General Data Protection Regulation
Tuesday, March 19, 2019
Data governance and privacy are concerns of everyone in the wake of the massive data breaches and hacks which have affected many companies. Many global companies are required to comply with the European Union’s General Data Protection Regulation (GDPR), which is law as of May 25, 2018, and forces anyone who does business in the EU to subject themselves to a number of data governance requirements. There are new rights for individuals and new penalties for businesses. Business must also update their processes to incorporate key data governance principles such as those in the US-EU Privacy Shield– or else be subject to draconian fines. Even domestic US companies who do business only in the US with people holding a valid EU passport must afford those individuals the same privacy rights they would receive in the EU – thus making these rules de facto requirements for most US companies today.
This session will present a high level overview of GDPR, and its key provisions, including the naming of individuals to privacy-related roles, the major responsibilities of those with data under the statute, and its impact on an organization’s ability to lawfully gather, store, or process information on EU citizens. It will also include a high level discussion of data governance and internal controls which may be used to comply with some of the requirements. We will also include some discussion of selected other privacy requirements and major privacy frameworks like Generally Accepted Privacy Principles.
- Name at least two of the rights afforded EU citizens with respect to their data under GDPR
- List the three ways in which a company can be authorized to process the data of EU citizens outside of the EU under GDPR and explain what each represents
- Define data governance, and list and explain some major goals of a data governance initiative
- General Data Protection Regulation
- Ways to comply with GDPR requirements from outside the European Union
- Data governance basics
- Generally Accepted Privacy Principles (GAPP) and SOC Trust Services Criteria for Privacy (2016)