Presentation is loading. Please wait.

Presentation is loading. Please wait.

Personal Data Protection (EU) Regulation (EU) 2016/679

Similar presentations


Presentation on theme: "Personal Data Protection (EU) Regulation (EU) 2016/679"— Presentation transcript:

1 PERSONAL DATA PROTECTION (EU) Regulation (EU) 2016/679 of April 2016 Publication date: February 06, 2017 ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

2 Overview Repeals Directive 95/46/EC Passed in April 2016 To be adopted by May 2018 Protection of data of natural persons is a fundamental human right Free movement of personal data within the EU not restricted Includes ‘data concerning health’ Conditions of consent Processing of special categories of personal data severely restricted Right to access, rectification and erasure Obligations of controllers and processors Security of personal data Member states shall incorporate specifics in national law ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

3 INTENT Regulation (EU) 2016/679 of April 2016 ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/ This Regulation is intended to contribute to the accomplishment of an area of freedom, security and justice and of an economic union, to economic and social progress, to the strengthening and the convergence of the economies within the internal market, and to the well-being of natural persons.

4 The Treaty on the functioning of the European Union ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

5 Right to the protection of personal data All natural persons regardless nationality or residence Not an absolute right but balanced against other rights Substantial increase in cross-border flow of personal data Public and private actors & national authorities Technological developments Globalization Disclosures made through social networks Differences in data protection hinder business Coherent data protection & enforcement required for digital society and economy to thrive ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

6 Definition Rights of natural persons that are protected Legal persons not affected Powers for monitoring and ensuring compliance, incl. sanctions Purpose Legal certainty and transparency for economic subjects Same level of enforceable rights for all natural persons in the EU Effective cooperation between supervisory authorities Provisions for small business (<250 employees) National security, common foreign/security policy matters excluded Principle of technological neutrality for data processing to cover both automated and manual systems ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

7 Exemptions Purely personal or household activity Correspondence Holding of addresses Social networking NOT Controllers of household activities NOT Courts and judicial authorities EXEMPT Anonymous information Deceased persons ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

8 Applicability Controller Processor Intermediary Commercial Diplomatic Processing of personal data of EU natural persons Regardless of whether the processing itself takes place within the EU Regardless place of establishment of the controller / processor / intermediary Effective and real exercise of activity through stable arrangements. Customers’ data (incl. marketing) Intention to offer goods or services to data subjects in the EU: Accessibility of website in the EU Email address/contact details, Language and/or currency Possibility of ordering goods and services Mentioning of customers or users who are in the EU Monitoring of EU data subjects on EU territory Tracking persons online and their profiling, Analysis/prediction of personal preferences, behaviors and attitudes. Diplomatic mission or consular posts of Member States ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

9 National authorities Tax and customs authorities Financial investigation units Independent administrative authorities Financial market authorities (securities markets) Requests for disclosure in writing, reasoned and limited Purpose of data processing Compliance Public interest Exercise of official authority Specific situations clearly defined ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

10 Health data (33) Scientific research (34) Genetic data (35) Health data Data subjects should be allowed to give consent to certain areas of scientific research or its parts in compliance with ethical standards Genetic data should be defined as personal data: analysis of a biological sample (chromosomal, DNA or RNA analysis) Personal data concerning health: Health status of a data subject (past, current or future) Physical or mental health status Information collected for registration or provision of health care services Unique identifiers for health purposes Information derived from medical and laboratory tests or examinations Information on disease, disability, disease risk, medical history, clinical treatment or the physiological or biomedical state ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

11 Applicability Identifiable live persons Declare risks, rules, rights Define safeguards Legitimate purpose Limited time Accuracy / Correction Security Confidentiality Processing of personal data Declare: risks, rules, safeguards and rights and how to exercise their rights. Purpose: explicit, legitimate and declared, cannot be fulfilled by other means Storage: limited to a strict minimum, time limits for erasure / periodic review. Corrections: Inaccurate personal data should be rectified or deleted Security and confidentiality Children: specific protection for marketing or creating profiles Identified or identifiable natural persons Including pseudonyms, if attributable Direct and indirect identification Costs of identification/attribution Technological: device identifiers, IP addresses, cookies, RFI tags If a person cannot be identified, the controller has no obligation to follow-up Pseudonymization during processing recommended to reduce risks ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

12 Lawful Processing Lawful | Fair | Transparent Consent In the context of entering into contract Compliance with legal obligation Public interest (public health) Exercise of official authority (specifics defined in national law) Essential for the life of the data subject or that of another natural person. Vital interest of another natural person (if there is no other legal basis). Humanitarian purposes, epidemics, emergencies, disasters Legitimate interests of a controller based on relationship with data subject Group of undertakings: transmitting data for internal administrative purposes Extent strictly necessary and proportionate Transparency: concise, accessible, easy to understand ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

13 Information Security Availability Authenticity Integrity Confidentiality Ensuring network and information security Resilience of a network or an information system At a given level of confidence Resist accidental events and/or unlawful or malicious actions Data and information security Both stored and transmitted personal data Security of the related services offered via those networks Legitimate interests: public authorities, CERTs, CSIRTs, by carriers, providers of security technologies and services Preventing unauthorized access to networks, malicious code distribution and stopping ‘denial of service’ attacks and damage to computers and networks. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

14 Controller CONTROLLER Organization: the main establishment of the processor should be its central administration A group of undertakings should cover a controlling and controlled undertakings Erasure: all controllers who made the data public Controllers shall erase any links, copies or replications of personal data Methods: restriction of public access to such data NOT: controllers in the exercise of their public duties Data subject shall receive data in a structured format Portability: right to have personal data transmitted directly from one controller to another. DATA SUBJECT Right to object to the processing of any personal data Direct marketing: the right to opt out, free of charge Request, Access, Rectify and Erase data about self Right to be informed of profiling and its consequence Informed of disclosure to third parties Where the controller processes a large quantity of information about the subject, the request for disclosure needs to be specific Controller should take reasonable measures to identify the requestor Controller has to demonstrate that its compelling legitimate interest overrides the interests or the data subject. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

15 Non-original Purpose The processing of personal data for purposes other than those for which they were originally collected should be allowed only if Such processing is compatible with the original purposes Data subject has given consent Serves important objectives of general public interest Transmission of susp. criminal acts or threats to public security to law enforcement Legal, professional or other binding obligation of secrecy applies. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

16 The right to be forgotten ERASURE Right to have own personal data rectified Infringement of this regulation Personal data no longer necessary for purposes for which they were processed Data subject has withdrawn consent Data subject objects Processing not in compliance with this Reg. Data subject consented as a child Controller should ensure erasure of links, copies or replications RETENTION Freedom of expression and information Compliance with a legal obligation Task carried out in public interest Official authority vested in the controller Public interest in the area of public health Archiving purposes in the public interest Scientific or historical research Statistical purposes Establishment, exercise, defense of legal claims. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

17 Sensitive data Profiling Particularly sensitive personal data and profiling Racial or ethnic origin Political opinions, religion or philosophical beliefs Trade union membership Genetic data, health data, sex life Criminal convictions or offences and security measures Photographs for identification don’t count as racial profiling Analysis of personal aspects, performance at work Economic situation Personal preferences or interests Reliability or behavior Location or movements  Allowed in employment law, social protection law, health security  Allowed where expressly authorised (fraud, tax-evasion monitoring) The data subject should have the right not to be subject to a decision based solely on automated processing and which produces legal effects (automatic refusal of an online credit application or e-recruiting practices) ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

18 Risks to natural persons Discrimination Identity theft or fraud Financial loss Damage to reputation Loss of confidentiality of data protected by professional secrecy Reversal of Pseudonymisation Economic or social disadvantage Rights of data subject vs. rights of society Data subject’s rights need to be balanced against the rights of the society Responsibility and liability of the controller needs to be established The risk to the rights and freedoms of natural persons, of varying likelihood and severity could lead to physical, material or non-material damage: Data subjects might be deprived of their rights and freedoms or prevented from exercising control over their personal data; High risk: Vulnerable persons (children) Large amount of personal data Large number of data subjects Risk assessment The likelihood and severity of the risk to the data subject should be determined by reference to the nature, scope, context and purposes of processing Establish whether risks involved in data processing operations ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

19 Data Security Measures Appropriate technical and organizational measures Risk assessment relating to the scope, nature and purpose of processed data Clear allocation of the responsibilities Representative if controller/processor is not established in the Union Development, design, selection and use of applications, services and products Create and improve security features Expert knowledge, reliability and resources Encryption Approved code of conduct Certification mechanism Records of processing activities for audit purposes Balance costs against risks of data destruction, loss, alteration, or disclosure Data protection impact assessment for high risk data ScopeNature ScalePurpose ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

20 Data Breaches Reportable within 72 hrs Impact assessment Report data breaches to supervisory authority within 72 hours Controller should communicate high risk data breaches to the subject Nature of the personal data breach Recommendations to mitigate potential adverse effects. Intervention of the supervisory authority  Appropriateness of technical protection  Likelihood of identity fraud or other forms of misuse Impact assessment of large-scale data processing operations Obligation of controllers/processors Consultation of the supervisory authority and/or experts required Special categories of personal data Data relating to criminal convictions and offences Codes of conduct and certification systems ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

21 International data flow Flows of personal data to and from countries outside the Union is necessary for trade Level of protection of natural persons should not be undermined Appropriate safeguards for the data subjects International agreements for the transfer of personal data to third countries European Commission May decide which countries offer an adequate level of data protection May revoke such a decision Monitors the functioning of decisions May recognize that a third country no longer ensures adequate level of protection. Controller/Processor Measures to compensate for the lack of data protection Binding corporate rules, standard data protection clauses or contractual clauses Provisions for occasional consensual data transfers Derogations for data transfers for important reasons of public interest Scientific or historical research purposes or statistical purposes International laws requiring transfer or disclose personal data ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

22 Supervisory authorities National Supervisory Authorities Competent on the territory of its own Member State Contribute to consistent application of the law throughout the Union Powers exercised impartially, fairly and within a reasonable time Act in accordance with procedural law Power to impose a limitation, including a ban, on data processing. Measure should be appropriate, necessary and proportionate and in writing Urgent need to act: provisional measures valid up to 3 months. Joint operations If more than one are involved, one should function as a single contact point One-stop-shop mechanism Constraints Unable to conduct investigations outside their borders Insufficient preventative or remedial powers Inconsistent legal regimes and resource constraints ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

23 Handling Complaints Data subjects should have the right to lodge a complaint with a single Supervisory Authority Organization that could lodge complaints independently from data subjects’ mandate Annulment of decisions: Board before the Court of Justice (Article 263 TFEU). Legally binding decisions of Supervisory Authorities shall be subject to judicial review Courts ensure consistency of application of the Regulation Controller/processor liable for damage caused by infringement of this Regulation The controller/processor exempt from liability if it proves that it is not in responsible for damage Data subjects entitled to compensation for damage ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

24 Enforcement Controllers/processors involved in data processing all liable for the entire damage. Where joined to the same proceedings, compensation shall be apportioned. Penalties for infringement: administrative fines or reprimand Nature, gravity and duration of the infringement Intent, actions taken to mitigate the damage, degree of responsibility Relevant previous infringements Compliance with measures Adherence to a code of conduct Other aggravating or mitigating factor. Imposition of penalties subject to procedural safeguards Criminal penalties may apply (Denmark) Criteria for infringements and upper limit for fines Consistent application System which provides for effective, proportionate and dissuasive penalties ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

25 Balance other rights Freedom of expression, information, journalism, art and literary expression Employment context Collective agreements, including ‘works agreements’ Public interest Archiving, scientific or historical research, statistical purposes Reuse of official documents Safeguards Assess feasibility of processing data w/o identification - pseudonymization. For the processing of personal data for special situations For data subjects: rights to rectification, to erasure, to be forgotten, to restriction of processing, to data portability, and to object Procedures and technical and organizational measures Proportionality and necessity principles Other relevant legislation (clinical trials). Coupling information from registries: i.e. medical research, social science, subject to conditions set out in specific EU or national law (clinical trials) ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/ Freedom of expression Reuse of public information

26 Public Interest Archiving Scientific Research Historical Research Statistical Purposes Archiving Legal obligation to acquire, preserve, appraise, arrange, describe, communicate, promote, disseminate and provide access to records of enduring value for public interest. Processing of personal data for archiving purposes: political behavior under totalitarian regimes, genocide, crimes against humanity, Holocaust, or war crimes. Scientific research Technological development and demonstration, fundamental research, applied research and privately funded research Union's objective under Article 179(1) TFEU of achieving a European Research Area. Studies conducted in the public interest in the area of public health. Specific conditions apply for publication/disclosure of personal data in scientific context Consent to the participation in scientific research: Regulation (EU) No 536/2014 Historical research Applicability includes historical research and genealogy Statistical purposes National law determines content, access controls, specifications, and safeguards Result of processing for statistical purposes is aggregate data, not personal ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

27 Supervision Supervisory authorities Access to personal data on controller’s premises subject to national law Specific rules for professional secrecy obligations Specific rules for churches and religious associations Movement of data: Article 290 TFEU delegated to EC Criteria and requirements for certification Information to be presented by standardized icons Uniform conditions for the implementation Specific measures for small business Procedure Standard contractual clauses Codes of conduct Technical standards and mechanisms for certification Decisions on adequacy of protection in third country Standard protection clauses Formats and procedures for information exchanges Mutual assistance Arrangements for information exchange between supervisory authorities Implementing acts regarding third countries and international organizations ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

28 GENERAL PROVISIONS Objectives | Scope | Exemptions | Territory | Definitions ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

29 Objectives Protection of personal data of natural persons Free movement of data within the EU not restricted Scope Processing of personal data by automated means Processing other than by automated means which form part of a filing system Exemptions Activity outside the scope of Union law Member States carrying out activities under Chapter 2 of Title V of the TEU Purely personal or household activity Competent authorities for prevention and investigation of crimes and public threats EU agencies: Regulation (EC) No 45/2001 (Art 98) Liability rules of intermediary service providers: Directive 2000/31/EC (Art 12 - 15) Territory Processing of personal data by controllers/processors established in the EU Data subjects who are in the EU: trade and marketing, monitoring and tracking ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

30 ‘personal data’ means any information relating to an identified or identifiable natural person (‘data subject’) person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person ‘personal data breach’ means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data transmitted, stored or otherwise processed ‘data concerning health’ means personal data related to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status ‘personal data’ - ‘processing’ - ‘restriction of processing’ - ‘profiling’ - ‘pseudonymisation’ - ‘filing system’ - ‘controller’ - ‘processor’ - ‘third party’ - ‘consent’ - ‘personal data breach’ - ‘genetic data’ - ‘biometric data’ - ‘data concerning health’ - ) ‘main establishment’ - ‘representative’ - ‘enterprise’ - ‘group of undertakings’ - ‘binding corporate rules’ - ‘supervisory authority’ - ‘supervisory authority concerned’ - ‘cross-border processing’ - ‘relevant and reasoned objection’ - ‘information society service’ - ‘international organization’ DEFINITIONS ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

31 PRINCIPLES Lawful-Fair-Transparent | Consent | Special categories ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

32 LAWFULNESS | FAIRNESS | TRANSPARENCY Personal data shall be processed lawfully, fairly and in a transparent manner Purpose limitation: collected for specified, explicit and legitimate purposes Public interests: archiving, scientific or historical research, or statistical purpose Data minimization: adequate, relevant and limited Accuracy: accurate, up to date; erased or rectified without delay Identifiable data subjects – adequate form Storage limitation: No longer than necessary Appropriate security of the personal data Integrity and confidentiality: Protection against unauthorized or unlawful processing, loss, destruction or damage Accountability: controller shall be able to demonstrate compliance ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

33 LAWFULNESS | FAIRNESS | TRANSPARENCY Personal data shall be processed lawfully, fairly and in a transparent manner Data subject consented to data processing for a specific purpose Controller/processor has a contract to which the data subject is party Compliance with Controller’s legal obligation Protect ion of vital interests of the data subject or of another natural person Public interest or official authority vested in the controller Legitimate interests pursued by the controller or by a third party Requirements for specific processing situations (Chapter IX) Legal basis for purpose of processing specified in other EU or national law Further processing: based on data subject's consent, legal requirement, or for purpose compatible with the original purpose, special type data and safeguards ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

34 Consent Clear | Affirmative | Freely given | Specific | Informed | Unambiguous GO Written statement, including electronic, oral Intelligible, easily accessible, in a clear and plain language w/o unfair terms. Ticking a box, choosing technical settings Processing for multiple purposes requires multiple consents Documented by controller for audit purposes Informed: identity of the controller, purpose(s) Freely given: genuine choice Able to refuse/withdraw w/o detriment. Contract only if necessary for performance of such contract NO-GO Silence rather than consent Pre-ticked boxes or inactivity Clear imbalance (public authority) No separate consents to different operations CHILD’s CONSENT Minimum age 16 years, otherwise parents Member States may lower age to 13 ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

35 PROHIBITED CATEGORIES Racial or ethnic origin Political opinions Religious or philosophical beliefs Trade union membership Genetic data Biometric data Data concerning health Sex life or sexual orientation EXCEPTIONS Data subject has given explicit consent Obligations in employment, social security/protection Protection of vital interests where the data subject is physically or legally incapable of giving consent Legitimate activities by NGOs with related aim Personal data manifestly made public by the data subject Establishment, exercise or defense of legal claims Substantial public interest Law proportionate to the aim pursued Preventive or occupational medicine Work assessments, medical diagnosis and care Management of health or social care systems Contract with a health professional Public health, serious cross-border threats to health Archiving, scientific or historical research, statistics Safeguards may include obligation of secrecy Registries of criminal convictions and offences or security measures shall be processed by an official authority Controller shall not be obliged to process additional information in order to identify the data subject ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

36 RIGHTS OF DATA SUBJECT Transparency | Modalities | Rectification | Erasure Objection | Portability | Profiling | Restrictions ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

37 Transparency and modalities Controller provides information relating to processing to data subject in writing, in accessible form, within 1 month, free of charge shall not refuse to act on the request except: when controller cannot identify the data subject by electronic means where possible Requests manifestly unfounded or excessive: charge a fee or refuse to act If in doubt, the controller may request confirmation of identity Information provided: easily meaningful overview of intended processing EC shall adopt delegated acts to determine standardized icons and procedures Lodge complaint with a supervisory authority Judicial remedy Request to controller ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

38 Information and access to own personal data Data collected from the data subject Controller’s identity and contact Purposes and legal basis for processing Third party recipients Transfer to a third country Safeguards Storage period Rights: to access, rectification, erasure, restriction, portability Right to withdraw consent Right to lodge a complaint with a supervisory authority Condition of contract/statutory requirement Consequences of failure to provide such data Automated decision-making, including profiling Logic, significance and consequences of processing Further processing for other purposes Data obtained from elsewhere Ditto and more: Categories of personal data concerned Means to obtain a copy Where the processing is based Where did the data originate, public sources? Disclosure to another recipient Duty to inform data subject shall not apply - the data subject already has the information; - disproportionate effort (archiving, research) ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

39 Right to obtain erasure of personal data where one of the following grounds applies: - personal data are no longer necessary in relation to purpose of processing - data subject withdraws consent, no other legal ground for processing - data subject objects to processing, no overriding legitimate grounds - personal data have been unlawfully processed - compliance with a legal obligation - personal data have been collected online Controller IS obliged to erase the data - erase any links, copies or replications Controller NOT obliged to erase the data - freedom of expression and information - compliance with a legal obligation - public interest in the area of public health - archiving, scientific or historical research, statistical purposes - establishment, exercise or defense of legal claims. Rectification and erasure ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

40 Restriction on processing Accuracy contested by the data subject Processing is unlawful, data subject opposes erasure, requests restriction Controller no longer needs the data, data subject does for legal reasons Pending verification re legitimate grounds vs data subject’s rights IF Restricted: data subject's consent required for processing Notification obligation: lifting restriction, rectification, erasure Right to data portability Right to receive data in a structured machine-readable format Right to transmit those data to another controller Does not apply to processing in public interest or official authority ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

41 Right to object Right to object, on grounds relating to situation, at any time Right to object includes profiling Data subject’s rights vs. compelling legitimate grounds for the processing Direct marketing purposes – opt out Right to object presented clearly and separately from any other information Scientific or historical research purposes or statistical purposes Right to object exists unless the processing purpose is public interest Automated individual decision-making, including profiling Right not to be subject to an automated decision which produces legal effects EXCEPT: contract relationship, authorised by law, explicit consent Right to obtain human intervention and to contest the decision ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

42 Union or Member State law may restrict obligations and rights when necessary and proportionate to safeguard: National security Defense Public security Prevention, investigation, detection or prosecution of crimes Prevention of threats to public security Important objectives of general public interest Important economic or financial interest of the Union or of a Member State Public health and social security Protection of judicial independence and judicial proceedings Breaches of ethics for regulated professions Monitoring, inspection or regulatory function connected to exercise of official authority Any legislative measure shall contain specific provisions that balance these rights ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

43 CONTROLLER AND PROCESSOR Responsibilities | Security | Data breaches | DPO Impact assessment | Code of Conduct | Certification ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

44 Responsibility of the controller Appropriate technical and organizational measures to ensure compliance Appropriate data protection policies by the controller. Adherence to approved codes of conduct Safeguards: pseudonymization, data-protection principles, data minimization Procedural controls Certification mechanism Joint controllers Two or more controllers jointly determine the purposes and means of processing Determine their respective responsibilities Designate a contact point for data subjects Arrangement shall be made available to the data subject. Representative Controllers or processors not established in the Union shall have a representative ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

45 Processor Processing on behalf of a controller Appropriate technical and organizational measures to ensure compliance Written authorization and contract with controller Documented instructions and legal grounds Confidentiality obligation Assist the controller via technical, organizational and other means to ensure compliance Upon completion of processing either deletes or returns data to controller Maintains audit trail, documented inspections and audits Informs controller about any infringements Subcontracting – same rules apply to all processors Adherence to code of conduct, contracts and certifications EC and Supervisory authorities may adopt standard contractual clauses In case of infringement the processor shall be considered a controller The processor shall not process data except on instructions Controllers and processors maintain detailed records of processing activities The controller and the processor shall cooperate with supervisory authorities ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

46 Security of personal data Security of processing - state of the art and costs of implementation - nature, scope, context and purposes of processing - likelihood and severity of risks to natural persons Technical and organizational measures to ensure appropriate security - pseudonymization and encryption of data - confidentiality, integrity, availability and resilience of processing systems and services - ability to restore availability and access to data after an incident - testing, assessing and evaluating the effectiveness of measures Security assessments Consider risks from unlawful destruction, loss, alteration, unauthorized disclosure or access Code of conduct, certification mechanism as means to demonstrate compliance Access to data does limited to processing purpose ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

47 Data breaches Breach notification to SA Notification of a personal data breach to the supervisory authority Controller to SA within 72 hours after having become aware of a breach Processor shall notify controller Content: nature and extent of the breach, contact point, likely consequences and measures Documentation: remedial actions taken Breach notification to the data subjects High risk breaches shall be communicated to data subjects Nature of the breach and measures taken Not required if: - the data was encrypted, - high risk no longer likely due to measures implemented - disproportionate effort, public communication sufficient Supervisory authority may require the controller to communicate the breach ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

48 Data protection impact assessment High risk: new technologies, nature, scope, context and purposes Impact assessment required: - a systematic evaluation of personal aspects via automated processing/ profiling - largescale processing of special categories of data - a systematic monitoring of a publicly accessible area on a large scale Supervisory authority shall establish a list of activities where impact assessment is required Impact assessment shall contain: - description of processing operations and purposes - assessment of the necessity, proportionality and risks to data subjects - measures to address the risks (safeguards, security measures) - codes of conduct - controller shall seek the views of data subjects or their representatives - periodic reviews to assess compliance with impact assessment and reassessment - High risk data processing: controller shall consult SA - Member States may require authorization for certain tasks performed in public interest ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

49 Data Protection Officer Data protection officer The controller/processor shall designate a data protection officer where relevant A DPO may be designated for several public authorities DPO may act for associations representing controllers or processors DPO should be an expert on data protection law and practices DPOs contact must be public DPO must be involved in all data protection issues DPO shall be bound by secrecy or confidentiality DPO tasks Advise controller/processor on requirements of the regulation and monitor compliance Be involved in audits and impact assessments Cooperate with SA and act as contact point ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

50 Code of Conduct, Certification Code of Conduct Member States, Supervisory Authorities, the Board and the Commission encourage Associations representing controllers/processors prepare Codes of Conduct Include out-of-court proceedings and dispute resolution The Board shall collate all approved Codes of Conduct and make them public Accredited monitor of compliance Certification Member States, Supervisory Authorities, the Board and the Commission encourage Approved data protection certification mechanisms, seals or marks Enforceable commitments, contractual or other Certification shall be voluntary, available via transparent process Certification bodies shall be accredited on the basis of criteria approved by SA The Commission may adopt implementing acts on technical standards for certification ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

51 TRANSFERS TO THIRD COUNTRIES General principles | Derogations International cooperation ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

52 General principles for transfers Level of protection of natural persons guaranteed by this Regulation is not undermined Transfers on the basis of an adequacy decision Favorable Adequacy decision by the Commission – no special authorization required Transfers subject to appropriate safeguards Adequacy decision not available: providing appropriate safeguards, enforceable rights and effective legal remedies for data subjects are available. Subject to the authorization from the competent supervisory authority Contractual clauses Provisions in administrative arrangements Authorizations based on Directive 95/46/EC remain valid until amended/replaced Binding corporate rules, subject to approval by supervisory authority Transfers or disclosures not authorized by Union law Transfers to third countries and international organizations ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

53 Derogations for specific situations Explicit consent of data subject Transfer is necessary for the performance of a contract Important reasons of public interest (public interest recognized in Union law) Establishment, exercise or defense of legal claims Vital interests of the data subject/other persons, data subject incapable of giving consent Public register Binding corporate rules International cooperation for the protection of personal data The Commission and supervisory authorities shall take appropriate steps to - develop international cooperation mechanisms to facilitate the effective enforcement - provide international mutual assistance in enforcement - engage relevant stakeholders at furthering international cooperation enforcement - promote the exchange and documentation of legislation and practice Transfers to third countries and international organizations ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

54 SUPERVISORY AUTHORITIES General conditions | Competence | Tasks | Powers ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

55 Independent supervisory authorities Each Member State shall have at least one supervisory authority notify to the Commission by 25 May 2018 on its provisions provide their SAs with resources, premises and infrastructure General conditions for the members of SAs Appointed by means of a transparent procedure Have the qualifications, experience and skills, required to exercise its powers The duties of a member shall end upon leaving office A member shall be dismissed only in cases of serious misconduct Rules on the establishment of the supervisory authority Each Member State shall provide by law for establishment of SAs, qualifications and eligibility, ruled for appointing its members, term duration, conditions and prohibitions SA staff shall be subject be subject to a duty of professional secrecy ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

56 Competence, tasks and powers Competence Each SA shall be competent for the performance of the tasks assigned SAs shall not supervise processing operations of courts reviewing them Competence of the lead supervisory authority Tasks SA shall on its territory monitor and enforce the application of this Regulation Promote public awareness on data processing Advise the national institutions and bodies Promote awareness of controllers and processors of their obligations Provide information to data subjects Handle complaints Cooperate with other supervisory authorities Conduct investigations, monitor relevant developments and practices Adopt standard contractual clauses, maintain list of impact assessments Any other tasks related to the protection of personal data. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

57 Competence, tasks and powers Powers Request information from controller and processor relevant to its tasks Carry out investigations, audits and review on certifications Access to any premises Issue warnings, reprimands and orders to comply Impose limitation or ban on processing Order rectification or erasure of personal data or restriction of processing Withdraw certification, impose administrative fine Order suspension of data flows to third country or to an international organization Issue opinions to national institutions Authorize processing Approve draft codes of conduct Accredit certification bodies, issue certifications and approve criteria of certification Adopt standard data protection clauses, and administrative arrangements Approve binding corporate rules Bring infringements of this Regulation to the attention of the judicial authorities Write annual report on its activities ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

58 COOPERATION & CONSISTENCY Supervisory Authorities | The Board | EDPS ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

59

60 Cooperation Cooperation between the lead supervisory authority and the other SAs Lead SA shall cooperate with other SAs to reach consensus Exchange all relevant information with each other Request mutual assistance in investigations Adopt decision and notify the controller/processor Mutual assistance Relevant information and mutual assistance to each other Requests for assistance formalized and reasoned, information in a standardized format The Commission may specify the format and procedures for mutual assistance Joint operations Joint investigations and joint enforcement measures Controller or processor has establishments in several Member States Significant number of data subjects in more than one Member State affected SA may confer powers on the seconding SA's members or staff Provisional measures on the territory, urgent binding decision ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

61 Supervisory authorities and the Commission apply this Regulation consistently throughout the Union Opinion of the Board Where a competent SA intends to adopt any of these measures List of the processing operations for impact assessments Code of conduct, criteria for accreditation Standard data protection clauses, contractual clauses, binding corporate rules Procedure for requests of Board opinion in other matters Dispute resolution by the Board in specific situations Urgency procedure Exceptional circumstances Supervisory authority sees an urgent need to act Immediately adopt provisional measures on its own territory for up to 3 months Measures and reasons communicated to other SAs, the Board and to the Commission SA may request an urgent opinion or an urgent binding decision from the Board Exchange of information The Commission may adopt implementing acts for the exchange of information ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

62 Supervisory authorities and the Commission apply this Regulation consistently throughout the Union European Data Protection Board (the Board) Established as a body of the Union Represented by its Chair: Giovanni Buttarelli and Wojciech Wiewiórowski Member States’ SA heads and of the European Data Protection Supervisor More than 1 SA in a Member State – appoint joint representative The Commission can participate in Board activities and meetings without voting right EDPS shall have voting rights only on decisions which concern principles and rules The Board ensures the consistent application of this Regulation - monitors and ensures correct application of this Regulation by SAs - advises the Commission - issues guidelines, recommendations, and best practices and reviews their application - carries out accreditation of certification bodies - promotes cooperation, common training programs and facilitate personnel exchanges - maintains publicly accessible electronic registry of decisions by SAs and Courts - consults interested parties and gives them the opportunity to comment ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

63 European Data Protection Board Reports The Board shall draw up an annual report Review of the practical application of the guidelines and best practices Procedure The Board decides by a simple majority and adopts its own rules of procedure Chair The Board shall elect a chair and two deputy chairs, 5-year term, renewable once Tasks of the Chair Convenes Board meetings, notifies decisions, ensures performance of the Board Secretariat The Board shall have a secretariat provided by the EDPS The secretariat performs its tasks under the instructions of the Chair of the Board EDPS staff is subject to separate reporting lines The secretariat provides analytical, administrative and logistical support to the Board Confidentiality The discussions of the Board shall be confidential where necessary Access to documents submitted the Board shall be governed by Reg. (EC) 1049/2001 ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

64 REMEDIES, LIABILITY, PENALTIES Complaints | Judicial remedies | Representation | Fines ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

65 Right to lodge a complaint Every data subject shall have the right to lodge a complaint with a supervisory authority The supervisory authority shall inform the complainant on progress and outcome Right to an effective judicial remedy against a supervisory authority Each natural or legal person shall have the right to an effective judicial remedy Proceedings against a SA shall be brought before the courts of the Member State Right to an effective judicial remedy against a controller/processor Each data subject shall have the right to an effective judicial remedy Proceedings against a controller/processor shall be brought before the courts Representation of data subjects Data subjects shall have the right to mandate an NGO to lodge complaint on their behalf Such NGO may also act independently of a data subject's mandate Suspension of proceedings if the same subject matter is pending decision elsewhere ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

66 Right to compensation and liability Any person who has suffered damage shall have the right to receive compensation Any controller involved in processing shall be liable for the damage A controller/processor shall be exempt if it proves that it is not responsible for the damage More than one controller/processor are involved, all shall be liable General conditions for imposing administrative fines Each SA shall be effective, proportionate and dissuasive Administrative fines shall respect the nature, gravity and duration of the infringement, damage suffered, intent/negligence, mitigation efforts, degree of responsibility, degree of cooperation with SA, previous measures, adherence to code of conduct, other Infringements of specific provisions: fines up to 10 000 000 EUR (or 2 % turnover) Infringements of specific provisions: fines up to 20 000 000 EUR (4%) Non-compliance with an order: fines up to 20 000 000 EUR (4 %) Procedural safeguards include effective judicial remedy and due process Legal remedies are effective shall be effective, proportionate and dissuasive Penalties Member States shall lay down the rules on other applicable penalties ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

67 SPECIFIC PROCESSING SITUATIONS Balancing rights | Public interest | Official documents Obligation of Secrecy | Churches ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

68 Processing and freedom of expression and information Journalistic, academic, artistic, literary purposes: exemptions or derogations Each Member State shall notify the Commission of its laws Processing and public access to official documents Personal data in official documents may be disclosed in accordance with law Processing of the national identification number Specific conditions for processing of a national identification number or other identifier right to the protection of personal data right to freedom of expression and information, journalistic, academic, artistic or literary expression ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

69 Processing in the context of employment Specific rules for processing of employees' personal data Human dignity, legitimate interests and fundamental rights Archiving, research & statistics Safeguards and derogations for archiving, scientific or historical research, statistics Principle of data minimization Pseudonymization Derogations necessary for the fulfilment of specific purposes Obligations of secrecy Specific rules to obligation of secrecy for controllers/processors Existing data protection rules of churches and religious associations Comprehensive rules relating to the protection of natural persons Churches and religious associations shall be subject to the supervision of a specific independent supervisory authority ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

70 DELEGATED & IMPLEMENTING ACTS Delegated Acts | Final provisions | Related EU law ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

71 Delegated acts and implementing acts The Commission shall adopt delegated acts A delegated act shall enter into force only if no objection has been expressed by either the European Parliament or the Council within three months Committee procedure The Commission shall be assisted by a committee Article 5 and 8 of Regulation (EU) No 182/2011 apply Final provisions Directive 95/46/EC is repealed with effect from 25 May 2018. This Regulation shall not impose additional obligations on natural or legal persons in relation to processing of information from social networks set out in Directive 2002/58/EC. Relationship with previously concluded Agreements International agreements concluded prior to 24 May 2016 remain in force until replaced By 25 May 2020 the Commission shall submit a report on the evaluation and review of this Regulation to the European Parliament and to the Council and make it public The Commission shall submit proposals to amend union laws to ensure consistency ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

72 Related EU law Personal data processing by EU institutions Governed by Regulation (EC) No 45/2001 Processing of personal data by the Union institutions, bodies and agencies. Movement of data within the EU Movement of data within the EU: Article 290 TFEU delegated to the Commission. Personal data processing by National authorities Governed by Directive (EU) 2016/680 Prevention, investigation, detection, prosecution of crimes; security threats Specific provisions for.anti-money laundering and forensic laboratories Personal data processing by Intermediary service providers Directive 2000/31/EC liability rules (Articles 12 to 15) Free movement of information society services between Member States. Consent to personal data processing: Council Directive 93/13/EEC: a declaration of consent must be intelligible, easily accessible, in a clear and plain language w/o unfair terms. Confidential information collected for statistical purposes European statistics - Article 338(2) TFEU and national law (national statistics) Regulation (EC) No 223/2009: statistical confidentiality for European statistics. Reuse of public sector information Directive 2003/98/EC on reuse of public sector information Regulation (EC) No 45/2001 Directive (EU) 2016/680 Directive 2000/31/EC Article 338(2) TFEU Regulation (EC) No 223/2009 Directive 2003/98/EC ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/

73 ARETE-ZOE, as a consultancy, provides solutions to complex problems in the high stakes and high consequence environment of Global Pharmaceuticals, including clinical research, healthcare informatics, and public health. We blend established, Pharma sector methodologies, innovation, and adaptations/transfers from other sectors to identify and resolve consequential practices that pose risk and often result in avoidable patient casualty. However, we are specifically, not a patient advocacy group but believe in optimizing organizational effectiveness and that smart business is agile, competitive and profitable, while intrinsically safe, secure, and resilient. We work within a global context because transnational interests influence national circumstances and choices at point of prescription. ARETE-ZOE, provides full spectrum organizational and operational risk management consultancy. Our published materials provide a glimpse of some aspects of our services to demonstrate both knowledge and ongoing participation within the Pharmaceutical Industry. Our analysis and consultancy includes all channels of misuse, diversion, counterfeiting and illicit exploitation of pharmaceuticals, medical devices, and precursor chemicals. Our advisement is to manufactures, jurisdictional entities, insurers, legislators, litigators, patients, and health care providers. ​ This scope also frequently segues into the nexus of crime and terrorism as significant influencers that undermine sector integrity differentiated from other criminal activity. Obviously, vulnerability assessment, information collection management and intelligence production supporting decision-making for risk reduction and interventions are routinely within the scope of our services as well as design and implementation of operational control measures. ARETE-ZOE, LLC: 1334 E Chandler Blvd 5A-19, 85048 Phoenix, AZ, USA | T:+1-480-409-0778 (24/7) | website: http://www.aretezoe.com/


Download ppt "Personal Data Protection (EU) Regulation (EU) 2016/679"

Similar presentations


Ads by Google