This document summarizes a webinar on international data transfers. It discusses recent EU data transfer enforcement actions against a Norwegian toll road operator and Hamburg public authorities for transferring personal data to China and the US without proper safeguards. It also provides an overview of the EU's standard contractual clauses and transfer risk assessment requirements, as well as the UK's international data transfer agreements and risk assessment process. Finally, it briefly mentions other international data transfer mechanisms and opens the floor for questions.
General Data Protection Regulation (GDPR) - Cross-Border Data Transferspi
The General Data Protection Regulation will Impact all health data processing companies because of the growing importance of customer and patient data to the manufacturer’s business. All companies have to be compliant by 25th May 2018.
This presentation gives an overview of all the possibilities included in the GDPR to allow Cross-Border Data Transfers to third countries.
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
General Data Protection Regulation (GDPR) - Cross-Border Data Transferspi
The General Data Protection Regulation will Impact all health data processing companies because of the growing importance of customer and patient data to the manufacturer’s business. All companies have to be compliant by 25th May 2018.
This presentation gives an overview of all the possibilities included in the GDPR to allow Cross-Border Data Transfers to third countries.
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
These slides will cover:
-A brief overview of the Regulation and its impact
-The rights of data subjects and rights related to automated decision making and profiling.
-The international transfer of data and appropriate safeguards.
-The derogations from general prohibition of data transfers outside the European Union.
-The requirements that govern one-off and infrequent transfers of personal data.
-The role of the supervisory authority in international transfers.
MWLUG - 2017
Tim Clark & Stephanie Heit
Tim & Steph explain the basics of GDPR and give some recommendations about what you can do to be ready.
Data sources are in the final slides.
For more information about how BCC can help you get your Domino data ready for GDPR please contact us here.
http://bcchub.com/bcc-domino-protect/
Legal obligations and responsibilities of data processors and controllers und...IT Governance Ltd
This webinar covers:
-The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-The responsibilities and obligations of controllers and processors.
-The data breach reporting responsibilities of controllers and processors.
-The liability of, and penalties that may be imposed on, data processors and controllers.
-The appointment of joint controllers and subcontracting processors
The webinar can be found here https://www.youtube.com/watch?v=cyUPGGD3iVg&t=8s
Norfolk Chamber delivered a morning conference based around the European General Data Protection Regulation (GDPR), which will come into force on May 25 2018. Delegates heared from a variety of GDPR expert speakers from legal, marketing, IT and Data Protection perspectives.
Presented at: 2nd Annual Gulf Cooperation Council e-Participation & e-Governance Forum – Organised by: Abu Dhabi University Knowledge Group and UAE Telecommunications Regulatory Authority.
9 – 11 September 2013 | Dusit Thani Hotel | Abu Dhabi | UAE.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
Full GDPR toolkit: https://quality.eqms.co.uk/gdpr-general-data-protection-regulation-eu-toolkit
This free online training presentation provides you with information about how to comply with the General Data Protection Regulation, managing breaches, engaging employees, key requirements and more.
Explores:
1. Introduction to Privacy Regimes in the United States and Abroad
2. Mobile Applications and Devices
3. Lawful Collection and Use of “Big Data”
4. International Privacy and Cross-Border Data Transfers
5. Data Security Requirements and Data Breach Response
6. IT Outsourcing and the Cloud
7. Recent Developments and Emerging Issues
How GDPR works : companies will be expected to be
fully compliant from 25 May 2018. The regulation
is intended to establish one single set of data
protection rules across Europe
This Presentation explains what GDPR is and the impact it'll have for Companies who process data of EU Citizens.
This Guide explains the principles of GDPR, Consent, User Rights and also explains how to implement GDPR in your organization.
Originally appeared at
http://backlinkme.net/definitive-guide-for-general-data-protection-regulation-gdpr-compliance/
This is a slightly modified version of a presentation that I gave to fellow lawyers last week. It explains what GDPR is, the policy of data protection and the evolution of data protection legislation from the OECD Guidelines and Council of Europe Convention to the GDPR. It explores the regulation focusing on the data protection principles and, in particular, the lawfulness requirement and the validity of consent. The presentation mentions the Law enforcement data protection directive, the Data Protection Bill and the arrangements post Brexit. Finally, it considers the preparations recommended by the Information Commissioner for small busiesses
Data Privacy Trends in 2021: Compliance with New RegulationsPECB
The pandemic has changed the way the world works, shops, and interact; the consequences of this have included an increased reliance on technology for all of these activities and a corresponding increased sharing of personal information through technological mediums. Even before the pandemic, a global push was on to strengthen the protection of personal and health information and the results of these various influences has been an enhancement of privacy legislations globally. Compliance with global security laws is now also a larger concern for organizations everywhere.
The webinar will cover:
Global trends in privacy legislations
Some commonalities between privacy laws
Compliance requirements which can affect your organization
Recorded webinar > https://www.youtube.com/watch?v=BKWf6GTlgAM&feature=youtu.be
-------------------------------------------------------------------------------
Find out more about ISO training and certification services
Training: https://pecb.com/whitepaper/iso-27001...
https://pecb.com/en/education-and-cer...
Webinars: https://pecb.com/webinars
Article: https://pecb.com/article
Whitepaper: https://pecb.com/whitepaper
-------------------------------------------------------------------------------
For more information about PECB:
Website: https://pecb.com/
LinkedIn: https://www.linkedin.com/company/pecb/
Facebook: https://www.facebook.com/PECBInternat...
Slideshare: http://www.slideshare.net/PECBCERTIFI...
An Overview of the new GDPR regulations including:
• Data Protection Frame Work
• GDPR – Responsibilities
• GDPR – Changes
• GDPR - Exemptions
• GDPR – Rights
• Penalty
• Ten High Level Steps
Unit 6 Privacy and Data Protection 8 hrTushar Rajput
Right to Privacy and its Legal Framework, The Concept of Privacy, National Legal
Framework for Protecting Privacy, International Legal Framework for Protecting Privacy, Privacy Related Wrongs and Remedies, Data Security, The Concept of Security in Cyberspace, Technological Vulnerabilities, Legal Response to Technological
Vulnerabilities, Security Audit (VA/PT), Data Protection, Data Protection Position in
India, Privacy Policy, Emerging Issues in Data Protection and Privacy, BPOs and
Legal Regime in India, Protect Kids' Privacy Online, Evolving Trends in Data Protection and Information Security
With GDPR coming into effect, we can see a lot of changes in the privacy policies of companies doing business online. The presentation is a description of GDPR and its implications in India and worldwide. The main aim of the presentation is to identify the key issues of data privacy and the rights available to the consumer who's data is to be shared.
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
Whether you’re an event or hospitality professional in a small, medium or large organization, the General Data Protection Regulation (GDPR) is going to affect you. Get prepared with Cvent and Debrah Harding of Market Research Society before the 25th May deadline. GDPR is a new EU regulation, designed for the digital age. GDPR will strengthen an individual's rights and increase business accountability for data privacy and holding personal information. Organizations found breaching the regulations can face fines of up to 20 million Euros or up to 4% of annual global turnover. At Cvent we are already on track to becoming GDPR compliant and we want to advise our industry partners on how to become compliant too.
The Court Speaks: Privacy Shield, Standard Contractual Clauses and Cookie Con...TrustArc
There are some interesting developments in the world of case law. With so much focus on the CCPA enforcement date implications, many may have forgotten about the forthcoming decision in the Schrems II case, which could decide the fate of the Standard Contractual Clauses and the Privacy Shield for data transfers from Europe to the United States and elsewhere.
At the same time, the European Commission is working on the evaluation of all EU adequacy decisions and encouraging various countries to update their data protection laws. As to cookies, the Planet-49 case last year put clear boundaries around the issue of cookie consent. What has happened with this ruling of the European Court of Justice and how does it impact cookie compliance around the world?
Join us as we discuss the various international cross-border data transfer updates and how to navigate the potential significant changes.
This webinar will review:
-Implications of the Schrems II case decision
-The status of Privacy Shield and next steps
-European Commission adequacy re-assessment
-EDPB Guidelines on Consent and the revised IAB Framework updates
Brexit Data Protection Update: The EU, US and UK PerspectiveTrustArc
On 31 January 2020, the United Kingdom left the European Union. For the first time since its creation, a member state has decided to leave the common market, and for now, it is uncertain what the future holds for current privacy legislation. The new relationship between the UK and the EU will be negotiated in the course of this year, with the agreed transition period ending on 31 December. During this period, GDPR will apply as if nothing has changed. But what will happen after?
This webinar will discuss the following topics:
-What does Brexit mean from a data protection perspective?
-What does it mean for the UK itself and for the position of the Information Commissioner’s Office?
-What will be the impact of Brexit for data flows to and from the remaining 27 EU Member States and the countries of the European Economic Area?
-And will there be any impact on the UK-US data flows?
EMEA Quarterly Update: GDPR Two Years LaterTrustArc
Before 25 May, 2020, the European Commission will present the first official evaluation of the GDPR, two years after the entry into application of the new regulation. The European Data Protection Board has given their view, as have the EU Member States. During this webinar, we will discuss the first lessons learned from the GDPR, including from the private sector.
In addition, as is custom during the quarterly updates, we will provide you with an overview of the new guidelines from the European Data Protection Board and enforcement action from the various supervisory authorities. In addition, we will take a look beyond the European Union’s borders at what is happening in the Middle East and Africa.
This webinar will review:
- The lessons learned in the first two years the GDPR has been in effect;
- The guidelines of the European Data Protection Board;
- The enforcement of the GDPR at national and European level;
- Data protection developments in Africa and the Middle East;
- How TrustArc can support you stay up-to-date on data protection and privacy compliance in the EMEA region.
OSDC 2012 | Data Protection, Software Licences and other Legal Issues in the ...NETWAYS
Cloud computing and data protection are a bad match at first sight: On the one hand distributed data storage in an unknown IT infrastructure and on the other hand the requirement of a controlled data processing in a known environment. Add web services and you have issues regarding (software) licensing as well.
The talk will give an overview of legal hurdles that are to be overcome in Germany when dealing with cloud computing.
How To Do Data Transfers Between EU-US in 2023TrustArc
Since March 2022, businesses in the EU and U.S. have been waiting for an adequacy decision on the revamped Privacy Shield data transfer agreement, the U.S.-EU Data Transfer Framework Executive Order. The agreement would allow Europeans’ data to flow to the U.S. once again, after a long two years since Schrems II overturned Privacy Shield.
Yet the European Data Protection Board (EDPB) and European Parliament announced that the U.S.-EU Data Transfer Framework Executive Order is insufficient and does not provide adequate safeguards in March 2023.
What does this mean for businesses that have been in cross-border data transfer limbo since Schrems II? Is it possible to do data transfers between the EU and the US?
This webinar reviews:
- Where does the EU-U.S. Data Transfer Framework stand today?
- What adequate safeguards are currently missing from the framework in the eyes of the EDPB and European Parliament?
- How SCCs can be used for cross-border data transfers
- Risk mitigation for international data transfers
This webinar delivers an overview of:
- The GDPR and what it means for Cloud service providers
- The technical and organisational measures applicable to Cloud service providers
- The policies and procedures required by the GDPR
- The 'privacy by design' and 'privacy by default' requirements
- The rights of data subjects
- Breach notification obligations
- The impact of subcontracting on Cloud service providers
- ISO 27018 and implementing security controls for personally identifiable information in the Cloud.
A recording of this webinar is available here:
https://www.youtube.com/watch?v=8i7adBubDzw
A presentation given at the legal hackers meetup of 19 June 2018 on common issues with controller-to-processor agreements aka "data processor agreement" (DPA). We revisit the distinction controller v processor. We then look at the directly applicable duties for processors, which do not need to be inserted in a contract. Finally we look at the different mandatory and "forgotten" components of the agreement.
Presentation on the Controller-to-Processor agreements under GDPR, with a main focus on article 28 GDPR and some reference to the standard contractual clauses for Controller-to-Processor agreements as established in 2010 (which are soon to be adapted).
On January 1 2021, the UK formally and effectively left the European Union. As a result, the EU GDPR no longer applies in the UK. Currently, the UK DPA 2018 sets out the data protection framework in the UK.
Are you UK-DPA compliant? What are some of the expected data protection reforms from UK authorities?
Join our panel in this webinar as we explore the current rules on transfers of personal data between the UK and the EU and how your company can comply.
This webinar will review:
- What the Brexit changes in terms of data privacy
- The main differences between the UK-DPA and the EU-GDPR
- How to become compliant in both the EU and the UK
WIth the go-live date of MiFID II just around the corner, I take the liberty to offer you an overview of regulations coming in the next period and which should have your focus.
Also, I take the opportunity to wish you all a Happy, Successful and Healthy 2018!
The enclosed presentation covers a number of the most important regulatory topics to hit the financial markets as of 2018.
EU General Data Protection: Implications for Smart Meteringnuances
This presentation provides the reader with an insight into the politics of EU Data protection as well as an overview of the key stakeholders. We focus on the implication for the smart metering industry.
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
Similar to International Data Transfer Update (20)
TrustArc Webinar - Unified Trust Center for Privacy, Security, Compliance, an...TrustArc
In today's digital world, trust is key to customer relationships, but keeping it is a huge challenge. Customers are well-informed and empowered, quick to change brands if their trust is broken, even if it costs them more. This puts a lot of pressure on organizations to handle trust and safety issues with great care and transparency.
The challenge, however, is real. Fragmented solutions have left privacy, legal, and security teams in a perpetual cycle of catch-up, struggling to update privacy notices, manage customer data rights, and answer lengthy security questionnaires—all while trying to prove ROI to the business. It's a thankless job, filled with repetition, tedious tasks, and constant interdepartmental coordination. Combine this with fast regulatory changes and the quick evolution of AI, and it becomes overwhelming.
Join this webinar to learn more about TrustArc's new innovative solution Trust Center, the only unified, no-code online hub for trust and safety information built for privacy, security, compliance, and legal teams. Trust Center streamlines your path to compliance, shortens the pre-sales cycle, and reduces both legal and regulatory risks, saving time, effort, and cost.
This webinar will review:
- Why companies are building unified Trust Centers for a robust privacy program.
- How unified Trust Centers streamline sales cycles, ensure regulatory compliance, and reduce operational bottlenecks.
- How compliance, legal, security, GRC, and privacy teams benefit from a unified Trust Center in terms of needs, pains, and outcomes.
- How TrustArc Trust Center saves time and work while reducing legal, reputational, and compliance risk by effectively managing policies, notices, terms, and disclosures, and providing real-time updates on subprocessors.
TrustArc Webinar - Unlock the Power of AI-Driven Data DiscoveryTrustArc
Effective data discovery is crucial for maintaining compliance and mitigating risks in today's rapidly evolving privacy landscape. However, traditional manual approaches often struggle to keep pace with the growing volume and complexity of data.
Join us for an insightful webinar where industry leaders from TrustArc and Privya will share their expertise on leveraging AI-powered solutions to revolutionize data discovery.
You'll learn how to:
- Effortlessly maintain a comprehensive, up-to-date data inventory
- Harness code scanning insights to gain complete visibility into data flows leveraging the advantages of code scanning over DB scanning
- Simplify compliance by leveraging Privya's integration with TrustArc
- Implement proven strategies to mitigate third-party risks
Our panel of experts will discuss real-world case studies and share practical strategies for overcoming common data discovery challenges. They'll also explore the latest trends and innovations in AI-driven data management, and how these technologies can help organizations stay ahead of the curve in an ever-changing privacy landscape.
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
As privacy and data protection regulations evolve rapidly, organizations operating in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in multiple states this year, it is essential to understand what their unique data protection regulations will require clearly.
How will data privacy evolve in the US in 2024? How to stay compliant?
Our panellists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements.
This webinar will review:
- The essential aspects of each state's privacy landscape and the latest updates
- Common compliance challenges faced by organizations operating in multiple states and best practices to achieve regulatory adherence
- Valuable insights into potential changes to existing regulations and prepare your organization for the evolving landscape
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
Want to win over both existing and potential customers? Show them you value their privacy rights. And make opting in or out of targeted services and marketing a breeze. Businesses build trust by giving consumers control over their personal information. When you prioritize privacy, everyone wins!
How to accelerate the setup and management of complex cookie activities while ensuring compliance with privacy laws in all countries you operate in? How to use consumer trust as a competitive advantage?
In this webinar, you will learn:
- How to solve the challenge of identifying customers and respecting their choices across devices and browsers
- How to ensure a frictionless consent choice experience for your customers
- How to manage different and evolving cookie requirements and always stay compliant with data privacy laws
- What is Trustworthy AI and why it is important
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
Google announced it will phase out the use of third-party cookies on Chrome in 2024. Since Chrome has a market share of 65% of browser users, this practice will affect most businesses and cookie marketing.
As a marketer, how can you adapt to this significant change? How will you need to change your practices in the way you do business online in order to reach your target audience and drive revenue success?
In this webinar, you will learn how to prepare your organization for Google’s third-party phase-out and ensure marketing success.
This webinar will review:
- What to keep in mind about the latest cookie phase-out and what is coming
- What you need to know about the laws and regulations around cookies
- How to explore new privacy-friendly approaches to engage with your audience
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
There’s no question the AI wave is here to stay. Regulators, organizations and consumers are all dealing with the acceleration of AI adoption in different ways.
Regulators are rushing to create and pass standards and laws like the EU AI Act, NIST AI RMP and OECD AI Principles to guide how organizations can and should adopt transparent, accountable AI practices to protect consumer privacy. For consumers, despite acknowledgement around the increasing value of AI, 60% of consumers say they have lost trust in how AI is used by organizations. And organization are left in the middle trying to keep up with regulations, drive AI adoption in their business process and products, and maintain consumer trust.
Introducing two innovative solutions designed to help organizations navigate the shifting AI landscape:
- TRUSTe Responsible AI Certification - The first AI certification designed for data protection and privacy. Crafted by a team with 10,000+ privacy certifications issued, this framework integrated industry standards and emerging laws for responsible AI governance.
- NymityAI - Your personalized privacy legal navigator to help you learn the law faster and easier - with confidence.
Join us on this webinar to learn how to establish responsible AI governance and instill trust in your partners, consumers, and customers around AI use and privacy data protection.
This webinar will review:
- How TRUSTe’s Responsible AI Certification will help you demonstrate accountable AI data governance that is fair, transparent and secure
- How to save time and work smarter in understanding regulatory obligations, including AI
- How to operationalize and deploy AI governance best practices in your organization
Unlock the definitive guide to managing your online tracking technology vendors effectively. This webinar delves into a comprehensive and actionable set of best practices that every organization needs. From meticulous website scans to in-depth contract reviews, from precise consent categorization to harmonizing diverse frameworks, our checklist ensures you cover all the crucial touchpoints. Equip yourself with this essential framework and confidently navigate the complex landscape of online tracking compliance, using our step-by-step roadmap as your trusted reference.
Join our panel of experts in the webinar as they equip you with the knowledge and strategies for navigating vendor relationships under CPRA.
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
In a healthcare landscape where data flows are constant, and patient trust is paramount, it’s critical to understand and implement adequate data security and privacy practices. Start navigating the importance of privacy in healthcare for 2023 and beyond. Remembering that privacy is more than just checking a box is essential.
To better understand how to measure privacy in a healthcare setting correctly, healthcare leaders must understand how to grow and maintain privacy programs effectively and have insights into their privacy methods.
Whether you are wondering what data privacy is or already know, this webinar will help you better understand the importance of privacy in protecting you and your clients.
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
Artificial Intelligence (AI) has emerged as a transformative force in various industries, from healthcare to finance and beyond. While AI offers incredible opportunities, it also raises ethical, legal, and social challenges that must be addressed. To navigate this complex landscape in the world of privacy, it is crucial to conduct comprehensive Privacy Impact Assessments (PIAs).
Conducting PIAs in this dynamic and evolving world of AI has brought new challenges to the privacy world. With AI increasingly being integrated into different areas of our lives, understanding the intersection between AI and PIAs is essential for any organization to ensure they are privacy forward.
Take advantage of this opportunity to gain a comprehensive understanding of AI impact assessments and their role in shaping the future of AI. In this insightful webinar, our experts will explore the power of Privacy Impact Assessments (PIAs) in ensuring responsible AI development and deployment.
In this webinar, some key topics that will be covered include:
- Introduction to AI PIAs
- PIAs demystified (why they are essential in the context of AI)
- Explore the evolving legal and regulatory landscape governing AI and privacy, including GDPR, CCPA, and other international standards
- Best practices for conducting effective PIAs in AI projects
- Future outlooks for AI and PIAs
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
Organizations rely heavily on third-party vendors and partners to enhance operational efficiency and deliver innovative solutions in today's interconnected digital landscape. However, this increased reliance on third parties also introduces a complex web of security and privacy risks that can have far-reaching consequences for organizations' data, reputation, and compliance.
Join us for an insightful and informative webinar as we delve into mitigating third-party risks. This webinar will provide essential strategies and best practices to ensure robust security and privacy measures when collaborating with external entities.
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
As privacy and data protection regulations evolve rapidly, organizations opera
ting in multiple jurisdictions face mounting challenges to ensure compliance and safeguard customer data. With state-specific privacy laws coming up in Iowa, Indiana, Montana, Tennessee, Texas, Florida, and Oregon, it is essential to understand what their unique data protection regulations will require clearly.
Discover how to stay compliant and safeguard customer data as our panelists decode state-specific privacy laws, share best practices, and discuss data security risk management. Prepare your organization for the future with insights into emerging trends.
Our panelists will guide you through the intricacies of these states' specific data privacy laws, clarifying complex legal frameworks and compliance requirements.
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
Just over a year ago, on 21 April 2022, seven economies, including Canada, Japan, the Republic of Korea, the Philippines, Singapore, Taiwan, and the USA, announced the launch of the Global CBPR Forum. Since then, Australia and Mexico have joined the Forum, marking a significant stride towards a global approach to data privacy cooperation.
In this highly anticipated webinar, we explore the background, the future direction, and assess the potential business case for companies considering certification under the new Global CBPR System. As an Associate Member of the Forum, the UK has demonstrated a keen interest in joining this innovative system, making it the first country outside the APEC region to express such intent.
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
Hooray! The long-awaited EU-U.S. and Swiss-U.S. Data Privacy Frameworks are officially adequate! Now what?
Well, now the real work begins for companies who want to join (or re-join!) into one of the premier international privacy standards. As the White House shared, transatlantic data flows are critical to enabling the $7.1 trillion EU-U.S. economic relationship. With the EU-US Data Privacy Framework in effect, businesses will have the ability to transfer personal data from the EU to the U.S. in compliance with GDPR and EU law.
Join our panel of experts for an interactive discussion about all things DPF. Be sure to bring your questions to the session because we will be ready to answer them!
We'll answer these questions and more:
- Why is the EU-US DPF important to the international community and businesses?
- What are the benefits of DPF verification?
- How do I get started with DPF?
- How can I get verified or certified quickly?
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
Back in 2020, GPC was introduced in the CCPA as a way to help keep consumer information safe by allowing users to opt-out with a single click rather than manually selecting each opt-out. However, the recent CCPA regulations create greater obligations for certain companies, specifically those that can identify known users and those that provide loyalty programs. Being unprepared for the new Global Privacy Control (GPC) obligations under the CPRA can open your company to risk.
Prepare your business for compliance with GPC and other browser signals.
Join the TrustArc privacy experts to learn:
- What is GPC & why is it important
- How does GPC impact your business and your customers under the new CCPA regulations?
- How to operationalize GPC requirements using software for your business
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
Privacy Enhancing Technologies (PETs) comprise a range of tools that mitigate the risks associated with the collection of data. These technologies offer various functionalities, which help uphold data governance choices, foster data collaboration, and enhance accountability.
As privacy regulations continue to evolve, organizations are increasingly turning to Privacy Enhancing Technologies (PETs) to protect personal data while enabling data-driven business decisions. In this webinar, we will explore the benefits of PETs, how they are used, and why they are critical for enhancing privacy.
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
As privacy concerns continue to grow, businesses are under increased pressure to demonstrate their commitment to protecting personal data. Privacy certifications are emerging as a way for organizations to demonstrate they are taking privacy seriously and following best practices.
Whether you are a small business or a large corporation, understanding the value of privacy certifications and how they can help you demonstrate your commitment to protecting personal data is important.
Learn the importance of how privacy certifications can unlock business value and help you stay ahead of the competition in today's privacy-conscious landscape.
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
The California Age-Appropriate Design Code Act (CAADCA) was signed into law by Governor Gavin Newsom in September 2022. Starting on July 1, 2024, the bill will mandate businesses providing online services or features that are "likely to be accessed by children" take certain measures, such as conducting a data protection impact assessment.
In this webinar, experts explore the intersection between CAADCA and existing children's privacy laws, and provide guidance on how companies, especially those in the gaming and child data handling app industries, can achieve compliance well in advance of the effective date.
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
Discover how organizational priorities and strategic approaches to data security and privacy are developing across the globe. Gain a deeper understanding of how your organization's privacy program compares to those of your peers and learn about the emerging trends that will shape the future of privacy.
Hear insights from more than 1,500 global privacy professionals and business executives. Our 4th Annual Global Privacy Benchmarks Survey presents a comprehensive analysis of the progress made by privacy programs in the past year, the expansion of privacy teams, and the most pressing privacy challenges faced by organizations.
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
Artificial Intelligence (AI) is increasingly being used to make decisions that impact individuals and society as a whole. As the use of AI continues to grow, there is a need to establish guidelines and regulations to ensure that it is being used responsibly and ethically.
In October 2022, the White House Office of Science and Technology Policy (OSTP) published a Blueprint for an AI Bill of Rights (“Blueprint”), which shared a nonbinding roadmap for the responsible use of artificial intelligence (AI). In this webinar, we will examine the key principles that underpin the bill, such as transparency, accountability, and fairness, and discuss how they can help ensure that the use of AI aligns with the values and rights of individuals.
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
It’s no secret that consumers are more skeptical than ever before of how organizations are using their personal data, thanks in large part of high-profile data breaches and growing awareness of just how much information exists about us online. Over the past few years, we’ve watched privacy regulators attempt to protect consumer rights by creating laws like GDPR, CCPA and LGPD aimed at corraling how organizations deal with customer data.
Undoubtedly, most customers are more likely to be loyal to a company they trust. They are also more likely to purchase additional products and services and recommend a company they trust.
Join the TrustArc experts on this webinar as they explore how to build consumer trust and loyalty by delivering a compliant digital experience to meet the ever-evolving regulatory requirements surrounding consumer rights.
Generating a custom Ruby SDK for your web service or Rails API using Smithyg2nightmarescribd
Have you ever wanted a Ruby client API to communicate with your web service? Smithy is a protocol-agnostic language for defining services and SDKs. Smithy Ruby is an implementation of Smithy that generates a Ruby SDK using a Smithy model. In this talk, we will explore Smithy and Smithy Ruby to learn how to generate custom feature-rich SDKs that can communicate with any web service, such as a Rails JSON API.
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
Software Delivery At the Speed of AI: Inflectra Invests In AI-Powered QualityInflectra
In this insightful webinar, Inflectra explores how artificial intelligence (AI) is transforming software development and testing. Discover how AI-powered tools are revolutionizing every stage of the software development lifecycle (SDLC), from design and prototyping to testing, deployment, and monitoring.
Learn about:
• The Future of Testing: How AI is shifting testing towards verification, analysis, and higher-level skills, while reducing repetitive tasks.
• Test Automation: How AI-powered test case generation, optimization, and self-healing tests are making testing more efficient and effective.
• Visual Testing: Explore the emerging capabilities of AI in visual testing and how it's set to revolutionize UI verification.
• Inflectra's AI Solutions: See demonstrations of Inflectra's cutting-edge AI tools like the ChatGPT plugin and Azure Open AI platform, designed to streamline your testing process.
Whether you're a developer, tester, or QA professional, this webinar will give you valuable insights into how AI is shaping the future of software delivery.
Key Trends Shaping the Future of Infrastructure.pdfCheryl Hung
Keynote at DIGIT West Expo, Glasgow on 29 May 2024.
Cheryl Hung, ochery.com
Sr Director, Infrastructure Ecosystem, Arm.
The key trends across hardware, cloud and open-source; exploring how these areas are likely to mature and develop over the short and long-term, and then considering how organisations can position themselves to adapt and thrive.
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
Epistemic Interaction - tuning interfaces to provide information for AI supportAlan Dix
Paper presented at SYNERGY workshop at AVI 2024, Genoa, Italy. 3rd June 2024
https://alandix.com/academic/papers/synergy2024-epistemic/
As machine learning integrates deeper into human-computer interactions, the concept of epistemic interaction emerges, aiming to refine these interactions to enhance system adaptability. This approach encourages minor, intentional adjustments in user behaviour to enrich the data available for system learning. This paper introduces epistemic interaction within the context of human-system communication, illustrating how deliberate interaction design can improve system understanding and adaptation. Through concrete examples, we demonstrate the potential of epistemic interaction to significantly advance human-computer interaction by leveraging intuitive human communication strategies to inform system design and functionality, offering a novel pathway for enriching user-system engagements.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Essentials of Automations: Optimizing FME Workflows with ParametersSafe Software
Are you looking to streamline your workflows and boost your projects’ efficiency? Do you find yourself searching for ways to add flexibility and control over your FME workflows? If so, you’re in the right place.
Join us for an insightful dive into the world of FME parameters, a critical element in optimizing workflow efficiency. This webinar marks the beginning of our three-part “Essentials of Automation” series. This first webinar is designed to equip you with the knowledge and skills to utilize parameters effectively: enhancing the flexibility, maintainability, and user control of your FME projects.
Here’s what you’ll gain:
- Essentials of FME Parameters: Understand the pivotal role of parameters, including Reader/Writer, Transformer, User, and FME Flow categories. Discover how they are the key to unlocking automation and optimization within your workflows.
- Practical Applications in FME Form: Delve into key user parameter types including choice, connections, and file URLs. Allow users to control how a workflow runs, making your workflows more reusable. Learn to import values and deliver the best user experience for your workflows while enhancing accuracy.
- Optimization Strategies in FME Flow: Explore the creation and strategic deployment of parameters in FME Flow, including the use of deployment and geometry parameters, to maximize workflow efficiency.
- Pro Tips for Success: Gain insights on parameterizing connections and leveraging new features like Conditional Visibility for clarity and simplicity.
We’ll wrap up with a glimpse into future webinars, followed by a Q&A session to address your specific questions surrounding this topic.
Don’t miss this opportunity to elevate your FME expertise and drive your projects to new heights of efficiency.
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...DanBrown980551
Do you want to learn how to model and simulate an electrical network from scratch in under an hour?
Then welcome to this PowSyBl workshop, hosted by Rte, the French Transmission System Operator (TSO)!
During the webinar, you will discover the PowSyBl ecosystem as well as handle and study an electrical network through an interactive Python notebook.
PowSyBl is an open source project hosted by LF Energy, which offers a comprehensive set of features for electrical grid modelling and simulation. Among other advanced features, PowSyBl provides:
- A fully editable and extendable library for grid component modelling;
- Visualization tools to display your network;
- Grid simulation tools, such as power flows, security analyses (with or without remedial actions) and sensitivity analyses;
The framework is mostly written in Java, with a Python binding so that Python developers can access PowSyBl functionalities as well.
What you will learn during the webinar:
- For beginners: discover PowSyBl's functionalities through a quick general presentation and the notebook, without needing any expert coding skills;
- For advanced developers: master the skills to efficiently apply PowSyBl functionalities to your real-world scenarios.
UiPath Test Automation using UiPath Test Suite series, part 4DianaGray10
Welcome to UiPath Test Automation using UiPath Test Suite series part 4. In this session, we will cover Test Manager overview along with SAP heatmap.
The UiPath Test Manager overview with SAP heatmap webinar offers a concise yet comprehensive exploration of the role of a Test Manager within SAP environments, coupled with the utilization of heatmaps for effective testing strategies.
Participants will gain insights into the responsibilities, challenges, and best practices associated with test management in SAP projects. Additionally, the webinar delves into the significance of heatmaps as a visual aid for identifying testing priorities, areas of risk, and resource allocation within SAP landscapes. Through this session, attendees can expect to enhance their understanding of test management principles while learning practical approaches to optimize testing processes in SAP environments using heatmap visualization techniques
What will you get from this session?
1. Insights into SAP testing best practices
2. Heatmap utilization for testing
3. Optimization of testing processes
4. Demo
Topics covered:
Execution from the test manager
Orchestrator execution result
Defect reporting
SAP heatmap example with demo
Speaker:
Deepak Rai, Automation Practice Lead, Boundaryless Group and UiPath MVP
2. 2
2
Thank You for Joining “International Data Transfer Update”
● We will be starting a couple minutes after the hour
● This webinar will be recorded and the recording and slides sent out later today
● Please use the GoToWebinar control panel on the right hand side to submit any
questions for the speakers
4. 4
4
Agenda
● EU Data Transfer Enforcement Update
● EU Standard Contractual Clauses and Transfer Risk Assessment (reminder)
● UK International Data Transfer Agreements and Transfer Risk Assessment
● Other International Data Transfer Mechanisms
● Q&A
6. 6
6
EU Data Transfer Enforcement Update
● The operator transferred over 12.5 million images of license plate data to a data processor with employees in
China without having a data processing agreement in place, a basis for transferring the personal data to a
country without adequate protection (no exceptions applied to the processing), or conducting a risk assessment
to determine the risk of processing or whether further security measures are warranted
● The Norwegian DPA announced the intention to fine the company 5 mln NOK (~ €500.000) A final decision will
be made following the submission of further comments by the operator.
● Aggravating factors:
○ the volume of processing;
○ the violations constitute a breach of the basic requirements of the GDPR;
○ the duration of the infringement; and
○ negligence to transfer personal data without a processing agreement or basis for transfer to China
Norway Toll Road Operator
7. 7
7
EU Data Transfer Enforcement Update
● The Hamburg DPA issued an official warning to the Office of the Senate (Senatskanzlei) for using an on-demand
option in online communication platform Zoom, possibly for webinars or other online meetings with postponed
viewing options. Only press release available.
● The investigation showed that the Hamburg authorities have not met the threshold for EU-U.S. data transfers as
explained in the recent EDPB guidance. The DPA also criticizes the lack of cooperation of the authorities with the
investigation.
● “A data transfer to the U.S. is only possible under very strict conditions, that are not met by the planned use of
Zoom by the Hamburg authorities. The personal data of Senate staff and external partners would risk to be
subject to unwarranted government surveillance in the US, against which no redress mechanisms exist”.
● Consent or other exemptions ruled out as valid option for transfer in this situation.
● Very strict interpretation of the guidance by the Hamburg DPA.
Use of Zoom by Hamburg Public Authorities
8. 8
8
Post Schrems-II Enforcement
● DPAs focus so far on data transfers to the United States and China based on SCCs. The
main checks seem to be:
○ What kind of personal data is transferred to a third country, with a focus on
special categories of personal data;
○ If a data transfer risk assessment has been completed; and
○ If, when using a contractual safeguard, supplementary measures have been
considered and put in place.
● Other forms of enforcement action cannot be ruled
out. Investigations may be ongoing without having
been announced.
Observations on Enforcement to Date
10. 10
10
EU SCCs and Transfer Risk Assessment
Section I
● Clause 1 - Purpose and scope
● Clause 2 – Effect and invariability of the Clauses
● Clause 3 – Third-party beneficiaries
● Clause 4 - Interpretation
● Clause 5 - Hierarchy
● Clause 6 - Description of the Transfer
● Clause 7 - Docking Clause
Section II - Obligations of the Parties
● Clause 8 - Data Protection Safeguards
○ Module 1: C-C
○ Module 2: C-P
○ Module 3: P-P
○ Module 4: P-C
● Clause 9 – Use of sub-processors
● Clause 10 – Data subject rights
● Clause 11 – Redress
● Clause 12 - Liability
● Clause 13 - Supervision
11. 11
11
EU SCCs and Transfer Risk Assessment
Section III – Local laws and obligations in case of access
by public authorities
● Clause 14 - Local Laws Affecting Compliance
with the Clauses
● Clause 15 – Obligations of the importer in case of
access by public authorities
Section IV - Final Provisions
● Clause 16 - Non-compliance
● Clause 17 - Governing Law
● Clause 18 - Choice of Forum and Jurisdiction
●
Appendix
Annex I
A. List of Parties
B. Description of Transfer
C. Competent Supervisory Authority
Annex II - Technical and Organisational Measures
Annex III - List of Sub-processors
12. 12
12
EU SCCs and Transfer Risk Assessment
Scope of application
Art. 3(2) GDPR applicable
Offering goods/services
Monitoring behaviour
↓
Full GDPR applies
(Includes art. 32 - Security)
Art. 3(2) GDPR applicable
Offering goods/services
Monitoring behaviour
↓
No transfer options but
adequacy
No direct GDPR application
↓
Chapter V GDPR applies
Transfer Mechanism needed
(§7) The standard contractual clauses may be used for such transfers only to the extent that the
processing by the importer does not fall within the scope of [the GDPR]. This also includes the
transfer of personal data by a controller or processor not established in the Union, to the extent that
the processing is subject to [the GDPR] (pursuant to Article 3(2) thereof), because it relates to the
offering of goods or services to data subjects in the Union or the monitoring of their behaviour as far as
it takes place within the Union.
13. 13
13
EU SCCs and Transfer Risk Assessment
27 June 2021
The new SCCs entered into
force and can be used
Until 27 September 2021
The old SCCs may still be
used in new contracts
27 December 2022
The old SCCs will lose their
validity - contracts need
to be updated.
14. 14
14
EU SCCs and Transfer Risk Assessment
Know your transfers
Reassess all data processing
operations on a
case-by-case basis
Identify the transfer tools
you are relying on
“Appropriate Safeguards”?
Assess which instrument is
most effective in light of all
circumstances of the
transfer
1 2 3
Adopt Supplementary
Measures
Obtain DPA Approval
If the transfer mechanism
requires you to do so
BCRs, ad hoc clauses, etc.
Review and Update
Like all accountability
measures, regular reviews
and updates are needed
4 5 6
Assess the legislation in, and international commitments of, the third country where the data are flowing to
18. 18
18
UK IDTA and Transfer Risk Assessment
Part I - Tables
● Table 1: Parties and signatures
● Table 2: Transfer Details
○ Governing law
○ Controller/Processor
○ Linked Agreement(s)
○ Onward Transfer Allowance
● Table 3: Transferred Data
● Table 4: Security Requirements
Part II - Extra Protection Clauses
● Technical Security Protections
● Organisational Protections
● Contractual Protections
Part III - Commercial Clauses
● Optional
Part IV - Mandatory Clauses
● Appropriate Safeguards
● Mandatory Review (at least annual)
● Exporter and Importer Obligations
● Onward Transfers
● Individual Rights
● Third Party Access (Government Access)
● Data Breaches
● Oversight & Redress
● Glossary
ICO Consultation
19. 19
19
UK IDTA and Transfer Risk Assessment
ICO Consultation
Assessing the Transfer
Is there a restricted transfer
that is not of high risk to
individuals?
Can the IDTA likely
be enforced?
If not, can additional
safeguards help?
Appropriate Protection
from 3rd Party Access?
Transfer can continue if no
or low risk of harm to
individuals.
1 2 3
The UK Transfer Risk Assessment Tool
To be used for routine transfers only. More complex
transfers require a more detailed risk assessment
Restricted Transfer: only when the UK GDPR applies to a
processing operation, and data is sent to, or accessed from,
a non-adequate country, and the importer is a separate
company or individual. A UK processor sending data back to
a non-UK controller is NOT a restricted transfer.
Low Risk of Harm: there is more than a minimal risk of the
relevant event occurring which may infringe data subject
rights and even if that relevant event does happen, the
impact on data subjects would not cause them significant
harm.
20. 20
20
UK IDTA and Transfer Risk Assessment
● ICO considering to also allow for Addenda to other approved model data transfer agreements as
“appropriate safeguard” under art. 46 UK GDPR.
○ European Union (SCCs)
○ New Zealand
○ ASEAN (Association of Southeast Asian Nations)
● Draft Addendum for use with EU SCCs part of the consultation process
○ Language of the EU SCCs is “deemed to be amended to the extent necessary” to meet the UK
requirements.
■ E.g. references to the EU are changed to the UK
○ Not required for EU-UK data transfers (because of adequacy)
● Helpful option (?) for contracts dealing with multiple global jurisdictions.
ICO Consultation
Consultation until 7 October 2021, 5pm BST
22. 22
22
Other International Data Transfer Mechanisms
● Abu Dhabi Global Market Office of Data Protection adopted SCCs on 11 August 2021
○ Based on the ADGM 2021 Data Protection Regulations
○ Align closely with recently updated EU SCCs
○ Contracts need to be updated by 14 February 2022
● Other jurisdictions which have model clauses in force include:
○ New Zealand
○ Dubai International Financial Market
○ ASEAN
● Over 100 countries have data transfer restrictions in place, but not all have (yet) developed model
clauses.
24. 24
24
Thank You!
See http://www.trustarc.com/insightseries for the
2021 Privacy Insight Series and past webinar
recordings.
If you would like to learn more about how TrustArc can support you with
compliance, please reach out to sales@trustarc.com for a free demo.