1
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Privacy Shield Self-Certifi...
2
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Today’s Speakers
K Royal, JD, CIPP/E/US
Senior Pr...
3
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
•Welcome & Introductions
•Privacy Shield
–Self-ce...
4
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Have you Self-certified for Privacy Shield?
• Yes...
5
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Privacy Shield – One Year On
6
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Understanding the Privacy Shield Framework
What’s...
7
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Joining the Privacy Shield Program
1. Confirm You...
8
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Practical Considerations and Challenges
• Underst...
9
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Privacy Shield Self-Certification
Companies that ...
10
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Privacy Shield Updates
What’s the future for Pri...
11
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Frameworks
12
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Privacy Shield vs.
the GDPR
13
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
General Data Protection Regulation
European law
...
14
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Cross Border Data Transfers
Adequacy
• Privacy S...
15
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Binding Corporate Rules
Intergroup agreement
• G...
16
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Cross Border Privacy Rules
• Asia-Pacific Econom...
17
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Leveraging Privacy Shield
18
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
What should a company do?
• Data
• Policies
• Pr...
19
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Data To-Dos
Data
• inventory
• classification
• ...
20
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Policy To-Dos
Information security policies
• tr...
21
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Practices To-Dos
PIAs
Complaint process (must be...
22
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
Legal-Specific To-Dos
• DPO (Data Protection Off...
23
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Questions?
24
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
K Royal kroyal@truste.com
...
25
vPrivacy Insight Series - truste.com/insightseries
© TRUSTe Inc., 2017
v © TRUSTe Inc., 2017
Register now for the next ...
Prochain SlideShare
Chargement dans…5
×

Privacy Shield Self-Certification – What's Next? [Webinar Slides]

1 999 vues

Publié le

Watch the webinar on-demand: https://info.truste.com/privacy-shield-self-certification-webinar.html

As the first anniversary of the Privacy Shield agreement approaches over 1500 companies have taken advantage of the new program for transatlantic data compliance. But after Privacy Shield – what’s next?

Register now to watch this free on-demand webinar (and access the webinar slides) as we look at the natural next steps after Privacy Shield to include employee data transfers, third party vendor management and BCR Readiness. Speakers will also review the deltas between the privacy shield requirements and other frameworks such as the GDPR and APEC CPBRs and show how you can leverage one as a springboard to the other and build the foundations of a strong privacy program.

Don’t miss out as our speakers:
• Cover latest Privacy Shield regulatory updates
• Examine relationship between Privacy Shield, GDPR & other frameworks
• Share how they have leveraged Privacy Shield for other projects

Watch the on-demand webinar NOW to increase the return on privacy shield investment! https://info.truste.com/privacy-shield-self-certification-webinar.html

To register for upcoming other TRUSTe Webinars (upcoming/on-demand) visit: https://www.truste.com/events/privacy-insight-webinar-schedule/

Publié dans : Droit
0 commentaire
2 j’aime
Statistiques
Remarques
  • Soyez le premier à commenter

Aucun téléchargement
Vues
Nombre de vues
1 999
Sur SlideShare
0
Issues des intégrations
0
Intégrations
478
Actions
Partages
0
Téléchargements
13
Commentaires
0
J’aime
2
Intégrations 0
Aucune incorporation

Aucune remarque pour cette diapositive

Privacy Shield Self-Certification – What's Next? [Webinar Slides]

  1. 1. 1 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield Self-Certification – What's Next? February 23, 2017
  2. 2. 2 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Today’s Speakers K Royal, JD, CIPP/E/US Senior Privacy Consultant, TRUSTe Amanda Gratchner Global Privacy Counsel, NAVEX Global David Fowler Chief Privacy & Digital Compliance Officer, Act-On Software
  3. 3. 3 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 •Welcome & Introductions •Privacy Shield –Self-certification –Updates •Relationships –Various frameworks •Leveraging Privacy Shield •Q&A Today’s Agenda
  4. 4. 4 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Have you Self-certified for Privacy Shield? • Yes • No • In Progress Webinar Poll
  5. 5. 5 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Privacy Shield – One Year On
  6. 6. 6 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Understanding the Privacy Shield Framework What’s different compared to Safe Harbor? • New Privacy Protections • Notice requirements, accountability for onward transfer, purpose limitation and data retention • Enhanced Complaint Resolution • Response time to EU individuals, free dispute resolution, binding arbitration as last-resort option • Improved Cooperation and Transparency • Monitoring and dispute resolution requires cooperation with International Trade Administration (ITA) Privacy Shield Team, ongoing requirements (if withdraw and maintain data), publication of FTC compliance reports (if subject to enforcement action) 6
  7. 7. 7 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Joining the Privacy Shield Program 1. Confirm Your Organization’s Eligibility to Participate 2. Develop a Compliant Privacy Policy 3. Establish an Independent Recourse Mechanism (IRM) 4. Ensure a Verification Mechanism is in place 5. Identify your Privacy Shield Point of Contact 6. Self-certify Using the Privacy Shield Website 7. Reaffirm Self-certification Annually 8. Reply to Inquiries from EU citizens, IRM, Commerce, and/or DPAs as Required 7
  8. 8. 8 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practical Considerations and Challenges • Understanding the Privacy Shield Framework • Understanding your business operations • Developing compliant privacy statements and notices • Developing privacy program governance, policies, and procedures • Verification of privacy practices and monitoring of compliance • Keeping records of Privacy Shield Principles implementation • Employee training and awareness • Dealing with onward transfer issues • Dealing with data subject access requests and privacy complaints 8
  9. 9. 9 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Self-Certification Companies that had EU/US Safe Harbor • Filed by September 30, 2016 • 9 months to come into compliance - June 30, 2017 • Posted: 1705 What about those that did not certify? What about those who were not in Safe Harbor?
  10. 10. 10 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield Updates What’s the future for Privacy Shield? • Brexit • Irish lawsuit • French lawsuits • Executive orders What about other Data Transfer Compliance Mechanisms?
  11. 11. 11 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Frameworks
  12. 12. 12 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Privacy Shield vs. the GDPR
  13. 13. 13 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 General Data Protection Regulation European law • From Directive 95 to GDPR • Address societal and technological changes May 25, 2018 Stats • Companies impacted • Privacy jobs
  14. 14. 14 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Data Transfers Adequacy • Privacy Shield Binding Corporate Rules • Controllers and Processors Standard Contractual Clauses Under GDPR – codes of conduct
  15. 15. 15 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Binding Corporate Rules Intergroup agreement • Group – defined Transfer mechanism • Specifically mentioned in GDPR Considered “gold standard” Companies: Binding Safe Processing Rules • BCRs for Controllers and Processors
  16. 16. 16 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Cross Border Privacy Rules • Asia-Pacific Economic Cooperation • Voluntary program • 2011 • Independent accountability agent required • 4 economies so far - USA, Mexico, Japan and Canada • Crosswalk published BCRs/CBPRs - Merck
  17. 17. 17 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Leveraging Privacy Shield
  18. 18. 18 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 What should a company do? • Data • Policies • Practices • Legal/Compliance Specific • Consider certification programs
  19. 19. 19 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Data To-Dos Data • inventory • classification • minimization • record retention • destruction
  20. 20. 20 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Policy To-Dos Information security policies • training • monitor compliance Privacy policies • easily accessible • clear and plain language • full disclosure of data collection and processing
  21. 21. 21 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Practices To-Dos PIAs Complaint process (must be easy) Review and revise methods of obtaining consent Data portability and erasure processes Update incident response plans • notice to supervisory agencies within 72 hours
  22. 22. 22 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 Legal-Specific To-Dos • DPO (Data Protection Officer) authority and independence, monitor compliance, perform training, and conduct internal audits. • Accountability: detailed records of the processing performed on personal data • Review BCRs (or SCCs) for compliance w/ GDPR • Addendums for onward transfer requirements • Vendor oversight and accountability • Insurance policies global or enterprise coverage, types of data issues, and increased costs and liabilities
  23. 23. 23 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Questions?
  24. 24. 24 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 K Royal kroyal@truste.com Amanda Gratchner agratchner@navexglobal.com David Fowler david.fowler@act-on.net Contacts
  25. 25. 25 vPrivacy Insight Series - truste.com/insightseries © TRUSTe Inc., 2017 v © TRUSTe Inc., 2017 Register now for the next webinar in our 2017 Winter/Spring Webinar Series on March 23 “Privacy Program Management: A Framework for Success” See http://www.truste.com/insightseries for the 2017 Privacy Insight Series and past webinar recordings. Thank You!

×