Presentation is loading. Please wait.

Presentation is loading. Please wait.

Welcome!.

Published byKimberly Lane Modified over 5 years ago

Similar presentations

Presentation on theme: "Welcome!."— Presentation transcript:

1 Welcome!

2 Who is KirkpatrickPrice?
KirkpatrickPrice is a licensed CPA firm and PCI QSA, providing assurance services to clients worldwide. The firm has over 13 years of experience in information assurance by performing assessments, audits, and tests that strengthen information security and compliance controls.

3 Services Overview Regulatory Compliance Information Security
Consulting Policy and Procedure Risk Assessment Internal Audit Plan Development Readiness Audits Penetration Testing Information Security Guidance and Audit Services SOC 1, SOC 2 SOC for Cybersecurity PCI DSS HIPAA HITRUST GDPR ISO 27001/27002 FISMA

4 Connect With Us Subscribe to our blog for regular industry updates, tips, and best practices Visit our library of recorded webinars Check out our free video resources and subscribe to our YouTube Channel Connect with us on LinkedIn, Twitter, and Facebook

5 Legal Disclaimer This presentation is provided by KirkpatrickPrice for educational and/or informational purposes only and does not constitute legal advice. No attorney-client relationship is established by viewing this presentation. Should you need legal advice, please consult with your attorney.

6 GDPR: Which Requirements Apply to You?

7

8 Which Requirements Apply to You?
GDPR roles and definitions Requirements: Data processing principles Contracts Data subject rights Data protection by design and default Designated representative Breach notification Data Protection Officer Record of processing Data Protection Impact Assessments International data transfers Questions (maybe answers)

9 GDPR Roles Controller Processor Joint Controller Controller/Processor
The natural or legal person which determines the purposes and means of the processing of personal data (Article 4(7)) Processor The natural or legal person which processes personal data on behalf of the controller (Article 4(8)) Joint Controller Where two or more controllers jointly have authority and determine the purposes and means of processing (Article 26) Controller/Processor Where a person or organization is simultaneously a controller and a processor for different processing functions

10 Data Processing Principles
Controller Processor Transparency Privacy Policies, TOS/TOU Legal basis for processing Consent, contract, law Purpose limitation Data minimization Least data necessary for data processing purpose Transparency Privacy Policies, TOS Legal basis for processing Contract with controller Purpose limitation Data minimization Least data necessary for data processing purpose

11 Data Processing Principles
Controller Processor Accuracy Reviewed, updated, and rectified Storage limitation Retained only as long as necessary Security Appropriate organizational and technical measures Accountability Data governance program DPO Processor oversight Review and correction Accuracy Reviewed, updated, and rectified Storage limitation Retained only as long as controller requires and until the end of agreement with controller Security Appropriate organizational and technical measures Confidentiality agreements Accountability Data governance program DPO Processor oversight Review and correction

12 Data Processing Agreements
Written agreement between controllers and processors Includes these required elements: Descriptions of processing activities, data, and data subjects Duration Confidentiality Subprocessor engagement restrictions Security requirements Support of controller obligations (data rights, DPIA, breach) Cooperation with controller (information requests, audits, inspections)

13 Data Subject Rights Controller Processor Receive, investigate, and respond to data subject requests Facilitate controller’s ability to respond to data subject rights

14 Data Protection by Design and Default
Controller Processor Consider: Technology available Cost Nature, scope, context and purpose of processing Risks to rights and freedoms Implement: Appropriate controls Pseudonymization Access limitations for each processing activity Provide controller sufficient guarantees of data protection by design and default

15 Breach Notify supervisory authority Notify data subjects
Controller Processor Notify supervisory authority Notify data subjects Notify controller

16 Records of Processing Controller Processor “Conditional requirement”
Content Controller details Purposes of processing Data subjects Personal data International transfers Data retention Description of security measures “Conditional requirement” Content Processor details Controller details Categories of processing International transfers

17 Data Protection Officer
Controller and Processor: Required for both if core activities involve special categories of data or large scale monitoring of data subjects on a regular and systematic basis DPO has the same tasks, qualifications, and position

18 Data Protection Impact Assessment
Controller Processor Perform DPIA for processing likely to result in a high risk to individuals Include: Description of purposes Assess necessity, proportionality, and compliance measures Risk assessment Risk mitigation Support controllers in: Identifying risk Processing documentation

19 Designated Representative in the EU
Same requirement for both controllers and processors Volume Frequency Special categories of data Criminal data

20 International Transfers
Both controllers and processors need: To keep personal data in the EU, or Transfer to a jurisdiction with adequate safeguards, or Binding corporate rules Standard data protection clauses Establish an exception Data subject consent Contract with data subject (for occasional international transfers) Public interest Legal claim

21

22 In conclusion… Most of GDPR’s requirements apply in some way to both controllers and processors Biggest differences in responsibility: Legal basis for processing Data subject rights’ requests Breach notification Data Protection Impact Assessments Controllers and processors are jointly and severely liable

23 Questions?

Download ppt "Welcome!."

Similar presentations

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.

Information Privacy and Data Protection Lexpert Seminar David YoungDecember 9, 2013 Breach Prevention – Due Diligence and Risk Reduction.
Implementation of the Personal Data Protection law of Georgia Giorgi Giorganashvili Head of IT department of the Office of the personal data protection.

Implementation of the Personal Data Protection law of Georgia Giorgi Giorganashvili Head of IT department of the Office of the personal data protection.
1 TAIEX JHA 52182 - Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.

1 TAIEX JHA Workshop on data protection and cloud computing Data transfers to third countries and standard contractual clauses Skopje, 29 May 2014.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Key changes with the GDPR

Key changes with the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Industry 4.0 – New ways of cooperative working – are we prepared?

Industry 4.0 – New ways of cooperative working – are we prepared?
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
Unpacking the European Commission General Data Protection Regulation

Unpacking the European Commission General Data Protection Regulation
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
GDPR Module 3: Accountability and Governance

GDPR Module 3: Accountability and Governance
Understanding EU GDPR from an Office 365 perspective

Understanding EU GDPR from an Office 365 perspective
Microsoft 365 Get help with regulatory compliance

Microsoft 365 Get help with regulatory compliance
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
GDPR Awareness and Training Workshop

GDPR Awareness and Training Workshop
General Data Protection Regulation (GDPR

General Data Protection Regulation (GDPR
General Data Protection Regulation

General Data Protection Regulation

Similar presentations

Ads by Google