Impact of EU General Data Protection Regulation
|
|
- Kenneth Butler
- 7 years ago
- Views:
Transcription
1 Impact of EU General Data Protection Regulation A White Paper Thursday 15 October 2015 The law stated is correct as of this date. This does not constitute legal advice and it is highly recommended to seek professional legal advice when in any doubt about understanding your rights and obligations in order to comply with the law and regulations that impact marketing. Further information is available at GO DPO is a European Community Mark of EU Compliance and Recruitment Ltd.
2 Why is the EU General Data Protection Regulation a game of financial jeopardy? A crucial point about the forthcoming EU General Data Protection Regulation (GDPR) is buried deep in Amendment 188 of Article 79 that deals with the harmonisation of administrative sanctions. Now that may not sound like a very sexy subject but read on! The GDPR creates what s often referred to as a strict liability offence and Data Controllers will need to be alert to the risks they re taking by not doing that they should ve done. Article 79 is like a game of financial jeopardy as it punishes Data Controllers for the omissions of not complying with the principles of GDPR and recidivists can expect the tariff to increase with every subsequent administrative breach. This part of the proposed EU Regulation is largely hidden from view mainly because data breaches at Carphone Warehouse and other big companies tend to grab the news headlines. An internal European Commission document published in May 2015 this year following the DAPIX meeting on 21 April 2015 may have passed by largely unnoticed but makes chilling reading for any Data Controller or Data Processor. The document states: In order to strengthen the enforcement of the rules of this Regulation, penalties and administrative fines may be imposed for any infringement of the Regulation, in addition to, or instead of appropriate measures imposed by the Supervisory Authority pursuant to this Regulation. Numerically, there s a higher risk of being fined for an administrative breach under Article 79 and therefore it presents a much bigger risk than a data breach. Article 79, Amendment 118 (2)(J) provides a list of factors that will be taken into account in fining a company for an administrative breach: failure to implement data protection by default - Article 23 failure to take adequate steps to safeguard the security of data processing - Article 30 failure to have carried out a Data Protection Impact Assessment (DPIA) - Article 33 failure to carry out a Data Protection Compliance Review (DPCR) Article 33a failure to designate a Data Protection Officer (DPO) Article 35 In any of the above administrative breaches, a commercial organisation runs the risk of being fined between 2-5% of global turnover or 100m. So an administrative breach is just as serious as a personal data breach and don t assume you ll be able to get away with a slap on the wrist from the Supervisory Authority you won t. Further information: 2
3 In many respects an administrative breach lowers the bar for getting fined as there s no requirement to show damage or distress has been caused but merely a breach of the administrative principles of the EU Regulation. We ve identified 28 separate administrative breaches lurking in the GDPR that could catch out even the most vigilant of Data Controllers and which represent a major risk to business continuity. Hidden dangers of administrative fines buried in the EU General Data Protection Regulation (GDPR) Administrative breach under GDPR If the Data Controller takes longer than 40 working days in order to process a Subject Access Request (SAR) If the Data Controller charges the Data Subject for a SAR If the Data Controller does not do a full SAR in 40 working days showing the data being held on the Data Subject in a transparent manner If the Data Controller does not perform correct data erasure or data rectification that infringes the rights of the Data Subject If the Data Controller does not allow for data portability for the Data Subject s personal data Administrative fines<0.5% of annual worldwide Administrative fines <0.5% of annual worldwide If the Data Controller does not allow the Data Subject to object to profiling If the Data Controller has not sorted out joint Data Controller documentation and responsibilities if required under the GDPR (under contract) Further information: 3
4 Administrative breach under GDPR If the Data Controller has failed to keep documentation covering data processing upto-date and this includes not having conducted a Data Protection Impact Assessment (DPIA) and a Data Protection Compliance Review (DPCR) If the Data Controller has failed to keep documentation for a Personal Data Breach (PDB) If the Data Controller processes personal data without the correct legal basis for doing so or documented. For example, lack of consent or other conditions such as to perform the contract, the need to have conducted a DPIA and/or DPCR, etc If the Data Controller has failed to collect consent or is unable to show consent to data processing from the Data Subject If the Data Controller fails to process a child s (under 13 years) data correctly or does not possess the correct consent to do so If the Data Controller fails to process special (sensitive) data correctly or does not possess the correct consent to do so Further information: 4
5 Administrative breach under GDPR If the Data Controller does not allow the Data Subject to object to the outcomes of profiling If the Data Controller cannot demonstrate the organisation has the appropriate organisational and technical (security) measures to process personal data under the GDPR (has failed to conduct DPIA and DPCR) If the Data Controller is outside of the European Union and does not have a representative in the European Union Where a Data Processor is used, the Data Controller has not assured itself that data processing is compliant with the GDPR If the Data Controller does not report a PDB notification to the Supervisory Authority in time or correctly with full information If the Data Controller does not inform the Data Subject about a PDB (if required) by the Supervisory Authority Further information: 5
6 Administrative breach under GDPR If the Data Controller does not carry out a DPIA prior to data processing or in lieu of that fails to consult with the Supervisory Authority prior to the DPIA If the Data Controller does not comply with the GDPR and uses a EU Certified Data Seal If the Data Controller does not transfer data outside of the EU in accordance under GDPR If the Data Controller does not stop data processing after an Enforcement Order (or in breach of an Undertaking) If the Data Controller transfers data after an Enforcement Order (or in breach of an Undertaking) If the Data Controller does not allow access to its premises and/or documentation with respect to data processing as governed under the GDPR Does not designate a Data Protection Officer (DPO) Further information: 6
7 Administrative breach under GDPR If the Data Controller does not use or cannot demonstrate data protection by design and by default If the Data Controller does not carry out a DPCRs when required The precedent for this move was set with the removal of the need to show pure harm or distress in Regulation 21 of the EU Privacy and Electronic Communications Regulations (PECR) that happened in April At a simplistic level, an administrative sanction applied say in Germany needs to be the same as that applied in the UK and vice versa, given that the GDPR is for the whole of the European Union. The internal European Commission document places a duty on the shoulders of Supervisory Authorities to harmonise financial penalties and sanctions that will implement a system which provides for effective, proportionate and dissuasive penalties in accordance with European competition law. Further information: 7
8 About the authors of this White Paper Martin Hickley is Director of Data Protection & Privacy at GO DPO EU Compliance Ltd. A data governance, protection and privacy specialist with 25 years of experience mediating with regulators (FCA, ICO, DVLA and Dep Ed) in the world of data and information, working in blue chip companies where data is the raison d'être of the organisation. Experienced in data management, data governance, privacy, risk, compliance and security he takes a global and enterprise view of how data should be fashioned to meet all known current and future business objectives within the evolving regulatory framework. Martin is a Fellow of the British Computer Society. Co-author of Data Protection and Privacy: A Practical Guide to complying with the EU General Data Protection Regulation and Data Protection Officer s Handbook, both to be published by Kogan Page in Martin Hickley can be reached on / martin@godpo.eu Ardi Kolah LL.M FCIM is Director of Training and Content at GO DPO EU Compliance Ltd. He is co-author of Data Protection and Privacy: A practical guide to complying with the EU General Data Protection Regulation and The Data Protection Officer s Handbook: Your guide to the skills and knowledge required under the EU General Data Protection Regulation to be published by Kogan Page in early He s Chairman of the Law & Marketing Committee, Worshipful Company of Marketors and formerly a director of The Defence Academy of the UK. Ardi Kolah can be reached on / ardi@@godpo.eu Further information: 8
The Data Protection Landscape. Before and after GDPR: General Data Protection Regulation
The Data Protection Landscape Before and after GDPR: General Data Protection Regulation Data Protection regulations across Europe Current regulations & guidance European Directives 95/46/EC (Data Protection)
More informationDATA PROTECTION OFFICER PROGRAMME
EXECUTIVE EDUCATION DATA PROTECTION OFFICER PROGRAMME BE EXCEPTIONAL. THE HENLEY WAY. www.henley.ac.uk/dpo DATA PROTECTION OFFICER PROGRAMME The biggest European-wide reform of data protection and privacy
More informationNew EU Data Protection legislation comes into force today. What does this mean for your business?
24 th May 2016 New EU Data Protection legislation comes into force today. What does this mean for your business? After years of discussion and proposals, the General Data Protection Regulation ( GDPR )
More informationImpact of EU General Data Protection Regulation on marketing in financial services
Impact of EU General Data Protection Regulation on marketing in financial services Hand-out on the seminar held at Cass Business School, London Tuesday 27 January 2015 This hand-out has been produced with
More informationEU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014
EU Data Protection and Information Security for Banking & Financial Service sectors 4 th December 2014 Janine Regan, Associate George Willis, Associate charlesrussellspeechlys.com Janine Regan Associate
More informationData and Cyber Laws Up-date 9 July 2015
Data and Cyber Laws Up-date 9 July 2015 Janine Regan Alexia Zuber Viktoria Protokova Simon Holdsworth charlesrussellspeechlys.com Topics Updates on the key aspects of, and commentary on, the proposed GDPR
More informationThe Impact of EU Data Protection Legislation. Thomas Rivera Hitachi Data Systems
Privacy PRESENTATION vs Data TITLE Protection: GOES HERE The Impact of EU Data Protection Legislation Thomas Rivera Hitachi Data Systems SNIA Legal Notice The material contained in this tutorial is copyrighted
More informationPosition of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015
2 September 2015 Position of the retail and wholesale sector on the Draft Data Protection Regulation in view of the trilogue 2015 We support the efforts of EU legislators to create a harmonised data protection
More informationSecurity breaches: A regulatory overview. Jonathan Bamford Head of Strategic Liaison
Security breaches: A regulatory overview Jonathan Bamford Head of Strategic Liaison Security breaches and the DPA Data controllers security obligation - principle 7 of the DPA o Appropriate technical and
More informationMONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY
MONMOUTHSHIRE COUNTY COUNCIL DATA PROTECTION POLICY Page 1 of 16 Contents Policy Information 3 Introduction 4 Responsibilities 7 Confidentiality 9 Data recording and storage 11 Subject Access 12 Transparency
More informationPrivacy vs Data Protection. PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems
Privacy vs Data Protection PRESENTATION TITLE GOES HERE Eric A. Hibbard, CISSP, CISA Hitachi Data Systems Introduction The terms privacy and data protection are often used interchangeable In reality they
More informationProfessional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal Form
Tranznet Association Inc Arranges the insurance IMPORTANT INFORMATION Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal
More informationGDPR & Service Providers ( Cloud Focus )
OASIS / EEMA Digital Enterprise Europe 2015 Building Trust in the Hyperconnected World 8 July 2015 GDPR & Service Providers ( Cloud Focus ) Kuan Hon Senior Researcher, Cloud Legal Project & Microsoft Cloud
More informationInsurance Europe key messages on the European Commission's proposed General Data Protection Regulation
Position Paper Insurance Europe key messages on the European Commission's proposed General Data Protection Regulation Our reference: SMC-DAT-12-064 Date: 3 September 2012 Related documents: Proposal for
More informationData, Privacy, Cookies and the FTC in 2013. Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller
Data, Privacy, Cookies and the FTC in 2013 Kevin Stark - ExactTarget Maltie Maraj - ExactTarget Nicholas Merker - Ice Miller BIOS Kevin Stark: Product Manager at ExactTarget. Focused on data security,
More informationHelping to protect your business and your customers in the event of a data breach
Helping to protect your business and your customers in the event of a data breach Equifax Data Breach Assistance helps you respond more quickly and effectively, limiting the reputational damage to your
More informationCloud Security under Forthcoming Laws
SecureCloud 2016 25 May 2016 Cloud Security under Forthcoming Laws Kuan Hon kuan.hon@pinsentmasons.com k@kuan0.com The laws, they are a-changin Cloud security under General Data Protection Regulation Proposed
More informationMarket Watch. Further observations from suspicious transaction reporting (STR) supervisory visits. Contents
Financial Conduct Authority Market Watch Newsletter on market conduct and transaction reporting Issues April 2016 / No. 50 Contents Further observations from suspicious transaction reporting (STR) supervisory
More informationEU Data Protection Reforms Challenges for Business
www.pwc.com Contents EU Data Protection Reforms Challenges for Business July 2014 1. Introduction 2. The need for change 3. Changes and challenges 4. Recommendations 5. Conclusion 6. For a deeper conversation
More informationFINLAND. 1. Provisions in place in the Member States on REACH penalties
FINLAND 1. Provisions in place in the Member States on REACH penalties The table below has been compiled on the basis of the information provided in the legislation sent by Finland in its notification
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Businesses (Credit Information) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 4 of the the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S
More information1 Data Protection Principles
Today, our personal information is being collected, shared, stored and analysed everywhere. Whether you are browsing the internet, talking to a friend or making an online purchase, personal data collection
More informationData Protection in Clinical Studies Implications of the New EU General Data Protection Regulation
June 19, 2012 Practice Group(s): Health Care Life Sciences Data Protection in Clinical Studies Implications of the New EU General Data Protection Regulation By Mathias Schulze Steinen and Daniela Bohn
More informationImplications of the European Commission s proposal for a general data protection regulation for business
Implications of the European Commission s proposal for a general data protection regulation for Final report to the Information Commissioner s Office Prepared by May 2013 About is one of Europe's leading
More informationGDPR & Cloud Providers Keynote Presentation
Cloudscape VII 9 March 2015 GDPR & Cloud Providers Keynote Presentation Kuan Hon Research Consultant, Cloud Legal Project & MCCRC Centre for Commercial Law Studies Queen Mary, University of London w.k.hon@qmul.ac.uk
More informationThe Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation. Initial Discussion Paper
The Role and Function of a Data Protection Officer in the European Commission s Proposed General Data Protection Regulation 1. Introduction Initial Discussion Paper The data protection officer ( DPO )
More informationATMD Bird & Bird. Singapore Personal Data Protection Policy
ATMD Bird & Bird Singapore Personal Data Protection Policy Contents 1. PURPOSE 1 2. SCOPE 1 3. COMMITMENT TO COMPLY WITH DATA PROTECTION LAWS 1 4. PERSONAL DATA PROTECTION SAFEGUARDS 3 5. ATMDBB EXCEPTIONS:
More informationDemystifying Cyber Insurance. Jamie Monck-Mason & Andrew Hill. Introduction. What is cyber? Nomenclature
Demystifying Cyber Insurance Jamie Monck-Mason & Andrew Hill Introduction What is cyber? Nomenclature 1 What specific risks does cyber insurance cover? First party risks - losses arising from a data breach
More informationSouth East Asia: Data Protection Update
Data Privacy and Security Team To: Our Clients and Friends September 2013 South East Asia: Data Protection Update Europe has had data protection laws in place for over a decade. Such laws regulate how
More informationThe European General Data Protection Regulation. A guide for the insurance industry
The European General Data Protection Regulation A guide for the insurance industry IMPORTANT NOTE: This guide is based on the politically agreed compromise text agreed by the European Commission, EU Parliament
More informationLAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE
LAW FOR THE ELECTRONIC DOCUMENT AND ELECTRONIC SIGNATURE Prom. SG. 34/6 Apr 2001, amend. SG. 112/29 Dec 2001, amend. SG. 30/11 Apr 2006, amend. SG. 34/25 Apr 2006, amend. SG. 38/11 May 2007, amend. SG.
More informationFactsheet on the Right to be
101010 100101 1010 101 Factsheet on the Right to be 100 Forgotten ruling (C-131/12) 101 101 1) What is the case about and what did 100 the Court rule? 10 In 2010 a Spanish citizen lodged a complaint against
More information2015 No. 1945 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Credit Information) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 1945 FINANCIAL SERVICES AND MARKETS The Small and Medium Sized Business (Credit Information) Regulations 2015 Made - - - - 26th November 2015 Coming into
More informationHow To Know What You Can Expect From A Charity Trustee Liability
Trustee guide Summary of the potential personal liabilities associated with becoming the trustee of a charity David Tyler, Chair of Insurance Working Group and Sarah Payne, Solicitor at Bates Wells & Braithwaite
More informationComments and proposals on the Chapter IV of the General Data Protection Regulation
Comments and proposals on the Chapter IV of the General Data Protection Regulation Ahead of the trialogue negotiations later this month, EDRi, Access, Panoptykon Bits of Freedom, FIPR and Privacy International
More informationClient Update Fourth Anti-Money Laundering Directive Comes Into Force
1 Client Update Fourth Anti-Money Laundering Directive Comes Into Force OVERVIEW LONDON Karolos Seeger kseeger@debevoise.com Matthew Howard Getz mgetz@debevoise.com Alex Parker aparker@debevoise.com Ceri
More informationDefinitions. Catch-all definition:
BUSINESS ASSOCIATE AGREEMENT THESE PROVISIONS MAY STAND ALONE AS A BUSINESS ASSOCIATE AGREEMENT, OR MAY BE INCORPORATED INTO A LARGER, MORE COMPREHENSIVE CONTRACT WITH THE BUSINESS ASSOCIATE TO COVER OTHER
More informationFood Law and Due Diligence Defence
The Society of Food Hygiene and Technology INTRODUCTION This document explains the general requirements of food law and covers the main EC and UK legislation on food imports and exports, safety, traceability,
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version December 1, 2013 1. Scope and order of precedence This is an agreement concerning the Processing of Personal Data as part of Oracle s Cloud Services
More informationA guide for in-house lawyers
A guide for in-house lawyers June 2015 The Proposed EU General Data Protection Regulation Index Introduction to the Regulation - 3 Progress of the Regulation - 4 Using this Guide - 5 Conceptual Overview
More informationMerthyr Tydfil County Borough Council. Data Protection Policy
Merthyr Tydfil County Borough Council Data Protection Policy 2014 Cyfarthfa High School is a Rights Respecting School, we recognise the importance of ensuring that the United Nations Convention of the
More informationData Protection Avoiding Information Commissioner Fines. Caroline Egan 5 June 2014
Data Protection Avoiding Information Commissioner Fines Caroline Egan 5 June 2014 Why is data protection a hot topic in pensions? Pension schemes hold large amounts of personal data Individuals more aware
More informationDirect Marketing Rules
Direct Marketing Rules Is your business compliant? June 2016 Our expertise Banking & Finance Charities Commercial Construction Corporate Corporate Tax Disputes Employment Family & Matrimonial Immigration
More informationClause 1. Definitions and Interpretation
[Standard data protection [agreement/clauses] for the transfer of Personal Data from the University of Edinburgh (as Data Controller) to a Data Processor within the European Economic Area ] In this Agreement:-
More informationInternal Audit and supervisory expectations building on progress
1 Internal Audit and supervisory expectations building on progress Speech given by Sasha Mills, Director, Cross Cutting Policy, Bank of England Ernst & Young, London 3 February 2016 2 Introductions Hello,
More informationThe era of hacks and cyber regulation
6 February 2014 The era of hacks and cyber regulation We trust that you are well versed with the details of the various cyber-attacks that made the headlines towards the end of 2014, and early this year,
More informationData Protection Ensuring high level of privacy while promoting business innovation and competition
Data Protection Ensuring high level of privacy while promoting business innovation and competition Tele2 AB, Skeppsbron 18 P.O Box 2094, SE-103 13 STOCKHOLM, SWEDEN Tel +46 8 5620 0000, Fax +46 8 5620
More information5419/16 ADD 1 VH/np 1 DGD 2C
Council of the European Union Brussels, 17 March 2016 (OR. en) Interinstitutional File: 2012/0011 (COD) 5419/16 ADD 1 DRAFT STATEMT OF THE COUNCIL'S REASONS Subject: DATAPROTECT 2 JAI 38 MI 25 DIGIT 21
More informationNotification of data security breaches to the Information Commissioner s
ICO lo Notification of data security breaches to the Information Commissioner s Data Protection Act Contents Overview... 2 What the DPA says... 2 Reporting a breach... 2 Potential detriment to data subjects...
More informationINTERNATIONAL SOS. Data Protection Policy. Version 1.05
INTERNATIONAL SOS Data Protection Policy Document Owner: LCIS Division Document Manager: Group General Counsel Effective: December 2008 Revised: 2015 All copyright in these materials are reserved to AEA
More informationIn England and Wales, two types of law may come into play following an accident or incident on an activity or visit criminal and/or civil.
Underpinning Legal Framework This document sets out to provide an overview of what the law requires and how to comply with it. It also explains what may happen following an accident or incident. Criminal
More informationData Protection and Information Security. Procedure for reporting a breach of data security. April 2013
Data Protection and Information Security Procedure for reporting a breach of data security April 2013 Page 1 of 6 Created on: 01/04/2009 Contents 1 Introduction... 3 2 Data Classification... 3 3 What Is
More informationProfessional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal Form
Tranznet Association Inc Arranges the insurance IMPORTANT INFORMATION Professional Trainers, Licensing Assessment and Consultancy Services Professional Indemnity and Public Liability Insurance Proposal
More informationEU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda?
EU Regulatory Trends in Data Protection & Cybersecurity What should be on the industry s agenda? Dr. Jörg Hladjk Counsel European Data Protection & Privacy Practice Hunton & Williams, Brussels Cyber Security
More informationImplementing and monitoring effective compliance policies & procedures. charlesrussellspeechlys.com
Implementing and monitoring effective compliance policies & procedures charlesrussellspeechlys.com Robert Bond Partner Robert Bond has over 36 years' experience in advising national and international clients
More informationData Protection Act. Conducting privacy impact assessments code of practice
Data Protection Act Conducting privacy impact assessments code of practice 1 Conducting privacy impact assessments code of practice Data Protection Act Contents Information Commissioner s foreword... 3
More informationVideo surveillance policy (PUBLIC)
29 July 2015 EMA/133708/2015 Administration Division POLICY/0046 POLICY/0046 Effective Date: 01/01/2015 Review Date: 01/01/2018 Supersedes: Version 1 1. Introduction and purpose For the safety and security
More informationACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS)
ACTION COLLECTION SERVICES INC. BUSINESS ASSOCIATE AGREEMENT (FOR MEDICAL PROVIDERS) THIS BUSINESS ASSOCIATE AGREEMENT (the Agreement ), is dated as of, by and between Action Collection Services Inc. (
More informationProcessor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries
Processor Binding Corporate Rules (BCRs), for intra-group transfers of personal data to non EEA countries Sopra HR Software as a Data Processor Sopra HR Software, 2014 / Ref. : 20141120-101114-m 1/32 1.
More informationAn overview of UK data protection law
An overview of UK data protection law Our team Vinod Bange Partner +44 (0)20 7300 4600 v.bange@taylorwessing.com Graham Hann Partner +44 (0)20 7300 4839 g.hann@taylorwessing.com Chris Jeffery Partner +44
More informationResponse of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16
Response of the Northern Ireland Human Rights Commission on the Health and Social Care (Control of Data Processing) NIA Bill 52/11-16 Summary The Northern Ireland Human Rights Commission (the Commission):
More informationDraft GDPR and health-related scientific research: Where do we stand with the EU Council?
Draft GDPR and health-related scientific research: Where do we stand with the EU Council? Gauthier Chassang, Lawyer BIOBANQUES Infrastructure, INSERM US013, France Data Protection for health: Enabling
More informationBUSINESS ASSOCIATE AGREEMENT
BUSINESS ASSOCIATE AGREEMENT This Agreement ( Agreement ) is made and entered into this day of [Month], [Year] by and between [Business Name] ( Covered Entity ), [Type of Entity], whose business address
More informationBig Data for Mutuals. Marc Dautlich 25 November 2013
Big Data for Mutuals Marc Dautlich 25 November 2013 Agenda BIG DATA What is it? OPPORTUNITIES What are they? LEGAL CHALLENGES How do we overcome them? LEGAL REFORM What can we do now to minimise impact?
More informationBig Data for Law Firms DAMIAN BLACKBURN
Big Data for Law Firms DAMIAN BLACKBURN PUBLISHED BY IN ASSOCIATION WITH Big data means big business By Simon Briskman, partner, technology & outsourcing group, Field Fisher Waterhouse LLP BIG DATA is
More informationAIRBUS GROUP BINDING CORPORATE RULES
1 AIRBUS GROUP BINDING CORPORATE RULES 2 Introduction The Binding Corporate Rules (hereinafter BCRs ) of the Airbus Group finalize the Airbus Group s provisions on the protection of Personal Data. These
More informationFirm Registration Form
Firm Registration Form Firm Registration Form This registration form should be completed by firms who are authorised and regulated by the Financial Conduct Authority. All sections of this form are mandatory.
More informationAccountability: Data Governance for the Evolving Digital Marketplace 1
Accountability: Data Governance for the Evolving Digital Marketplace 1 1 For the past three years, the Centre for Information Policy Leadership at Hunton & Williams LLP has served as secretariat for the
More informationData protection issues on an EU outsourcing
Data protection issues on an EU outsourcing Saam Golshani, Alastair Gorrie and Diego Rigatti, Orrick Herrington & Sutcliffe www.practicallaw.com/8-380-8496 Outsourcing can mean subcontracting a process
More informationContact: Kostas Rossoglou and Nuria Rodríguez digital@beuc.eu
Data Protection Proposal for a Regulation BEUC Position Paper Contact: Kostas Rossoglou and Nuria Rodríguez digital@beuc.eu Ref.: X/2012/039-27/07/2012 BUREAU EUROPÉEN DES UNIONS DE CONSOMMATEURS AISBL
More informationUK Data Protection Newsletter June 2015
UK Data Protection Newsletter June 2015 Headlines this month: n Data Protection reform update n New regulation must not lower data protection standards n Raid on Manchester Call Centre n Recent data breaches
More informationComments and Responses by FoeBuD for the EU Consultation on RFID, April 2008
Comments and Responses by FoeBuD for the EU Consultation on RFID, April 2008 Article 1 - Scope 1. This Recommendation provides guidance to Member States and stakeholders on the design and operation of
More informationData Protection Policy
Data Protection Policy Document Ref: DPA20100608-001 Version: 1.3 Classification: UNCLASSIFIED (IL 0) Status: ISSUED Prepared By: Ian Mason Effective From: 4 th January 2011 Contact: Governance Team ICT
More informationCloud computing and personal data protection. Gwendal LE GRAND Director of technology and innovation CNIL
Cloud computing and personal data protection Gwendal LE GRAND Director of technology and innovation CNIL 1 Data protection in Europe Directive 95/46/EC Loi 78-17 du 6 janvier 1978 amended in 2004 (France)
More informationProposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion
Page 1 sur 155 Proposal of regulation Com 2012 11/4 Directive 95/46/EC Conclusion Legal nature of the instrument Règlement Directive Directly applicable act in internal law 91 articles 34 articles Art.
More informationProtection. Code of Practice. of Personal Data RPC001147_EN_D_19
Protection of Personal Data RPC001147_EN_D_19 Table of Contents Data Protection Rules Foreword From the Data Protection Commissioner Introduction From the Chairman Data Protection Rules Responsibility
More informationBCS, The Chartered Institute for IT Consultation Response to:
BCS, The Chartered Institute for IT Consultation Response to: A Comprehensive Approach to Personal Data Protection in the European Union Dated: 15 January 2011 BCS The Chartered Institute for IT First
More informationMerchants and Trade - Act No 28/2001 on electronic signatures
This is an official translation. The original Icelandic text published in the Law Gazette is the authoritative text. Merchants and Trade - Act No 28/2001 on electronic signatures Chapter I Objectives and
More informationEvery company must have a company secretary, who cannot be the same person as a [Companies Act 1985 s.283(1)]
Roles and Responsibilities of the Company Secretary Every company must have a company secretary, who cannot be the same person as a [Companies Act 1985 s.283(1)] sole director. The company secretary is
More informationR430. Health, Health Systems Improvement, Child Care Licensing.
R430. Health, Health Systems Improvement, Child Care Licensing. R430-3. General Child Care Facility Rules Inspection and Enforcement. R430-3-1. Legal Authority and Purpose. This rule is adopted pursuant
More informationROEHAMPTON UNIVERSITY DATA PROTECTION POLICY
ROEHAMPTON UNIVERSITY DATA PROTECTION POLICY Originated by: Data Protection Working Group: November 2008 Impact Assessment: (to be confirmed) Recommended by Senate: 28 January 2009 Approved by Council:
More informationImproving self-regulation through (law-based) Corporate Data Protection Officials *
Improving self-regulation through (law-based) Corporate Data Protection Officials * Article by Christoph Klug ** The rise of globalization and multinational corporations is creating a pressing need for
More informationREGULATION 8. ELIGIBILITY TO PLAY FOR NATIONAL REPRESENTATIVE TEAMS
REGULATION 8 REGULATION 8. ELIGIBILITY TO PLAY FOR NATIONAL REPRESENTATIVE TEAMS 8.1 Subject to Regulation 8.2, a Player may only play for the senior fifteen-aside National Representative Team, the next
More informationCyber Security and Privacy Services. Working in partnership with you to protect your organisation from cyber security threats and data theft
Cyber Security and Privacy Services Working in partnership with you to protect your organisation from cyber security threats and data theft 2 Cyber Security and Privacy Services What drives your security
More informationOption Table - Directive on Statutory Audits of Annual and Consolidated Accounts
Option Table - Directive on Statutory Audits of Annual and Consolidated Accounts The purpose of this document is to highlight the changes in the options available to Member States and Competent Authorities
More informationCorporate ICT & Data Management. Data Protection Policy
90 Corporate ICT & Data Management Data Protection Policy Classification: Unclassified Date Created: January 2012 Date Reviewed January Version: 2.0 Author: Owner: Data Protection Policy V2 1 Version Control
More informationBusiness Associate Agreement
Business Associate Agreement This Business Associate Agreement (the Agreement ) is made by and between Business Associate, [Name of Business Associate], and Covered Entity, The Connecticut Center for Health,
More informationThe reform of the EU Data Protection framework - Building trust in a digital and global world. 9/10 October 2012
The reform of the EU Data Protection framework - Building trust in a digital and global world 9/10 October 2012 Questionnaire addressed to national Parliaments Please, find attached a number of questions
More informationSummary of Data Protection Requirements When transferring Data Outside the UK End Users
Summary of Data Protection Requirements When transferring Data Outside the UK End Users 14 May 2010 Background to transfers of the Data outside the UK Data can be transferred in a couple of ways in relation
More informationHold fire: Fire risk assessment Q&A
Hold fire: Fire risk assessment Q&A Making the right fire safety decisions in your business www.ic2cctv.com INTRODUCTION Navigating the perils of fire safety The risk of fire is a serious threat to safety.
More informationCorporate Compliance: A Global Perspective
Corporate Compliance: A Global Perspective 6/27/2012 37 Offices in 18 Countries Current Compliance Environment Ever-intensifying regulatory burden new areas of regulation existing regulations becoming
More information2015 No. 0000 FINANCIAL SERVICES AND MARKETS. The Small and Medium Sized Business (Finance Platforms) Regulations 2015
Draft Regulations to illustrate the Treasury s current intention as to the exercise of powers under clause 5 of the Small Business, Enterprise and Employment Bill. D R A F T S T A T U T O R Y I N S T R
More informationFIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS
FIRST DATA CORPORATION PROCESSOR DATA PROTECTION STANDARDS As a world leader in electronic commerce and payment services, First Data Corporation and its subsidiaries ( First Data entity or entities ),
More informationSelling Telematics Motor Insurance Policies. A Good Practice Guide
Selling Telematics Motor Insurance Policies A Good Practice Guide April 2013 1 INTRODUCTION 1.1 The purpose of the guidance This guidance sets out high-level actions that insurers should seek to achieve
More informationThe impact of the personal data security breach notification law
ICTRECHT The impact of the personal data security breach notification law On 1 January 2016 legislation will enter into force in The Netherlands requiring organisations to report personal data security
More information2015 No. 2059 PROFESSIONAL QUALIFICATIONS. The European Union (Recognition of Professional Qualifications) Regulations 2015
S T A T U T O R Y I N S T R U M E N T S 2015 No. 2059 PROFESSIONAL QUALIFICATIONS The European Union (Recognition of Professional Qualifications) Regulations 2015 Made - - - - 17th December 2015 Laid before
More informationCOMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
EUROPEAN COMMISSION Brussels, XXX [ ](2011) XXX draft COMMUNICATION FROM THE COMMISSION TO THE EUROPEAN PARLIAMENT, THE COUNCIL, THE EUROPEAN ECONOMIC AND SOCIAL COMMITTEE AND THE COMMITTEE OF THE REGIONS
More information3. Structuring your company in the UK
3. Structuring your company in the UK 3.1 Making sure the law is on your side The legal framework governing company registration in the UK The primary legislation governing the incorporation and registration
More informationAPRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME?
APRIL 2015 ARE YOU READY FOR THE SENIOR MANAGERS AND CERTIFICATION REGIME? Page 2 SECTION 1 INTRODUCTION In July 2014 the PRA and FCA published a joint consultation paper titled, Strengthening accountability
More informationslaughter and may The new EU Data Protection Regulation revolution or evolution?
slaughter and may The new EU Data Protection Regulation revolution or evolution? BRIEFING April 2012 Reform of Europe s data protection regime moved one step closer this January with the publication of
More information