After a long wait, the California Attorney General’s (AG) office held a news conference on October 10, 2019, and published proposed regulations implementing the California Consumer Privacy Act (CCPA). Companies gearing up for CCPA’s January 1, 2020, effective date should quickly review and assess the proposed regulations’ potential effects on their operations and consider attending upcoming public hearings or submitting public comments by December 6, 2019.
In preparation for the General Data Protection Regulation (GDPR), set to take effect in the EU on May 25, 2018, we have hosted a series of webinars to help attendees navigate the changing data protection landscape. The GDPR is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive, and will affect any company that processes data pertaining to individuals in the EU. Please find more information on the presentations below:
- Overview of Preparing for the General Data Protection Regulation (GDPR): A high-level plan for preparing for GDPR implementation.
- Conducting a Data Inventory and Mapping: The process of conducting a data inventory and mapping.
- Establishing a Data Protection Officer: The requirements and considerations concerning the appointment of a Data Protection Officer.
- Conducting Data Protection Impact Assessments: The requirements and considerations for conducting a data protection impact assessment.
- Determining Your Lead Data Protection Authority: Determining a lead data protection authority and options for companies whose existing structures do not allow them to take advantage of this mechanism.
- Right to Data Portability: Determining the scope of the new data subject right to data portability, when it applies and what it means in practice.
- Legal Bases for Processing: The provisions of legal bases for the processing of personal data.
- Transparency: The provisions of the GDPR transparency requirement and its effects on data subject rights.
- Automated Processing and Profiling: Understanding the automated processing and profiling rights of data subjects under the new GDPR.
- Data Breach Notification: Circumstances in which notification is required and how to implement effective incident response plans.
- International Data Transfers: The key requirements for international data transfers, including actual and potential changes to existing transfer mechanisms.