, and in addition for statistical or historical purposes.  Appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction DATA PROTECTION OFFICERS (DPO) Only certain organizations will be required to appoint a DPO If you don’t require a DPO – appoint someone to be the lead  A DPO must be “all about data protection” and careful consideration has to be taken when it comes to their place within an organization. The GDPR expressly prevents dismissal or penalty of the data protection officer for performance of their tasks. 9 10
6/17/2020 6 ROLE OF THE DPO  DPO requirement applies to both controllers and processors  No exception for small or medium-sized companies, but risk-based approach  The GDPR requires the appointment of a DPO in three cases:  1.Public authorities or bodies (except courts)  2.Private companies where the “core activities” consist of  a)processing operations which require “regular and systematic monitoring” of data subjects “on a large scale”  b)“large scale” processing of sensitive data or data relating to criminal convictions and offences CORE ACTIVITIES  Key operations to achieve the controller‘s or processor‘s objectives  Includes all activities where the processing of data forms an inextricable part of the activity  A hospital’s processing of patients’ health records  Excludes support or ancillary functions for the organization‘s main business  An organization’s supporting activities, such as payroll of their own employees or standard IT support 11 12
6/17/2020 7 LARGE SCALE  Depends on:  the number of data subjects concerned  the volume of data and/or range of different data items  the duration or permanence of the processing  the geographical extent  EG  Processing of customer data in the regular course of business by insurance companies or banks  Processing of patient data in the regular course of business by a hospital  Not processing of patient data by an individual physician TASKS OF THE DPO  Advisory role  The controller, the processor and their employees  Monitoring compliance  With GDPR and other data protection legislation, but also internal policies  Advise on data protection impact assessments and monitor performance (upon request)  Cooperate with supervisory authorities (“SAs”)  Contact point for SAs and data subjects  Contact details of the DPO shall be published and communicated to the SA 13 14
6/17/2020 8 SOURCING THE DPO  Single DPO if easily accessible from each establishment  Full-time or part-time employee  Consultant / Outsource under contract  Single role or part of another role  A supporting team around the DPO  No conflict of interest  No position within the organization that leads them to determine the purposes and the means of the processing of personal data  chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of HR, head of IT INDEPENDENCE  Data controllers or processors should:  Identify positions which would be incompatible with the DPO function;  Draw up internal rules to avoid “conflicts of interests;”  Formally declare via internal & external comms & in policy documentation that the DPO has no conflict of interests with regard to function as a DPO, as a way of raising awareness of this requirement;  Include safeguards within the organization’s internal rules and ensure that the publicly-posted DPO job description or the services contract for an External DPO is sufficiently precise and detailed in order to avoid a conflict of interests. 15 16
6/17/2020 9 INDEPENDENT REPORTING LINE  Chief Compliance Officer;  Audit team  Report directly to the CEO, COO, Board, etc  External contractor (i.e., outside consultant or counsel) reporting to a C-level officer or the Board  Other reporting line without conflicts EXPERTISE REQUIRED  Integrity and high professional ethics  Expertise in national and European data protection laws and practices  In-depth understanding of GDPR  Knowledge of the business sector and of the organization of the controller  Knowledge of the administrative rules and procedures of the organization  Autonomy - Does not receive any instructions regarding the exercise of their tasks  Not be dismissed or penalized by the controller (or the processor) for performing their tasks 17 18
6/17/2020 10 WP29 SPECIFIES  Level of Expertise: It is essential that the DPO understand how to build, implement, & manage data protection programs.  The more complex or high-risk the data processing activities are, the greater the expertise the DPO will need.  Professional Qualities: DPOs need not be lawyers, but they must have expertise in member state and European data protection law, including an in-depth knowledge of the GDPR  DPOs must also have a reasonable understanding of the organization's technical and organizational structure and be familiar with information technologies and data security  In the case of a public authority or body, the DPO should have sound knowledge of its administrative rules & procedures THE NEW DPO  Get familiar with the processing activities and existing rules and processes  Understand the scope of your tasks and responsibilities  Statutory tasks versus optional tasks (for instance, maintaining the record of processing activities)  Identify key issues and contact persons  Identify budget and other resource requirements  Draw up a work plan and prioritize  Regularly attend relevant meetings and speak to employees and senior management (in some countries Works Councils are important)  Regularly report to senior management  Keep up to date (training) 19 20
6/17/2020 11 IN PRACTICE  50 million euros (approx. $56 million) — was issued by the French Data Protection Authority (CNIL) in January 2019 against Google.  The fine was related to a “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”  The structure of Google’s privacy policy and terms and conditions were too complicated for users, and the use of pre- ticked boxes as a consent mechanism did not establish a legal basis for data processing to deliver targeting advertising.  Represented approximately .04% of revenue,  far from the 4% potential penalty. DATA DEFINITIONS  “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated” Working Party Opinion 4/2007 on the concept of personal data 21 22
6/17/2020 12 GDPR DATA DEFINITIONS REGARDLESS OF NATIONALITY OR EU RESIDENCE 23 Personal Data (from GDPR) “…means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Examples: • Name • Identification number (e.g., SSN) • Location data (e.g., home address) • Online identifier (e.g., e-mail address, screen names, IP address, device IDs) • Genetic data (e.g., biological samples from an individual) • Biometric data (e.g., fingerprints, facial recognition) “The GDPR also requires compliance from non-EU organizations that offer goods or services to EU residents or monitor the behavior of EU residents.” Source: Brief: You Need An Action Plan For The GDPR; Forrester Research; October 2016 ADDITIONAL PERSONAL DATA DEFINITIONS  Online identifiers  Device identifiers  Cookie IDs  IP addresses  Pseudonymized data  (the technique of processing personal data in such a way that it can no longer be attributed to a specific individual, without the use of additional information which must be kept separately and be subject to appropriate security to ensure non-attribution. Pseudoanonymised data is still a form of personal data but its use is encouraged (e.g. for extra security of the data, for historical / scientific research or for statistical purposes).  Sensitive includes genetic and biometric data 23 24
6/17/2020 13 WHAT IS ‘SENSITIVE’ PERSONAL DATA? Sensitive personal data is information that relates to: Race & ethnicity Political opinions Religious beliefs Membership of trade unions Physical or mental health Sexuality Criminal offences ENHANCED PERSONAL PRIVACY RIGHTS The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. 25 26
6/17/2020 14 ENHANCED PERSONAL PRIVACY RIGHTS Right to be informed Right to erasure Right to data portability Right to restriction Right to rectification Right of access  Including additional processing details Right to object Right to prevent automated processing, including profiling DATA FLOWS  What type of personal data flows does the organization handle?  Recruitment data  Employee data  Customer data  Incident data  Patient data  User data  Describe the data flows: input, transferring, processing, storage, erasure, relevant systems/applications, current safety measure 27 28
6/17/2020 15 WHERE THE SUBJECT PROVIDES THE DATA  Controller identity and contact details  The right to lodge a complaint with a supervisory authority.  DPO contact details, where applicable  Whether controller uses automated decision-making (including profiling), and information about logic involved, and significance and consequences of processing for the data subject.  Purposes of processing  Legal basis for processing  Legitimate interests, where applicable  Recipients or categories of recipients  Whether the provision of personal data is a statutory or contractual requirement or obligation, and the consequences of failure to provide such data.  Details of transfers outside EEA and safeguards in place  Retention period, or criteria used to determine it Data subject’s rights including access, correction, erasure, restriction, objection, data portability  Where processing based on consent, the right to withdraw it at any time RIGHT TO ACCESS  A data subject has the right to obtain from a data controller:  confirmation that his or her personal data is being processed  a copy of the personal data on request (unless adversely affects the rights and freedoms of others)  Other information about the processing, including  purposes; categories of personal data; recipients; retention period; rights to correction, erasure, restriction, objection; right to make complaint to supervisory authority; personal data source(s) if collected from third party; whether controller uses automated decision-making, including profiling, the logic used, and consequences of processing for the data subject.  When the data subject makes the request electronically, must provide the information in a commonly used electronic form, unless the data subject requests the information in a different format. If requested, the information may be provided orally, provided that the identity of the data subject is proven by other means. 29 30
6/17/2020 16 RIGHT TO BE FORGOTTEN (UK) In certain circumstances, individuals can request that the personal data is erased without undue delay – e.g. where they withdraw consent and no other legal ground for processing applies Must therefore inform third parties that data subject has requested erasure of any links to, or copies of, data ISO/IEC 27701 PRIVACY INFORMATION MANAGEMENT SYSTEM (PIMS) A framework for personally identifiable information (PII) controllers and PII processors to manage privacy controls Benefits of PIMS  Gives transparency between stakeholders  Helps build trust  Provides a more collaborative approach  More effective business agreements  Clearer roles and responsibilities  Reduces complexity by integrating with ISO/IEC 27001 31 32
6/17/2020 17 EUROPEAN DIGITAL SINGLE MARKET Covers digital marketing, e-commerce and telecommunications Major pillars Access to online products and services Conditions for digital networks and services to grow and thrive Growth of the European digital economy Uses GDPR to help harmonize data privacy across all of Europe ISO/IEC 27701 AS A POTENTIAL CERTIFICATION MECHANISM Compliance can: Significantly reduce compliance workloads by negating the need to support multiple certifications Increase trust between organizations and customers by demonstrating compliance with data privacy laws Generate evidence that Data Protection Officers can provide to senior management and board members to show their progress in privacy regulatory compliance Increase the opportunities for business and commerce through the EU Digital Single Market and cross-border data flows 33 34
6/17/2020 18 ISO/IEC 27701 AND GDPR Objectives Demonstrate the visibility of PIMS in scale across the market Encourage to adopt pan-European GDPR certification Demonstrate to the market that PIMs holds up as a comprehensive GDPR evidence set US LEGISLATION  California Consumer Privacy Act Ma  State statute intended to enhance privacy rights and consumer protection for residents of California  Took effect on January 1, 2020 Six Statutory rights: 1.To be provided with information on what personal information is collected about them and the purposes for which that personal information is used. 2. To be provided with information on what personal information is sold or disclosed for a business purpose and to whom. 3. To opt out of the sale of their personal information to third parties (or in the case of minors under age 16, to require an opt in before the sale of their personal information). 4. To request the deletion of their personal information. 5. Not to be subject to discrimination for exercising any of the above rights, including being denied goods or services or being charged a different price, or being subjected to a lower level of quality, of such goods or services. 6. To seek statutory damages of $100 to $750 for breaches of unencrypted personal information that arise as a result of a business’ violation of its duty to implement and maintain reasonable security procedures.  35 36
6/17/2020 19 APPLIES TO  For profit business entities in CA that:  Gross revenue of 25 million dollar or more  Receives or share more then 50,000 consumers, households, or devices  More than 50% of revenue from the sale of PHI Exception for HIPAA, CMIA ( California Medical Information Act), GLBA (Gramm Leach Bliley Act ) statues REQUIREMENTS  Business required to post details on website or other public means how they’re using or not using consumer data for rolling 12 months and opt out instructions  Businesses will have to develop processes and procedures to accommodate all consumer rights including data mapping / access reports  Requirements for businesses to reasonably safeguard consumer data  Significant damage implications for business if fail to comply (enforced by CA AG)  Consumers have a private right of action but it’s limited ($100 to $750 per violation)  Fines for business $7500 per violation 37 38
6/17/2020 20 QUESTIONS? Any Questions? Don’t be Shy! AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week 39 40
6/17/2020 21 THANK YOU! Page 41 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 41

Recommended

When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
Jim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
Jim Kaplan CIA CFE
 

Recommended

When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel
Jim Kaplan CIA CFE
 
Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analytics
Jim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
Jim Kaplan CIA CFE
 
General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10General Data Protection Regulation for Auditors 5 of 10
General Data Protection Regulation for Auditors 5 of 10
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10)
Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
Jim Kaplan CIA CFE
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
Jim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
Jim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
Jim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
Jim Kaplan CIA CFE
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
Jim Kaplan CIA CFE
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 

More Related Content

What's hot

mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Jim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
Jim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
Jim Kaplan CIA CFE
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
Jim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
Jim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
Jim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
Jim Kaplan CIA CFE
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
Human Capital Department
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
Jim Kaplan CIA CFE
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
Glenn E. Davis
 

What's hot (20)

mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 
BEA Presentation
BEA PresentationBEA Presentation
BEA Presentation
 

Similar to General Data Protection Regulation Webinar 6

Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
Jim Kaplan CIA CFE
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
Jim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
Jim Kaplan CIA CFE
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
Jim Kaplan CIA CFE
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
MSpadea
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
BrightPay Payroll and Auto Enrolment Software
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Delphix
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
Jim Kaplan CIA CFE
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
tsaaroacademy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
Jim Kaplan CIA CFE
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
Piwik PRO
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
TrustArc
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
Jim Kaplan CIA CFE
 

Similar to General Data Protection Regulation Webinar 6 (20)

Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdprSharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
Sharp Cookie Advisors legal_botar_ai_dataskydd_gdpr
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
GDPR for your Payroll Bureau
GDPR for your Payroll BureauGDPR for your Payroll Bureau
GDPR for your Payroll Bureau
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
Secure Your Enterprise Data Now and Be Ready for CCPA in 2020
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
What is CT- DPO.pdf
What is CT- DPO.pdfWhat is CT- DPO.pdf
What is CT- DPO.pdf
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Are You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAATAre You a Smart CAAT or a Copy CAAT
Are You a Smart CAAT or a Copy CAAT
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
 
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc SolutionsCCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
CCPA Compliance from Ground Zero: Start to Finish with TrustArc Solutions
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 

More from Jim Kaplan CIA CFE

CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
Jim Kaplan CIA CFE
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
Jim Kaplan CIA CFE
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
Jim Kaplan CIA CFE
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
Jim Kaplan CIA CFE
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics Excellence
Jim Kaplan CIA CFE
 

More from Jim Kaplan CIA CFE (7)

CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update Slides
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Cybersecurity Slides
Cybersecurity SlidesCybersecurity Slides
Cybersecurity Slides
 
Cybersecurity update 12
Cybersecurity update 12Cybersecurity update 12
Cybersecurity update 12
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
Ethics for Internal Auditors
Ethics for Internal AuditorsEthics for Internal Auditors
Ethics for Internal Auditors
 
Building and Striving for Data Analytics Excellence
Building and Striving for Data Analytics ExcellenceBuilding and Striving for Data Analytics Excellence
Building and Striving for Data Analytics Excellence
 

Recently uploaded

Learn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queriesLearn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queries
manishkhaire30
 
Population Growth in Bataan: The effects of population growth around rural pl...
Population Growth in Bataan: The effects of population growth around rural pl...Population Growth in Bataan: The effects of population growth around rural pl...
Population Growth in Bataan: The effects of population growth around rural pl...
Bill641377
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
Sachin Paul
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
sameer shah
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
Social Samosa
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
Timothy Spann
 
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docxDATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
SaffaIbrahim1
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
aqzctr7x
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
xclpvhuk
 
Analysis insight about a Flyball dog competition team's performance
Analysis insight about a Flyball dog competition team's performanceAnalysis insight about a Flyball dog competition team's performance
Analysis insight about a Flyball dog competition team's performance
roli9797
 
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
nyfuhyz
 
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
bopyb
 
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdfUdemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
Fernanda Palhano
 
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
ihavuls
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
Walaa Eldin Moustafa
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
Lars Albertsson
 
DSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelinesDSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelines
Timothy Spann
 
Everything you wanted to know about LIHTC
Everything you wanted to know about LIHTCEverything you wanted to know about LIHTC
Everything you wanted to know about LIHTC
Roger Valdez
 
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
apvysm8
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
ElizabethGarrettChri
 

Recently uploaded (20)

Learn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queriesLearn SQL from basic queries to Advance queries
Learn SQL from basic queries to Advance queries
 
Population Growth in Bataan: The effects of population growth around rural pl...
Population Growth in Bataan: The effects of population growth around rural pl...Population Growth in Bataan: The effects of population growth around rural pl...
Population Growth in Bataan: The effects of population growth around rural pl...
 
Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......Palo Alto Cortex XDR presentation .......
Palo Alto Cortex XDR presentation .......
 
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
STATATHON: Unleashing the Power of Statistics in a 48-Hour Knowledge Extravag...
 
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
4th Modern Marketing Reckoner by MMA Global India & Group M: 60+ experts on W...
 
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
06-12-2024-BudapestDataForum-BuildingReal-timePipelineswithFLaNK AIM
 
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docxDATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
DATA COMMS-NETWORKS YR2 lecture 08 NAT & CLOUD.docx
 
一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理一比一原版(UO毕业证)渥太华大学毕业证如何办理
一比一原版(UO毕业证)渥太华大学毕业证如何办理
 
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
一比一原版(Unimelb毕业证书)墨尔本大学毕业证如何办理
 
Analysis insight about a Flyball dog competition team's performance
Analysis insight about a Flyball dog competition team's performanceAnalysis insight about a Flyball dog competition team's performance
Analysis insight about a Flyball dog competition team's performance
 
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
一比一原版(UMN文凭证书)明尼苏达大学毕业证如何办理
 
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
一比一原版(GWU,GW文凭证书)乔治·华盛顿大学毕业证如何办理
 
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdfUdemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
Udemy_2024_Global_Learning_Skills_Trends_Report (1).pdf
 
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
原版制作(unimelb毕业证书)墨尔本大学毕业证Offer一模一样
 
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data LakeViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
ViewShift: Hassle-free Dynamic Policy Enforcement for Every Data Lake
 
End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024End-to-end pipeline agility - Berlin Buzzwords 2024
End-to-end pipeline agility - Berlin Buzzwords 2024
 
DSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelinesDSSML24_tspann_CodelessGenerativeAIPipelines
DSSML24_tspann_CodelessGenerativeAIPipelines
 
Everything you wanted to know about LIHTC
Everything you wanted to know about LIHTCEverything you wanted to know about LIHTC
Everything you wanted to know about LIHTC
 
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
办(uts毕业证书)悉尼科技大学毕业证学历证书原版一模一样
 
Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024Open Source Contributions to Postgres: The Basics POSETTE 2024
Open Source Contributions to Postgres: The Basics POSETTE 2024
 

General Data Protection Regulation Webinar 6

  • 1. 6/17/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 6 DPO and Personal Data About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
  • 2. 6/17/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,100 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
  • 3. 6/17/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
  • 4. 6/17/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 7 TODAY’S AGENDA Page 8 • The role of the data protection officer (DPO). • What constitutes personal data. • Accountability, the privacy compliance framework and a personal information management system (PIMS). 7 8
  • 5. 6/17/2020 5 DATA PROTECTION PRINCIPLES  Data processed lawfully, fairly and in a transparent manner ('lawfulness, fairness and transparency')  The inclusion of the principle of transparency is a new provision within the GDPR.  Data obtained for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes  GDPR provisions include processing for public interest and/or scientific purposes, widening the scope for further processing. Archiving, scientific / historical research or statistical purposes would not been seen as incompatible with this purpose. However there would be a need to consider pseudo anonymising the data.  Data processed is adequate, relevant and limited to what is necessary  Data is accurate and, where necessary, kept up to date  Rights for individuals in the GDPR e.g. data erasure, data correction etc. which will impact on this principle  Data should not to be kept longer than is necessary for the purpose  GDPR expands the list of exceptions permitting the storage of data for longer periods where the data is being processed for archiving purposes in the public interest and/or scientific purposes, and in addition for statistical or historical purposes.  Appropriate technical and organisational measures against unauthorised or unlawful processing, loss, damage or destruction DATA PROTECTION OFFICERS (DPO) Only certain organizations will be required to appoint a DPO If you don’t require a DPO – appoint someone to be the lead  A DPO must be “all about data protection” and careful consideration has to be taken when it comes to their place within an organization. The GDPR expressly prevents dismissal or penalty of the data protection officer for performance of their tasks. 9 10
  • 6. 6/17/2020 6 ROLE OF THE DPO  DPO requirement applies to both controllers and processors  No exception for small or medium-sized companies, but risk-based approach  The GDPR requires the appointment of a DPO in three cases:  1.Public authorities or bodies (except courts)  2.Private companies where the “core activities” consist of  a)processing operations which require “regular and systematic monitoring” of data subjects “on a large scale”  b)“large scale” processing of sensitive data or data relating to criminal convictions and offences CORE ACTIVITIES  Key operations to achieve the controller‘s or processor‘s objectives  Includes all activities where the processing of data forms an inextricable part of the activity  A hospital’s processing of patients’ health records  Excludes support or ancillary functions for the organization‘s main business  An organization’s supporting activities, such as payroll of their own employees or standard IT support 11 12
  • 7. 6/17/2020 7 LARGE SCALE  Depends on:  the number of data subjects concerned  the volume of data and/or range of different data items  the duration or permanence of the processing  the geographical extent  EG  Processing of customer data in the regular course of business by insurance companies or banks  Processing of patient data in the regular course of business by a hospital  Not processing of patient data by an individual physician TASKS OF THE DPO  Advisory role  The controller, the processor and their employees  Monitoring compliance  With GDPR and other data protection legislation, but also internal policies  Advise on data protection impact assessments and monitor performance (upon request)  Cooperate with supervisory authorities (“SAs”)  Contact point for SAs and data subjects  Contact details of the DPO shall be published and communicated to the SA 13 14
  • 8. 6/17/2020 8 SOURCING THE DPO  Single DPO if easily accessible from each establishment  Full-time or part-time employee  Consultant / Outsource under contract  Single role or part of another role  A supporting team around the DPO  No conflict of interest  No position within the organization that leads them to determine the purposes and the means of the processing of personal data  chief executive, chief operating, chief financial, chief medical officer, head of marketing department, head of HR, head of IT INDEPENDENCE  Data controllers or processors should:  Identify positions which would be incompatible with the DPO function;  Draw up internal rules to avoid “conflicts of interests;”  Formally declare via internal & external comms & in policy documentation that the DPO has no conflict of interests with regard to function as a DPO, as a way of raising awareness of this requirement;  Include safeguards within the organization’s internal rules and ensure that the publicly-posted DPO job description or the services contract for an External DPO is sufficiently precise and detailed in order to avoid a conflict of interests. 15 16
  • 9. 6/17/2020 9 INDEPENDENT REPORTING LINE  Chief Compliance Officer;  Audit team  Report directly to the CEO, COO, Board, etc  External contractor (i.e., outside consultant or counsel) reporting to a C-level officer or the Board  Other reporting line without conflicts EXPERTISE REQUIRED  Integrity and high professional ethics  Expertise in national and European data protection laws and practices  In-depth understanding of GDPR  Knowledge of the business sector and of the organization of the controller  Knowledge of the administrative rules and procedures of the organization  Autonomy - Does not receive any instructions regarding the exercise of their tasks  Not be dismissed or penalized by the controller (or the processor) for performing their tasks 17 18
  • 10. 6/17/2020 10 WP29 SPECIFIES  Level of Expertise: It is essential that the DPO understand how to build, implement, & manage data protection programs.  The more complex or high-risk the data processing activities are, the greater the expertise the DPO will need.  Professional Qualities: DPOs need not be lawyers, but they must have expertise in member state and European data protection law, including an in-depth knowledge of the GDPR  DPOs must also have a reasonable understanding of the organization's technical and organizational structure and be familiar with information technologies and data security  In the case of a public authority or body, the DPO should have sound knowledge of its administrative rules & procedures THE NEW DPO  Get familiar with the processing activities and existing rules and processes  Understand the scope of your tasks and responsibilities  Statutory tasks versus optional tasks (for instance, maintaining the record of processing activities)  Identify key issues and contact persons  Identify budget and other resource requirements  Draw up a work plan and prioritize  Regularly attend relevant meetings and speak to employees and senior management (in some countries Works Councils are important)  Regularly report to senior management  Keep up to date (training) 19 20
  • 11. 6/17/2020 11 IN PRACTICE  50 million euros (approx. $56 million) — was issued by the French Data Protection Authority (CNIL) in January 2019 against Google.  The fine was related to a “lack of transparency, inadequate information and lack of valid consent regarding the ads personalization.”  The structure of Google’s privacy policy and terms and conditions were too complicated for users, and the use of pre- ticked boxes as a consent mechanism did not establish a legal basis for data processing to deliver targeting advertising.  Represented approximately .04% of revenue,  far from the 4% potential penalty. DATA DEFINITIONS  “data relates to an individual if it refers to the identity, characteristics or behaviour of an individual or if such information is used to determine or influence the way in which that person is treated or evaluated” Working Party Opinion 4/2007 on the concept of personal data 21 22
  • 12. 6/17/2020 12 GDPR DATA DEFINITIONS REGARDLESS OF NATIONALITY OR EU RESIDENCE 23 Personal Data (from GDPR) “…means any information relating to an identified or identifiable natural person ('data subject'); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.” Examples: • Name • Identification number (e.g., SSN) • Location data (e.g., home address) • Online identifier (e.g., e-mail address, screen names, IP address, device IDs) • Genetic data (e.g., biological samples from an individual) • Biometric data (e.g., fingerprints, facial recognition) “The GDPR also requires compliance from non-EU organizations that offer goods or services to EU residents or monitor the behavior of EU residents.” Source: Brief: You Need An Action Plan For The GDPR; Forrester Research; October 2016 ADDITIONAL PERSONAL DATA DEFINITIONS  Online identifiers  Device identifiers  Cookie IDs  IP addresses  Pseudonymized data  (the technique of processing personal data in such a way that it can no longer be attributed to a specific individual, without the use of additional information which must be kept separately and be subject to appropriate security to ensure non-attribution. Pseudoanonymised data is still a form of personal data but its use is encouraged (e.g. for extra security of the data, for historical / scientific research or for statistical purposes).  Sensitive includes genetic and biometric data 23 24
  • 13. 6/17/2020 13 WHAT IS ‘SENSITIVE’ PERSONAL DATA? Sensitive personal data is information that relates to: Race & ethnicity Political opinions Religious beliefs Membership of trade unions Physical or mental health Sexuality Criminal offences ENHANCED PERSONAL PRIVACY RIGHTS The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. 25 26
  • 14. 6/17/2020 14 ENHANCED PERSONAL PRIVACY RIGHTS Right to be informed Right to erasure Right to data portability Right to restriction Right to rectification Right of access  Including additional processing details Right to object Right to prevent automated processing, including profiling DATA FLOWS  What type of personal data flows does the organization handle?  Recruitment data  Employee data  Customer data  Incident data  Patient data  User data  Describe the data flows: input, transferring, processing, storage, erasure, relevant systems/applications, current safety measure 27 28
  • 15. 6/17/2020 15 WHERE THE SUBJECT PROVIDES THE DATA  Controller identity and contact details  The right to lodge a complaint with a supervisory authority.  DPO contact details, where applicable  Whether controller uses automated decision-making (including profiling), and information about logic involved, and significance and consequences of processing for the data subject.  Purposes of processing  Legal basis for processing  Legitimate interests, where applicable  Recipients or categories of recipients  Whether the provision of personal data is a statutory or contractual requirement or obligation, and the consequences of failure to provide such data.  Details of transfers outside EEA and safeguards in place  Retention period, or criteria used to determine it Data subject’s rights including access, correction, erasure, restriction, objection, data portability  Where processing based on consent, the right to withdraw it at any time RIGHT TO ACCESS  A data subject has the right to obtain from a data controller:  confirmation that his or her personal data is being processed  a copy of the personal data on request (unless adversely affects the rights and freedoms of others)  Other information about the processing, including  purposes; categories of personal data; recipients; retention period; rights to correction, erasure, restriction, objection; right to make complaint to supervisory authority; personal data source(s) if collected from third party; whether controller uses automated decision-making, including profiling, the logic used, and consequences of processing for the data subject.  When the data subject makes the request electronically, must provide the information in a commonly used electronic form, unless the data subject requests the information in a different format. If requested, the information may be provided orally, provided that the identity of the data subject is proven by other means. 29 30
  • 16. 6/17/2020 16 RIGHT TO BE FORGOTTEN (UK) In certain circumstances, individuals can request that the personal data is erased without undue delay – e.g. where they withdraw consent and no other legal ground for processing applies Must therefore inform third parties that data subject has requested erasure of any links to, or copies of, data ISO/IEC 27701 PRIVACY INFORMATION MANAGEMENT SYSTEM (PIMS) A framework for personally identifiable information (PII) controllers and PII processors to manage privacy controls Benefits of PIMS  Gives transparency between stakeholders  Helps build trust  Provides a more collaborative approach  More effective business agreements  Clearer roles and responsibilities  Reduces complexity by integrating with ISO/IEC 27001 31 32
  • 17. 6/17/2020 17 EUROPEAN DIGITAL SINGLE MARKET Covers digital marketing, e-commerce and telecommunications Major pillars Access to online products and services Conditions for digital networks and services to grow and thrive Growth of the European digital economy Uses GDPR to help harmonize data privacy across all of Europe ISO/IEC 27701 AS A POTENTIAL CERTIFICATION MECHANISM Compliance can: Significantly reduce compliance workloads by negating the need to support multiple certifications Increase trust between organizations and customers by demonstrating compliance with data privacy laws Generate evidence that Data Protection Officers can provide to senior management and board members to show their progress in privacy regulatory compliance Increase the opportunities for business and commerce through the EU Digital Single Market and cross-border data flows 33 34
  • 18. 6/17/2020 18 ISO/IEC 27701 AND GDPR Objectives Demonstrate the visibility of PIMS in scale across the market Encourage to adopt pan-European GDPR certification Demonstrate to the market that PIMs holds up as a comprehensive GDPR evidence set US LEGISLATION  California Consumer Privacy Act Ma  State statute intended to enhance privacy rights and consumer protection for residents of California  Took effect on January 1, 2020 Six Statutory rights: 1.To be provided with information on what personal information is collected about them and the purposes for which that personal information is used. 2. To be provided with information on what personal information is sold or disclosed for a business purpose and to whom. 3. To opt out of the sale of their personal information to third parties (or in the case of minors under age 16, to require an opt in before the sale of their personal information). 4. To request the deletion of their personal information. 5. Not to be subject to discrimination for exercising any of the above rights, including being denied goods or services or being charged a different price, or being subjected to a lower level of quality, of such goods or services. 6. To seek statutory damages of $100 to $750 for breaches of unencrypted personal information that arise as a result of a business’ violation of its duty to implement and maintain reasonable security procedures.  35 36
  • 19. 6/17/2020 19 APPLIES TO  For profit business entities in CA that:  Gross revenue of 25 million dollar or more  Receives or share more then 50,000 consumers, households, or devices  More than 50% of revenue from the sale of PHI Exception for HIPAA, CMIA ( California Medical Information Act), GLBA (Gramm Leach Bliley Act ) statues REQUIREMENTS  Business required to post details on website or other public means how they’re using or not using consumer data for rolling 12 months and opt out instructions  Businesses will have to develop processes and procedures to accommodate all consumer rights including data mapping / access reports  Requirements for businesses to reasonably safeguard consumer data  Significant damage implications for business if fail to comply (enforced by CA AG)  Consumers have a private right of action but it’s limited ($100 to $750 per violation)  Fines for business $7500 per violation 37 38
  • 20. 6/17/2020 20 QUESTIONS? Any Questions? Don’t be Shy! AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week 39 40
  • 21. 6/17/2020 21 THANK YOU! Page 41 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 41