SlideShare una empresa de Scribd logo

General Data Protection Regulation for Auditors 5 of 10

Jim Kaplan CIA CFE
Jim Kaplan CIA CFE

Protecting personal data has been an important issue for many years. The EU GDPR extends the data rights of individuals, and requires organizations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organizational measures. UK organizations have had to comply with the Regulation since 25 May 2018, or potentially face fines of up to 4% of annual turnover or €20 million – whichever is greater. Learning Outcomes: This 10 webinar series is intended to elicit a clear understanding of the core elements of the GDPR, with the ability to gain a deeper understanding by asking the trainer questions during the training. It covers how each aspect of the Regulation can be translated into implementation actions in your organization and the auditor’s role. Webinar 5 • Certification against GDPR • The powers of supervisory authorities • Lead supervisory authorities • The role of the European Data Protection Board (EDPB)

Empresariales
1 de 19
Descargar para leer sin conexión
5/19/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 5 GDPR Certification About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
5/19/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,100 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
5/19/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
5/19/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 7 TODAY’S AGENDA Page 8 Certification against GDPR The powers of supervisory authorities The role of the European Data Protection Board (EDPB) Lead supervisory authorities 7 8
5/19/2020 5 HOW DOES GDPR APPLY TO US-BASED ENTITIES?  Established in the EU (activity through stable arrangements (i.e., office / EE’s)).  Offer goods or services to EU residents (does not have to be a financial transaction)  Monitor the behavior of EU residents.  Company must show intent to draw EU data subjects as “customers”  Company website or access to Company email address or contact information (by itself) is not enough. GDPR AND THE US PRIVACY SHIELD GDPR “biggest shake-up of data privacy regulations since the birth of the web” European Commission “We expect all companies to fully comply with the General Data Protection Regulation” EU data protection authorities will watch over their correct application Privacy Shield a US jump-start on fulfilling the requirements of GDPR Privacy Shield provides for the European Commission to conduct periodic reviews in order to assess the level of protection provided by the Privacy Shield 9 10
5/19/2020 6 PRIVACY SHIELD Privacy Shield was introduced in 2016 • Commerce Department’s International Trade Administration Voluntary (GDPR is not) U.S.-based organization is required to self-certify to the Department of Commerce Publicly commit to comply with the Framework’s requirements U.S. companies cannot simply rely on the Privacy Shield Framework to satisfy the EU on data privacy • Alexander Stern Alternative • Form a new company that handles all operations within the EU but nowhere else PRIVACY SHIELD ADVANTAGES Provides a legal basis for the transfer of EU citizens’ personal data to and from the U.S. Many of the certification requirements under Privacy Shield match GDPR requirements although not total compliance On top of Privacy Shield you may need to complete all the GDPR privacy requirements In general, you can't GDPR self-certify with the Privacy Shield Only organizations subject to the enforcement authority of the Federal Trade Commission or the Department of Transportation are eligible to participate Should only be bad news for those companies that buy and trade in user data, or those companies that consistently fail to protect personal data 11 12
5/19/2020 7 PROPOSED CHANGES “Privacy Shield works well, but there is some room for improving its implementation” (first review)  More proactive and frequent monitoring by the Department of Commerce of self-certified companies  During the first year of implementation, only three enforcement actions were reported  Increased attention to making EU data subjects aware of how to exercise their rights under the Privacy Shield, including how to lodge complaints PROPOSED CHANGES  Increased cooperation between the Department of Commerce, the Federal Trade Commission, and the EU Data Protection Authorities (DPAs)  Federal legislation to make permanent the protection for non- Americans offered by Presidential Policy Directive 28 (PPD-28)  PPD-28 is an Obama-era limitation on the collection of signals intelligence that requires appropriate safeguards for all personal information, regardless of whether they are U.S. or foreign  The appointment of a permanent Privacy Shield Ombudsman at the U.S. State  The filling of 4 vacancies on the Privacy and Civil Liberties Oversight Board (PCLOB) (now completed) 13 14
5/19/2020 8 2019 REVIEW  “As regards the commercial aspects, the absence of substantial checks remains a concern of the EDPB”  “As regards the collection of data by public authorities, the EDPB can only encourage the PCLOB to issue and publish further reports”  “The EDPB is still not in a position to conclude that the Ombudsperson is vested with sufficient powers to access information and to remedy non-compliance. Thus, it still cannot state that the Ombudsperson can be considered an “effective remedy before a tribunal” in the meaning of Art.47 of the EU Charter of Fundamental Rights” EU REGULATORS Local data protection authorities, (supervisory authorities) will continue to exist Have to co-operate with each other and the European Commission Roles  Appointment of supervisory authorities  Competence, tasks and powers  Co-operation and consistency between supervisory authorities  European Data Protection Board 15 16
5/19/2020 9 CERTIFYING FOR GDPR Particularly relevant in the context of cloud computing and other forms of multi-tenancy services GDPR makes provision for the approval of codes of conduct (“Codes”) and the accreditation of certifications, seals and marks GDPR certification is voluntary, as explicitly provided in Article 42(3) of the GDPR BUT  If a controller or processor applies to an accredited certification body for certification and successfully goes through the certification process, there is a contractual relationship (certification agreement) established between the certification body and the controller/processor EDPB The EDPB (European Data Protection Board) has the status of an EU body  Legal personality  Extensive powers to determine disputes between national supervisory authorities  Give advice and guidance  Approve EU-wide codes and certification 17 18
5/19/2020 10 CERTIFYING FOR GDPR What is certified under the data protection certification mechanisms • Processing activities Data Protection Officers are not included in the scope of Article 42 Products and systems cannot be certified as such for being GDPR compliant, but they are part of the evaluation for awarding the certification for data-processing activities Once a controller/processor has its processing certified under a data protection certification mechanism, there is still no presumption of conformity with the legal obligations Assessment by the certifying body not a definite assessment of compliance with the GDPR THE POWERS OF SUPERVISORY AUTHORITIES Independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation  Guidelines  Recommendations  Best practices  Opinions  Binding decisions Enforcement lies with the EEA SAs EDPB normally decides matters by a simple majority, but rules of procedure and binding decisions (in the first instance) are to be determined by a two-thirds majority 19 20
5/19/2020 11 Graduated approach - up to 4% worldwide turnover maximum. Due regard is to be given to: the nature, gravity and duration of the infringement; the intentional character of the infringement; degree of responsibility (e.g. data protection by design or by default) or any relevant previous infringements; cooperation with the supervisory authority (and the manner in which supervisory authority learned of infringement); categories of personal data affected; other aggravating or mitigating factors (e.g. financial benefits, etc.) Deceber 22, 2015 6 SIZE OF FINES EDPB CONSISTENCY OPINIONS Most distinctive new role is to conciliate and determine disputes between national supervisory authorities Between May 25, 2018, and December 31, 2019, the EDPB adopted consistency opinions, including: • 31 opinions regarding the national lists of processing subject to a data protection impact assessment (DPIA); • Two positive opinions on Binding Corporate Rules (“BCRs”), while more than 40 BCRs are in the pipeline for approval, half of which could be expected to be approved by the end of 2020; • Two opinions on the draft accreditation requirements for a code of conduct monitoring body pursuant to Article 41 of the GDPR; and • One opinion on draft SCCs between data controllers and data processors according to Article 28(8) of the GDPR. 21 22
5/19/2020 12 ENFORCEMENT AT THE NATIONAL LEVEL In its first year  Approximately 275,557 complaints  785 administrative fines  160,040 personal data breaches notified Updated its Binding Corporate Rules referrentials for controllers and processors in light of the GDPR  3 positive Opinions on national decisions approving BCRs while more than 40 BCRs are in the pipeline Codes of Conduct and Certification  Currently preparing guidelines Legally binding instruments and administrative arrangements,  Preparing guidelines for public authorities and bodies wishing to transfer personal data to public entities outside the EEA ONE-STOP SHOP The ‘one-stop-shop’ concept  where a business is established in more than one Member State, it will have a ‘lead authority’,  determined by the place of its ‘main establishment’ in the EU  A supervisory authority which is not a lead authority may also have a regulatory role  where processing impacts on data subjects in the country of that supervisory authority 23 24
5/19/2020 13 LEAD SUPERVISORY AUTHORITIES Lead Supervisory Authority is the main data protection regulator and the entity that has primary responsibility for dealing with cross-border data processing Single point of contact One-stop shop for all matters related to GDPR In year one:  1,346 procedures were initiated to identify the lead DPA and the concerned DPAs  807 cross-border cases registered  Lead DPAs issued 141 draft decisions to the concerned DPAs USA AND SUPERVISORY AUTHORITIES Supervisory Authority is the entity that must be notified in the event of a breach of personal data of data subjects Lead Supervisory Authority is the main data protection regulator and the entity that has primary responsibility for dealing with cross-border data processing Companies that operate in multiple EU member states, the lead supervisory authority would normally be the supervisory authority in the country where the company’s headquarters is or where its main business location is in the EU 25 26
5/19/2020 14 THE USA A U.S. company that does not have a base in an EU member state has a problem. If it does not have a base in an EU member state where data procession decisions are made, it will not benefit from the one-stop-shop mechanism Even if a company has a representative in an EU member state Company must deal with the supervisory authority in every member state where the company is active There would not be any lead supervisory authority May revert to the Privacy Shield REMEMBER GDPR creates direct obligations and liability for processors, including those based in the U.S Rebalances obligations between companies requesting services (controllers) and companies offering services (processors) Information such as log-in information, IP addresses, and vehicle identification numbers, though not enabling direct identification of individuals, allow for identification of individuals indirectly and are therefore considered to be personal data Effectively, most services and/or projects will be considered to involve processing of personal data Article 48 of the GDPR could impede a company’s ability to comply with the U.S. legal process requiring the production of EU personal data 27 28
5/19/2020 15 CONTROLLERS VS PROCESSORS Controller, acting alone or together with others, “determines the purposes and means of the processing of personal data.” Processor, on the other hand, “processes personal data on behalf of the controller Controller or Processor that maintains an “establishment” in the EU will be subject to the GDPR if it processes personal data “in the context of” that EU establishment, regardless of whether the processing actually takes place in the EU Controller or Processor not established in the EU will be subject to the GDPR “where the processing activities are related to offering goods or services to data subjects in the Union,” even when the goods and services are offered for free CONTROLLERS VS PROCESSORS Controller or Processor not established in the EU will be subject to the GDPR if it processes the personal data of data subjects in the EU and that processing is related to the “monitoring” in the EU of the “behavior” of data subjects as their behavior takes place within the EU In the event of a data breach, the controller must notify the supervisory authority “without undue delay” and within 72 hours of discovering the breach, where feasible • Reasoned justification in case breach is not notified within 72 hours • Data subjects shall be notified without undue delay if the breach is likely to result in a high risk for the rights and freedoms of individuals to allow them to take the necessary precautions • Communication to the data subject is not required in certain cases   29 30
5/19/2020 16  Direct claims: data subject can lodge a complaint directly against a Processor (administrative as well as judicial).  Qualified liability: A Processor shall be liable for the damage caused by the processing only where it has not complied with obligations of this Regulation specifically directed to Processors or acted outside or contrary to lawful instructions of the Controller.  Burden of proof: A Controller or Processor shall be exempted from liability if it proves that it is not in any way responsible for the event giving rise to the damage.  Liable for sub-processors: Where that other Processor fails to fulfill its data protection obligations, the initial Processor shall remain fully liable to the Controller for the performance of that other processor's obligations. 18 LIABILITIES 18 RIGHTS AGAINST CONTROLLERS AND PROCESSORS The right to lodge a complaint with supervisory authorities where their data have been processed in a way that does not comply with the GDPR The right to an effective judicial remedy where a competent supervisory authority fails to deal properly with a complaint; The right to an effective judicial remedy against a relevant controller or processor; The right to compensation from a relevant controller or processor for material or immaterial damage resulting from infringement of the GDPR 31 32
5/19/2020 17 18 RIGHTS AGAINST CONTROLLERS AND PROCESSORS Both natural and legal persons have the right of appeal to national courts against a legally binding decision concerning them made by a supervisory authority Individuals can bring claims for non-pecuniary loss, not just for compensation The potential for group actions to be brought is facilitated Judicial remedies and liability for compensation extend to both data controllers and data processors who infringe the Regulation 18 ACTIONS FOR CONTROLLERS AND PROCESSORS Controllers and their processors should ensure that data processing agreements and contract management arrangements clearly specify: the scope of the processor’s responsibilities the agreed mechanisms for resolving disputes regarding respective liabilities to settle compensation claims The agreed process for reporting to other controllers or processors that are involved in the same processing, any relevant compliance breaches and any complaints or claims received from relevant data subjects 33 34
5/19/2020 18 REPRESENTATIVE BODIES The GDPR entitles representative bodies, acting on behalf of data subjects, to lodge complaints with supervisory authorities and seek judicial remedies against a decision of a supervisory authority or against data controllers or processors The provision applies to any representative body that is: a not-for-profit body, organization or association; properly constituted according to Member State law; with statutory objectives that are in the public interest; active in the field of data protection QUESTIONS? Any Questions? Don’t be Shy! 35 36
5/19/2020 19 AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week THANK YOU! Page 38 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 37 38

Recomendados

Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 

Recomendados

Focused agile audit planning using analytics
Focused agile audit planning using analyticsFocused agile audit planning using analytics
Focused agile audit planning using analyticsJim Kaplan CIA CFE
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationImplementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection RegulationJim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 Jim Kaplan CIA CFE
 
How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel How to get auditors performing basic analytics using excel
How to get auditors performing basic analytics using excel Jim Kaplan CIA CFE
 
When is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudWhen is a Duplicate not a Duplicate? Detecting Errors and Fraud
When is a Duplicate not a Duplicate? Detecting Errors and FraudJim Kaplan CIA CFE
 
How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides How to detect fraud like a pro detective slides
How to detect fraud like a pro detective slides Jim Kaplan CIA CFE
 
CyberSecurity Update Slides
CyberSecurity Update SlidesCyberSecurity Update Slides
CyberSecurity Update SlidesJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Implementing and Auditing GDPR Series (8 of 10)
Implementing and Auditing GDPR Series (8 of 10) Jim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliersJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditorsJim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
It42015 slides
It42015 slidesIt42015 slides
It42015 slidesJim Kaplan CIA CFE
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
It32015 slides
It32015 slidesIt32015 slides
It32015 slidesJim Kaplan CIA CFE
 
It52015 slides
It52015 slidesIt52015 slides
It52015 slidesJim Kaplan CIA CFE
 
Employee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective OnboardingEmployee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective OnboardingMonster
 
Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 

Más contenido relacionado

La actualidad más candente

How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingJim Kaplan CIA CFE
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services Jim Kaplan CIA CFE
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) Jim Kaplan CIA CFE
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program Jim Kaplan CIA CFE
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Jim Kaplan CIA CFE
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal AuditorJim Kaplan CIA CFE
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Jim Kaplan CIA CFE
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsJim Kaplan CIA CFE
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldJim Kaplan CIA CFE
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsJim Kaplan CIA CFE
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018Human Capital Department
 
Employee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective OnboardingEmployee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective OnboardingMonster
 

La actualidad más candente (20)

How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of samplingHow analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
Tracking down outliers
Tracking down outliersTracking down outliers
Tracking down outliers
 
Agile auditing for financial services
Agile auditing for financial services Agile auditing for financial services
Agile auditing for financial services
 
mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10) mplementing and Auditing GDPR Series (10 of 10)
mplementing and Auditing GDPR Series (10 of 10)
 
How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program How to use ai apps to unleash the power of your audit program
How to use ai apps to unleash the power of your audit program
 
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
Touchstone Research for Internal Audit 2020 – A Look at the Now and Tomorrow ...
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
Ethics and the Internal Auditor
Ethics and the Internal AuditorEthics and the Internal Auditor
Ethics and the Internal Auditor
 
Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?Is Your Audit Department Highly Effective?
Is Your Audit Department Highly Effective?
 
Ethics for internal auditors
Ethics for internal auditorsEthics for internal auditors
Ethics for internal auditors
 
Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10) Implementing and Auditing GDPR Series (9 of 10)
Implementing and Auditing GDPR Series (9 of 10)
 
IT Fraud Series: Data Analytics
IT Fraud Series: Data AnalyticsIT Fraud Series: Data Analytics
IT Fraud Series: Data Analytics
 
How to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital worldHow to build a data analytics strategy in a digital world
How to build a data analytics strategy in a digital world
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
 
Sure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data AnalyticsSure Fire Ways to Succeed with Data Analytics
Sure Fire Ways to Succeed with Data Analytics
 
It42015 slides
It42015 slidesIt42015 slides
It42015 slides
 
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
GDPR Pop Up | Human Capital Department - HR Forum - 26 April 2018
 
It32015 slides
It32015 slidesIt32015 slides
It32015 slides
 
It52015 slides
It52015 slidesIt52015 slides
It52015 slides
 
Employee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective OnboardingEmployee Retention: It Starts With Effective Onboarding
Employee Retention: It Starts With Effective Onboarding
 

Similar a General Data Protection Regulation for Auditors 5 of 10

Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Jim Kaplan CIA CFE
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Jim Kaplan CIA CFE
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports Jim Kaplan CIA CFE
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsJim Kaplan CIA CFE
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewJim Kaplan CIA CFE
 
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Jim Kaplan CIA CFE
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated AnalyticsJim Kaplan CIA CFE
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling Jim Kaplan CIA CFE
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach Jim Kaplan CIA CFE
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reportingJim Kaplan CIA CFE
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slidesJim Kaplan CIA CFE
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsJim Kaplan CIA CFE
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Jim Kaplan CIA CFE
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Jim Kaplan CIA CFE
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection Jim Kaplan CIA CFE
 

Similar a General Data Protection Regulation for Auditors 5 of 10 (20)

Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation Implementing and Auditing General Data Protection Regulation
Implementing and Auditing General Data Protection Regulation
 
Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10) Implementing and Auditing GDPR Series (2 of 10)
Implementing and Auditing GDPR Series (2 of 10)
 
GDPR Series Session 4
GDPR Series Session 4GDPR Series Session 4
GDPR Series Session 4
 
How to data mine your print reports
How to data mine your print reports How to data mine your print reports
How to data mine your print reports
 
Enhanced fraud detection with data analytics
Enhanced fraud detection with data analyticsEnhanced fraud detection with data analytics
Enhanced fraud detection with data analytics
 
How to prepare for your first anti fraud review
How to prepare for your first anti fraud reviewHow to prepare for your first anti fraud review
How to prepare for your first anti fraud review
 
IT Fraud and Countermeasures
IT Fraud and CountermeasuresIT Fraud and Countermeasures
IT Fraud and Countermeasures
 
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation Overcoming the Challenges of Audit Reporting in a Multinational Corporation
Overcoming the Challenges of Audit Reporting in a Multinational Corporation
 
Driving More Value With Automated Analytics
Driving More Value With Automated AnalyticsDriving More Value With Automated Analytics
Driving More Value With Automated Analytics
 
How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling How analytics should be used in controls testing instead of sampling
How analytics should be used in controls testing instead of sampling
 
How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach How ERM and audit work together, a combined assurance approach
How ERM and audit work together, a combined assurance approach
 
Forensic and investigating audit reporting
Forensic and investigating audit reportingForensic and investigating audit reporting
Forensic and investigating audit reporting
 
Retrospective data analytics slides
Retrospective data analytics slidesRetrospective data analytics slides
Retrospective data analytics slides
 
Cybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal AuditorsCybersecurity Series - Cyber Defense for Internal Auditors
Cybersecurity Series - Cyber Defense for Internal Auditors
 
Future audit analytics
Future audit analyticsFuture audit analytics
Future audit analytics
 
Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!Right to Audit Clauses: What you need to know!
Right to Audit Clauses: What you need to know!
 
Internal Auditing Basics
Internal Auditing BasicsInternal Auditing Basics
Internal Auditing Basics
 
Structuring your organization for success with data analytics
Structuring your organization for success with data analytics Structuring your organization for success with data analytics
Structuring your organization for success with data analytics
 
Robotic Process Auditing
Robotic Process Auditing Robotic Process Auditing
Robotic Process Auditing
 
The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection The Future of Auditing and Fraud Detection
The Future of Auditing and Fraud Detection
 

Último

M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.Aaiza Hassan
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Dave Litwiller
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...anilsa9823
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...Any kyc Account
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...lizamodels9
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityEric T. Tung
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Roland Driesen
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Lviv Startup Club
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Servicediscovermytutordmt
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangaloreamitlee9823
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableDipal Arora
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Delhi Call girls
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANIlamathiKannappan
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...Paul Menig
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...amitlee9823
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfAdmir Softic
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataExhibitors Data
 

Último (20)

M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.M.C Lodges -- Guest House in Jhang.
M.C Lodges -- Guest House in Jhang.
 
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
Enhancing and Restoring Safety & Quality Cultures - Dave Litwiller - May 2024...
 
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
Lucknow 💋 Escorts in Lucknow - 450+ Call Girl Cash Payment 8923113531 Neha Th...
 
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
KYC-Verified Accounts: Helping Companies Handle Challenging Regulatory Enviro...
 
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabiunwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
unwanted pregnancy Kit [+918133066128] Abortion Pills IN Dubai UAE Abudhabi
 
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
Russian Call Girls In Gurgaon ❤️8448577510 ⊹Best Escorts Service In 24/7 Delh...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 
Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...Boost the utilization of your HCL environment by reevaluating use cases and f...
Boost the utilization of your HCL environment by reevaluating use cases and f...
 
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
Yaroslav Rozhankivskyy: Три складові і три передумови максимальної продуктивн...
 
Call Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room ServiceCall Girls in Gomti Nagar - 7388211116 - With room Service
Call Girls in Gomti Nagar - 7388211116 - With room Service
 
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service BangaloreCall Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
Call Girls Hebbal Just Call 👗 7737669865 👗 Top Class Call Girl Service Bangalore
 
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service AvailableCall Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
Call Girls Pune Just Call 9907093804 Top Class Call Girl Service Available
 
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
Best VIP Call Girls Noida Sector 40 Call Me: 8448380779
 
A DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMANA DAY IN THE LIFE OF A SALESMAN / WOMAN
A DAY IN THE LIFE OF A SALESMAN / WOMAN
 
7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...7.pdf This presentation captures many uses and the significance of the number...
7.pdf This presentation captures many uses and the significance of the number...
 
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
Call Girls Jp Nagar Just Call 👗 7737669865 👗 Top Class Call Girl Service Bang...
 
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdfDr. Admir Softic_ presentation_Green Club_ENG.pdf
Dr. Admir Softic_ presentation_Green Club_ENG.pdf
 
RSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors DataRSA Conference Exhibitor List 2024 - Exhibitors Data
RSA Conference Exhibitor List 2024 - Exhibitors Data
 
Forklift Operations: Safety through Cartoons
Forklift Operations: Safety through CartoonsForklift Operations: Safety through Cartoons
Forklift Operations: Safety through Cartoons
 
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
VVVIP Call Girls In Greater Kailash ➡️ Delhi ➡️ 9999965857 🚀 No Advance 24HRS...
 

General Data Protection Regulation for Auditors 5 of 10

  • 1. 5/19/2020 1 Richard Cascarino CISM, CIA, ACFE, CRMA General Data Protection Regulation (GDPR) Webinar 5 GDPR Certification About Jim Kaplan, CIA, CFE  President and Founder of AuditNet®, the global resource for auditors (available on iOS, Android and Windows devices)  Auditor, Web Site Guru,  Internet for Auditors Pioneer  IIA Bradford Cadmus Memorial Award Recipient  Local Government Auditor’s Lifetime Award  Author of “The Auditor’s Guide to Internet Resources” 2nd Edition Page 2 1 2
  • 2. 5/19/2020 2 ABOUT AUDITNET® LLC • AuditNet®, the global resource for auditors, serves the global audit community as the primary resource for Web-based auditing content. As the first online audit portal, AuditNet® has been at the forefront of websites dedicated to promoting the use of audit technology. • Available on the Web, iPad, iPhone, Windows and Android devices and features: • Over 3,100 Reusable Templates, Audit Programs, Questionnaires, and Control Matrices • Webinars focusing on fraud, data analytics, IT audit, and internal audit with free CPE for subscribers and site license users. • Audit guides, manuals, and books on audit basics and using audit technology • LinkedIn Networking Groups • Monthly Newsletters with Expert Guest Columnists • Surveys on timely topics for internal auditors Introductions Page 3 HOUSEKEEPING This webinar and its material are the property of AuditNet® and its Webinar partners. Unauthorized usage or recording of this webinar or any of its material is strictly forbidden. • If you logged in with another individual’s confirmation email you will not receive CPE as the confirmation login is linked to a specific individual • This Webinar is not eligible for viewing in a group setting. You must be logged in with your unique join link. • We are recording the webinar and you will be provided access to that recording after the webinar. Downloading or otherwise duplicating the webinar recording is expressly prohibited. • If you meet the criteria for earning CPE, you will receive a link via email to download your certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated if you did not receive the first mailing. • Submit questions via the chat box on your screen and we will answer them either during or at the conclusion. • You must answer the survey questions after the Webinar or before downloading your certificate. 3 4
  • 3. 5/19/2020 3 IMPORTANT INFORMATION REGARDING CPE! • ATTENDEES - If you attend the entire Webinar and meet the criteria for CPE you will receive an email with the link to download your CPE certificate. The official email for CPE will be issued via cpe@email.cpe.io and it is important to white list this address. It is from this email that your CPE credit will be sent. There may be a processing fee to have your CPE credit regenerated after the initial distribution. • We cannot manually generate a CPE certificate as these are handled by our 3rd party provider. We highly recommend that you work with your IT department to identify and correct any email delivery issues prior to attending the Webinar. Issues would include blocks or spam filters in your email system or a firewall that will redirect or not allow delivery of this email from Gensend.io • You must opt-in for our mailing list. If you indicate, you do not want to receive our emails your registration will be cancelled, and you will not be able to attend the Webinar. • We are not responsible for any connection, audio or other computer related issues. You must have pop-ups enabled on you computer otherwise you will not be able to answer the polling questions which occur approximately every 20 minutes. We suggest that if you have any pressing issues to see to that you do so immediately after a polling question. The views expressed by the presenters do not necessarily represent the views, positions, or opinions of AuditNet® LLC. These materials, and the oral presentation accompanying them, are for educational purposes only and do not constitute accounting or legal advice or create an accountant-client relationship. While AuditNet® makes every effort to ensure information is accurate and complete, AuditNet® makes no representations, guarantees, or warranties as to the accuracy or completeness of the information provided via this presentation. AuditNet® specifically disclaims all liability for any claims or damages that may result from the information contained in this presentation, including any websites maintained by third parties and linked to the AuditNet® website. Any mention of commercial products is for information only; it does not imply recommendation or endorsement by AuditNet® LLC 5 6
  • 4. 5/19/2020 4 ABOUT RICHARD CASCARINO, MBA, CIA, CISM, CFE, CRMA • Principal of Richard Cascarino & Associates based in Colorado USA • Over 28 years experience in IT audit training and consultancy • Past President of the Institute of Internal Auditors in South Africa • Member of ISACA • Member of Association of Certified Fraud Examiners • Author of Data Analytics for Internal Auditors 7 TODAY’S AGENDA Page 8 Certification against GDPR The powers of supervisory authorities The role of the European Data Protection Board (EDPB) Lead supervisory authorities 7 8
  • 5. 5/19/2020 5 HOW DOES GDPR APPLY TO US-BASED ENTITIES?  Established in the EU (activity through stable arrangements (i.e., office / EE’s)).  Offer goods or services to EU residents (does not have to be a financial transaction)  Monitor the behavior of EU residents.  Company must show intent to draw EU data subjects as “customers”  Company website or access to Company email address or contact information (by itself) is not enough. GDPR AND THE US PRIVACY SHIELD GDPR “biggest shake-up of data privacy regulations since the birth of the web” European Commission “We expect all companies to fully comply with the General Data Protection Regulation” EU data protection authorities will watch over their correct application Privacy Shield a US jump-start on fulfilling the requirements of GDPR Privacy Shield provides for the European Commission to conduct periodic reviews in order to assess the level of protection provided by the Privacy Shield 9 10
  • 6. 5/19/2020 6 PRIVACY SHIELD Privacy Shield was introduced in 2016 • Commerce Department’s International Trade Administration Voluntary (GDPR is not) U.S.-based organization is required to self-certify to the Department of Commerce Publicly commit to comply with the Framework’s requirements U.S. companies cannot simply rely on the Privacy Shield Framework to satisfy the EU on data privacy • Alexander Stern Alternative • Form a new company that handles all operations within the EU but nowhere else PRIVACY SHIELD ADVANTAGES Provides a legal basis for the transfer of EU citizens’ personal data to and from the U.S. Many of the certification requirements under Privacy Shield match GDPR requirements although not total compliance On top of Privacy Shield you may need to complete all the GDPR privacy requirements In general, you can't GDPR self-certify with the Privacy Shield Only organizations subject to the enforcement authority of the Federal Trade Commission or the Department of Transportation are eligible to participate Should only be bad news for those companies that buy and trade in user data, or those companies that consistently fail to protect personal data 11 12
  • 7. 5/19/2020 7 PROPOSED CHANGES “Privacy Shield works well, but there is some room for improving its implementation” (first review)  More proactive and frequent monitoring by the Department of Commerce of self-certified companies  During the first year of implementation, only three enforcement actions were reported  Increased attention to making EU data subjects aware of how to exercise their rights under the Privacy Shield, including how to lodge complaints PROPOSED CHANGES  Increased cooperation between the Department of Commerce, the Federal Trade Commission, and the EU Data Protection Authorities (DPAs)  Federal legislation to make permanent the protection for non- Americans offered by Presidential Policy Directive 28 (PPD-28)  PPD-28 is an Obama-era limitation on the collection of signals intelligence that requires appropriate safeguards for all personal information, regardless of whether they are U.S. or foreign  The appointment of a permanent Privacy Shield Ombudsman at the U.S. State  The filling of 4 vacancies on the Privacy and Civil Liberties Oversight Board (PCLOB) (now completed) 13 14
  • 8. 5/19/2020 8 2019 REVIEW  “As regards the commercial aspects, the absence of substantial checks remains a concern of the EDPB”  “As regards the collection of data by public authorities, the EDPB can only encourage the PCLOB to issue and publish further reports”  “The EDPB is still not in a position to conclude that the Ombudsperson is vested with sufficient powers to access information and to remedy non-compliance. Thus, it still cannot state that the Ombudsperson can be considered an “effective remedy before a tribunal” in the meaning of Art.47 of the EU Charter of Fundamental Rights” EU REGULATORS Local data protection authorities, (supervisory authorities) will continue to exist Have to co-operate with each other and the European Commission Roles  Appointment of supervisory authorities  Competence, tasks and powers  Co-operation and consistency between supervisory authorities  European Data Protection Board 15 16
  • 9. 5/19/2020 9 CERTIFYING FOR GDPR Particularly relevant in the context of cloud computing and other forms of multi-tenancy services GDPR makes provision for the approval of codes of conduct (“Codes”) and the accreditation of certifications, seals and marks GDPR certification is voluntary, as explicitly provided in Article 42(3) of the GDPR BUT  If a controller or processor applies to an accredited certification body for certification and successfully goes through the certification process, there is a contractual relationship (certification agreement) established between the certification body and the controller/processor EDPB The EDPB (European Data Protection Board) has the status of an EU body  Legal personality  Extensive powers to determine disputes between national supervisory authorities  Give advice and guidance  Approve EU-wide codes and certification 17 18
  • 10. 5/19/2020 10 CERTIFYING FOR GDPR What is certified under the data protection certification mechanisms • Processing activities Data Protection Officers are not included in the scope of Article 42 Products and systems cannot be certified as such for being GDPR compliant, but they are part of the evaluation for awarding the certification for data-processing activities Once a controller/processor has its processing certified under a data protection certification mechanism, there is still no presumption of conformity with the legal obligations Assessment by the certifying body not a definite assessment of compliance with the GDPR THE POWERS OF SUPERVISORY AUTHORITIES Independent European body whose purpose is to ensure consistent application of the General Data Protection Regulation  Guidelines  Recommendations  Best practices  Opinions  Binding decisions Enforcement lies with the EEA SAs EDPB normally decides matters by a simple majority, but rules of procedure and binding decisions (in the first instance) are to be determined by a two-thirds majority 19 20
  • 11. 5/19/2020 11 Graduated approach - up to 4% worldwide turnover maximum. Due regard is to be given to: the nature, gravity and duration of the infringement; the intentional character of the infringement; degree of responsibility (e.g. data protection by design or by default) or any relevant previous infringements; cooperation with the supervisory authority (and the manner in which supervisory authority learned of infringement); categories of personal data affected; other aggravating or mitigating factors (e.g. financial benefits, etc.) Deceber 22, 2015 6 SIZE OF FINES EDPB CONSISTENCY OPINIONS Most distinctive new role is to conciliate and determine disputes between national supervisory authorities Between May 25, 2018, and December 31, 2019, the EDPB adopted consistency opinions, including: • 31 opinions regarding the national lists of processing subject to a data protection impact assessment (DPIA); • Two positive opinions on Binding Corporate Rules (“BCRs”), while more than 40 BCRs are in the pipeline for approval, half of which could be expected to be approved by the end of 2020; • Two opinions on the draft accreditation requirements for a code of conduct monitoring body pursuant to Article 41 of the GDPR; and • One opinion on draft SCCs between data controllers and data processors according to Article 28(8) of the GDPR. 21 22
  • 12. 5/19/2020 12 ENFORCEMENT AT THE NATIONAL LEVEL In its first year  Approximately 275,557 complaints  785 administrative fines  160,040 personal data breaches notified Updated its Binding Corporate Rules referrentials for controllers and processors in light of the GDPR  3 positive Opinions on national decisions approving BCRs while more than 40 BCRs are in the pipeline Codes of Conduct and Certification  Currently preparing guidelines Legally binding instruments and administrative arrangements,  Preparing guidelines for public authorities and bodies wishing to transfer personal data to public entities outside the EEA ONE-STOP SHOP The ‘one-stop-shop’ concept  where a business is established in more than one Member State, it will have a ‘lead authority’,  determined by the place of its ‘main establishment’ in the EU  A supervisory authority which is not a lead authority may also have a regulatory role  where processing impacts on data subjects in the country of that supervisory authority 23 24
  • 13. 5/19/2020 13 LEAD SUPERVISORY AUTHORITIES Lead Supervisory Authority is the main data protection regulator and the entity that has primary responsibility for dealing with cross-border data processing Single point of contact One-stop shop for all matters related to GDPR In year one:  1,346 procedures were initiated to identify the lead DPA and the concerned DPAs  807 cross-border cases registered  Lead DPAs issued 141 draft decisions to the concerned DPAs USA AND SUPERVISORY AUTHORITIES Supervisory Authority is the entity that must be notified in the event of a breach of personal data of data subjects Lead Supervisory Authority is the main data protection regulator and the entity that has primary responsibility for dealing with cross-border data processing Companies that operate in multiple EU member states, the lead supervisory authority would normally be the supervisory authority in the country where the company’s headquarters is or where its main business location is in the EU 25 26
  • 14. 5/19/2020 14 THE USA A U.S. company that does not have a base in an EU member state has a problem. If it does not have a base in an EU member state where data procession decisions are made, it will not benefit from the one-stop-shop mechanism Even if a company has a representative in an EU member state Company must deal with the supervisory authority in every member state where the company is active There would not be any lead supervisory authority May revert to the Privacy Shield REMEMBER GDPR creates direct obligations and liability for processors, including those based in the U.S Rebalances obligations between companies requesting services (controllers) and companies offering services (processors) Information such as log-in information, IP addresses, and vehicle identification numbers, though not enabling direct identification of individuals, allow for identification of individuals indirectly and are therefore considered to be personal data Effectively, most services and/or projects will be considered to involve processing of personal data Article 48 of the GDPR could impede a company’s ability to comply with the U.S. legal process requiring the production of EU personal data 27 28
  • 15. 5/19/2020 15 CONTROLLERS VS PROCESSORS Controller, acting alone or together with others, “determines the purposes and means of the processing of personal data.” Processor, on the other hand, “processes personal data on behalf of the controller Controller or Processor that maintains an “establishment” in the EU will be subject to the GDPR if it processes personal data “in the context of” that EU establishment, regardless of whether the processing actually takes place in the EU Controller or Processor not established in the EU will be subject to the GDPR “where the processing activities are related to offering goods or services to data subjects in the Union,” even when the goods and services are offered for free CONTROLLERS VS PROCESSORS Controller or Processor not established in the EU will be subject to the GDPR if it processes the personal data of data subjects in the EU and that processing is related to the “monitoring” in the EU of the “behavior” of data subjects as their behavior takes place within the EU In the event of a data breach, the controller must notify the supervisory authority “without undue delay” and within 72 hours of discovering the breach, where feasible • Reasoned justification in case breach is not notified within 72 hours • Data subjects shall be notified without undue delay if the breach is likely to result in a high risk for the rights and freedoms of individuals to allow them to take the necessary precautions • Communication to the data subject is not required in certain cases   29 30
  • 16. 5/19/2020 16  Direct claims: data subject can lodge a complaint directly against a Processor (administrative as well as judicial).  Qualified liability: A Processor shall be liable for the damage caused by the processing only where it has not complied with obligations of this Regulation specifically directed to Processors or acted outside or contrary to lawful instructions of the Controller.  Burden of proof: A Controller or Processor shall be exempted from liability if it proves that it is not in any way responsible for the event giving rise to the damage.  Liable for sub-processors: Where that other Processor fails to fulfill its data protection obligations, the initial Processor shall remain fully liable to the Controller for the performance of that other processor's obligations. 18 LIABILITIES 18 RIGHTS AGAINST CONTROLLERS AND PROCESSORS The right to lodge a complaint with supervisory authorities where their data have been processed in a way that does not comply with the GDPR The right to an effective judicial remedy where a competent supervisory authority fails to deal properly with a complaint; The right to an effective judicial remedy against a relevant controller or processor; The right to compensation from a relevant controller or processor for material or immaterial damage resulting from infringement of the GDPR 31 32
  • 17. 5/19/2020 17 18 RIGHTS AGAINST CONTROLLERS AND PROCESSORS Both natural and legal persons have the right of appeal to national courts against a legally binding decision concerning them made by a supervisory authority Individuals can bring claims for non-pecuniary loss, not just for compensation The potential for group actions to be brought is facilitated Judicial remedies and liability for compensation extend to both data controllers and data processors who infringe the Regulation 18 ACTIONS FOR CONTROLLERS AND PROCESSORS Controllers and their processors should ensure that data processing agreements and contract management arrangements clearly specify: the scope of the processor’s responsibilities the agreed mechanisms for resolving disputes regarding respective liabilities to settle compensation claims The agreed process for reporting to other controllers or processors that are involved in the same processing, any relevant compliance breaches and any complaints or claims received from relevant data subjects 33 34
  • 18. 5/19/2020 18 REPRESENTATIVE BODIES The GDPR entitles representative bodies, acting on behalf of data subjects, to lodge complaints with supervisory authorities and seek judicial remedies against a decision of a supervisory authority or against data controllers or processors The provision applies to any representative body that is: a not-for-profit body, organization or association; properly constituted according to Member State law; with statutory objectives that are in the public interest; active in the field of data protection QUESTIONS? Any Questions? Don’t be Shy! 35 36
  • 19. 5/19/2020 19 AUDITNET® AND CRISK ACADEMY • If you would like forever access to this webinar recording • If you are watching the recording, and would like to obtain CPE credit for this webinar • Previous AuditNet® webinars are also available on-demand for CPE credit http://criskacademy.com http://ondemand.criskacademy.com Use coupon code: 50OFF for a discount on this webinar for one week THANK YOU! Page 38 Jim Kaplan AuditNet® LLC 1-800-385-1625 Email:info@auditnet.org www.auditnet.org Follow Me on Twitter for Special Offers - @auditnet Join my LinkedIn Group – https://www.linkedin.com/groups/44252/ Like my Facebook business page https://www.facebook.com/pg/AuditNetLLC Richard Cascarino & Associates Cell: +1 970 819 7963 Tel +1 303 747 6087 (Skype Worldwide) Tel: +1 970 367 5429 eMail: rcasc@rcascarino.com Web: http://www.rcascarino.com Skype: Richard.Cascarino 37 38