SlideShare a Scribd company logo

GDPR & corporate Governance, Evaluation after 2 years implementation

FERMA
FERMA

FERMA’s live joint webinar with ECIIA on Monday 28 September gathered more than 300 participants The objective of this joint webinar was to take stock of where we stand after 2 years of GDPR implementation and the practical consequences on businesses. For this, FERMA and ECIIA (European Confederation of Institutes of Internal Auditing) invited the following speakers: - Olivier Micol, Head of Data Protection Unit at the European Commission, Directorate-General for Justice. He highlighted key elements of the recent GDPR evaluation report of the European Commission, shared the latest data and feedback from companies and civil society. He also gave an overview of future planned initiatives. - Jérôme Avot, Group Risk Officer and Data Protection Officer at Faurecia, a global leader in automotive technology.”The GDPR served as a common thread from the start to the end of the project. We feel we have turned what might have been perceived as a constraint into an opportunity. “ - Ralf Herold, Senior Vice President, Corporate Audit BASF, a leading chemical company. He is an expert in GDPR as Germany was a pioneer in this piece of legislation. Jérôme Avot and Ralf Herold shared their experience as a Risk Manager and DPO and as an Internal Auditor by exchanging on the changes that the GDPR involved within their companies. https://www.ferma.eu/webinar-replay-gdpr-corporate-governance-evaluation-after-2-years-implementation/

Business
1 of 23
Download to read offline
In partnership with European Risk Manager Report 2020 Edition Top critical threats to the organisation’s growth prospects within the next 12 months CYBER THREAT UNCERTAIN ECONOMIC GROWTH AVAILABILITY OF KEY SKILLS DATA FRAUD OR THEFT OVER-REGULATION CYBER THREAT UNCERTAIN ECONOMIC GROWTH GEOPOLITICAL UNCERTAINLY OVER-REGULATION CHANGING CONSUMER BEHAVIOUR TOP RISK 2020TOP RISK 2018 37% 39% 24% How do you deal with risks arising from emerging technologies ? Identification and assessment of risks prior to adoption of new technologies by the business Identification and assessment of emerging technologies used by the business Analysis and remediation of any insurance coverage gaps
Risks in Focus 2021
Cybersecurity and Data security as top risk again!
GDPR :expert’s introduction Ralf Herold Senior Vice President, Corporate Audit BASF Jérôme Avot Group Risk Officer and Data Protection Officer at Faurecia Olivier Micol Head of Data Protection Unit at the European Commission, Directorate- General for Justice
GDPR :Expert Talk Olivier Micol Head of Data Protection Unit at the European Commission, Directorate- General for Justice ▪ Key elements of the recent GDPR evaluation report of the European Commission ▪ share the latest data and feedback from companies and civil society ▪ overview of future planned initiatives
GDPR :Polling question #1 How would you assess the level of divergence in the enforcement of GDPR regulation by DPA in EU? ❑ High ❑ Medium ❑ Low
GDPR :Polling question #2 How do you evaluate your interaction with the DPA in your country? ❑ Very Good ❑ Good ❑ Bad ❑ Very Bad
GDPR :Expert Talk ➢ About FAURECIA ➢ Impact of the GDPR on the activities ➢ How to be both DPO and Risk Manager ? ➢ Ongoing challenges ➢ Covid 19 and GDPR Jérôme Avot Group Risk Office and Data Protection Officer, FAURECIA
About FAURECIA
Impact of the GDPR on the activities • While the GDPR was mostly generating fear, uncertainty and doubts before its application in May 2018… the benefits, after more than two years, are widely recognized ! • It forced helped companies to perform a comprehensive inventory of all their data processing activities • … and act on those which were not (fully) compliant (security, data retention, consent…) • It helped to start projects (especially security related) which were not considered as “priority 1”. A new regulation is a good excuse to get budget ☺ • Companies are now taking more care regarding their own sub-contractors (from a legal and practical standpoint) including requirement for certification, audits, … • Most companies are now ready in case of Data Breach, they know how to deal with new “data processing” (privacy by design) and are used to respond to Data Subject Request. • Wider training program to employees regarding data protection contributing to the reinforcement of the overall cyber-security of the company GDPR is a journey, not a destination, but companies have mostly embraced the spirit of GDPR and are moving in the right direction to drastically improve personal data protection.
How to be both DPO and Risk Manager ? Being a DPO and Risk Manager is totally compatible… but not all Risk Manager can be DPO and not all DPO could be Risk Manager • The word “Risk” is being mentioned more than 78 times in the official GDPR regulation • Risk Management is one of the pillars of the GDPR Regulation • So who else better than a “Risk Manager” to manage “Personal Data Protection” risk ? • This is not that obvious: • The DPO is usually considered as a “five-legged sheep” : • Need for (even basic) legal knowledge • Need for Information System Security knowledge • Need to be pedagogue, good ability to communicate and train people • Need to have a good internal network and be recognized • Need to be able to assess risks • Not all “Risk Managers” will therefore do the job ☺ • However being both Risk Manager and DPO has many benefits including: • Benefits from “risk oriented” mindset and ensure perfect alignment with Risk Management methodology • Good mix between daily actions as a “DPO” and more medium/long term action as “Risk Manager” • Being able to assess this specific risk at the right level in the overall risk matrix
Ongoing challenges ? • Three main ongoing challenges to deal with in the current context: • Ensure continuous GDPR compliance • How to make sure that all new and existing data processing activities are recorded and compliant ? • How to ensure that all changes are being done in compliance with GDPR mindset ? • Spot the weakest link • Security of data is a matter of weakest link and the difficulty is to find out what could be this weakest link leading to a data breach. • How well protected are your test environments ? Does your replicated data are being anonymized ? • Where are your backup stored and how secure they are ? • How well protected is your sub-contractor laptop holding a backup of all your data ? • Deal with the invalidation of the Privacy Shield (since July 2020) • Should we put in place Standard Contractual Clauses (SCCs) or even Binding Corporate Rules (BCRs) ? • Should we start compartmentalizing data in different regions ? (e-mails for instance) • Should we suspend temporarily such transfers until clear guidance is released ?
Covid-19 and GPDR During this difficult and complex period, all Europeans DPA are making efforts to provide guidance and assistance to companies on this complex topic… but companies still need to apply GDPR principles and be agile in a fast-paced changing environment ! • Employers have obligations to ensure the health and safety of employees while at work but they also need to ensure compliance with GDPR: A real challenge in this Covid-19 context ! • Health information is classed as “special category of personal data” under GDPR meaning a Data Protection Impact Assessment should be done in order to understand the risks associated with such kind of data processing and… ensure those risks are properly mitigated ! • Typical steps include: • Identify clear needs (“purpose limitation” and “data minimization” principles) for each cases (temperature screening, CCTV, close contacts…) and collect ONLY NECESSARY data • Identity a “Lawful basis of processing” (and forget about consent) • Prepare a “Privacy Policy” (“right to be informed” principle) • Ensure Security and Confidentiality of data (“security” principle) • And… document the measures taken (“accountability” principle)
GDPR :Expert Talk ➢ About BASF ➢ Impact of the GDPR on the activities ➢ The role of internal auditors: what has changed? ➢ Ongoing challenges ➢ Covid 19 and GDPR Ralf Herold Senior Vice President, Corporate Audit BASF
Facts important to know: Objectives of the EU-GDPR – protection of natural person, and more..! Striving for a balance of all 3 objectives in a common EU-market with same market rules & conditions for all market subjects  protection of personal data is not an absolute right GDPR Recital 1 “protection of natural persons in relation to the processing of personal data Art 1 GDPR & Recital 9 “free flow of personal data throughout the Union” Recital 2 Recital 4 “Economic union, strengthening EU market development” “freedom to conduct business”
17 NationNation Enterprise Enterprise Employee Customer/Vendor 2 3 4 5 6 1 Nation/Government Enterprise/Company 1. Nation/Nation: Contracts & No-Spy 2. Government/Enterprise: Regulatory Business Framework 3. Government/Citizen: Civil Rights/Right to be left alone/Data ownership and disposition rights  National Security & Law Enforcement – “Social Contract: Citizens  Government” 4. Enterprise/Enterprise: Contracts – IP rights – Anti-Trust Regulations 5. Enterprise/Employee: Contracts - Consensus 6. Enterprise/Customer/Vendor: Contracts - Consensus Data Subjects Protection of the Rights of a Natural Person – What Enterprises can do and have to focus on ➢ Enterprises adhere to rules ➢ Can‘t solve political disputes or Nations or Government affairs
BASF SE = Main Establishment BASF Group EU-Companies = Group Of Undertakings Lead Supervisory Authority The State Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate LfDI RLP Data Protection Commissioner by Country Consistency Mechanism BASF applies the One-Stop-Shop Concept (Art. 56 & Art. 60 GDPR) Data Protection @ BASF ➢ by design Europa ➢ de facto Global
Questions & Answers
Supporting documents
Thank you
About FERMA FERMA brings together 22 risk management associations in 21 European countries. They represent nearly 5,000 professional risk managers active in a wide range of business sectors. The Federation of European Risk Management Associations (FERMA) speaks for the risk management profession in Europe. FERMA acts on its behalf at European level and promotes the risk management profession. FERMA provides a risk management perspective on European issues and strengthens the profession through a European risk management certification (rimap). www.ferma.eu
About ECIIA ECIIA gives voice to 48.000 Internal Auditors in 34 countries from wider Europe. The European Confederation of Institutes of Internal Auditing (ECIIA) is the voice of internal audit in Europe. Our role is to enhance corporate governance through the promotion of the professional practice of internal auditing. The ECIIA mission is to further the development of good corporate governance and internal audit at the European level, through • Knowledge sharing • Developing key relationships • Impacting the regulatory environment, by dealing with the European Union, its Parliament and the European Authorities.

Recommended

GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
FERMA
 
Artificial intelligence (1)
Artificial intelligence (1)Artificial intelligence (1)
Artificial intelligence (1)
kiravaibhavDib
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
FERMA
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
FERMA
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
FERMA
 
European Risk Management Seminar 2018 - Sustainability Report
European Risk Management Seminar 2018 - Sustainability ReportEuropean Risk Management Seminar 2018 - Sustainability Report
European Risk Management Seminar 2018 - Sustainability Report
FERMA
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
FERMA
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
FERMA
 

Recommended

GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...GDPR & corporate governance: the role of risk management and internal audit o...
GDPR & corporate governance: the role of risk management and internal audit o...
FERMA
 
Artificial intelligence (1)
Artificial intelligence (1)Artificial intelligence (1)
Artificial intelligence (1)
kiravaibhavDib
 
FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results FERMA European Risk Manager Report 2020: full set of results
FERMA European Risk Manager Report 2020: full set of results
FERMA
 
Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?Webinar: Why risk managers should look at Artificial Intelligence now?
Webinar: Why risk managers should look at Artificial Intelligence now?
FERMA
 
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
Risk management recovery and resilience covid 19 survey report 2020 2020.12.0...
FERMA
 
European Risk Management Seminar 2018 - Sustainability Report
European Risk Management Seminar 2018 - Sustainability ReportEuropean Risk Management Seminar 2018 - Sustainability Report
European Risk Management Seminar 2018 - Sustainability Report
FERMA
 
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
Webinar: Risk management in a global pandemic - Early lessons learned, EU – U...
FERMA
 
Risk Manager European Profile 2018
Risk Manager European Profile 2018Risk Manager European Profile 2018
Risk Manager European Profile 2018
FERMA
 
Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
FERMA
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
FERMA
 
Sustainability as risk management
Sustainability as risk managementSustainability as risk management
Sustainability as risk management
Metso Group
 
Sustainability & Risk Management
Sustainability & Risk ManagementSustainability & Risk Management
Sustainability & Risk Management
Turlough Guerin GAICD FGIA
 
ESG Risks and Thai Banks: Time to Walk the Talk
ESG Risks and Thai Banks: Time to Walk the TalkESG Risks and Thai Banks: Time to Walk the Talk
ESG Risks and Thai Banks: Time to Walk the Talk
Sarinee Achavanuntakul
 
Sustainable Brands New Metrics: The evolution of social and human capital man...
Sustainable Brands New Metrics: The evolution of social and human capital man...Sustainable Brands New Metrics: The evolution of social and human capital man...
Sustainable Brands New Metrics: The evolution of social and human capital man...
Mike Wallace
 
Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021
Mike Wallace
 
EMEA Insurers Snapshot - Regional Snapshot
EMEA Insurers Snapshot - Regional SnapshotEMEA Insurers Snapshot - Regional Snapshot
EMEA Insurers Snapshot - Regional Snapshot
Melissa Scianna
 
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
NarimanMaalouf
 
Sustainability Knowledge Group launches new digital reporting tool
Sustainability Knowledge Group launches new digital reporting toolSustainability Knowledge Group launches new digital reporting tool
Sustainability Knowledge Group launches new digital reporting tool
Sustainability Knowledge Group
 
Sustainability and Integrated Reporting
Sustainability and Integrated Reporting Sustainability and Integrated Reporting
Sustainability and Integrated Reporting
paul young cpa, cga
 
EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know
Sarah Crabb
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
IT Governance Ltd
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
Richard Hogg,Global GDPR Offerings Evangelist
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
Dimitri Sirota
 
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
Capgemini
 
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
IBM Sverige
 
Big data minute privacy
Big data minute privacyBig data minute privacy
Big data minute privacy
GuyVanderSande
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Journey2018: Surviving and thriving under GDPR
Journey2018: Surviving and thriving under GDPR Journey2018: Surviving and thriving under GDPR
Journey2018: Surviving and thriving under GDPR
Yieldify
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
Exponential_e
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
confluent
 

More Related Content

What's hot

Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
FERMA
 
Sustainability & Risk Management
Sustainability & Risk ManagementSustainability & Risk Management
Sustainability & Risk Management
Turlough Guerin GAICD FGIA
 
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
NarimanMaalouf
 

What's hot (11)

Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management Ferma report: Artificial Intelligence applied to Risk Management
Ferma report: Artificial Intelligence applied to Risk Management
 
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks ReportHBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
HBR - Zurich - FERMAZ - PRIMO Cyber Risks Report
 
Sustainability as risk management
Sustainability as risk managementSustainability as risk management
Sustainability as risk management
 
Sustainability & Risk Management
Sustainability & Risk ManagementSustainability & Risk Management
Sustainability & Risk Management
 
ESG Risks and Thai Banks: Time to Walk the Talk
ESG Risks and Thai Banks: Time to Walk the TalkESG Risks and Thai Banks: Time to Walk the Talk
ESG Risks and Thai Banks: Time to Walk the Talk
 
Sustainable Brands New Metrics: The evolution of social and human capital man...
Sustainable Brands New Metrics: The evolution of social and human capital man...Sustainable Brands New Metrics: The evolution of social and human capital man...
Sustainable Brands New Metrics: The evolution of social and human capital man...
 
Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021Managing the ESG Ecosystem US EPA_Feb_2021
Managing the ESG Ecosystem US EPA_Feb_2021
 
EMEA Insurers Snapshot - Regional Snapshot
EMEA Insurers Snapshot - Regional SnapshotEMEA Insurers Snapshot - Regional Snapshot
EMEA Insurers Snapshot - Regional Snapshot
 
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
Insurance Role in a Climate Change Constraint World: UAE Motor Best Practice ...
 
Sustainability Knowledge Group launches new digital reporting tool
Sustainability Knowledge Group launches new digital reporting toolSustainability Knowledge Group launches new digital reporting tool
Sustainability Knowledge Group launches new digital reporting tool
 
Sustainability and Integrated Reporting
Sustainability and Integrated Reporting Sustainability and Integrated Reporting
Sustainability and Integrated Reporting
 

Similar to GDPR & corporate Governance, Evaluation after 2 years implementation

Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
FERMA
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
confluent
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
Big Data Value Association
 

Similar to GDPR & corporate Governance, Evaluation after 2 years implementation (20)

EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know EU GDPR: What You Really Need to Know
EU GDPR: What You Really Need to Know
 
The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...The GDPR and its requirements for implementing data protection impact assessm...
The GDPR and its requirements for implementing data protection impact assessm...
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
BigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar SlidesBigID GDPR Compliance Automation Webinar Slides
BigID GDPR Compliance Automation Webinar Slides
 
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidsonCWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
CWIN17 telford gdpr – threat, overhead or opportunity - doug davidson
 
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
1 -2-6 kista watson summit-gdpr ibm pov hogg-sm
 
Big data minute privacy
Big data minute privacyBig data minute privacy
Big data minute privacy
 
Meeting the cyber risk challenge
Meeting the cyber risk challengeMeeting the cyber risk challenge
Meeting the cyber risk challenge
 
Journey2018: Surviving and thriving under GDPR
Journey2018: Surviving and thriving under GDPR Journey2018: Surviving and thriving under GDPR
Journey2018: Surviving and thriving under GDPR
 
Ritz 4th-july-gdpr
Ritz 4th-july-gdprRitz 4th-july-gdpr
Ritz 4th-july-gdpr
 
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
Compliance in Motion: Aligning Data Governance Initiatives with Business Obje...
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
BDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEsBDVe Webinar Series - Making GDPR for SMEs
BDVe Webinar Series - Making GDPR for SMEs
 
The impact of GDPR on UK employers
The impact of GDPR on UK employersThe impact of GDPR on UK employers
The impact of GDPR on UK employers
 
Satori GDPR Overview 2018
Satori GDPR Overview 2018Satori GDPR Overview 2018
Satori GDPR Overview 2018
 
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
Digital Enterprise Festival Birmingham 13/04/17 - Ian West Cognizant VP Data ...
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
GDPR (En) JM Tyszka
GDPR (En) JM TyszkaGDPR (En) JM Tyszka
GDPR (En) JM Tyszka
 
GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.GDPR How ready are you? The What, Why and How.
GDPR How ready are you? The What, Why and How.
 
2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar2016 11-17-gdpr-integro-webinar
2016 11-17-gdpr-integro-webinar
 

More from FERMA

The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
FERMA
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA
 

More from FERMA (20)

FERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agendaFERMA contribution to the French Presidency agenda
FERMA contribution to the French Presidency agenda
 
The role of risk management in corporate resilience
The role of risk management in corporate resilienceThe role of risk management in corporate resilience
The role of risk management in corporate resilience
 
Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience Webinar: the role of risk management in corporate resilience
Webinar: the role of risk management in corporate resilience
 
People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...People, Planet & Performance: sustainability guide for risk and insurance man...
People, Planet & Performance: sustainability guide for risk and insurance man...
 
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
Collaboration of the Year Award winner 2020: Pim Moerman and Rob van den Eijn...
 
Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020Argo Group: operationalizing emerging risk 2020
Argo Group: operationalizing emerging risk 2020
 
Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020Argo Group: entry for emerging risk initiative of the year Award 2020
Argo Group: entry for emerging risk initiative of the year Award 2020
 
George Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland WaterGeorge Ong, Chief Risk Officer, Northern Ireland Water
George Ong, Chief Risk Officer, Northern Ireland Water
 
The European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentationThe European risk manager report 2020: webinar presentation
The European risk manager report 2020: webinar presentation
 
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
GDPR & corporate governance: The Role of Internal Audit and Risk Management O...
 
Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019Facts and figures about our risk management associations in Europe 2019
Facts and figures about our risk management associations in Europe 2019
 
Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?Webinar: how risk management can contribute to sustainable growth?
Webinar: how risk management can contribute to sustainable growth?
 
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber SecurityFERMA Webinar: At the Junction of Corporate Governance and Cyber Security
FERMA Webinar: At the Junction of Corporate Governance and Cyber Security
 
Ferma European Risk Manager Report 2018
Ferma European Risk Manager Report 2018Ferma European Risk Manager Report 2018
Ferma European Risk Manager Report 2018
 
Ferma PwC European Risk Manager Report_ full set results 2018
Ferma PwC European Risk Manager Report_ full set results 2018Ferma PwC European Risk Manager Report_ full set results 2018
Ferma PwC European Risk Manager Report_ full set results 2018
 
European risk management sustainability seminar report
European risk management sustainability seminar reportEuropean risk management sustainability seminar report
European risk management sustainability seminar report
 
Fer008 ferma risk-mangmt_18_sem_sustainabiity_report_v15_07_nov18 (1)
Fer008 ferma risk-mangmt_18_sem_sustainabiity_report_v15_07_nov18 (1)Fer008 ferma risk-mangmt_18_sem_sustainabiity_report_v15_07_nov18 (1)
Fer008 ferma risk-mangmt_18_sem_sustainabiity_report_v15_07_nov18 (1)
 
European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report European Risk Management Seminar 2018 - Cyber Report
European Risk Management Seminar 2018 - Cyber Report
 
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
Ferma perspectives #2 - Cyber Risk Governance 09.10.2018
 
Preparing for cyber insurance - FERMA - Insurance Europe - BIPAR
Preparing for cyber insurance - FERMA - Insurance Europe - BIPARPreparing for cyber insurance - FERMA - Insurance Europe - BIPAR
Preparing for cyber insurance - FERMA - Insurance Europe - BIPAR
 

Recently uploaded

Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Sheetaleventcompany
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
amitlee9823
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
amitlee9823
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
Aggregage
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
Call Girls in Nagpur High Profile Call Girls
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
amitlee9823
 

Recently uploaded (20)

Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
Chandigarh Escorts Service 📞8868886958📞 Just📲 Call Nihal Chandigarh Call Girl...
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Falcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in indiaFalcon Invoice Discounting platform in india
Falcon Invoice Discounting platform in india
 
Phases of Negotiation .pptx
Phases of Negotiation .pptx Phases of Negotiation .pptx
Phases of Negotiation .pptx
 
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service AvailableCall Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
Call Girls Ludhiana Just Call 98765-12871 Top Class Call Girl Service Available
 
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
The Path to Product Excellence: Avoiding Common Pitfalls and Enhancing Commun...
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
(Anamika) VIP Call Girls Napur Call Now 8617697112 Napur Escorts 24x7
 
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
Call Girls Electronic City Just Call 👗 7737669865 👗 Top Class Call Girl Servi...
 

GDPR & corporate Governance, Evaluation after 2 years implementation

  • 1.
  • 2. In partnership with European Risk Manager Report 2020 Edition Top critical threats to the organisation’s growth prospects within the next 12 months CYBER THREAT UNCERTAIN ECONOMIC GROWTH AVAILABILITY OF KEY SKILLS DATA FRAUD OR THEFT OVER-REGULATION CYBER THREAT UNCERTAIN ECONOMIC GROWTH GEOPOLITICAL UNCERTAINLY OVER-REGULATION CHANGING CONSUMER BEHAVIOUR TOP RISK 2020TOP RISK 2018 37% 39% 24% How do you deal with risks arising from emerging technologies ? Identification and assessment of risks prior to adoption of new technologies by the business Identification and assessment of emerging technologies used by the business Analysis and remediation of any insurance coverage gaps
  • 4. Cybersecurity and Data security as top risk again!
  • 5. GDPR :expert’s introduction Ralf Herold Senior Vice President, Corporate Audit BASF Jérôme Avot Group Risk Officer and Data Protection Officer at Faurecia Olivier Micol Head of Data Protection Unit at the European Commission, Directorate- General for Justice
  • 6. GDPR :Expert Talk Olivier Micol Head of Data Protection Unit at the European Commission, Directorate- General for Justice ▪ Key elements of the recent GDPR evaluation report of the European Commission ▪ share the latest data and feedback from companies and civil society ▪ overview of future planned initiatives
  • 7. GDPR :Polling question #1 How would you assess the level of divergence in the enforcement of GDPR regulation by DPA in EU? ❑ High ❑ Medium ❑ Low
  • 8. GDPR :Polling question #2 How do you evaluate your interaction with the DPA in your country? ❑ Very Good ❑ Good ❑ Bad ❑ Very Bad
  • 9. GDPR :Expert Talk ➢ About FAURECIA ➢ Impact of the GDPR on the activities ➢ How to be both DPO and Risk Manager ? ➢ Ongoing challenges ➢ Covid 19 and GDPR Jérôme Avot Group Risk Office and Data Protection Officer, FAURECIA
  • 11. Impact of the GDPR on the activities • While the GDPR was mostly generating fear, uncertainty and doubts before its application in May 2018… the benefits, after more than two years, are widely recognized ! • It forced helped companies to perform a comprehensive inventory of all their data processing activities • … and act on those which were not (fully) compliant (security, data retention, consent…) • It helped to start projects (especially security related) which were not considered as “priority 1”. A new regulation is a good excuse to get budget ☺ • Companies are now taking more care regarding their own sub-contractors (from a legal and practical standpoint) including requirement for certification, audits, … • Most companies are now ready in case of Data Breach, they know how to deal with new “data processing” (privacy by design) and are used to respond to Data Subject Request. • Wider training program to employees regarding data protection contributing to the reinforcement of the overall cyber-security of the company GDPR is a journey, not a destination, but companies have mostly embraced the spirit of GDPR and are moving in the right direction to drastically improve personal data protection.
  • 12. How to be both DPO and Risk Manager ? Being a DPO and Risk Manager is totally compatible… but not all Risk Manager can be DPO and not all DPO could be Risk Manager • The word “Risk” is being mentioned more than 78 times in the official GDPR regulation • Risk Management is one of the pillars of the GDPR Regulation • So who else better than a “Risk Manager” to manage “Personal Data Protection” risk ? • This is not that obvious: • The DPO is usually considered as a “five-legged sheep” : • Need for (even basic) legal knowledge • Need for Information System Security knowledge • Need to be pedagogue, good ability to communicate and train people • Need to have a good internal network and be recognized • Need to be able to assess risks • Not all “Risk Managers” will therefore do the job ☺ • However being both Risk Manager and DPO has many benefits including: • Benefits from “risk oriented” mindset and ensure perfect alignment with Risk Management methodology • Good mix between daily actions as a “DPO” and more medium/long term action as “Risk Manager” • Being able to assess this specific risk at the right level in the overall risk matrix
  • 13. Ongoing challenges ? • Three main ongoing challenges to deal with in the current context: • Ensure continuous GDPR compliance • How to make sure that all new and existing data processing activities are recorded and compliant ? • How to ensure that all changes are being done in compliance with GDPR mindset ? • Spot the weakest link • Security of data is a matter of weakest link and the difficulty is to find out what could be this weakest link leading to a data breach. • How well protected are your test environments ? Does your replicated data are being anonymized ? • Where are your backup stored and how secure they are ? • How well protected is your sub-contractor laptop holding a backup of all your data ? • Deal with the invalidation of the Privacy Shield (since July 2020) • Should we put in place Standard Contractual Clauses (SCCs) or even Binding Corporate Rules (BCRs) ? • Should we start compartmentalizing data in different regions ? (e-mails for instance) • Should we suspend temporarily such transfers until clear guidance is released ?
  • 14. Covid-19 and GPDR During this difficult and complex period, all Europeans DPA are making efforts to provide guidance and assistance to companies on this complex topic… but companies still need to apply GDPR principles and be agile in a fast-paced changing environment ! • Employers have obligations to ensure the health and safety of employees while at work but they also need to ensure compliance with GDPR: A real challenge in this Covid-19 context ! • Health information is classed as “special category of personal data” under GDPR meaning a Data Protection Impact Assessment should be done in order to understand the risks associated with such kind of data processing and… ensure those risks are properly mitigated ! • Typical steps include: • Identify clear needs (“purpose limitation” and “data minimization” principles) for each cases (temperature screening, CCTV, close contacts…) and collect ONLY NECESSARY data • Identity a “Lawful basis of processing” (and forget about consent) • Prepare a “Privacy Policy” (“right to be informed” principle) • Ensure Security and Confidentiality of data (“security” principle) • And… document the measures taken (“accountability” principle)
  • 15. GDPR :Expert Talk ➢ About BASF ➢ Impact of the GDPR on the activities ➢ The role of internal auditors: what has changed? ➢ Ongoing challenges ➢ Covid 19 and GDPR Ralf Herold Senior Vice President, Corporate Audit BASF
  • 16. Facts important to know: Objectives of the EU-GDPR – protection of natural person, and more..! Striving for a balance of all 3 objectives in a common EU-market with same market rules & conditions for all market subjects  protection of personal data is not an absolute right GDPR Recital 1 “protection of natural persons in relation to the processing of personal data Art 1 GDPR & Recital 9 “free flow of personal data throughout the Union” Recital 2 Recital 4 “Economic union, strengthening EU market development” “freedom to conduct business”
  • 17. 17 NationNation Enterprise Enterprise Employee Customer/Vendor 2 3 4 5 6 1 Nation/Government Enterprise/Company 1. Nation/Nation: Contracts & No-Spy 2. Government/Enterprise: Regulatory Business Framework 3. Government/Citizen: Civil Rights/Right to be left alone/Data ownership and disposition rights  National Security & Law Enforcement – “Social Contract: Citizens  Government” 4. Enterprise/Enterprise: Contracts – IP rights – Anti-Trust Regulations 5. Enterprise/Employee: Contracts - Consensus 6. Enterprise/Customer/Vendor: Contracts - Consensus Data Subjects Protection of the Rights of a Natural Person – What Enterprises can do and have to focus on ➢ Enterprises adhere to rules ➢ Can‘t solve political disputes or Nations or Government affairs
  • 18. BASF SE = Main Establishment BASF Group EU-Companies = Group Of Undertakings Lead Supervisory Authority The State Commissioner for Data Protection and the Freedom of Information Rhineland-Palatinate LfDI RLP Data Protection Commissioner by Country Consistency Mechanism BASF applies the One-Stop-Shop Concept (Art. 56 & Art. 60 GDPR) Data Protection @ BASF ➢ by design Europa ➢ de facto Global
  • 22. About FERMA FERMA brings together 22 risk management associations in 21 European countries. They represent nearly 5,000 professional risk managers active in a wide range of business sectors. The Federation of European Risk Management Associations (FERMA) speaks for the risk management profession in Europe. FERMA acts on its behalf at European level and promotes the risk management profession. FERMA provides a risk management perspective on European issues and strengthens the profession through a European risk management certification (rimap). www.ferma.eu
  • 23. About ECIIA ECIIA gives voice to 48.000 Internal Auditors in 34 countries from wider Europe. The European Confederation of Institutes of Internal Auditing (ECIIA) is the voice of internal audit in Europe. Our role is to enhance corporate governance through the promotion of the professional practice of internal auditing. The ECIIA mission is to further the development of good corporate governance and internal audit at the European level, through • Knowledge sharing • Developing key relationships • Impacting the regulatory environment, by dealing with the European Union, its Parliament and the European Authorities.