The new General Data Protection Regulation (GDPR) is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive.
In our ongoing series of GDPR-focused webinars, we guide attendees through the (GDPR) provisions, which will take effect on May 25, 2018 for all companies conducting business with EU citizens.
With the deadline for compliance quickly approaching, these sessions provide practical, detailed advice on preparations, as well as developments related to GDPR compliance preparations. We have included links to each of these sessions and a summary of what was covered below.
These past presentations and webinar recordings can be viewed online or downloaded:
- Outlines a high-level plan for preparing for implementation
- How to conduct a data inventory and mapping, including identifying what personal data is collected, where it is stored, how it is being used and how long it is being retained.
- Requirements concerning the appointment of a Data Protection Officer, options for structuring the role, required skills and training, and restrictions relating to conflicts of interest.
- Overview of the content of a Data Protection Impact Assessment (DPIA), suggested options for implementing an internal DPIA process, and highlights of when a DPIA must be submitted to data protection authorities.
- Determining a lead data protection authority and options for companies whose existing structures do not allow them to take advantage of this one-stop-shop mechanism.
- A review of the main elements of data portability, when data portability applies, its relationship to other rights and how portable data must be provided.
The legal bases for processing personal data, the conditions for valid consent to processing personal data, and when the legitimate interest provision applies.