Weitere ähnliche Inhalte Ähnlich wie Leila Golchehreh - Adaptive Insights - Intro to New EU GDPR Data Privacy Rules for Companies - Stanford - Feb 26 2018 (20) Kürzlich hochgeladen (20) Leila Golchehreh - Adaptive Insights - Intro to New EU GDPR Data Privacy Rules for Companies - Stanford - Feb 26 20183. General Data Protection Regulation (GDPR)
4
Agenda:
What is the GDPR?
To whom does it apply?
Why should we care?
When should we start caring?
How does it impact you and your work?
Presentation Does Not Constitute Legal Advice | No Attorney-Client Relationship Formed | Expressions of Opinion Only
© 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary
4. 5
What is the GDPR?
A European law on the protection of
Personal Data.
“Personal Data” = any information that
relates to a person (identified or
identifiable).
The GDPR is meant to:
(i) address new technological
developments;
(ii) update EU data protection laws e.g.,
the e-Privacy Directive (2002); and
(iii) help harmonize data protection laws
across the EU’s 28 Member States.
© 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary
5. 6
To summarize:
If the Personal Data involves a:
(a) European person;
(b) European company; or
(c) company outside the EU
targeting individuals in the EU,
the GDPR applies.
GDPR applies to:
All persons or entities controlling or
processing EU Personal Data anywhere
in the world, which includes by third-
party subprocessors.
© 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary
To whom does the
GDPR apply?
6. © 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary 7
1. It’s the law. Or miss out on a $17
Trillion European market
opportunity.
2. Your customers care. Or will care.
3. Your company’s reputation.
4. It’s the right thing to do.
5. The fines.
Top 5 reasons:
Why should we care?
7. Two Tiers of Fines
© 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary 8
Tier 1
The Higher of
10M Euro
2% of Worldwide
Revenue
Tier 2
The Higher of
20M Euro
4% of Worldwide
Revenue
8. © 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary 9
Right Now:
there’s a lot to do!
Effective Date:
May 25, 2018
When should we
start caring?
9. © 2018 Adaptive Insights | Leila R. Golchehreh | Proprietary 10
• Carry out Global Data Inventory & Mapping
• New Agreements: Customers, data
subjects, intracompany agreements,
vendors, privacy statements
• Create Art. 30 Records of Processing
• Identify the impact on your product functionality
and required technical developments, e.g. the
right to be forgotten/data deletion, data
portability, logging functionality, data
minimization (access)
• Conduct Data Protection Impact Assessments
• Potentially appoint a Data Protection Officer
(Arts. 37-39)
• Data Breach Notification – 72 hours (IRP)
• Ensure Unbundled, Verifiable Consent
How does it impact you?
Key Highlights
Not a comprehensive list.