SlideShare une entreprise Scribd logo

Privacy Shield Self-Certification – What's Next? [Webinar Slides]

TrustArc
TrustArc

Watch the webinar on-demand: https://info.truste.com/privacy-shield-self-certification-webinar.html As the first anniversary of the Privacy Shield agreement approaches over 1500 companies have taken advantage of the new program for transatlantic data compliance. But after Privacy Shield – what’s next? Register now to watch this free on-demand webinar (and access the webinar slides) as we look at the natural next steps after Privacy Shield to include employee data transfers, third party vendor management and BCR Readiness. Speakers will also review the deltas between the privacy shield requirements and other frameworks such as the GDPR and APEC CPBRs and show how you can leverage one as a springboard to the other and build the foundations of a strong privacy program. Don’t miss out as our speakers: • Cover latest Privacy Shield regulatory updates • Examine relationship between Privacy Shield, GDPR & other frameworks • Share how they have leveraged Privacy Shield for other projects Watch the on-demand webinar NOW to increase the return on privacy shield investment! https://info.truste.com/privacy-shield-self-certification-webinar.html To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

Droit
1  sur  25
Télécharger pour lire hors ligne
1 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield Self-Certification – What's Next? February 23, 2017
2 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Today’s Speakers K Royal, JD, CIPP/E/US Senior Privacy Consultant, TRUSTe Amanda Gratchner Global Privacy Counsel, NAVEX Global David Fowler Chief Privacy & Digital Compliance Officer, Act-On Software
3 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 •Welcome & Introductions •Privacy Shield –Self-certification –Updates •Relationships –Various frameworks •Leveraging Privacy Shield •Q&A Today’s Agenda
4 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Have you Self-certified for Privacy Shield? • Yes • No • In Progress Webinar Poll
5 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield – One Year On
6 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Understanding the Privacy Shield Framework What’s different compared to Safe Harbor? • New Privacy Protections • Notice requirements, accountability for onward transfer, purpose limitation and data retention • Enhanced Complaint Resolution • Response time to EU individuals, free dispute resolution, binding arbitration as last-resort option • Improved Cooperation and Transparency • Monitoring and dispute resolution requires cooperation with International Trade Administration (ITA) Privacy Shield Team, ongoing requirements (if withdraw and maintain data), publication of FTC compliance reports (if subject to enforcement action) 6
7 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Joining the Privacy Shield Program 1. Confirm Your Organization’s Eligibility to Participate 2. Develop a Compliant Privacy Policy 3. Establish an Independent Recourse Mechanism (IRM) 4. Ensure a Verification Mechanism is in place 5. Identify your Privacy Shield Point of Contact 6. Self-certify Using the Privacy Shield Website 7. Reaffirm Self-certification Annually 8. Reply to Inquiries from EU citizens, IRM, Commerce, and/or DPAs as Required 7
8 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practical Considerations and Challenges • Understanding the Privacy Shield Framework • Understanding your business operations • Developing compliant privacy statements and notices • Developing privacy program governance, policies, and procedures • Verification of privacy practices and monitoring of compliance • Keeping records of Privacy Shield Principles implementation • Employee training and awareness • Dealing with onward transfer issues • Dealing with data subject access requests and privacy complaints 8
9 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Self-Certification Companies that had EU/US Safe Harbor • Filed by September 30, 2016 • 9 months to come into compliance - June 30, 2017 • Posted: 1705 What about those that did not certify? What about those who were not in Safe Harbor?
10 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Updates What’s the future for Privacy Shield? • Brexit • Irish lawsuit • French lawsuits • Executive orders What about other Data Transfer Compliance Mechanisms?
11 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Frameworks
12 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield vs. the GDPR
13 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 General Data Protection Regulation European law • From Directive 95 to GDPR • Address societal and technological changes May 25, 2018 Stats • Companies impacted • Privacy jobs
14 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Data Transfers Adequacy • Privacy Shield Binding Corporate Rules • Controllers and Processors Standard Contractual Clauses Under GDPR – codes of conduct
15 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Binding Corporate Rules Intergroup agreement • Group – defined Transfer mechanism • Specifically mentioned in GDPR Considered “gold standard” Companies: Binding Safe Processing Rules • BCRs for Controllers and Processors
16 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Privacy Rules • Asia-Pacific Economic Cooperation • Voluntary program • 2011 • Independent accountability agent required • 4 economies so far - USA, Mexico, Japan and Canada • Crosswalk published BCRs/CBPRs - Merck
17 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Leveraging Privacy Shield
18 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 What should a company do? • Data • Policies • Practices • Legal/Compliance Specific • Consider certification programs
19 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Data To-Dos Data • inventory • classification • minimization • record retention • destruction
20 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Policy To-Dos Information security policies • training • monitor compliance Privacy policies • easily accessible • clear and plain language • full disclosure of data collection and processing
21 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practices To-Dos PIAs Complaint process (must be easy) Review and revise methods of obtaining consent Data portability and erasure processes Update incident response plans • notice to supervisory agencies within 72 hours
22 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Legal-Specific To-Dos • DPO (Data Protection Officer) authority and independence, monitor compliance, perform training, and conduct internal audits. • Accountability: detailed records of the processing performed on personal data • Review BCRs (or SCCs) for compliance w/ GDPR • Addendums for onward transfer requirements • Vendor oversight and accountability • Insurance policies global or enterprise coverage, types of data issues, and increased costs and liabilities
23 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Questions?
24 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 K Royal kroyal@truste.com Amanda Gratchner agratchner@navexglobal.com David Fowler david.fowler@act-on.net Contacts
25 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Register now for the next webinar in our 2017 Winter/Spring Webinar Series on March 23 “Privacy Program Management: A Framework for Success” See http://www.truste.com/insightseries for the 2017 Privacy Insight Series and past webinar recordings. Thank You!

Recommandé

EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Building an Effective Data Privacy Program – 6 Steps from TRUSTe
Building an Effective Data Privacy Program – 6 Steps from TRUSTeBuilding an Effective Data Privacy Program – 6 Steps from TRUSTe
Building an Effective Data Privacy Program – 6 Steps from TRUSTeTrustArc
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 
EU Safe Harbor – What Now?
EU Safe Harbor – What Now?EU Safe Harbor – What Now?
EU Safe Harbor – What Now?TrustArc
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksSlideShare
 
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTe
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTeWebinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTe
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTeTrustArc
 

Recommandé

EU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeEU Privacy Shield - Understanding the New Framework from TRUSTe
EU Privacy Shield - Understanding the New Framework from TRUSTeTrustArc
 
Building an Effective Data Privacy Program – 6 Steps from TRUSTe
Building an Effective Data Privacy Program – 6 Steps from TRUSTeBuilding an Effective Data Privacy Program – 6 Steps from TRUSTe
Building an Effective Data Privacy Program – 6 Steps from TRUSTeTrustArc
 
Getting Started With SlideShare
Getting Started With SlideShareGetting Started With SlideShare
Getting Started With SlideShareSlideShare
 
EU Safe Harbor – What Now?
EU Safe Harbor – What Now?EU Safe Harbor – What Now?
EU Safe Harbor – What Now?TrustArc
 
[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to Know[Webinar Slides] Privacy Shield is Here – What You Need to Know
[Webinar Slides] Privacy Shield is Here – What You Need to KnowTrustArc
 
[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement Priorities[Privacy Webinar Slides] Global Enforcement Priorities
[Privacy Webinar Slides] Global Enforcement PrioritiesTrustArc
 
How to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksHow to Make Awesome SlideShares: Tips & Tricks
How to Make Awesome SlideShares: Tips & TricksSlideShare
 
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTe
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTeWebinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTe
Webinar on New DAA Guidelines for Ads Compliance in 2016 from TRUSTeTrustArc
 
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShareSlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShareSlideShare
 
Beyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsBeyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsTRUSTe
 
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSAUS Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSATrustArc
 
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to SlideshareSTOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to SlideshareEmpowered Presentations
 
You Suck At PowerPoint!
You Suck At PowerPoint!You Suck At PowerPoint!
You Suck At PowerPoint!Jesse Desjardins - @jessedee
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 

Contenu connexe

En vedette

Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...TrustArc
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShareSlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShareSlideShare
 
Beyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsBeyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsTRUSTe
 
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSAUS Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSATrustArc
 
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to SlideshareSTOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to SlideshareEmpowered Presentations
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkVolker Hirsch
 

En vedette (8)

Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
Interoperable Solutions for Cross Border Data Transfers – APEC, CBPR, BCR fro...
 
2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare2015 Upload Campaigns Calendar - SlideShare
2015 Upload Campaigns Calendar - SlideShare
 
What to Upload to SlideShare
What to Upload to SlideShareWhat to Upload to SlideShare
What to Upload to SlideShare
 
Beyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 PlatformsBeyond the Website: Privacy on Web 2.0 Platforms
Beyond the Website: Privacy on Web 2.0 Platforms
 
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSAUS Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
US Consumer Privacy Index 2016 – Infographic from TRUSTe & NCSA
 
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to SlideshareSTOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
STOP! VIEW THIS! 10-Step Checklist When Uploading to Slideshare
 
You Suck At PowerPoint!
You Suck At PowerPoint!You Suck At PowerPoint!
You Suck At PowerPoint!
 
TEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of WorkTEDx Manchester: AI & The Future of Work
TEDx Manchester: AI & The Future of Work
 

Plus de TrustArc

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...TrustArc
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...TrustArc
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesTrustArc
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceTrustArc
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfTrustArc
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...TrustArc
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsTrustArc
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsTrustArc
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...TrustArc
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdfTrustArc
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceTrustArc
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023TrustArc
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustTrustArc
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowTrustArc
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc
 

Plus de TrustArc (20)

TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie WorldTrustArc Webinar - How to Live in a Post Third-Party Cookie World
TrustArc Webinar - How to Live in a Post Third-Party Cookie World
 
TrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI InnovationsTrustArc Webinar - TrustArc's Latest AI Innovations
TrustArc Webinar - TrustArc's Latest AI Innovations
 
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
TrustArc Webinar - Managing Online Tracking Technology Vendors_ A Checklist f...
 
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data SecurityTrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
TrustArc Webinar - Privacy in Healthcare_ Ensuring Data Security
 
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
Unlocking AI Potential: Leveraging PIA Processes for Comprehensive Impact Ass...
 
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
Mitigating Third-Party Risks: Best Practices for CISOs in Ensuring Robust Sec...
 
Nymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 StatesNymity Framework: Privacy & Data Protection Update in 7 States
Nymity Framework: Privacy & Data Protection Update in 7 States
 
CBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy ComplianceCBPR - Navigating Cross-Border Data Privacy Compliance
CBPR - Navigating Cross-Border Data Privacy Compliance
 
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdfEverything You Need to Know about DPF But Are Afraid to Ask.pdf
Everything You Need to Know about DPF But Are Afraid to Ask.pdf
 
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
Your Guide to Understanding the Global Privacy Control (GPC): Preparing for C...
 
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and RecommendationsPrivacy Enhancing Technologies: Exploring the Benefits and Recommendations
Privacy Enhancing Technologies: Exploring the Benefits and Recommendations
 
Building Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy CertificationsBuilding Trust and Competitive Advantage: The Value of Privacy Certifications
Building Trust and Competitive Advantage: The Value of Privacy Certifications
 
The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...The California Age Appropriate Design Code Act Navigating the New Requirement...
The California Age Appropriate Design Code Act Navigating the New Requirement...
 
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
2023 Global Privacy Benchmarks Survey - Webinar May 30 2023.pdf
 
Artificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI GovernanceArtificial Intelligence Bill of Rights: Impacts on AI Governance
Artificial Intelligence Bill of Rights: Impacts on AI Governance
 
How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023How To Do Data Transfers Between EU-US in 2023
How To Do Data Transfers Between EU-US in 2023
 
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining TrustThe Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
The Ultimate Balancing Act: Using Consumer Data and Maintaining Trust
 
The Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To KnowThe Cost of Privacy Teams: What Your Business Needs To Know
The Cost of Privacy Teams: What Your Business Needs To Know
 
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdfTrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
TrustArc Webinar_ How Data Privacy Demands Impact Your Marketing Team.pdf
 

Dernier

Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791BlayneRush1
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxAdityasinhRana4
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...shubhuc963
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeMelvinPernez2
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书srst S
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书Fir sss
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSDr. Oliver Massmann
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791BlayneRush1
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书Fir sss
 
Group 2 Marlaw Definition of Bill of Lading .pptx
Group 2 Marlaw Definition of Bill of Lading .pptxGroup 2 Marlaw Definition of Bill of Lading .pptx
Group 2 Marlaw Definition of Bill of Lading .pptxjohnpazperpetua10
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书SD DS
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Dr. Oliver Massmann
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书SD DS
 
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxSports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxmarielouisetulaytay
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionNilamPadekar1
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaAbheet Mangleek
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementShubhiSharma858417
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书SD DS
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach2020000445musaib
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesritwikv20
 

Dernier (20)

Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791Alexis O'Connell Lexileeyogi 512-840-8791
Alexis O'Connell Lexileeyogi 512-840-8791
 
The Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptxThe Patents Act 1970 Notes For College .pptx
The Patents Act 1970 Notes For College .pptx
 
Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...Good Governance Practices for protection of Human Rights (Discuss Transparen...
Good Governance Practices for protection of Human Rights (Discuss Transparen...
 
Succession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil CodeSuccession (Articles 774-1116 Civil Code
Succession (Articles 774-1116 Civil Code
 
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
如何办理(UoM毕业证书)曼彻斯特大学毕业证学位证书
 
如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书 如何办理威斯康星大学密尔沃基分校毕业证学位证书
如何办理威斯康星大学密尔沃基分校毕业证学位证书
 
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTSVIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
VIETNAM – LATEST GUIDE TO CONTRACT MANUFACTURING AND TOLLING AGREEMENTS
 
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
Alexis O'Connell Alexis Lee mugshot Lexileeyogi 512-840-8791
 
如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书 如何办理纽约州立大学石溪分校毕业证学位证书
如何办理纽约州立大学石溪分校毕业证学位证书
 
Group 2 Marlaw Definition of Bill of Lading .pptx
Group 2 Marlaw Definition of Bill of Lading .pptxGroup 2 Marlaw Definition of Bill of Lading .pptx
Group 2 Marlaw Definition of Bill of Lading .pptx
 
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
如何办理(CQU毕业证书)中央昆士兰大学毕业证学位证书
 
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
Legal Alert - Vietnam - First draft Decree on mechanisms and policies to enco...
 
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
如何办理(uOttawa毕业证书)渥太华大学毕业证学位证书
 
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptxSports Writing for PISAYyyyyyyyyyyyyyy.pptx
Sports Writing for PISAYyyyyyyyyyyyyyy.pptx
 
Trial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 seditionTrial Tilak t 1897,1909, and 1916 sedition
Trial Tilak t 1897,1909, and 1916 sedition
 
Rights of under-trial Prisoners in India
Rights of under-trial Prisoners in IndiaRights of under-trial Prisoners in India
Rights of under-trial Prisoners in India
 
Special Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreementSpecial Accounting Areas - Hire purchase agreement
Special Accounting Areas - Hire purchase agreement
 
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书如何办理(Rice毕业证书)莱斯大学毕业证学位证书
如何办理(Rice毕业证书)莱斯大学毕业证学位证书
 
Role and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and ApproachRole and Responsibilities of Mediator and Approach
Role and Responsibilities of Mediator and Approach
 
Comparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use casesComparison of GenAI benchmarking models for legal use cases
Comparison of GenAI benchmarking models for legal use cases
 

Privacy Shield Self-Certification – What's Next? [Webinar Slides]

  • 1. 1 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield Self-Certification – What's Next? February 23, 2017
  • 2. 2 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Today’s Speakers K Royal, JD, CIPP/E/US Senior Privacy Consultant, TRUSTe Amanda Gratchner Global Privacy Counsel, NAVEX Global David Fowler Chief Privacy & Digital Compliance Officer, Act-On Software
  • 3. 3 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 •Welcome & Introductions •Privacy Shield –Self-certification –Updates •Relationships –Various frameworks •Leveraging Privacy Shield •Q&A Today’s Agenda
  • 4. 4 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Have you Self-certified for Privacy Shield? • Yes • No • In Progress Webinar Poll
  • 5. 5 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield – One Year On
  • 6. 6 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Understanding the Privacy Shield Framework What’s different compared to Safe Harbor? • New Privacy Protections • Notice requirements, accountability for onward transfer, purpose limitation and data retention • Enhanced Complaint Resolution • Response time to EU individuals, free dispute resolution, binding arbitration as last-resort option • Improved Cooperation and Transparency • Monitoring and dispute resolution requires cooperation with International Trade Administration (ITA) Privacy Shield Team, ongoing requirements (if withdraw and maintain data), publication of FTC compliance reports (if subject to enforcement action) 6
  • 7. 7 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Joining the Privacy Shield Program 1. Confirm Your Organization’s Eligibility to Participate 2. Develop a Compliant Privacy Policy 3. Establish an Independent Recourse Mechanism (IRM) 4. Ensure a Verification Mechanism is in place 5. Identify your Privacy Shield Point of Contact 6. Self-certify Using the Privacy Shield Website 7. Reaffirm Self-certification Annually 8. Reply to Inquiries from EU citizens, IRM, Commerce, and/or DPAs as Required 7
  • 8. 8 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practical Considerations and Challenges • Understanding the Privacy Shield Framework • Understanding your business operations • Developing compliant privacy statements and notices • Developing privacy program governance, policies, and procedures • Verification of privacy practices and monitoring of compliance • Keeping records of Privacy Shield Principles implementation • Employee training and awareness • Dealing with onward transfer issues • Dealing with data subject access requests and privacy complaints 8
  • 9. 9 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Self-Certification Companies that had EU/US Safe Harbor • Filed by September 30, 2016 • 9 months to come into compliance - June 30, 2017 • Posted: 1705 What about those that did not certify? What about those who were not in Safe Harbor?
  • 10. 10 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Updates What’s the future for Privacy Shield? • Brexit • Irish lawsuit • French lawsuits • Executive orders What about other Data Transfer Compliance Mechanisms?
  • 11. 11 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Frameworks
  • 12. 12 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield vs. the GDPR
  • 13. 13 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 General Data Protection Regulation European law • From Directive 95 to GDPR • Address societal and technological changes May 25, 2018 Stats • Companies impacted • Privacy jobs
  • 14. 14 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Data Transfers Adequacy • Privacy Shield Binding Corporate Rules • Controllers and Processors Standard Contractual Clauses Under GDPR – codes of conduct
  • 15. 15 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Binding Corporate Rules Intergroup agreement • Group – defined Transfer mechanism • Specifically mentioned in GDPR Considered “gold standard” Companies: Binding Safe Processing Rules • BCRs for Controllers and Processors
  • 16. 16 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Privacy Rules • Asia-Pacific Economic Cooperation • Voluntary program • 2011 • Independent accountability agent required • 4 economies so far - USA, Mexico, Japan and Canada • Crosswalk published BCRs/CBPRs - Merck
  • 17. 17 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Leveraging Privacy Shield
  • 18. 18 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 What should a company do? • Data • Policies • Practices • Legal/Compliance Specific • Consider certification programs
  • 19. 19 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Data To-Dos Data • inventory • classification • minimization • record retention • destruction
  • 20. 20 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Policy To-Dos Information security policies • training • monitor compliance Privacy policies • easily accessible • clear and plain language • full disclosure of data collection and processing
  • 21. 21 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practices To-Dos PIAs Complaint process (must be easy) Review and revise methods of obtaining consent Data portability and erasure processes Update incident response plans • notice to supervisory agencies within 72 hours
  • 22. 22 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Legal-Specific To-Dos • DPO (Data Protection Officer) authority and independence, monitor compliance, perform training, and conduct internal audits. • Accountability: detailed records of the processing performed on personal data • Review BCRs (or SCCs) for compliance w/ GDPR • Addendums for onward transfer requirements • Vendor oversight and accountability • Insurance policies global or enterprise coverage, types of data issues, and increased costs and liabilities
  • 23. 23 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Questions?
  • 24. 24 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 K Royal kroyal@truste.com Amanda Gratchner agratchner@navexglobal.com David Fowler david.fowler@act-on.net Contacts
  • 25. 25 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Register now for the next webinar in our 2017 Winter/Spring Webinar Series on March 23 “Privacy Program Management: A Framework for Success” See http://www.truste.com/insightseries for the 2017 Privacy Insight Series and past webinar recordings. Thank You!