SlideShare una empresa de Scribd logo

"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal

C
Cyber Watching

ICT Legal Consulting is an international law firm with offices in Europe. The document discusses ICT Legal Consulting's expertise, the GDPR, and provides legal tips for businesses. It summarizes key GDPR concepts like the definitions of personal data and data controllers. It emphasizes the importance of accountability, security, and a risk-based approach to compliance under the GDPR.

Tecnología
1 de 19
Descargar para leer sin conexión
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Legal tips and Compliance Requirements ICTLC - ICT Legal Consulting PresentsAnastasia Botsi – Associate anastasia.botsi@ictlegalconsulting.com
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The Firm – Global Presence 2 ICT Legal Consulting is an international law firm founded in 2011 with offices in Amsterdam, Milan, Bologna, and Rome. In each of these countries we have established partnerships with more than one law firm. Depending on the assignment, we contact the professionals who are most capable of meeting clients’ specific needs. We are present in nineteen other countries: Australia, Austria, Belgium, Brazil, China, France, Germany, Greece, Hungary, Mexico, Poland, Portugal, Romania, Russia, Slovakia, Spain, Turkey, United Kingdom and USA. Disclaimer: The presentation was made for the purpose of synthetising the principles for the public webinar of Cyberwatching.eu, for any further in depth analysis please refer to the Regulation (EU) 2016/175.
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved 3 The Expertise Anastasia Botsi – Associate , LL.B. Anastasia joined ICT Legal Consulting in 2018 and is now an Associate of the firm. Professionally certified DPO by the European Center of Cybersecurity and Privacy, and a sponsored researcher of the Dutch Science Foundation, to analyse the legislative management of cybersecurity risks and trained in European Law. She provides legal advice to multinational companies and start-ups on privacy and personal data protection, with special reference to GDPR compliance. In addition, she participates in several H2020 European Projects on privacy and cybersecurity. She speaks fluent English, and Greek.
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The General Data Protection Regulation Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Data Controller: the company or public authority / agency which, determines the purposes (the why) and the means (the what and how) of the processing (Art. 4 (7) GDPR) Data Processor: the company or public authority / agency, which processes personal data on behalf of the controller, per instructions of the controller (Art. 4 (8) GDPR) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the GDPR (Art. 5 (2) and Art. 24 GDPR) Special Categories of Personal Data ü Data concerning health means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; ü Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; ü Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data; 101 Terminology 4
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The General Data Protection Regulation Regulation EU 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data Ø adopted on 14 April 2016, became enforceable in all European Member States on 25 May 2018 Ø aims to bring a single standard for data protection among all member states in the EU Ø Broader territorial reach, when compared to previous framework (Directive 95/46/EC) üCriterion 1: The GDPR applies where processing takes place “in the context of the activities of an establishment of a controller or processor in the Union, regardless of whether the processing takes place in the Union or not.” üCriterion 2: The GDPR applies to controllers or processors not established in the Union, where the processing activities relate to: üthe offering of goods or services to data subjects in the Union; OR üthe monitoring of the behavior of data subjects in the Union. 5
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Legal Tips for Businesses ØAccountability ØSecurity Measures
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Accountability under the GDPR means.. Data Controllers responsibility when processing personal data is: Ø To ensure, and to be able to demonstrate, compliance with the GDPR – implementing appropriate: o Technical measures o Organisational measures (i.e. data protection policies, complying with approved codes of conduct or certification mechanisms) [Art. 24 GDPR; Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the Regulation. Those measures shall be reviewed and updated where necessary.] 7
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved ØMaintaining a Record of Processing Activities (Art. 30 GDPR) ØRequired for organization with less than 250 employees when: Ø the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, Øthe processing is not occasional, or Øthe processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10 Ø That record shall contain: Øthe name and contact details of the controller and the data protection officer; Øthe purposes of the processing; Øa description of the categories of data subjects and of the categories of personal data; Øthe categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations; Øwhere applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation andthe documentation of suitable safeguards; Øwhere possible, the envisaged time limits for erasure of the different categories of data; Øwhere possible, a general description of the technical and organisational security measures referred to in Article 32(1). Accountability under the GDPR means.. 8
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Main Obligations of a Data Controller • Providing Information to Data Subjects regarding: (Art. 13 and 14 GDPR) ü Identity and contact details of data controller and (where needed) the Data Protection Officer ü The purposes of processing their personal data ü The recipients of the personal data ü The legal basis of the processing • Choosing the correct legal basis for the processing activities: (Art. 6 GDPR) ü Consent: clearly distinguishable, intelligible and easy to access, in clear and plain language (Art.9 GDPR); ü Performance of contract; ü Legal obligation; ü Legitimate interest; ü Vital interest of a data subject, or; ü Public interest. 9
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Main Obligations of a Data Controller • Ensuring that data subjects are informed about their rights and how to freely exercise them: ü Right of access (Art. 15 GDPR) ü Right to rectification (Art. 16 GDPR) ü Right to erasure (Art. 17 GDPR) ü Right to restrict the processing (Art. 18 GDPR) ü Right to data portability (Art. 20 GDPR) ü Right to object to processing (Art. 21 GDPR) 10
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved A risk-based approach under the GDPR.. Before the GDPR Ø Legislators accepted standard security measures (checklist of security measures) Data Security since the GDPR Ø Enhanced obligations both for controllers and processors o Assessing processing activities and finding relevant organisational and technical measures Ø There is no list of possible types of security measures, a RISK- BASED APPROACH is needed Ø A challenge for SMEs, since there is less resources 11
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Security of processing Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: Ø the pseudonymisation and encryption of personal data; Ø the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; Ø the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; Ø a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. [Art. 32 GDPR] 12
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Principle of Transparency ü Data must be processed lawfully, fairly and transparently ü Information relating to the proccessing of personal data should be concise, easily accessible, understandable, with the use clear and plain language Want to know what to include in your information notice to your data subjects? Check articles 13 and 14 GDPR. 13
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Principle of Data Protection by Design and by Default “Think privacy – Design privacy” The controller shall : Ø Both, at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimization (Art. 25(1) GDPR) Ø Implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons (Art. 25(2) GDPR). 14
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Accounta- bility Data protection by design & by default Data protection impact assessment Information to the data subject Legitimate basis Rights of the data subject Security Measures Data Breach Management Simplified Approach to the Data Protection Compliance Framework 15
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved How can this approach be implemented? ü Choosing measures based on Principles of Data Protection by Design and by Default ü Describing security measures in the Record of Processing Activities and attaching them to the Data Processing agreements ü Conducting a Data Protection Impact Assessment for risky processing activities, and finding the relevant security measures ü Adopting Data Breach Management Policies ü Adhering to relevant Certifications to demonstrate compliance ü Data Protection Self Assessment Toolkit v Data Controller and Data Processor’s checklist v Record of Processing Activities assessment v Direct Marketing assessment 16
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Sanctions and enforcement Ø Data subjects’ right to remedies Ø Right to lodge a complaint with a Supervisory Authority for processing of their data in violation with the GDPR Ø Right to start legal action Ø against a Supervisory Authority for failure to investigate a complaint or keeping the data subject informed Ø against a controller or processor for processing of their data in violation with the GDPR (courts where controller or processor is established/courts of place of residence of data subject) Ø Right to obtain compensation for material or immaterial damage Ø joint liability of controllers and processors for the entire damage Ø Class actions Ø certain not-for-profit organizations can be mandated by data subjects to lodge complaints and claim compensation on their behalf Ø Member States may also mandate organizations to act on behalf of data subjects Ø Fines Ø Up to the greater of 2% of an undertaking’s total annual worldwide turnover or €10 million for a large number of violations Ø Up to the greater of 4% of an undertaking’s total annual worldwide turnover or €20 million for a more limited set of violations, including Ø violation of data subjects’ rights Ø violation of basic principles for processing (legal basis, new consent rules, special categories of personal data) Ø violation of the rules on data transfers 17
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved 18 Stay updated! ictlegalconsulting.com/eng/newsletter/ Thank you for your attention! Anastasia Botsi – Associate, LL.B. anastasia.botsi@ictlegalconsulting.com
www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Awards 19

Recomendados

GDPR: The Catalyst for Customer 360
GDPR: The Catalyst for Customer 360GDPR: The Catalyst for Customer 360
GDPR: The Catalyst for Customer 360DataStax
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 

Recomendados

GDPR: The Catalyst for Customer 360
GDPR: The Catalyst for Customer 360GDPR: The Catalyst for Customer 360
GDPR: The Catalyst for Customer 360DataStax
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017GDPR clinic - CloudWATCH at Cloud Security Expo 2017
GDPR clinic - CloudWATCH at Cloud Security Expo 2017CloudWATCH Consortium
 
Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016Regulation (EU) 2016_679_GDPR_Overview_June 2016
Regulation (EU) 2016_679_GDPR_Overview_June 2016John Greenwood
 
mHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksmHealth Israel_EU General Data Protection Regulation_Simon Marks
mHealth Israel_EU General Data Protection Regulation_Simon MarksLevi Shapiro
 
GDPR 11/1/2017
GDPR 11/1/2017GDPR 11/1/2017
GDPR 11/1/2017isc2-hellenic
 
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationThe U.S. Healthcare Implications of Europe’s Stricter Data Privacy Regulation
The U.S. Healthcare Implications of Europe’s Stricter Data Privacy RegulationCognizant
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy Amiit Keshav Naik
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-OverviewErica Walker
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR DemystifiedSPIN Chennai
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitjoshquarrie
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article OverviewCraig Clark ITIL, CIS LI,EU GDPR P
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR BasicsElizabeth Dunne B.L. PC.dp
 
Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategyProf. Jacques Folon (Ph.D)
 
EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101 Anubhav Dhiman
 

Más contenido relacionado

La actualidad más candente

GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIKarel Holst
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORIKarel Holst
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson LLP
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Axon Lawyers
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016Erik Vollebregt
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitjoshquarrie
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationVicky Dallas
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...Cvent
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Michael Adamberry
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterBrowne Jacobson LLP
 

La actualidad más candente (20)

GDPR Overview
GDPR OverviewGDPR Overview
GDPR Overview
 
GDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORIGDPR presentation BE-Com - IFORI
GDPR presentation BE-Com - IFORI
 
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI2017 09 13_VOKA The Big Refresh - GDPR - IFORI
2017 09 13_VOKA The Big Refresh - GDPR - IFORI
 
Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017Browne Jacobson - Administrative and public law - October 2017
Browne Jacobson - Administrative and public law - October 2017
 
Overview on data privacy
Overview on data privacy Overview on data privacy
Overview on data privacy
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 
GDPR-Overview
GDPR-OverviewGDPR-Overview
GDPR-Overview
 
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands Hacking Health Camp Strasbourg health data & data protection in the Netherlands
Hacking Health Camp Strasbourg health data & data protection in the Netherlands
 
GDPR Demystified
GDPR DemystifiedGDPR Demystified
GDPR Demystified
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 
EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016EU data protection and security update COCIR annual meeting 2016
EU data protection and security update COCIR annual meeting 2016
 
Intercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkitIntercity technology - GDPR your training toolkit
Intercity technology - GDPR your training toolkit
 
GDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection RegulationGDPR Basics - General Data Protection Regulation
GDPR Basics - General Data Protection Regulation
 
GDPR: Key Article Overview
GDPR: Key Article OverviewGDPR: Key Article Overview
GDPR: Key Article Overview
 
General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...General Data Protection Regulations (GDPR): Do you understand it and are you ...
General Data Protection Regulations (GDPR): Do you understand it and are you ...
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17Data Protection Seminar_GDPR_ISOLAS_26-06-17
Data Protection Seminar_GDPR_ISOLAS_26-06-17
 
GDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, ManchesterGDPR for public sector DPO's seminar, April 2018, Manchester
GDPR for public sector DPO's seminar, April 2018, Manchester
 
Data Protection GDPR Basics
Data Protection GDPR BasicsData Protection GDPR Basics
Data Protection GDPR Basics
 
Data privacy and digital strategy
Data privacy and digital strategyData privacy and digital strategy
Data privacy and digital strategy
 

Similar a "Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingIT Governance Ltd
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?IT Governance Ltd
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkPECB
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-LatemAnn Van den Bunder
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization Vishnuvarthanan Moorthy
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?Sage HR
 
eu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associateseu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associatesMohsin Termezy
 
General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary Compliance3
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRIT Governance Ltd
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?VYTIS MALECKAS
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overviewJane Lambert
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRIT Governance Ltd
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")Parsons Behle & Latimer
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceIT Governance Ltd
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? SecurityScorecard
 

Similar a "Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal (20)

EU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketingEU GDPR and you: requirements for marketing
EU GDPR and you: requirements for marketing
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101
 
Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?Accountability under the GDPR: What does it mean for Boards & Senior Management?
Accountability under the GDPR: What does it mean for Boards & Senior Management?
 
Why GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC FrameworkWhy GDPR Must Be an Integral Part of Your GRC Framework
Why GDPR Must Be an Integral Part of Your GRC Framework
 
GDPR, Data Privacy.
GDPR, Data Privacy.GDPR, Data Privacy.
GDPR, Data Privacy.
 
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
2018 02 20 GDPR SEMINAR - Gemeente Sint-Martens-Latem
 
GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization GDPR – Readiness in IT offshore organization
GDPR – Readiness in IT offshore organization
 
GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?GDPR - are you ready for the challenge?
GDPR - are you ready for the challenge?
 
eu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associateseu-market-access-gdpr-fundamentals-by-risk-associates
eu-market-access-gdpr-fundamentals-by-risk-associates
 
General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary General Data Protection Regulations (GDPR) Summary
General Data Protection Regulations (GDPR) Summary
 
Revising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPRRevising policies and procedures under the new EU GDPR
Revising policies and procedures under the new EU GDPR
 
EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?EY General Data Protection Regulation: Are you ready?
EY General Data Protection Regulation: Are you ready?
 
Employee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdfEmployee Monitoring and Privacy.pdf
Employee Monitoring and Privacy.pdf
 
#CyberSafeLambeth
#CyberSafeLambeth#CyberSafeLambeth
#CyberSafeLambeth
 
GDPR Introduction and overview
GDPR Introduction and overviewGDPR Introduction and overview
GDPR Introduction and overview
 
Data transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPRData transfers to countries outside the EU/EEA under the GDPR
Data transfers to countries outside the EU/EEA under the GDPR
 
GDPR and Copyright Law
GDPR and Copyright LawGDPR and Copyright Law
GDPR and Copyright Law
 
The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")The General Data Protection Regulation ("GDPR")
The General Data Protection Regulation ("GDPR")
 
The GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for complianceThe GDPR’s impact on your business and preparing for compliance
The GDPR’s impact on your business and preparing for compliance
 
GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready? GDPR Enforcement is here. Are you ready?
GDPR Enforcement is here. Are you ready?
 

Más de Cyber Watching

"How are SMEs addressing privacy and trust today and what do they need to kno...
"How are SMEs addressing privacy and trust today and what do they need to kno..."How are SMEs addressing privacy and trust today and what do they need to kno...
"How are SMEs addressing privacy and trust today and what do they need to kno...Cyber Watching
 
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT ServicesCyber Watching
 
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...Cyber Watching
 
Addressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveAddressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveCyber Watching
 
Cybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEsCybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEsCyber Watching
 
Training and Simulation in support of the SMEs - The CYBERWISER.eu project
Training and Simulation in support of the SMEs - The CYBERWISER.eu projectTraining and Simulation in support of the SMEs - The CYBERWISER.eu project
Training and Simulation in support of the SMEs - The CYBERWISER.eu projectCyber Watching
 
Cyberwatching.eu - The European Watch on Cybersecurity & privacy
Cyberwatching.eu - The European Watch on Cybersecurity & privacyCyberwatching.eu - The European Watch on Cybersecurity & privacy
Cyberwatching.eu - The European Watch on Cybersecurity & privacyCyber Watching
 

Más de Cyber Watching (7)

"How are SMEs addressing privacy and trust today and what do they need to kno...
"How are SMEs addressing privacy and trust today and what do they need to kno..."How are SMEs addressing privacy and trust today and what do they need to kno...
"How are SMEs addressing privacy and trust today and what do they need to kno...
 
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services
"Introduction & Cyberwatching project" - Nick Ferguson, Trust-IT Services
 
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...
The impacts of cyberattacks on intangibles of firms and critical sectors, ahm...
 
Addressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspectiveAddressing cyber risk managment from SME perspective
Addressing cyber risk managment from SME perspective
 
Cybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEsCybersecurity - Needs and Barriers of SMEs
Cybersecurity - Needs and Barriers of SMEs
 
Training and Simulation in support of the SMEs - The CYBERWISER.eu project
Training and Simulation in support of the SMEs - The CYBERWISER.eu projectTraining and Simulation in support of the SMEs - The CYBERWISER.eu project
Training and Simulation in support of the SMEs - The CYBERWISER.eu project
 
Cyberwatching.eu - The European Watch on Cybersecurity & privacy
Cyberwatching.eu - The European Watch on Cybersecurity & privacyCyberwatching.eu - The European Watch on Cybersecurity & privacy
Cyberwatching.eu - The European Watch on Cybersecurity & privacy
 

Último

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek SchlawackFwdays
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubKalema Edgar
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxLoriGlavin3
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfLoriGlavin3
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxBkGupta21
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxLoriGlavin3
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESmohitsingh558521
 

Último (20)

Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
"Subclassing and Composition – A Pythonic Tour of Trade-Offs", Hynek Schlawack
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Unleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding ClubUnleash Your Potential - Namagunga Girls Coding Club
Unleash Your Potential - Namagunga Girls Coding Club
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptxPasskey Providers and Enabling Portability: FIDO Paris Seminar.pptx
Passkey Providers and Enabling Portability: FIDO Paris Seminar.pptx
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Moving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdfMoving Beyond Passwords: FIDO Paris Seminar.pdf
Moving Beyond Passwords: FIDO Paris Seminar.pdf
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
unit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptxunit 4 immunoblotting technique complete.pptx
unit 4 immunoblotting technique complete.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptxA Deep Dive on Passkeys: FIDO Paris Seminar.pptx
A Deep Dive on Passkeys: FIDO Paris Seminar.pptx
 
DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICESSALESFORCE EDUCATION CLOUD | FEXLE SERVICES
SALESFORCE EDUCATION CLOUD | FEXLE SERVICES
 

"Legal tips and compliance requirements" - Anastasia Botsi, ICT Legal

  • 1. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Legal tips and Compliance Requirements ICTLC - ICT Legal Consulting PresentsAnastasia Botsi – Associate anastasia.botsi@ictlegalconsulting.com
  • 2. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The Firm – Global Presence 2 ICT Legal Consulting is an international law firm founded in 2011 with offices in Amsterdam, Milan, Bologna, and Rome. In each of these countries we have established partnerships with more than one law firm. Depending on the assignment, we contact the professionals who are most capable of meeting clients’ specific needs. We are present in nineteen other countries: Australia, Austria, Belgium, Brazil, China, France, Germany, Greece, Hungary, Mexico, Poland, Portugal, Romania, Russia, Slovakia, Spain, Turkey, United Kingdom and USA. Disclaimer: The presentation was made for the purpose of synthetising the principles for the public webinar of Cyberwatching.eu, for any further in depth analysis please refer to the Regulation (EU) 2016/175.
  • 3. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved 3 The Expertise Anastasia Botsi – Associate , LL.B. Anastasia joined ICT Legal Consulting in 2018 and is now an Associate of the firm. Professionally certified DPO by the European Center of Cybersecurity and Privacy, and a sponsored researcher of the Dutch Science Foundation, to analyse the legislative management of cybersecurity risks and trained in European Law. She provides legal advice to multinational companies and start-ups on privacy and personal data protection, with special reference to GDPR compliance. In addition, she participates in several H2020 European Projects on privacy and cybersecurity. She speaks fluent English, and Greek.
  • 4. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The General Data Protection Regulation Personal Data: Any information relating to an identified or identifiable natural person (“data subject”). An identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Data Controller: the company or public authority / agency which, determines the purposes (the why) and the means (the what and how) of the processing (Art. 4 (7) GDPR) Data Processor: the company or public authority / agency, which processes personal data on behalf of the controller, per instructions of the controller (Art. 4 (8) GDPR) Processing: any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction. Accountability: The controller shall be responsible for, and be able to demonstrate compliance with the GDPR (Art. 5 (2) and Art. 24 GDPR) Special Categories of Personal Data ü Data concerning health means personal data relating to the physical or mental health of a natural person, including the provision of health care services, which reveal information about his or her health status; ü Genetic data means personal data relating to the inherited or acquired genetic characteristics of a natural person which give unique information about the physiology or the health of that natural person and which result, in particular, from an analysis of a biological sample from the natural person in question; ü Biometric data means personal data resulting from specific technical processing relating to the physical, physiological or behavioural characteristics of a natural person, which allow or confirm the unique identification of that natural person, such as facial images or dactyloscopic data; 101 Terminology 4
  • 5. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved The General Data Protection Regulation Regulation EU 2016/679 on the Protection of Natural Persons with Regard to the Processing of Personal Data Ø adopted on 14 April 2016, became enforceable in all European Member States on 25 May 2018 Ø aims to bring a single standard for data protection among all member states in the EU Ø Broader territorial reach, when compared to previous framework (Directive 95/46/EC) üCriterion 1: The GDPR applies where processing takes place “in the context of the activities of an establishment of a controller or processor in the Union, regardless of whether the processing takes place in the Union or not.” üCriterion 2: The GDPR applies to controllers or processors not established in the Union, where the processing activities relate to: üthe offering of goods or services to data subjects in the Union; OR üthe monitoring of the behavior of data subjects in the Union. 5
  • 6. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Legal Tips for Businesses ØAccountability ØSecurity Measures
  • 7. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Accountability under the GDPR means.. Data Controllers responsibility when processing personal data is: Ø To ensure, and to be able to demonstrate, compliance with the GDPR – implementing appropriate: o Technical measures o Organisational measures (i.e. data protection policies, complying with approved codes of conduct or certification mechanisms) [Art. 24 GDPR; Taking into account the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, the controller shall implement appropriate technical and organisational measures to ensure and to be able to demonstrate that processing is performed in accordance with the Regulation. Those measures shall be reviewed and updated where necessary.] 7
  • 8. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved ØMaintaining a Record of Processing Activities (Art. 30 GDPR) ØRequired for organization with less than 250 employees when: Ø the processing it carries out is likely to result in a risk to the rights and freedoms of data subjects, Øthe processing is not occasional, or Øthe processing includes special categories of data as referred to in Article 9(1) or personal data relating to criminal convictions and offences referred to in Article 10 Ø That record shall contain: Øthe name and contact details of the controller and the data protection officer; Øthe purposes of the processing; Øa description of the categories of data subjects and of the categories of personal data; Øthe categories of recipients to whom the personal data have been or will be disclosed including recipients in third countries or international organisations; Øwhere applicable, transfers of personal data to a third country or an international organisation, including the identification of that third country or international organisation andthe documentation of suitable safeguards; Øwhere possible, the envisaged time limits for erasure of the different categories of data; Øwhere possible, a general description of the technical and organisational security measures referred to in Article 32(1). Accountability under the GDPR means.. 8
  • 9. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Main Obligations of a Data Controller • Providing Information to Data Subjects regarding: (Art. 13 and 14 GDPR) ü Identity and contact details of data controller and (where needed) the Data Protection Officer ü The purposes of processing their personal data ü The recipients of the personal data ü The legal basis of the processing • Choosing the correct legal basis for the processing activities: (Art. 6 GDPR) ü Consent: clearly distinguishable, intelligible and easy to access, in clear and plain language (Art.9 GDPR); ü Performance of contract; ü Legal obligation; ü Legitimate interest; ü Vital interest of a data subject, or; ü Public interest. 9
  • 10. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Main Obligations of a Data Controller • Ensuring that data subjects are informed about their rights and how to freely exercise them: ü Right of access (Art. 15 GDPR) ü Right to rectification (Art. 16 GDPR) ü Right to erasure (Art. 17 GDPR) ü Right to restrict the processing (Art. 18 GDPR) ü Right to data portability (Art. 20 GDPR) ü Right to object to processing (Art. 21 GDPR) 10
  • 11. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved A risk-based approach under the GDPR.. Before the GDPR Ø Legislators accepted standard security measures (checklist of security measures) Data Security since the GDPR Ø Enhanced obligations both for controllers and processors o Assessing processing activities and finding relevant organisational and technical measures Ø There is no list of possible types of security measures, a RISK- BASED APPROACH is needed Ø A challenge for SMEs, since there is less resources 11
  • 12. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Security of processing Taking into account the state of the art, the costs of implementation and the nature, scope, context and purposes of processing as well as the risk of varying likelihood and severity for the rights and freedoms of natural persons, the controller and the processor shall implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk, including inter alia as appropriate: Ø the pseudonymisation and encryption of personal data; Ø the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services; Ø the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident; Ø a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing. [Art. 32 GDPR] 12
  • 13. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Principle of Transparency ü Data must be processed lawfully, fairly and transparently ü Information relating to the proccessing of personal data should be concise, easily accessible, understandable, with the use clear and plain language Want to know what to include in your information notice to your data subjects? Check articles 13 and 14 GDPR. 13
  • 14. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Principle of Data Protection by Design and by Default “Think privacy – Design privacy” The controller shall : Ø Both, at the time of the determination of the means for processing and at the time of the processing itself, implement appropriate technical and organisational measures, such as pseudonymisation, which are designed to implement data-protection principles, such as data minimization (Art. 25(1) GDPR) Ø Implement appropriate technical and organisational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed. That obligation applies to the amount of personal data collected, the extent of their processing, the period of their storage and their accessibility. In particular, such measures shall ensure that by default personal data are not made accessible without the individual's intervention to an indefinite number of natural persons (Art. 25(2) GDPR). 14
  • 15. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Accounta- bility Data protection by design & by default Data protection impact assessment Information to the data subject Legitimate basis Rights of the data subject Security Measures Data Breach Management Simplified Approach to the Data Protection Compliance Framework 15
  • 16. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved How can this approach be implemented? ü Choosing measures based on Principles of Data Protection by Design and by Default ü Describing security measures in the Record of Processing Activities and attaching them to the Data Processing agreements ü Conducting a Data Protection Impact Assessment for risky processing activities, and finding the relevant security measures ü Adopting Data Breach Management Policies ü Adhering to relevant Certifications to demonstrate compliance ü Data Protection Self Assessment Toolkit v Data Controller and Data Processor’s checklist v Record of Processing Activities assessment v Direct Marketing assessment 16
  • 17. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Sanctions and enforcement Ø Data subjects’ right to remedies Ø Right to lodge a complaint with a Supervisory Authority for processing of their data in violation with the GDPR Ø Right to start legal action Ø against a Supervisory Authority for failure to investigate a complaint or keeping the data subject informed Ø against a controller or processor for processing of their data in violation with the GDPR (courts where controller or processor is established/courts of place of residence of data subject) Ø Right to obtain compensation for material or immaterial damage Ø joint liability of controllers and processors for the entire damage Ø Class actions Ø certain not-for-profit organizations can be mandated by data subjects to lodge complaints and claim compensation on their behalf Ø Member States may also mandate organizations to act on behalf of data subjects Ø Fines Ø Up to the greater of 2% of an undertaking’s total annual worldwide turnover or €10 million for a large number of violations Ø Up to the greater of 4% of an undertaking’s total annual worldwide turnover or €20 million for a more limited set of violations, including Ø violation of data subjects’ rights Ø violation of basic principles for processing (legal basis, new consent rules, special categories of personal data) Ø violation of the rules on data transfers 17
  • 18. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved 18 Stay updated! ictlegalconsulting.com/eng/newsletter/ Thank you for your attention! Anastasia Botsi – Associate, LL.B. anastasia.botsi@ictlegalconsulting.com
  • 19. www.ictlegalconsulting.com© 2018 ICT Legal Consulting – All rights reserved Awards 19