Presentation is loading. Please wait.

Presentation is loading. Please wait.

Data Privacy and GDPR Jane Shvets jshvets@debevoise.com.

Published byIlona Barna Modified over 4 years ago

Similar presentations

Presentation on theme: "Data Privacy and GDPR Jane Shvets jshvets@debevoise.com."— Presentation transcript:

1 Data Privacy and GDPR Jane Shvets

2 GDPR Highlights Came into force on 25 May 2018
Strict obligations on businesses “processing” individuals’ “personal data” Personal data: any information relating to an identifiable natural person that directly or indirectly identifies them Processing: any activity involving personal data Can apply throughout the EEA and extraterritorially Processing anywhere in the world when “in the context of” an EEA establishment Offering goods or services to individuals in the EEA Monitoring individuals in the EEA Creates risk of large fines, individual complaints, litigation, reputational harm

3 GDPR Highlights (cont.)
Obligations tied to seven core principles: Lawfulness, fairness and transparency Purpose limitation Data minimisation Accuracy Storage limitation Integrity and confidentiality Accountability Prohibits transfers to “Third Countries” subject to exceptions: EU Commission adequacy decision (e.g., Japan, Privacy Shield) Adequate safeguards (e.g., Standard Contractual Clauses) Derogations for specific situations (e.g., necessity for the “establishment, exercise or defense of legal claims”)

4 Impact on Compliance / Investigations
Due diligence / KYC Criminal conviction data: differing local laws cause difficulties Document review and witness interviews Lawful basis: “legitimate interests” but need to be carefully assessed and recorded Transparency: need for privacy notice explaining how data used Minimisation: restrict review to data strictly necessary for aims Cross-border transfers To vendors: think about SCCs and need for GDPR compliant terms of service To authorities: consent or establishment, exercise or defense of legal claims Minimisation: limit to data truly necessary (redact if needed)

5 UK ICO Enforcement Broad range of enforcement powers
Information notices to obtain information from controllers Assessment notices to gain access to documents, systems and people Enforcement notices requiring specific actions Monetary penalties up to greater of £ 17 million or 4% of turnover Many enforcement actions still coming through under pre-GDPR law so fines constrained to £ 500,000 cap (e.g., for Facebook, now being appealed including allegations of bias) Recent enforcement under GDPR (e.g., against HMRC for lack of consent to Voice ID service)

Download ppt "Data Privacy and GDPR Jane Shvets jshvets@debevoise.com."

Similar presentations

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.

The Gathering Cloud computing - Legal considerations David Goodbrand, Partner 28 February 2013 Aberdeen Edinburgh Glasgow.
Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.

Data Protection Paul Veysey & Bethan Walsh. Introduction Data Protection is about protecting people by responsibly managing their data in ways they expect.
APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.

APEC Privacy Framework “The lack of consumer trust and confidence in the privacy and security of online transactions and information networks is one element.
The EU General Data Protection Regulation Frank Rankin.

The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]

Data protection—training materials [Name and details of speaker]
Key Points for a Privacy Programme for Multinationals Steve Coope.

Key Points for a Privacy Programme for Multinationals Steve Coope.
Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.

Your Code of Conduct: Data Protection & Compliance Your Code of Conduct: Data Protection & Compliance for Charities.
General Data Protection Regulation (EU 2016/679)

General Data Protection Regulation (EU 2016/679)
GDPR 12 POINTS 679/2016 DATA LEX 2016.

GDPR 12 POINTS 679/2016 DATA LEX 2016.
Data Protection Officer’s Overview of the GDPR

Data Protection Officer’s Overview of the GDPR
Accountability & Structured Privacy Management

Accountability & Structured Privacy Management
Industry 4.0 – New ways of cooperative working – are we prepared?

Industry 4.0 – New ways of cooperative working – are we prepared?
The future of data protection: General Data Protection Regulation

The future of data protection: General Data Protection Regulation
GDPR (General Data Protection Regulation)

GDPR (General Data Protection Regulation)
Speaker: Jane Burns (Anthony Collins Solicitors LLP)

Speaker: Jane Burns (Anthony Collins Solicitors LLP)
Operationele blik op GDPR

Operationele blik op GDPR
GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E

GDPR – Legal Aspects Desislava Krusteva, Attorney-at-Law, CIPP/E
General Data Protection Regulation

General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.

General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
International Regulatory Trends

International Regulatory Trends

Similar presentations

Ads by Google