TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
Personal data protection in Europe
1. PERSONAL DATA PROTECTION IN THE EUROPEAN UNION
17 SEPTEMBER 2018
BETAHAUS X & KIC EUROPE
DR. MIRA SULEIMENOVA, LL.M.
2. AGENDA FOR TODAY
15:00 - 15:15
15:15 - 15:30
15:50 - 16:00
16:00 - 16:40
16:40 - 17:00
15:30 - 15:50
Introduction
A Brief History of Data Protection in Europe
Data Protection in South Korea (PIPA) vs Situation in Europe (GDPR)
Coffee Break
GDPR Basics for International Startups
Q&A
3. A BRIEF HISTORY OF DATA PROTECTION IN EUROPE
Source: Ernst-Oliver Wilhelm A Brief History of the General Data Protection Regulation via iapp.org
4. Key info for GDPR
became BINDING on 25 May 2018
concerns ALL EU citizens and residents
PERSONAL DATA means any information relating to an individual,
whether it relates to his or her private, professional or public life
Territorial scope: GLOBAL
6. Data Protection in South Korea
developed IT infrastructure || heavy use of SNSs || technology-literate population
South Korea is the most innovative country in the world according to
Bloomberg Innovation Index
2011 Personal Data Protection Act (PIPA) is among strictest world wide
Breach of Data Protection Laws can result in administrative fines as well as in
criminal penalties, up to imprisonment
14. Bases for collection of
personal data
c o n s e n t
c o n t r a c t
l e g a l o b l i g a t i o n
v i t a l o r p u b l i c i n t e r e s t s
l e g i t i m a t e i n t e r e s t
15. Consent
I n f o r m e d : w h o , w h y , h o w
U n a m b i g u o u s : c l e a r l a n g u a g e
F r e e l y g i v e n : n o t r a d e o f f s
O b v i o u s : d o n ' t h i d e i t
G r a n u l a r : s e n s i t i v e d a t a , d i r e c t m a r k e t i n g , e t c .
R e q u i r e a p o s i t i v e a c t i o n : o p t - i n
17. Processing
internal safeguards external safeguards crisis response
Privacy policy
Clauses on data
protection in 3rd-
party contracts
(affiliates, partners,
subcontractors)
make sure to have: establish:make sure that:
Data is minimised
Processing is
documented
Security is strong
Mechanisms to
notify 3rd parties of
changes in data
processing are in
place
Mechanisms to
access, rectify, delete
data
Procedures to detect,
report & investigate a
data breach