Presentation is loading. Please wait.

Presentation is loading. Please wait.

GDPR (General Data Protection Regulation)

Published byKenneth Cobb Modified over 6 years ago

Similar presentations

Presentation on theme: "GDPR (General Data Protection Regulation)"— Presentation transcript:

1 GDPR (General Data Protection Regulation)
Tuesday, 27 June 2017 ICANN59 Johannesburg

2 A Modern European Data Protection Framework
The General Data Protection Regulation - ensuring a high level of protection  

3 The General Data Protection Regulation
Sets out the general Data Protection framework in the EU Replaces Data Protection Directive 95/46/EC 2012: Proposals 2016: Adoption 25 May 2018: Application

4 A harmonised and simplified framework
One single set of personal data protection rules for the EU (Regulation) One interlocutor and one interpretation (one-stop-shop and consistency mechanism) Creating a level playing field (territorial scope) Cutting red tape (abolishment of most prior notification and authorisation requirement), including as regards international transfers

5 Right to Personal Data Protection
Laid down in European Charter of Fundamental Rights This translates into specific rights for individuals – „data subjects“: Right to be informed Right of access Right to rectification Right to erasure Right to restrict processing Right to data portability Right to object

6 Basic definitions and scope
any information relating to an identified or identifiable natural person Personal data any operation or set of operations which is performed on personal data Processing establishment in the EU or processing activities related to: the offering of goods or services to data subjects in the EU; or monitoring of their behaviour within EU. Geographic scope

7 Basic definitions Controller
Processor Data subject determines the purposes and means of the processing of personal data processes personal data on behalf of the controller natural person whose personal data is processed

8 Principles of personal data processing
Lawfulness, fairness and transparency Purpose Limitation Data Minimisation Accuracy Storage limitation Integrity and confidentiality

9 European Data Protection Board
Provides definitive interpretation of GDPR European Court of Justice Review DPA decisions National Courts Issue decisions incl. fines Can provide advice on GDPR National Data Protection Authorities European Data Protection Board Issues guidelines Consistency mechanism European Data Protection Supervisor Supervises EU institutions Advises EU institutions Secretariat for EDPB European Commission Supports and monitors implementation of GDPR

10 An updated set of rights and obligations
Evolution rather than revolution: basic architecture and core principles are maintained Putting individuals in better control of their personal data (e.g. consent to be given by clear affirmative action, better information about data processing)…. …including through the introduction of new rights (e.g. right to portability) and obligations (e.g. data breach notification) Obligations graduated in function of the nature and potential risks of processing operations (risk-based approach) Stronger rights, clearer obligations, more trust

11 ICANN & Contracted Parties
Contracts & policies (many) mandate Collection of 60+ data elements, all of which are potentially personal data Registrant data Transaction data Business data (for background checks, shareholder information, etc.) Retention, escrow, publication of subsets

12 GDPR “Lawful Basis” Personal Data processing must have a “lawful basis” Relevant “lawful basis” Consent of data subject To further a legitimate purpose consistent with privacy interests of data subject Even where processing is lawful, adequate safeguards must be in place

13 Lawful Basis – Proportionality Test
Personal Data processing has a lawful basis if the processing is: Necessary to achieve the legitimate interests of the data processor – except where overridden by the privacy interests of the data subject

14 Legitimate Interest Test
FIRST, start with personal data elements collected to run DNS SECOND, list who, what, why THIRD, balance against privacy interests of data subject FINALLY, identify appropriate safeguards

15 Way Forward Develop user stories/purpose statements by data element
quick, inclusive, Evaluate proportionality and identify required safeguards with input from legal experts and Data Protection Authorities

16 Who, What, Why Matrix Who, What, Why Matrix
USER (e.g., Network Operator, LEA, Rights Holder, Registrant, Consumer, etc.) Data Element Use Purpose Collection Requirement Domain Name Add Grace Period Limits Policy Consistent Labeling and Display Policy Registry Agreement – RDS/Whois Specification Registrar Accreditation Agreement – RDS/Whois Specification Thick Whois Policy Reseller Name Registrant Registrant Org Registrant Street

17 Questions What impact do you expect of the GDPR on WHOIS?
What impact do you expect on other DNS (related) services and operations? Which ICANN initiatives are impacted and how by the GDPR?

Download ppt "GDPR (General Data Protection Regulation)"

Similar presentations

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.

Introduction to basic principles of Regulation (EC) 45/2001 Sophie Louveaux María Verónica Pérez Asinari.
Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.

Net Neutrality, What Else? Wim Nauwelaerts Partner Hunton & Williams.
RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.

RESPECT Guidelines regarding data protection aspects whithin socio-economic research Y. Poullet, K. Rosier, I. Vereecken CRID-FUNDP in cooperation with.
European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.

European Data Protection Supervisor Pharmaceutical Regulatory & Compliance Congress, Brussels, 7 June 2007 European Privacy and Data Protection Policy.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,

WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
Update on Data Protection issues Ray Collins Consultant - LGfL.

Update on Data Protection issues Ray Collins Consultant - LGfL.
WHOIS Public safety and data protection requirements.

WHOIS Public safety and data protection requirements.
Presentation Title Data Protection The new EU Regulation Insert your logo here.

Presentation Title Data Protection The new EU Regulation Insert your logo here.
1 TAIEX JHA 52182 - Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Side event organised by ICANN and the Council of Europe

Side event organised by ICANN and the Council of Europe
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,

THE NEW GENERAL DATA PROTECTION REGULATION: A EUROPEAN OR A GLOBAL STANDARD? Bart van der Sloot Senior Researcher Tilburg Institute for Law, Technology,
Data Protection/Privacy Activities

Data Protection/Privacy Activities
Issues of personal data protection in scientific research

Issues of personal data protection in scientific research
Presentation to GTMC on GDPR

Presentation to GTMC on GDPR
Abuse Mitigation + NG RDS PDP

Abuse Mitigation + NG RDS PDP

Similar presentations

Ads by Google