SlideShare una empresa de Scribd logo

EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. Company needs to know

M
Michele Collu

Click here to watch: https://youtu.be/DKOojjzNvZg

Educación
1 de 33
Descargar para leer sin conexión
May 17, 2018 How to Comply with GDPR Requirements: What every U.S. Company needs to know Preston Clark, J.D. Joseph Lazzarotti, Jason Gavejian & Mary Costigan
Webinar Basics 1 Please ask questions 2 Full presentation will be sent out immediately following event 3 Webinar recording will be sent out next week 4 Post webinar communication plan
LMS Integration HRIS Integration Single Sign On (SSO) Shibboleth About EVERFI 1,500+ 20 Languages
Your Presenters President of EVERFI’s Conduct & Culture division that powers online compliance training programs for over 1,500 organizations worldwide. Preston was formerly Assistant General Counsel for the University of Miami. Preston Clark, J.D. President at EVERFI As a Certified Information Privacy Professional (CIPP), Mr Gavejian focuses on the matrix of laws governing privacy, security, and management of data. He is co-author of, and regular contributor to, the firm’s Privacy Blog. Jason C. Gavejian Principal, Jackson Lewis Advises multinational, national and regional companies on emerging privacy and cybersecurity issues, including best practices and preventive safeguards. Is also a Certified Information Privacy Professional (CIPP) with IAPP. Mary T. Costigan Associate, Jackson Lewis Founder and co-lead of the firm’s Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with International Association of Privacy Professionals (IAPP). Joseph J. Lazzarotti Principal, Jackson Lewis
• Represents management exclusively in every aspect of employment, benefits, labor, and immigration law and related litigation, as well as government relations in NYS & NYC. • Over 800 attorneys in 57 locations nationwide • Current caseload of over 6,500 litigations, approximately 650 class actions. • Founding member of L&E Global. • A leader in educating employers about the laws of equal opportunity, Jackson Lewis understands the importance of having a workforce that reflects the various Communities it serves About Jackson Lewis P.C.
Lawyer’s Disclaimer Jackson Lewis P.C. has prepared the materials contained in this presentation for the participants’ reference and general information in connection with education seminars presented by the firm and its attorneys. Attendees should consult with counsel before taking any actions that could affect their legal rights and should not consider these materials or discussions about these materials to be legal or other advice regarding any specific matter.
WHAT IS “GDPR” AND WHO IS SUBJECT TO IT?
• Adopted on April 14, 2016, by the EU Commission and Parliament • Replaces the 1995 Data Protection Directive (Directive 95/46/EC) • Effective May 25, 2018 • Broader jurisdiction, greater harmonization, increased penalties The General Data Protection Regulation (GDPR)
• Establishment • Offering Goods and Services…Targeting • Monitoring Behavior • Resident v. Citizen Jurisdiction, Territorial Scope
WHAT IS “PERSONAL DATA” UNDER GDPR? IT’S JUST LIKE THE U.S., RIGHT?
• Divergent historical context, purpose • Personal data • Very broad: Any information relating to an identified or identifiable natural person • Sensitive information • Personal information Personal Data v. Personal Information
WHAT DOES IT MEAN TO BE “PROCESSING” DATA?
• Processing Means: • Any operation or set of operations that are: • Performed on personal data or on sets of personal data • Whether on not by automated means • Includes: • Collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction Processing
IF WE’RE SUBJECT TO GDPR, DO WE NEED TO APPOINT A “DPO?”
• Appoint if core activities are: • regular and systematic monitoring of data subjects on a large scale, or • processing special categories of data or data relating to criminal convictions/offenses on a large scale • Union representative v. DPO • More stringent laws in member states Data Protection Officer
WHAT ARE OUR BASIC RESPONSIBILITIES AND OBLIGATIONS?
• Data controller v. data processor • Privacy impact assessment • Notice • Privacy by design • Individual’s rights • Recording processing activities Responsibilties and Obligations
ARE THERE DATA BREACH NOTIFICATION REQUIREMENTS?
• What is a breach • When to report to Supervisory Authority • When to report to affected individuals • Risk of harm exception • Interactions with U.S. breach notification requirements Data Breaches
ANY SPECIAL RULES ON CONSENT?
• Lawful basis • Affirmative • Voluntariness • Bundling consents? Consent
WHAT DO WE NEED TO DO ABOUT DATA SECURITY? ARE THERE ANY SPECIAL REQUIREMENTS?
• No specific framework or technologies required. • Pseudonymization and encryption • Privacy by design • Data processor agreements • Breach detection Data Security
CAN OUR U.S. EMPLOYEES ACCESS PERSONAL DATA OF DATA SUBJECT IN THE EU?
• Lawful basis • “Adequate safeguards” • Privacy Shield • Model contracts • Binding corporate rules Accessing EU Data
WHAT HAPPENS IF WE DO NOT COMPLY?
• Investigatory authority • “Effective, proportionate and dissuasive” • Level 1 fines - up to greater of 10,000,000 EUR or 2% of total worldwide annual turnover. • Level 2 fines - up to greater of 20,000,000 EUR or 4% of total worldwide annual turnover. • Judicial remedies Enforcement
THE FUTURE
• Getting started • Map your data • Assess application and compliance requirements • Prepare employees (training) • Coordinate with U.S. and other jurisdictions • Document your steps Take-Aways
Poll Question How can we support you further?
Thank You! President of EVERFI’s Conduct & Culture division that powers online compliance training programs for over 1,500 organizations worldwide. Preston was formerly Assistant General Counsel for the University of Miami. Preston Clark, J.D. President at EVERFI As a Certified Information Privacy Professional (CIPP), Mr Gavejian focuses on the matrix of laws governing privacy, security, and management of data. He is co-author of, and regular contributor to, the firm’s Privacy Blog. Jason C. Gavejian Principal, Jackson Lewis Advises multinational, national and regional companies on emerging privacy and cybersecurity issues, including best practices and preventive safeguards. Is also a Certified Information Privacy Professional (CIPP) with IAPP. Mary T. Costigan Associate, Jackson Lewis Founder and co-lead of the firm’s Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with International Association of Privacy Professionals (IAPP). Joseph J. Lazzarotti Principal, Jackson Lewis
May 17, 2018 How to Comply with GDPR Requirements: What every U.S. Company needs to know Preston Clark, J.D. Joseph Lazzarotti, Jason Gavejian, & Mary Costigan
END

Recomendados

A4 presentation
A4 presentationA4 presentation
A4 presentation
Sunny Sandhu
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
Tom Walker
 
A4 digital privacy
A4 digital privacyA4 digital privacy
A4 digital privacy
Jimmycart1
 
Legal ethics online
Legal ethics onlineLegal ethics online
Legal ethics online
drakowski
 
Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection compliance
Secure Channels Inc.
 
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
LexisNexis
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
David Cunningham
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 

Recomendados

A4 presentation
A4 presentationA4 presentation
A4 presentation
Sunny Sandhu
 
Hivos and Responsible Data
Hivos and Responsible DataHivos and Responsible Data
Hivos and Responsible Data
Tom Walker
 
A4 digital privacy
A4 digital privacyA4 digital privacy
A4 digital privacy
Jimmycart1
 
Legal ethics online
Legal ethics onlineLegal ethics online
Legal ethics online
drakowski
 
Secure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection complianceSecure channels inc. basic rules for data protection compliance
Secure channels inc. basic rules for data protection compliance
Secure Channels Inc.
 
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
December CLE webinar "2017 Legislative Preview: An Early Look at Opportunitie...
LexisNexis
 
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
Lit con 2009 collaborate to mitigate panel - facilitated by dave cunningham...
David Cunningham
 
Working with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security StrategiesWorking with Law Enforcement on Cyber Security Strategies
Working with Law Enforcement on Cyber Security Strategies
Meg Weber
 
September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
September CLE webinar: "Thorny Ethics Issues You Can't Ignore" September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
LexisNexis
 
Gdpr workshop module_1
Gdpr workshop module_1Gdpr workshop module_1
Gdpr workshop module_1
S Sid Ahmed
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability Insurance
Graeme Newman
 
The Evolving Landscape of Collaborative Law Ethics
The Evolving Landscape of Collaborative Law EthicsThe Evolving Landscape of Collaborative Law Ethics
The Evolving Landscape of Collaborative Law Ethics
Jeffrey Fink
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
ghghghghgh
 
Donors, Data Privacy & Security, and Doing What’s “Right”
Donors, Data Privacy & Security, and Doing What’s “Right”Donors, Data Privacy & Security, and Doing What’s “Right”
Donors, Data Privacy & Security, and Doing What’s “Right”
Bloomerang
 
Developing a Social Media Policy
Developing a Social Media PolicyDeveloping a Social Media Policy
Developing a Social Media Policy
Eric Schwartzman
 
Baringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
Baringa Partners GDPR / EU-US Privacy Shield Roundtable DiscussionBaringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
Baringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
Jon Kumar
 
GDPR
GDPR GDPR
GDPR
Jon Kumar
 
Mitre: People in Progress
Mitre: People in ProgressMitre: People in Progress
Mitre: People in Progress
SoCo Partners
 
The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
MaRS Discovery District
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Iron Mountain
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and Retention
InfoGoTo
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
EMMAIntl
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Privacera
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
Piwik PRO
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
Dovetail Software
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
CIOWomenMagazine
 

Más contenido relacionado

La actualidad más candente

Developing a Social Media Policy
Developing a Social Media PolicyDeveloping a Social Media Policy
Developing a Social Media Policy
Eric Schwartzman
 
Mitre: People in Progress
Mitre: People in ProgressMitre: People in Progress
Mitre: People in Progress
SoCo Partners
 

La actualidad más candente (10)

September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
September CLE webinar: "Thorny Ethics Issues You Can't Ignore" September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
September CLE webinar: "Thorny Ethics Issues You Can't Ignore"
 
Gdpr workshop module_1
Gdpr workshop module_1Gdpr workshop module_1
Gdpr workshop module_1
 
Cyber Liability Insurance
Cyber Liability InsuranceCyber Liability Insurance
Cyber Liability Insurance
 
The Evolving Landscape of Collaborative Law Ethics
The Evolving Landscape of Collaborative Law EthicsThe Evolving Landscape of Collaborative Law Ethics
The Evolving Landscape of Collaborative Law Ethics
 
Chapter 4
Chapter 4Chapter 4
Chapter 4
 
Donors, Data Privacy & Security, and Doing What’s “Right”
Donors, Data Privacy & Security, and Doing What’s “Right”Donors, Data Privacy & Security, and Doing What’s “Right”
Donors, Data Privacy & Security, and Doing What’s “Right”
 
Developing a Social Media Policy
Developing a Social Media PolicyDeveloping a Social Media Policy
Developing a Social Media Policy
 
Baringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
Baringa Partners GDPR / EU-US Privacy Shield Roundtable DiscussionBaringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
Baringa Partners GDPR / EU-US Privacy Shield Roundtable Discussion
 
GDPR
GDPR GDPR
GDPR
 
Mitre: People in Progress
Mitre: People in ProgressMitre: People in Progress
Mitre: People in Progress
 

Similar a EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. Company needs to know

2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
Exterro
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Privacera
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
PECB
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
Financial Poise
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Financial Poise
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
VITNetflix
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
MSpadea
 
Ark presentation
Ark presentationArk presentation
Ark presentation
brentcarey
 

Similar a EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. Company needs to know (20)

The Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best PracticesThe Start-Up’s Guide to Privacy - MaRS Best Practices
The Start-Up’s Guide to Privacy - MaRS Best Practices
 
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...Build Your Foundation: Strategies and Tools for Managing Retention and Person...
Build Your Foundation: Strategies and Tools for Managing Retention and Person...
 
Bridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and RetentionBridging the Gap Between Privacy and Retention
Bridging the Gap Between Privacy and Retention
 
2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery2 7-2013-big data and e-discovery
2 7-2013-big data and e-discovery
 
GDPR in the Healthcare Industry
GDPR in the Healthcare IndustryGDPR in the Healthcare Industry
GDPR in the Healthcare Industry
 
Closing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service AnalyticsClosing the Governance Gap - Enabling Governed Self-Service Analytics
Closing the Governance Gap - Enabling Governed Self-Service Analytics
 
Web Analytics and Privacy
Web Analytics and Privacy Web Analytics and Privacy
Web Analytics and Privacy
 
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
GDPR and Data Protection: Ensure compliance and minimize the risk of penaltie...
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
Introduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and RequirementsIntroduction to US Privacy and Data Security: Regulations and Requirements
Introduction to US Privacy and Data Security: Regulations and Requirements
 
#HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance #HR and #GDPR: Preparing for 2018 Compliance
#HR and #GDPR: Preparing for 2018 Compliance
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Scotland legal update 25 sept
Scotland legal update 25 septScotland legal update 25 sept
Scotland legal update 25 sept
 
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...Introduction to US Privacy and Data Security Regulations and Requirements (Se...
Introduction to US Privacy and Data Security Regulations and Requirements (Se...
 
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
2014 NCSAM - Data Security and Compliance—What You Need to Know.pptx
 
Towards data responsibility - how to put ideals into action
Towards data responsibility - how to put ideals into actionTowards data responsibility - how to put ideals into action
Towards data responsibility - how to put ideals into action
 
MRS Roadshow 2019
MRS Roadshow 2019MRS Roadshow 2019
MRS Roadshow 2019
 
7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance7 Key GDPR Requirements & the Role of Data Governance
7 Key GDPR Requirements & the Role of Data Governance
 
Implementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy ProgramImplementing And Managing A Multinational Privacy Program
Implementing And Managing A Multinational Privacy Program
 
Ark presentation
Ark presentationArk presentation
Ark presentation
 

Más de Michele Collu

EVERFI Webinar: Are We in Oz?
EVERFI Webinar: Are We in Oz? EVERFI Webinar: Are We in Oz?
EVERFI Webinar: Are We in Oz?
Michele Collu
 

Más de Michele Collu (20)

EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance PostureEVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
EVERFI/SEI Webinar: Implementing a Competitive GDPR Compliance Posture
 
EVERFI: How To Build a Global Harassment Prevention Strategy
EVERFI: How To Build a Global Harassment Prevention StrategyEVERFI: How To Build a Global Harassment Prevention Strategy
EVERFI: How To Build a Global Harassment Prevention Strategy
 
Webinar: Voices of courage-- college students speak from the frontlines of se...
Webinar: Voices of courage-- college students speak from the frontlines of se...Webinar: Voices of courage-- college students speak from the frontlines of se...
Webinar: Voices of courage-- college students speak from the frontlines of se...
 
EVERFI/JL Webinar: New Sexual Harassment Training Mandates in New York
EVERFI/JL Webinar: New Sexual Harassment Training Mandates in New YorkEVERFI/JL Webinar: New Sexual Harassment Training Mandates in New York
EVERFI/JL Webinar: New Sexual Harassment Training Mandates in New York
 
EVERFI Webinar: Ten years of impact engaging undergraduates in sexual assaul...
EVERFI Webinar: Ten years of impact engaging undergraduates in sexual assaul...EVERFI Webinar: Ten years of impact engaging undergraduates in sexual assaul...
EVERFI Webinar: Ten years of impact engaging undergraduates in sexual assaul...
 
EVERFI/Jackson Lewis: NCAA Compliance: Raising the Bar to Prevent Sexual Assault
EVERFI/Jackson Lewis: NCAA Compliance: Raising the Bar to Prevent Sexual AssaultEVERFI/Jackson Lewis: NCAA Compliance: Raising the Bar to Prevent Sexual Assault
EVERFI/Jackson Lewis: NCAA Compliance: Raising the Bar to Prevent Sexual Assault
 
EVERFI: Ongoing Alcohol Prevention Education
EVERFI: Ongoing Alcohol Prevention EducationEVERFI: Ongoing Alcohol Prevention Education
EVERFI: Ongoing Alcohol Prevention Education
 
EVERFI: The Future of Workplace Harassment Prevention
EVERFI: The Future of Workplace Harassment PreventionEVERFI: The Future of Workplace Harassment Prevention
EVERFI: The Future of Workplace Harassment Prevention
 
EVERFI: The Future of Harassment Prevention in Higher Ed
EVERFI: The Future of Harassment Prevention in Higher EdEVERFI: The Future of Harassment Prevention in Higher Ed
EVERFI: The Future of Harassment Prevention in Higher Ed
 
EVERFI: Beyond Freshman Year: Engaging Students in Ongoing Sexual Violence Pr...
EVERFI: Beyond Freshman Year: Engaging Students in Ongoing Sexual Violence Pr...EVERFI: Beyond Freshman Year: Engaging Students in Ongoing Sexual Violence Pr...
EVERFI: Beyond Freshman Year: Engaging Students in Ongoing Sexual Violence Pr...
 
EVERFI: Understanding the Impact of State Marijuana Laws on Campus Prevention
EVERFI: Understanding the Impact of State Marijuana Laws on Campus PreventionEVERFI: Understanding the Impact of State Marijuana Laws on Campus Prevention
EVERFI: Understanding the Impact of State Marijuana Laws on Campus Prevention
 
EVERFI: Addressing Dating & Domestic Violence in the Digital Age
EVERFI: Addressing Dating & Domestic Violence in the Digital AgeEVERFI: Addressing Dating & Domestic Violence in the Digital Age
EVERFI: Addressing Dating & Domestic Violence in the Digital Age
 
EVERFI Webinar: NCAA Policy (Replay)
EVERFI Webinar: NCAA Policy (Replay)EVERFI Webinar: NCAA Policy (Replay)
EVERFI Webinar: NCAA Policy (Replay)
 
How to Comply with the NCAA's New Sexual Assault Training Policy
How to Comply with the NCAA's New Sexual Assault Training PolicyHow to Comply with the NCAA's New Sexual Assault Training Policy
How to Comply with the NCAA's New Sexual Assault Training Policy
 
EVERFI Webinar: Adapting sexual assault prevention to reach diverse students
EVERFI Webinar: Adapting sexual assault prevention to reach diverse studentsEVERFI Webinar: Adapting sexual assault prevention to reach diverse students
EVERFI Webinar: Adapting sexual assault prevention to reach diverse students
 
EVERFI Webinar: Evidence Based Prescription Drugs Program
EVERFI Webinar: Evidence Based Prescription Drugs ProgramEVERFI Webinar: Evidence Based Prescription Drugs Program
EVERFI Webinar: Evidence Based Prescription Drugs Program
 
EVERFI Webinar: Are We in Oz?
EVERFI Webinar: Are We in Oz? EVERFI Webinar: Are We in Oz?
EVERFI Webinar: Are We in Oz?
 
EVERFI webinar: Why We Need a Paradigm Shift in the College Student Drinking ...
EVERFI webinar: Why We Need a Paradigm Shift in the College Student Drinking ...EVERFI webinar: Why We Need a Paradigm Shift in the College Student Drinking ...
EVERFI webinar: Why We Need a Paradigm Shift in the College Student Drinking ...
 
EVERFI Webinar: From Paper to Action: Using a Code of Conduct Effectively
EVERFI Webinar: From Paper to Action: Using a Code of Conduct EffectivelyEVERFI Webinar: From Paper to Action: Using a Code of Conduct Effectively
EVERFI Webinar: From Paper to Action: Using a Code of Conduct Effectively
 
EVERFI Webinar: The Dear Colleague Letter Si Years Hence
EVERFI Webinar: The Dear Colleague Letter Si Years HenceEVERFI Webinar: The Dear Colleague Letter Si Years Hence
EVERFI Webinar: The Dear Colleague Letter Si Years Hence
 

Último

Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
PECB
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
SanaAli374401
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
ciinovamais
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
MateoGardella
 

Último (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
PROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docxPROCESS RECORDING FORMAT.docx
PROCESS RECORDING FORMAT.docx
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024Mehran University Newsletter Vol-X, Issue-I, 2024
Mehran University Newsletter Vol-X, Issue-I, 2024
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
Beyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global ImpactBeyond the EU: DORA and NIS 2 Directive's Global Impact
Beyond the EU: DORA and NIS 2 Directive's Global Impact
 
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
Ecological Succession. ( ECOSYSTEM, B. Pharmacy, 1st Year, Sem-II, Environmen...
 
An Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdfAn Overview of Mutual Funds Bcom Project.pdf
An Overview of Mutual Funds Bcom Project.pdf
 
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
SECOND SEMESTER TOPIC COVERAGE SY 2023-2024 Trends, Networks, and Critical Th...
 
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
Explore beautiful and ugly buildings. Mathematics helps us create beautiful d...
 
APM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across SectorsAPM Welcome, APM North West Network Conference, Synergies Across Sectors
APM Welcome, APM North West Network Conference, Synergies Across Sectors
 
Activity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdfActivity 01 - Artificial Culture (1).pdf
Activity 01 - Artificial Culture (1).pdf
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.Gardella_Mateo_IntellectualProperty.pdf.
Gardella_Mateo_IntellectualProperty.pdf.
 
Web & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdfWeb & Social Media Analytics Previous Year Question Paper.pdf
Web & Social Media Analytics Previous Year Question Paper.pdf
 
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin ClassesMixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
Mixin Classes in Odoo 17 How to Extend Models Using Mixin Classes
 
Advance Mobile Application Development class 07
Advance Mobile Application Development class 07Advance Mobile Application Development class 07
Advance Mobile Application Development class 07
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 

EVERFI/Jackson Lewis: How to Comply with GDPR Requirements: What every U.S. Company needs to know

  • 1. May 17, 2018 How to Comply with GDPR Requirements: What every U.S. Company needs to know Preston Clark, J.D. Joseph Lazzarotti, Jason Gavejian & Mary Costigan
  • 2. Webinar Basics 1 Please ask questions 2 Full presentation will be sent out immediately following event 3 Webinar recording will be sent out next week 4 Post webinar communication plan
  • 4. Your Presenters President of EVERFI’s Conduct & Culture division that powers online compliance training programs for over 1,500 organizations worldwide. Preston was formerly Assistant General Counsel for the University of Miami. Preston Clark, J.D. President at EVERFI As a Certified Information Privacy Professional (CIPP), Mr Gavejian focuses on the matrix of laws governing privacy, security, and management of data. He is co-author of, and regular contributor to, the firm’s Privacy Blog. Jason C. Gavejian Principal, Jackson Lewis Advises multinational, national and regional companies on emerging privacy and cybersecurity issues, including best practices and preventive safeguards. Is also a Certified Information Privacy Professional (CIPP) with IAPP. Mary T. Costigan Associate, Jackson Lewis Founder and co-lead of the firm’s Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with International Association of Privacy Professionals (IAPP). Joseph J. Lazzarotti Principal, Jackson Lewis
  • 5. • Represents management exclusively in every aspect of employment, benefits, labor, and immigration law and related litigation, as well as government relations in NYS & NYC. • Over 800 attorneys in 57 locations nationwide • Current caseload of over 6,500 litigations, approximately 650 class actions. • Founding member of L&E Global. • A leader in educating employers about the laws of equal opportunity, Jackson Lewis understands the importance of having a workforce that reflects the various Communities it serves About Jackson Lewis P.C.
  • 6. Lawyer’s Disclaimer Jackson Lewis P.C. has prepared the materials contained in this presentation for the participants’ reference and general information in connection with education seminars presented by the firm and its attorneys. Attendees should consult with counsel before taking any actions that could affect their legal rights and should not consider these materials or discussions about these materials to be legal or other advice regarding any specific matter.
  • 7. WHAT IS “GDPR” AND WHO IS SUBJECT TO IT?
  • 8. • Adopted on April 14, 2016, by the EU Commission and Parliament • Replaces the 1995 Data Protection Directive (Directive 95/46/EC) • Effective May 25, 2018 • Broader jurisdiction, greater harmonization, increased penalties The General Data Protection Regulation (GDPR)
  • 9. • Establishment • Offering Goods and Services…Targeting • Monitoring Behavior • Resident v. Citizen Jurisdiction, Territorial Scope
  • 10. WHAT IS “PERSONAL DATA” UNDER GDPR? IT’S JUST LIKE THE U.S., RIGHT?
  • 11. • Divergent historical context, purpose • Personal data • Very broad: Any information relating to an identified or identifiable natural person • Sensitive information • Personal information Personal Data v. Personal Information
  • 12. WHAT DOES IT MEAN TO BE “PROCESSING” DATA?
  • 13. • Processing Means: • Any operation or set of operations that are: • Performed on personal data or on sets of personal data • Whether on not by automated means • Includes: • Collection, recording, organization, structuring, storage, adaption or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction Processing
  • 14. IF WE’RE SUBJECT TO GDPR, DO WE NEED TO APPOINT A “DPO?”
  • 15. • Appoint if core activities are: • regular and systematic monitoring of data subjects on a large scale, or • processing special categories of data or data relating to criminal convictions/offenses on a large scale • Union representative v. DPO • More stringent laws in member states Data Protection Officer
  • 16. WHAT ARE OUR BASIC RESPONSIBILITIES AND OBLIGATIONS?
  • 17. • Data controller v. data processor • Privacy impact assessment • Notice • Privacy by design • Individual’s rights • Recording processing activities Responsibilties and Obligations
  • 18. ARE THERE DATA BREACH NOTIFICATION REQUIREMENTS?
  • 19. • What is a breach • When to report to Supervisory Authority • When to report to affected individuals • Risk of harm exception • Interactions with U.S. breach notification requirements Data Breaches
  • 20. ANY SPECIAL RULES ON CONSENT?
  • 21. • Lawful basis • Affirmative • Voluntariness • Bundling consents? Consent
  • 22. WHAT DO WE NEED TO DO ABOUT DATA SECURITY? ARE THERE ANY SPECIAL REQUIREMENTS?
  • 23. • No specific framework or technologies required. • Pseudonymization and encryption • Privacy by design • Data processor agreements • Breach detection Data Security
  • 24. CAN OUR U.S. EMPLOYEES ACCESS PERSONAL DATA OF DATA SUBJECT IN THE EU?
  • 25. • Lawful basis • “Adequate safeguards” • Privacy Shield • Model contracts • Binding corporate rules Accessing EU Data
  • 26. WHAT HAPPENS IF WE DO NOT COMPLY?
  • 27. • Investigatory authority • “Effective, proportionate and dissuasive” • Level 1 fines - up to greater of 10,000,000 EUR or 2% of total worldwide annual turnover. • Level 2 fines - up to greater of 20,000,000 EUR or 4% of total worldwide annual turnover. • Judicial remedies Enforcement
  • 29. • Getting started • Map your data • Assess application and compliance requirements • Prepare employees (training) • Coordinate with U.S. and other jurisdictions • Document your steps Take-Aways
  • 30. Poll Question How can we support you further?
  • 31. Thank You! President of EVERFI’s Conduct & Culture division that powers online compliance training programs for over 1,500 organizations worldwide. Preston was formerly Assistant General Counsel for the University of Miami. Preston Clark, J.D. President at EVERFI As a Certified Information Privacy Professional (CIPP), Mr Gavejian focuses on the matrix of laws governing privacy, security, and management of data. He is co-author of, and regular contributor to, the firm’s Privacy Blog. Jason C. Gavejian Principal, Jackson Lewis Advises multinational, national and regional companies on emerging privacy and cybersecurity issues, including best practices and preventive safeguards. Is also a Certified Information Privacy Professional (CIPP) with IAPP. Mary T. Costigan Associate, Jackson Lewis Founder and co-lead of the firm’s Privacy, e-Communication and Data Security Practice, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with International Association of Privacy Professionals (IAPP). Joseph J. Lazzarotti Principal, Jackson Lewis
  • 32. May 17, 2018 How to Comply with GDPR Requirements: What every U.S. Company needs to know Preston Clark, J.D. Joseph Lazzarotti, Jason Gavejian, & Mary Costigan
  • 33. END