View
1
Download
0
Category
Preview:
Citation preview
GDPR – Iceland
Dr. Ross Federgreen, CIPM, CIPP/US/E/C/G Fellow – European Privacy Association
January 2017
Why Does It Matter?
CONFIDENTIAL 2
What You Will Take Away
• Critical Components of the GDPR
• Global Effect
• Benefits of CSR Readiness® Pro
CONFIDENTIAL 3
GDPR
CONFIDENTIAL 4
Replaced 94/95 Data Protection Directive
Approved December 2015 – Effective May 2018 (now)
Officially Numbered: Regulation 2016/679
GENERAL DATA PROTECTION REGULATION
Modernize Data Protection Strengthen Citizen’s Rights
Harmonize Member State Laws Streamline Data Protection Agencies (One-Stop-Shop)
Iceland
CONFIDENTIAL 5
Regulation no. 712/2008 of notification obligations and authorization processing of personal data
Act on the Protection and Processing of Personal Data, No. 77/2000
• All electronic processing of personal data, which falls under the Data Protection Act, must be notified to the Icelandic Data Protection Authority, by the controller of the data, unless an exemption applies.
No rules. 837/2006 on electronic monitoring and processing of personal data by electronic monitoring
• Already closely related to the GDPR • “7. Consent: A specific, unambiguous declaration, which is given freely by
an individual, signifying that he agrees…”
6 CONFIDENTIAL
Important Points
• Consent – Opt-In
Complexity
• Data Subject Rights – Unobstructed access
– 30 days to respond
– Copy, modify, transfer, erase
• 173 Recitals, 99 Articles • Global reach
• Records of Processing Activities – Applies to Controller & Processor
– Derogation for under 250 employees
• Data Protection Officer – Expert knowledge & experience
– Shortage of experts
• Third-Parties / Processors – Data Protection Officer law applicable
– Compliance within Contract
Important Points Global Reach
CONFIDENTIAL 7
• Territorial Scope – Established controller or processor in the EU, regardless
of processing location
– Controller or processor, regardless of location, that processes EU personal data related to:
• Offering of goods or services (regardless of payment)
• Monitoring of behavior (for behavior taking place in the EU
Article 3
CSR Readiness Pro®
CONFIDENTIAL 8
Readiness delivers a PROACTIVE solution
SELF-ASSESSMENT QUESTIONNAIRE REMEDIATION OFFERINGS
Best Practices / Templates
COMPLETE
Expires 01/28/17
SELF ASSESSED
DISPLAY SEAL
MAINTAIN
Appendix
Program Components
CONFIDENTIAL 9
User clicks “Register” from the Sidebar Menu Built in work-flow directs users to the appropriate screen
Welcome Page
User Completes at Own Pace
CONFIDENTIAL 10
Readiness covers 6 domains: Privacy, Compliance, Security, Incident Response, Governance, and Iceland specific questions.
The status bar, shown above, lets user track completion progress.
Results and Action Steps Page
CONFIDENTIAL 11
Scores
Follow instructions to improve processes
Download and implement best practices and purchase policies
Best Practices and Policies
CONFIDENTIAL 12
Best Practices Documents
Policies
Train employees on policies and procedures
Certification of Readiness Completion
Upon completion of the Readiness questionnaire, remediation instructions and implementation of policies and best practices, your business customers will earn a Certificate of Completion and receive their ID Stay Safe Seal.
Appendix
Readiness assists in “demonstrating compliance” for GDPR Article 5.2: Accountability
THANK YOU
rfedergreen@csrps.com Headquarters: +1 772.225.0007 Toll Free: +1 888.294.6971
Ross Federgreen
Recommended