WELCOME TO OUR WEBINAR
|
|
- Karin Houston
- 7 years ago
- Views:
Transcription
1 WELCOME TO OUR WEBINAR The EU General Data Protection Regulation (GDPR) Tuesday, December 22, :00pm GMT / 16:00pm CET / 10:00am EST If you cannot hear us speaking, please make sure you have called into the teleconference number on your invite information. UK participants: Outside the UK: +44 (0) Event Code: The audio portion is available via conference call. It is not broadcast through your computer. *This webinar is offered for informational purposes only, and the content should not be construed as legal advice on any matter.
2 Welcome Today's speakers Patrick van Eecke Brussels Carol Umhoefer Paris Giangacomo Olivi Milano or You are on mute A link to a recording of the webinar will be made available EU General Data Protection Regulation December 22,
3 The GDPR in 20 Questions
4 1. Why all the buzz around the EU General Data Protection Regulation? Carol Umhoefer Paris One law, directly applicable in all 28 Member States. Replaces the 1995 Data Protection Directive and the national laws transposing the Directive. Will apply from 2018 national laws apply until then. Big picture implications: Will the EU continue to lead the way in personal data protection? EU General Data Protection Regulation December 22,
5 2. Has it been adopted now? Are these really the final rules? Patrick van Eecke Brussels Last week 17 December: EP LIBE endorsed the texts agreed in the trilogues. 18 December: COREPER confirmed the final compromise texts. Next weeks Early 2016: Legal-linguistic review of the texts Early 2016: Adoption by the Council Early 2016: Adoption by the Parliament Spring 2016 Publication in Official Journal 20 days after publication: enter into force Delegated acts/implementing acts Spring 2018 Application of the rules EU General Data Protection Regulation December 22,
6 3. To whom does it apply? Giangacomo Olivi Milan Processing of personal data in the context of the activities of an establishment of a controller or a processor in the Union, regardless of whether the processing itself takes place within the EU. Processing of personal data of data subjects who are in the Union by a controller or processor not established in the Union where the processing activities are related to the offering of goods or services to data subjects in the European Union irrespective of whether a payment of the data subject is required, or related to the monitoring of the behaviour of such data subjects as far as their behaviour takes place within the EU. EU General Data Protection Regulation December 22,
7 4. Do the principles stay the same or are we starting over? Carol Umhoefer Paris Personal data must be processed lawfully, fairly and in a transparent manner. Personal data must be processed for specified, explicit and legitimate purposes and not further processed in an incompatible way. Personal data must be adequate, relevant and limited to what is necessary in relation to the purposes. Personal data must be accurate and where necessary kept up to date. Personal data must be kept in a form that permits identification of data subjects for no longer than necessary for the purposes. Personal data must be processed in a way that ensures appropriate security using appropriate technical or organizational measures. And a new principle: The controller shall be responsible for and be able to demonstrate compliance with the principles. EU General Data Protection Regulation December 22,
8 5. How large are the fines likely to be? Giangiacomo Olivi Milan Graduated approach up to 4% worldwide turnover maximum. Due regard is to be given to: the nature, gravity and duration of the infringement; the intentional character of the infringement; actions taken to mitigate the damage suffered; degree of responsibility (e.g. data protection by design or by default) or any relevant previous infringements; cooperation with the supervisory authority (and the manner in which supervisory authority learned of infringement); categories of personal data affected; compliance with measures ordered; adherence to a code of conduct (or certification mechanism); other aggravating or mitigating factors (e.g. financial benefits, etc.) EU General Data Protection Regulation December 22,
9 6. Will international transfer mechanisms be affected? Same philosophy as before i.e. only under very strict conditions: Adequacy decisions by Commission. Appropriate safeguards, such as: Patrick van Eecke Brussels Binding corporate rules; Standard data protection clauses adopted by the Commission or by a supervisory authority or contractual clauses authorised by a supervisory authority; Derogations: Explicit consent/necessary for performance of the agreement/ What about legal disclosure obligations? "Any judgment of a court or tribunal and any decision of an administrative authority of a third country requiring a controller or processor to transfer or disclose personal data may only be recognised or enforceable in any manner if based on an international agreement, such as a mutual legal assistance treaty." EU General Data Protection Regulation December 22,
10 7. Will we need to appoint a DPO or not? Giangiacomo Olivi Milan Yes and No! - DPO to be designated when the core activities of the controller / processor: require regular and systematic monitoring of data subjects on a large scale; consists of processing on a large scale of "special categories of data" (Art. 9) or data relating to criminal convictions. A group of undertaking may appoint a single DPO. A DPO may be a staff member or a consultant (service contract), to report to the highest management level. Tasks include: inform and advise the controller / processor (and employees) of their obligations; monitor compliance with the GDPR; advise on data protection impact assessment; cooperate with the supervisory authority (including acting as point of contact). EU General Data Protection Regulation December 22,
11 8. How will one-stop-shop change our compliance program? Carol Umhoefer Paris One-stop-shop relevant to interactions with supervisory authorities in relation to cross-border processing. Definition of cross-border processing could be clarified, even if the intent is clear. With respect to its cross-border processing, the controller or processor will deal only with its lead supervisory authority. Exceptions may apply for example, issues arising in a single Member State; employee data processing; healthcare data processing. EU General Data Protection Regulation December 22,
12 9. What will we need to do in case of a data breach? Giangiacomo Olivi Milan Notification to the supervisory authority without undue delay and where feasible no more than 72 hours, unless the personal data breach is unlikely to result in a risk for the rights and freedoms of individuals. Reasoned justification in case breach is not notified within 72 hours. Data subjects shall be notified without undue delay if the breach is likely to result in a high risk for the rights and freedoms of individuals to allow them to take the necessary precautions. Communication to the data subject is not required if the controller: implemented appropriate technical and organization measures to that rendered the data affected unintelligible (e.g. encryption); took subsequent measures to ensure that the high risks are no longer likely to materialise; if it causes disproportionate effort. EU General Data Protection Regulation December 22,
13 10. Can we still process personal data on the basis of consent? Patrick van Eecke Brussels Yes, but: consent should be freely given, specific, informed and unambiguous; by a statement or clear affirmative action; Controller has burden of proof. In practice: ticking a box, choosing technical settings, or conduct clearly indicating acceptance of proposed processing. Silence, pre-ticked boxes or inactivity should not constitute consent. Contract performance cannot be made conditional to consent, if processing is not necessary. EU General Data Protection Regulation December 22,
14 11. Can we still process personal data on the basis of legitimate interests? Carol Umhoefer Paris Yes with some changes: Obligation to specifically inform data subjects. Data subject entitled to require restriction of processing of his/her data while verifying if fundamental rights don't override legitimate interests. Reasonable expectations of data subjects should be given consideration, such as when a data subject is a client or in the service of the controller. Examples: Preventing fraud; ensuring network and information security. Direct marketing purposes may be regarded as carried out for a legitimate interest? EU General Data Protection Regulation December 22,
15 12. Will data collection from kids become illegal? Giangiacomo Olivi Milan No - General principles of lawfulness of processing (Art. 6) shall apply. Processing of personal data of a child below the age of 16 years requires the consent (given or authorized) by the parent (or other holder of parental responsibility). Member States can lower the age threshold (but not below 13 years). The controller shall make reasonable efforts to verify that consent is given or authorized by the holder of parental responsibility over the child. Rules to consider available technology and not to affect general contract law. EU General Data Protection Regulation December 22,
16 13. Will individuals get new rights? Carol Umhoefer Paris Yes several new and expanded rights. Data portability. Restriction of processing. Expanded right of erasure - the Right To Be Forgotten. Rights regarding profiling: using data to evaluate certain personal aspects relating to a natural person, in particular to analyse or predict aspects concerning that person's performance at work, economic situation, health, personal preferences, interest, reliability, behaviour, location or movements. EU General Data Protection Regulation December 22,
17 14. Will we get new types of sensitive data? Patrick van Eecke Brussels General rule - prohibition to process personal data, revealing: racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership, genetic data, biometric data in order to uniquely identify a person or data concerning health or sex life and sexual orientation. But 10 exceptions apply: explicit consent vital interest assessment of the working capacity of the employee public health, Pay attention! Member States may maintain or introduce further conditions, including limitations, with regard to the processing of genetic data, biometric data or health data. EU General Data Protection Regulation December 22,
18 15. Does the Regulation still apply if we de-identify our data? Carol Umhoefer Paris Information that does not relate to an identified or identifiable natural person, or data rendered anonymous in such a way that the data subject is not or no longer identifiable, will not be subject to the Regulation. Data that has undergone pseudonymisation, which could be attributed to a natural person by the use of additional information, is personal data subject to the Regulation. To determine whether a person is identifiable, account should be taken of all the means reasonably likely to be used, looking at all objective factors, such as the costs and amount of time required, available technology at the time of the processing, and technological developments. EU General Data Protection Regulation December 22,
19 16. When will we need to conduct a privacy impact assessment? Giangiacomo Olivi Milan When using new technologies and likely to result in a risk for the rights and freedoms of individuals. In particular: systematic and extensive evaluation of personal aspects based on automated processing (including profiling) and on which decisions are made, significantly affecting the individual. large scale processing of "special categories of data" or criminal data. systematic monitoring of a publicly accessible area on a large scale. A single assessment may address a set of similar processing operations with similar risks. Supervisory authority to publish a list of operations subject (and not subject) to data protection impact assessment. Assessment review when risk changes. EU General Data Protection Regulation December 22,
20 17. We've always acted as a processor what will our liability be? Patrick van Eecke Brussels Direct claims: data subject can lodge a complaint directly against a P (administrative as well as judicial). Qualified liability: A P shall be liable for the damage caused by the processing only where it has not complied with obligations of this Regulation specifically directed to Ps or acted outside or contrary to lawful instructions of the C. Burden of proof: A C or P shall be exempted from liability if it proves that it is not in any way responsible for the event giving rise to the damage. Joint and several liability: Where more than one C or P are involved in the same processing and, where they are responsible for any damage caused by the processing, each shall be held liable for the entire damage, in order to ensure effective compensation of the data subject. Liable for sub-processors: Where that other P fails to fulfil its data protection obligations, the initial P shall remain fully liable to the C for the performance of that other processor's obligations. EU General Data Protection Regulation December 22,
21 18. Is it true the G29 will be dissolved? Carol Umhoefer Paris An independent body of the Union with legal personality the European Data Protection Board will be established. Will replace the Article 29 Working Party. Composed of the head of a supervisory authority in each Member State and the European Data Protection Supervisor or their respective representatives. Contribute to the consistent application of the GDPR. Empowered to issue binding decisions. Decisions subject to action for annulment before the Court of Justice of the European Union. EU General Data Protection Regulation December 22,
22 19. Will the regulators be issuing guidelines or recommendations? The Commission will be granted implementing powers. Implementing acts: Patrick van Eecke Brussels approved codes of conduct; technical standards for certification mechanisms and data protection seals and marks; third country adequacy decisions; format and procedures for the exchange of information between stakeholders for BCRs. Delegated acts: information to be presented by the icons; procedures for providing standardised icons; requirements for the data protection certification mechanisms. EU General Data Protection Regulation December 22,
23 20. How far does harmonization really go? Giangiacomo Olivi Milan Member State law should reconcile rules governing freedom of expression and information with the protection of personal data. Member State law or collective agreements may provide for specific rules on employee personal data processing, for example, conditions under which data can be processed on the basis of employee consent. Member States may adopt specific rules if necessary to reconcile the right to the protection of personal data with an obligation of professional secrecy. Member States may maintain or introduce more specific requirements for processing pursuant to legal obligations under Member State's law. EU General Data Protection Regulation December 22,
24 Stay Informed Subscribe to our Privacy Matters blog for regular updates Access our Data Protection Laws of the World Handbook at New edition to be released Q EU General Data Protection Regulation December 22,
25 QUESTIONS EU General Data Protection Regulation December 22,
26 Enjoy your holidays!
The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More information5419/16 ADD 1 VH/np 1 DGD 2C
Council of the European Union Brussels, 17 March 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5419/16 ADD 1 DRAFT STATEMT OF THE COUNCIL'S REASONS Subject: DATAPROTECT 2 JAI 38 MI 25 DIGIT 21
More informationBinding Corporate Rules ( BCR ) Summary of Third Party Rights
Binding Corporate Rules ( BCR ) Summary of Third Party Rights This document contains in its Sections 3 9 all provision of the Binding Corporate Rules (BCR) for Siemens Group Companies and Other Adopting
More informationData Protection. Processing and Transfer of Personal Data in Kvaerner. Binding Corporate Rules Public Document
Data Protection Processing and Transfer of Personal Data in Kvaerner Binding Corporate Rules Public Document 1 of 19 1 / 19 Table of contents 1 Introduction... 4 1.1 Scope... 4 1.2 Definitions... 4 1.2.1
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationGuidelines on Data Protection. Draft. Version 3.1. Published by
Guidelines on Data Protection Draft Version 3.1 Published by National Information Technology Development Agency (NITDA) September 2013 Table of Contents Section One... 2 1.1 Preamble... 2 1.2 Authority...
More information13772/14 GS/np 1 DG D 2C
Council of the European Union Brussels, 3 October 2014 (OR. en) Interinstitutional File: 2012/0011 (COD) 13772/14 DATAPROTECT 129 JAI 730 MI 726 DRS 120 DAPIX 137 FREMP 164 COMIX 503 CODEC 1926 NOTE From:
More informationCHAPTER I GENERAL PROVISIONS
Proposal for a regulation of the European Parliament and of the Council on the protection of individual with regard to the processing of personal data and on the free movement of such data (General Data
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationOverview. Data protection in a swirl of change 28.03.2014. Cloud computing. Software as a service. Infrastructure as a service. Platform as a service
Data protection in a swirl of change Overview 1 Data protection issues in cloud computing 2 Consent for mobile applications Security Seminar 2014: Privacy Radboud University Nijmegen 3 The WhatsApp case
More informationPRESIDENT S DECISION No. 40. of 27 August 2013. Regarding Data Protection at the European University Institute. (EUI Data Protection Policy)
PRESIDENT S DECISION No. 40 of 27 August 2013 Regarding Data Protection at the European University Institute (EUI Data Protection Policy) THE PRESIDENT OF THE EUROPEAN UNIVERSITY INSTITUTE, Having regard
More informationAlign Technology. Data Protection Binding Corporate Rules Controller Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Controller Policy Contents INTRODUCTION 3 PART I: BACKGROUND AND ACTIONS 4 PART II: CONTROLLER OBLIGATIONS 6 PART III: APPENDICES 13 2 P a g e INTRODUCTION
More informationData Protection Policy
1 Data Protection Policy Version 1: June 2014 1 2 Contents 1. Introduction 3 2. Policy Statement 3 3. Purpose of the Data Protection Act 1998 3 4. The principles of the Data Protection Act 1998 4 5 The
More informationI. EBF KEY PRIORITIES. A. Data breach notification
D1391E-2012 29.10.2012 EUROPEAN BANKING FEDERATION PROPOSED AMENDMENTS TO THE EUROPEAN COMMISSION PROPOSAL FOR A REGULATION ON THE PROTECTION OF INDIVIDUALS WITH REGARD TO THE PROCESSING OF PERSONAL DATA
More informationData Protection Standard
Data Protection Standard Processing and Transfer of Personal Data in Aker Solutions (Binding Corporate Rules) Aker Solutions www.akersolutions.com Table of contents 1 Introduction... 3 1.1 Scope... 3 1.2
More informationThe European General Data Protection Regulation. A guide for the insurance industry
The European General Data Protection Regulation A guide for the insurance industry IMPORTANT NOTE: This guide is based on the politically agreed compromise text agreed by the European Commission, EU Parliament
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More informationCorporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data
Corporate Guidelines for Subsidiaries (in Third Countries ) *) for the Protection of Personal Data *) For the purposes of these Corporate Guidelines, Third Countries are all those countries, which do not
More informationThe primary responsibility for the data processing lies within the Administration Department, which the FINCOP Unit is part of.
Opinion on a Notification for Prior Checking received from the Data Protection Officer of the European Training Foundation Regarding the Processing Operations to Manage Calls for Tenders Brussels, 22 April
More informationPersonal Data Act (1998:204);
Personal Data Act (1998:204); issued 29 April 1998. Be it enacted as follows. General provisions Purpose of this Act Section 1 The purpose of this Act is to protect people against the violation of their
More informationEUROPEAN PARLIAMENT 2009-2014. Committee on Industry, Research and Energy. of the Committee on Industry, Research and Energy
EUROPEAN PARLIAMT 2009-2014 Committee on Industry, Research and Energy 2012/0011(COD) 26.02.2013 OPINION of the Committee on Industry, Research and Energy for the Committee on Civil Liberties, Justice
More informationHuman Resources and Data Protection
Human Resources and Data Protection Contents 1. Policy Statement... 1 2. Scope... 2 3. What is personal data?... 2 4. Processing data... 3 5. The eight principles of the Data Protection Act... 4 6. Council
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationOVERVIEW. stakeholder engagement mechanisms and WP29 consultation mechanisms respectively.
Joint work between experts from the Article 29 Working Party and from APEC Economies, on a referential for requirements for Binding Corporate Rules submitted to national Data Protection Authorities in
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationHow To Regulate Data Processing In European Union
Analysis The Proposed Data Protection Regulation: What has the Council agreed so far? Steve Peers, Professor of Law, University of Essex Twitter: @StevePeers 8 December 2014 Introduction Back in January
More informationA guide for in-house lawyers
A guide for in-house lawyers June 2015 The Proposed EU General Data Protection Regulation Index Introduction to the Regulation - 3 Progress of the Regulation - 4 Using this Guide - 5 Conceptual Overview
More informationon the transfer of personal data from the European Union
on the transfer of personal data from the European Union BCRsseptembre 2008.doc 1 TABLE OF CONTENTS I. PRELIMINARY REMARKS 3 II. DEFINITIONS 3 III. DELEGATED DATA PROTECTION MANAGER 4 IV. MICHELIN GROUP
More informationLEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT
LEGISLATION COMMITTEE OF THE CROATIAN PARLIAMENT 2300 Pursuant to its authority from Article 59 of the Rules of Procedure of the Croatian Parliament, the Legislation Committee determined the revised text
More informationDATA PROTECTION POLICY
Reference number Approved by Information Management and Technology Board Date approved 14 th May 2012 Version 1.1 Last revised N/A Review date May 2015 Category Information Assurance Owner Data Protection
More informationData Protection A Guide for Users
Data Protection A Guide for Users EUROPEAN PARLIAMENT Contents Contents 3 Introduction 4 Data protection standards making a difference in the European Parliament 5 Data protection the actors 6 Data protection
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationComments and proposals on the Chapter II of the General Data Protection Regulation
Comments and proposals on the Chapter II of the General Data Protection Regulation Ahead of the trialogue negotiations in September, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationBinding Corporate Rules Privacy (BCRP) personal Telekom Group rights in the handling of personal data within the Deutsche Telekom Group
Binding Corporate Rules Privacy (BCRP) Binding Corporate corporate Rules rules Privacy for (BCRP) the protection of personal Telekom Group rights in the handling of personal data within the Deutsche Telekom
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationCorporate Policy. Data Protection for Data of Customers & Partners.
Corporate Policy. Data Protection for Data of Customers & Partners. 02 Preamble Ladies and gentlemen, Dear employees, The electronic processing of virtually all sales procedures, globalization and growing
More informationCROATIAN PARLIAMENT 1364
CROATIAN PARLIAMENT 1364 Pursuant to Article 88 of the Constitution of the Republic of Croatia, I hereby pass the DECISION PROMULGATING THE ACT ON PERSONAL DATA PROTECTION I hereby promulgate the Act on
More informationCouncil of the European Union Brussels, 26 June 2015 (OR. en)
Council of the European Union Brussels, 26 June 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 9985/1/15 REV 1 LIMITE DATAPROTECT 103 JAI 465 MI 402 DIGIT 52 DAPIX 100 FREMP 138 COMIX 281 CODEC
More informationImportant aspects of the new Regulation third country data transfers
Important aspects of the new Regulation third country data transfers Dr. Christopher Kuner Senior Of Counsel Wilson Sonsini Goodrich & Rosati, Brussels 3 rd European Data Protection Days Berlin, 14 May
More informationThe potential legal consequences of a personal data breach
The potential legal consequences of a personal data breach Tue Goldschmieding, Partner 16 April 2015 The potential legal consequences of a personal data breach 15 April 2015 Contents 1. Definitions 2.
More informationDraft GDPR and health-related scientific research: Where do we stand with the EU Council?
Draft GDPR and health-related scientific research: Where do we stand with the EU Council? Gauthier Chassang, Lawyer BIOBANQUES Infrastructure, INSERM US013, France Data Protection for health: Enabling
More informationAlign Technology. Data Protection Binding Corporate Rules Processor Policy. 2014 Align Technology, Inc. All rights reserved.
Align Technology Data Protection Binding Corporate Rules Processor Policy Confidential Contents INTRODUCTION TO THIS POLICY 3 PART I: BACKGROUND AND ACTIONS 4 PART II: PROCESSOR OBLIGATIONS 6 PART III:
More informationGENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS
GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS December 2005 2 GENERAL ELECTRIC COMPANY EMPLOYMENT DATA PROTECTION STANDARDS I. OBJECTIVE... 1 II. SCOPE... 1 III. APPLICATION OF LOCAL LAWS...
More informationDATA PROTECTION POLICY. Examples of personal data which TWM may require from clients include the following and for the reasons ascribed to each;
DATA PROTECTION POLICY Introduction TWM Solicitors maintain certain personal data about individuals for the purposes of satisfying operational and legal obligations. The Data Protection Act sets rules
More informationGSK Public policy positions
Safeguarding Personally Identifiable Information A Summary of GSK s Binding Corporate Rules The Issue The processing of Personally Identifiable Information (PII) 1 and Sensitive Personally Identifiable
More informationDIFC LAW NO. 1 OF 2007
DATA PROTECTION LAW DIFC LAW NO. 1 OF 2007 Consolidated Version (December 2012) Amended by Data Protection Law Amendment Law DIFC Law No. 5 of 2012 CONTENTS PART 1: GENERAL... 4 1. Title... 4 2. Legislative
More informationslaughter and may The new EU Data Protection Regulation revolution or evolution?
slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of
More informationHow To Protect Your Data In European Law
Corporate Data Protection Code of Conduct for the Protection of the Individual s Right to Privacy in the Handling of Personal Data within the Deutsche Telekom Group 2010 / 04 We make ICT strategies work
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationCOMMISSION STAFF WORKING DOCUMENT. on the existing EU legal framework applicable to lifestyle and wellbeing apps. Accompanying the document
EUROPEAN COMMISSION Brussels, 10.4.2014 SWD(2014) 135 final COMMISSION STAFF WORKING DOCUMENT on the existing EU legal framework applicable to lifestyle and wellbeing apps Accompanying the document GREEN
More informationData Protection Act 1998 The Data Protection Policy for the Borough Council of King's Lynn & West Norfolk
Data Protection Act 1998 The for the Borough Council of King's Lynn & West Norfolk 1 Contents Introduction 3 1. Statement of Intent 4 2. Fair Obtaining I Processing 5 3. Data Uses and Processes 6 4. Data
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More information12555/15 CHS/KR/np 1 DGD 2C
Council of the European Union Brussels, 2 October 2015 (OR. en) Interinstitutional File: 2012/0010 (COD) 12555/15 NOTE From: To: Presidency Council No. prev. doc.: 12266/15 No. Cion doc.: 5833/12 Subject:
More informationData Compliance. And. Your Obligations
Information Booklet Data Compliance And Your Obligations What is Data Protection? It is the safeguarding of the privacy rights of individuals in relation to the processing of personal data. The Data Protection
More informationREGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL
REGULATION (EU) No XXX/2016 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL on the protection of individuals with regard to the processing of personal data and on the free movement of such data (General
More informationApplication of Data Protection Concepts to Cloud Computing
Application of Data Protection Concepts to Cloud Computing By Denitza Toptchiyska Abstract: The fast technological development and growing use of cloud computing services require implementation of effective
More informationPRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY. Introduction
PRINCIPLES OF THE TRANSFER OF PERSONAL DATA TO A THIRD COUNTRY Introduction The continuous globalization of the world economy influences the international transfer of personal data. The transfer of personal
More informationOSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data
OSRAM BCR Binding Corporate Rules ( BCR ) for OSRAM Group Companies and Adopting Companies for the protection of personal data Terms Adopting company an OSRAM associated company in Germany or overseas
More informationData Protection Policy
Data Protection Policy CONTENTS Introduction...2 1. Statement of Intent...2 2. Fair Processing or Privacy Statement...3 3. Data Uses and Processes...4 4. Data Quality and Integrity...4 5. Technical and
More informationCOUNCIL OF THE EUROPEAN UNION. Brussels, 31 May 2013 10227/13 ADD 1. Interinstitutional File: 2012/0011 (COD)
COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 Interinstitutional File: 2012/0011 (COD) 10227/13 ADD 1 DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 ADDENDUM TO NOTE
More informationLittle Marlow Parish Council Registration Number for ICO Z3112320
Data Protection Policy Little Marlow Parish Council Registration Number for ICO Z3112320 Adopted 2012 Reviewed 23 rd February 2016 Introduction The Parish Council is fully committed to compliance with
More informationDublin City University
Dublin City University Data Protection Policy Data Protection Policy Contents Purpose... 1 Scope... 1 Data Protection Principles... 1 Disclosure of Personal Data... 2 Summary of Responsibilities... 3 Rights
More informationThe Romanian Parliament adopts the present law. Chapter I: General Provisions
Law No. 677/2001 on the Protection of Individuals with Regard to the Processing of Personal Data and the Free Movement of Such Data, amended and completed The Romanian Parliament adopts the present law.
More informationGUIDE TO THE ISLE OF MAN DATA PROTECTION ACT. CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4
GUIDE TO THE ISLE OF MAN DATA PROTECTION ACT CONTENTS PREFACE 1 1. Background 2 2. Data Protections Principles 3 3. Notification Requirements 4 PREFACE The following provides general guidance on data protection
More informationData Protection Policy
Data Protection Policy September 2015 Contents 1. Scope 2. Purpose 3. Data protection roles 4. Staff training and guidance 5. About the Data Protection Act 1998 6. Policy 7. The Information Commissioner's
More informationTable of contents: ***
Table of contents: *** In Europe the issue of personal data protection is settled by European Parliament s and European Council s Directive 95/46/WE of October 24, 1995 (which is basis of Polish regulations)
More informationCouncil of the European Union Brussels, 15 January 2015 (OR. en) NOTE German delegation Working Party on Information Exchange and Data Protection
Council of the European Union Brussels, 15 January 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 14705/1/14 REV 1 LIMITE DATAPROTECT 146 JAI 802 MI 805 DRS 135 DAPIX 150 FREMP 178 COMIX 568 CODEC
More informationInformation Governance Policy
Information Governance Policy 1 Introduction Healthwatch Rutland (HWR) needs to collect and use certain types of information about the Data Subjects who come into contact with it in order to carry on its
More informationDATA PROTECTION ACT 1998 COUNCIL POLICY
DATA PROTECTION ACT 1998 COUNCIL POLICY Page 1 of 5 POLICY STATEMENT Blackpool Council recognises the need to fully comply with the requirements of the Data Protection Act 1998 (DPA) and the obligations
More informationPOLICY. on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY
POLICY on the Protection of Personal Data of Persons of Concern to UNHCR DATA PROTECTION POLICY CONTENTS 2 DATA PROTECTION POLICY 1 GENERAL PROVISIONS... 6 1.1 Purpose... 7 1.2 Rationale... 7 1.3 Scope...
More informationArticle 29 Working Party Issues Opinion on Cloud Computing
Client Alert Global Regulatory Enforcement If you have questions or would like additional information on the material covered in this Alert, please contact one of the authors: Cynthia O Donoghue Partner,
More informationPersonal information, for purposes of this Policy, includes any information which relates to an identified or an identifiable person.
PART I: INTRODUCTION AND BACKGROUND Purpose This Data Protection Binding Corporate Rules Policy ( Policy ) establishes the approach of Fluor to compliance with European data protection law and specifically
More informationData protection compliance checklist
Data protection compliance checklist What is this checklist for? This checklist is drawn up on the basis of analysis of the relevant provisions of European law. Although European law aims at harmonizing
More informationOBJECTS AND REASONS. (a) the regulation of the collection, keeping, processing, use or dissemination of personal data;
OBJECTS AND REASONS This Bill would provide for (a) the regulation of the collection, keeping, processing, use or dissemination of personal data; (b) the protection of the privacy of individuals in relation
More informationCOMMISSION REGULATION (EU) No /.. of XXX
EUROPEAN COMMISSION Brussels, XXX [ ](2013) XXX draft COMMISSION REGULATION (EU) No /.. of XXX on the measures applicable to the notification of personal data breaches under Directive 2002/58/EC on privacy
More informationCouncil of the European Union Brussels, 9 March 2015 (OR. en)
Council of the European Union Brussels, 9 March 2015 (OR. en) Interinstitutional File: 2012/0011 (COD) 6834/15 DATAPROTECT 27 JAI 157 MI 145 DRS 19 DAPIX 31 FREMP 46 COMIX 103 CODEC 296 NOTE From: To:
More informationIndex. Definitions. What is Data Protection? Rights of Individuals. The 8 Principles of Data Protection
Data Protection Awareness Based on DIT s Data Protection Policy, the Data Protection Acts, 1988 & 2003 and guidance from the Office of the Data Protection Commissioner Index Definitions What is Data Protection?
More informationEU Data Protection Reforms Challenges for Business
www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation
More informationEU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update. By Stephen H. LaCount, Esq.
EU Data Protection Directive and U.S. Safe Harbor Framework: An Employer Update By Stephen H. LaCount, Esq. Overview The European Union Data Protection Directive 95/46/EC ( Directive ) went effective in
More information235.1. Federal Act on Data Protection (FADP) Aim, Scope and Definitions
English is not an official language of the Swiss Confederation. This translation is provided for information purposes only and has no legal force. Federal Act on Data Protection (FADP) 235.1 of 19 June
More information10 DATABASE PRACTICE
10 DATABASE PRACTICE Background Marketers must comply with all relevant data protection legislation. Guidance on that legislation is available from the Information Commissioner's Office. Although data
More informationPrivacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they
More informationFRANCE. Chapter XX OVERVIEW
Chapter XX FRANCE Merav Griguer 1 I OVERVIEW France has an omnibus privacy, data protection and cybersecurity framework law. As a member of the European Union, France has implemented the EU Data Protection
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationComparison of the Parliament and Council text on the General Data Protection Regulation
Comparison of the Parliament and Council text on the General Data Protection Regulation General comments The Council text and the Parliament text are both based on the Commission's proposal and as such
More information***I DRAFT REPORT. EN United in diversity EN 2012/0011(COD) 17.12.2012
EUROPEAN PARLIAMT 2009-2014 Committee on Civil Liberties, Justice and Home Affairs 17.12.2012 2012/0011(COD) ***I DRAFT REPORT on the proposal for a regulation of the European Parliament and of the Council
More informationON MUTUAL COOPERATION AND THE EXCHANGE OF INFORMATION RELATED TO THE OVERSIGHT OF AUDITORS
Mr. Ryutaro Hatanaka Commissioner Financial Services Agency Government of Japan 3-2-1 Kasumigaseki Chiyoda-ku, Tokyo Japan 100-8967 Dr. Kunio Chiyoda Chairman Certified Public Accountants and Auditing
More informationBusiness Ethics Policy
Business Ethics Policy The WCH Ltd Ethics Code The business philosophy of WCH has been developed around a core set of values which are fundamental to the organisation s development and success. One of
More information.. ~; ;w._.. BRE-JBZ. From: Sent: To: Subject: Attachments: Importance: High. Follow Up Flag: Flag Status:
BRE-JBZ From: Sent: To: Subject: Attachments: Importance: Follow Up Flag: Flag Status: Kaai, Geran vrijdag 3 april 2015 15:56 Verweij, Ellen FW: Data protection: European Banking Federation (EBF)suggestions
More information10227/13 GS/np 1 DG D 2B
COUNCIL OF THE EUROPEAN UNION Brussels, 31 May 2013 10227/13 Interinstitutional File: 2012/0011 (COD) DATAPROTECT 72 JAI 438 MI 469 DRS 104 DAPIX 86 FREMP 77 COMIX 339 CODEC 1257 NOTE from: Presidency
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationData Protection Policy.
Data Protection Policy. Data Protection Policy Foreword 2 Foreword Ladies and Gentlemen, In the information age, we offer customers the means to be always connected, even in their cars. This requires data
More informationSTATUTORY INSTRUMENTS. S.I. No. 336 of 2011
STATUTORY INSTRUMENTS. S.I. No. 336 of 2011 EUROPEAN COMMUNITIES (ELECTRONIC COMMUNICATIONS NETWORKS AND SERVICES) (PRIVACY AND ELECTRONIC COMMUNICATIONS) REGULATIONS 2011 (Prn. A11/1165) 2 [336] S.I.
More information