GTC Training: European Data Privacy Compliance
April 6, 2017
Harvard Club Downtown, 1 Federal Street, 38th Floor, Boston, MA 02110
8:45am – 12:00pm Eastern
Click on the links below to download the materials from the training.
KEY ITEMS:
- TOOLKIT: GTC Global Compliance Toolkit
- TOOLKIT (Spreadsheet): GTC Global Compliance Toolkit Spreadsheet
- E-PRIVACY: GTC Draft E-Privacy Regulation Summary
- GDPR GUIDE: Guide to the General Data Protection Regulation, January 2017 (Bird & Bird) (Provided with permission from Bird & Bird)
- DPO GUIDELINES:
- Guidelines on Data Protection Officers (‘DPOs’), adopted on December 13, 2016 (WP243)
- WP 243 Annex – Frequently Asked Questions
- Ensuring the Effectiveness and Strategic Role of the Data Protection Officer under the GDPR, November 2016, Centre for Information Policy Leadership (CIPL)
- LEAD DPA:
- Guidelines for identifying a controller or processor’s lead supervisory authority, adopted on December 13, 2016 (WP 244)
- WP 244 Annex II – Frequently Asked Questions
- DPA LIST: DPA Reference Sheet, GTC Law Group PC
- RISK/IMPACT ASSESSMENTS: Risk, High Risk, Risk Assessments and Data Protection Impact Assessments under the GDPR, December 21, 2016, Centre for Information Policy Leadership (CIPL)
- INDIVIDUAL RIGHT REQUIRE THE TRANSFER OF THEIR OWN DATA:
- Guidelines on the right to data portability, adopted on December 13, 2016 (WP 242)
- WP 242 Annex – Frequently Asked Questions
- CONSENT: ICO consultation: GDPR consent guidance
- GDPR PREPARATION GUIDE: Preparing for the GDPR, March 13, 2017 (Information Commissioner’s Office)
- PRACTICAL TOOLS AND TEMPLATES:
- NYMITY: Nymity’s Attestor for accountability and tracking, and templates for GDPR (e.g., notices) – some materials require subscription
- THE CONFERENCE BOARD. Provided with permission from TCB. Requires membership to access other TCB materials and resources.
- Data Processing Based on Legitimate Interests, December 29, 2016, The Conference Board
- Template “Annex Z” to Acme Agreements: Compliance with the EU GDPR, The Conference Board
- IAPP: IAPP Resource Center GDPR Portal (IAPP membership required for access. Various resources.)
- NOTICE OF BREACH LETTERS:
- Sample Letter to Massachusetts Attorney General for MGL 93H notice of breach, available from the Office of the Attorney General of Massachusetts
- Sample Letter to affected Massachusetts Residents for MGL 93H notice of breach, available from the Office of the Attorney General of Massachusetts
GENERAL BACKGROUND MATERIAL:
- COUNTRY-SPECIFIC GUIDANCE:
- UK: Information Commissioner’s Office (ICO)
- IRELAND: Irish DPA Consultation on Consent, Profiling, Personal Data Breach Notification and Certification
- SPAIN: AEPD general guidance and specific info on duty to provide notice, processing agreements with template samples (issued in Spanish):
- GERMANY: Bavarian DPA guidance on rights of access (issued in German)
- GDPR ACTION PLAN: Statement on the 2016 action plan for the implementation of the General Data Protection Regulation (GDPR), adopted on February 2, 2016 (WP 236)
- DPA POWER: Opinion 04/2016 on European Commission amendments proposals related to the powers of Data Protection Authorities in Standard Contractual Clauses and adequacy decisions, adopted on October 31, 2016 (WP 241)
- ADVISORY GUIDELINES: Working Party 29 Publications
PRESENTATION DECKS FROM THE CONFERENCE:
KEYNOTE: Preparing for the EU GDPR (David Bender, GTC)
PANEL #1: In-House Counsel Experience with the Challenges of European Compliance (Renard Francois, General Electric; Elaine Call, Cengage Learning)
PANEL #2: Compliance Strategies and External Resources (Sara Cable, Office of Attorney General Maura Healey, Commonwealth of Massachusetts)
PREVIOUS GTC DATA PRIVACY CONFERENCES:
Toolkit for Data and Privacy Security (September 29, 2016)
Data Breach Simulation Training (January 12, 2017)