Creating a Big Data Strategy: Managing Risk and Enabling Innovation
|
|
- Ami Lawrence
- 5 years ago
- Views:
Transcription
1 Creating a Big Data Strategy: Managing Risk and Enabling Innovation Meghan Farmer and Brooke McGuffey 2016 Kilpatrick Townsend
2 What is Big Data? Traditional definition: high-volume, high-velocity and/ or high-variety information assets that demand costeffective, innovative forms of information processing that enable enhanced insight, decision making, and process automation. Big Data and the Internet of Things (IoT): Big Opportunity? As of 2013, there were 3 ½ billion sensors in the marketplace. This number is expected to increase into the trillions by the end of the decade. 2
3 Risks Liabilities What are the key risks that a Company faces by entering the IoT ecosystem? Intellectual Property o The value of IoT is the predictive power of data. Because of the potential to turn the value into revenue, it is key to be able to clearly determine which party can exploit the data. Liability for Personal Injury/Death o E.g.: Failure to notify of an unsafe condition, which resulted in consumer harm. Products Liability o Additional duties may be created as a result of: o Collecting, possessing and analyzing the data; or o Designing the process by which the data is analyzed. o Marketing materials for IoT products can create a variety of unintended warranties o Design Defect / Failure to Warn 3
4 Risks Liabilities Security o Enabling unauthorized access and misuse of personal information o Facilitating attacks on other systems o Creating safety risks Privacy o Direct collection of sensitive personal information (precise geolocation, financial account numbers, or health information) o Collection of personal information, habits, locations, and physical conditions over time o Systematic bias leading to discriminatory decision making Increasing Regulatory Oversight o EU: GDPR, eprivacy Regulation o US: pending bill in California legislature 4
5 Polling Question How prepared do you feel your company is for GDPR compliance? Highly Prepared Prepared Somewhat Prepared Not Prepared Unsure Not Applicable 5
6 EU General Data Protection Regulation GDPR will be effective on May 25 Extraterritorial Reach - applies to any processing of personal data related to EU citizens and non-eu citizens living in the EU, even where the data controller is located in a country outside of the EU, if processing relates to the offering of goods/services to such individuals or monitoring their behavior. Fines companies could be fined up to the greater of 4% of global turnover or 20 million Euros 6
7 GDPR and IOT Definition of Personal Data- "Personal data" means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. 7
8 GDPR and IOT Security Breach Notifications controllers must notify DPAs within 72 hours of the breach. The Right to Be Forgotten individual's right to demand deletion of online content. Data Portability - individuals must be able to transfer personal data from one service provider to another more easily. Consent - stricter rules on obtaining consent, with companies no longer able to rely on "opt-outs or prechecked boxes to justify data processing. Consent must be either (i) unambiguous consent for general processing of personal data; or (ii) explicit consent for processing of special categories of personal data. 8
9 GDPR and IOT Profiling - automated decision-making (including profiling) that either produces a legal effect or significantly affects individuals must be (i) authorized by law; or (ii) necessary to enter into or perform a contract with that individual; or (iii) based on individual s explicit consent. Minors - consent must be obtained from parents or legal guardians when information society services are provided to minors below the age of 16. Processors - direct obligations placed on data processors for the first time, including specific new requirements for existing and new data processing contracts. 9
10 GDPR and IOT Privacy by Design / Privacy by Default - GDPR introduces new concepts of privacy by design and privacy by default. The controller must implement appropriate technical and organizational measures, which are designed to integrate the necessary safeguards into the processing. Data Protection Impact Assessments - data controller must carry out a data protection impact assessment prior to processing data, where the processing is likely to result in a high risk to the rights / freedoms of individuals due to (i) the use of new technologies; (ii) the nature, scope, context, and purposes of processing. 10
11 eprivacy Regulation and IOT eprivacy draft regulation was published by the European Commission in January. It has equally large fines and an equally wide territorial application. Introduces new rules for processing electronic communications data which includes electronic communications content and electronic communications metadata. Will apply to telcos, ISPs, Over the Top (OTT) providers and anyone using cookies or similar tracking technologies. IOT and machine-to-machine communications will be within the scope of some rules. 11
12 Objectives Protect data assets and their value Reduce risk and liability Prevent consumer and regulatory claims Provide new ideas in governance, compliance & building customer trust 12
13 Polling Questions How well do you think your company protects your data assets and their value? (scale 1-5 low to high) Does your company conduct a privacy impact assessment prior to implementing new technologies, processes or projects that involve processing of personal data? (yes or no)? 13
14 Risks Liabilities What are the best practices to protect your data assets and their value? Work with the business and sales leads to develop an overall strategy for engaging with customers that prioritizes ownership. Draft clear ownership provisions for customer contracts that expressly states that your company is the owner of the data and has the rights to exploit it. Contract carefully with your third party suppliers o Don t give up ownership rights in the data to the supplier o Carefully consider any rights you grant to the supplier to aggregate or combine the data o Avoid representations and warranties regarding data accuracy and infringement 14
15 Risks Liabilities How can you leverage the contracting process to mitigate risks and reduce liability? Customer side: o Disclaim duties in the customer contract; o Allocate risk through indemnification obligations; o Review marketing materials for the product to avoid unintended claims; o Review documentation for the product to ensure that it includes appropriate warnings; and o Don t agree to security standards requested by a customer without passing that liability upstream to your supplier. Supplier side: o Assess vendor s security program and controls prior to contracting; o Contractually bind the supplier to appropriate security standards; o Ensure that you have the right to audit the vendor s security controls; and o Allocate risks appropriately in the contract. 15
16 Risks Liabilities What operational steps can you take to reduce liability? Privacy and Security by Design Privacy Impact Assessments Pseudonymization New contexts for consents, user choices & preferences 16
17 Privacy (and Security) By Design The GDPR requires all organizations to implement a wide range of measures to reduce the risk of their breaching the GDPR and to prove that they take data governance seriously. Implementing Privacy and Security by design is also good practice for IOT. Organizations must implement technical and organizational measures to show that they have considered and integrated data compliance measures into their data processing activities. Adopting appropriate staff policies is specifically mentioned, as is the use of pseudonymization (to ensure compliance with data minimization obligations). 17
18 Privacy Impact Assessments (PIAs) A PIA is an assessment to identify and minimize noncompliance risks. The GDPR requires that controllers conduct a DPIA on any high-risk processing activity before it is commenced focused on the risk of infringing a natural person s rights and freedoms. Large scale processing of sensitive data, or profiling activities, are cited as illustrative examples of high-risk processing. DPAs will publish details of further examples and guidance. Conducting PIAs on new products or projects that will involve personal data, or when a change to an existing product or project is likely to impact privacy, can help organizations identify and mitigate privacy risks. 18
19 Pseudonymization The technique of processing personal data in such a way that it can no longer be attributed to a specific individual without the use of additional information, which must be kept separately and be subject to technical and organizational measures to ensure non-attribution. Pseudonymized information is still a form of personal data, but the use of pseudonymization is encouraged, for instance: it is a factor to be considered when determining if processing is incompatible with the purposes for which the personal data was originally collected and processed; it is included as an example of a technique which may satisfy requirements to implement privacy by design and by default ; it may contribute to meeting the GDPR s data security obligations; and for organizations wishing to use personal data for historical or scientific research or for statistical purposes, use of pseudonymous data is encouraged. 19
20 Obtaining Consent in IOT Under the GDPR "Consent" means any freely given, specific, informed and unambiguous indication of the data subject's agreement to the processing of his or her personal data. Consent must be given by a statement or a clear affirmative action. The FTC expects clear notice and choice. Consent helps build and maintain trusted relationships with consumers. 20
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty. Overview of the EU General Data Protection Regulation (GDPR)
Michael R. Cohen CIPP/US, CIPP/E Gray Plant Mooty Overview of the EU General Data Protection Regulation (GDPR) WHAT YOU NEED TO KNOW ABOUT THE EU GENERAL DATA PROTECTION REGULATION (GDPR) What is the GDPR?
More informationThe GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018
The GDPR how to prepare MiFID II where are we now? Wednesday 21 February 2018 GDPR so far The EU General Data Protection Regulation (Regulation (EU) 2016/679) comes into effect on 25 May 2018 Aims to protect:
More informationEU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 )
EU General Data Protection Regulation vs. Swiss Data Protection Act (in the Private Sector 1 ) October 26, 2017 Version 4.01 David Rosenthal (david.rosenthal@homburger.ch) Updates and more infos: http://www.homburger.ch/dataprotection
More informationThe GDPR Possible Impact on the Life Sciences and Healthcare Sectors
February 14, 2017 The GDPR Possible Impact on the Life Sciences and Healthcare Sectors Regulation (EU) 2016/679 of the European Parliament and the Council of 27 April 2016, (the GDPR ) came into force
More informationEven If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law
Even If You Are a U.S. Company, Don t Ignore the GDPR: Complying with the EU s New Data Privacy Law On May 25, 2018, the European Union (EU)'s General Data Protection Regulation (GDPR) comes into force,
More informationPension Trustees. Final Countdown to the GDPR
Pension Trustees Final Countdown to the GDPR Introduction The General Data Protection Regulation (GDPR) will come into force in all EU Member States in May 2018. It is not a radical departure from the
More informationData Processing Appendix
Data Processing Appendix This Data Processing Appendix (the Appendix ) is attached to and forms part of the Supplier General Terms and Conditions (the Agreement ) between Nebula Oy ( Supplier ) and customer
More informationGDPR CCPA LGPD. Protected information
Stricter data protection laws are on the rise. While only a couple of years ago, data protection legislations and requirements were frequently marginalized and the position of the data protection officer
More informationThe New EU General Data Protection Regulation (GDPR)
The New EU General Data Protection Regulation (GDPR) The clock has started on the biggest change to the European data protection regime in 20 years. After four years of negotiation, the new EU General
More informationGeneral Data Protection Regulation. Asked Questions
General Data Protection Regulation ( GDPR ) Frequently Asked Questions Contents This booklet includes: What is the GDPR? What information does the GDPR apply to? What relevance does the GDPR have in the
More informationThe General Data Protection Regulation s Impact on M&A
The General Data Protection Regulation s Impact on M&A PRACTICAL ADVICE ON HOW TO CONTINUE A SMOOTH M&A PROCESS Presented by Avi Gesser, Davis Polk partner, Litigation/Cybersecurity Pritesh P. Shah, Davis
More informationPrivacy Statement v 1.1
Privacy Statement v 1.1 Context and Overview This notice will take effect from 25/05/2018 Burke Insurances Ltd. is committed to protecting and respecting your privacy. It is the intention of this privacy
More informationCHARITY & NFP LAW BULLETIN NO. 419
CHARITY & NFP LAW BULLETIN NO. 419 APRIL 25, 2018 EDITOR: TERRANCE S. CARTER IMPLICATIONS OF THE EU S GENERAL DATA PROTECTION REGULATION IN CANADA By Esther Shainblum & Sepal Bonni * A. INTRODUCTION The
More informationBanks Sheridan Limited Data Protection Privacy Policy 19 May 2018
Banks Sheridan Limited Data Protection Privacy Policy 19 May 2018 1. Introduction This Policy sets out the obligations of Banks Sheridan Limited ( the Company ) regarding data protection and the rights
More informationPREPARING FOR THE EU GDPR IN RESEARCH SETTINGS
PREPARING FOR THE EU GDPR IN RESEARCH SETTINGS May 22, 2018 1 1 This guidance document is based on information available as of May 22, 2018. As the GDPR is enforced and further guidance is provided this
More informationAll Sorts UK Limited Data Protection Policy 17 th May 2018
All Sorts UK Limited Data Protection Policy 17 th May 2018 1. Introduction This Policy sets out the obligations of All Sorts UK Limited, a company registered in England under number 03534972, whose registered
More informationPension Trustees Final Countdown To GDPR
Pension Trustees Final Countdown To GDPR " ROBERT HANIVER SENIOR ASSOCIATE/TECHNOLOGY MASON HAYES & CURRAN " STEPHEN GILLICK PARTNER/PENSIONS MASON HAYES & CURRAN The General Data Protection Regulation
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) January 2018 Lockton Companies After several years of extensive negotiation, the European Union (EU) adopted the General Data Protection Regulation (GDPR) 1 on
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum ( DPA ) forms part of the Agreement(s) and is entered by and between the Customer and the Service Provider on the Effective Date. For the avoidance
More informationFRAMEWORK FOR CONSUMER PRIVACY LEGISLATION
FRAMEWORK FOR CONSUMER PRIVACY LEGISLATION OBJECTIVES This framework is a call to action: The United States should adopt a national privacy law that protects consumers by expanding their current rights
More informationPrivacy Policy. This privacy policy shall be valid even if you have reserved your transfers through the other sales partners of Plus Group Kft.
Privacy Policy Plus Group Kft. (1033 Budapest, Polgár utca 8-10., www.plusairsolutions.com, informationsecurity@plusairsolutions.com, tax number: 22976309-2-41, hereinafter: Plus Group Kft., service provider
More informationMember Circular March Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members
Member Circular March 2018 Implementation of the EU General Data Protection Regulation 2016/679 General Guidance to Members Introduction Regulation (EU) 2016/679 containing the General Data Protection
More informationAppropriate Policy Document
Appropriate Policy Document Schedule 1, Part 4, Data Protection Act 2018 July 2018 Privacy Notice - Appropriate Policy Document v2.docx Page 1 of 8 Contents 1 Introduction... 3 2 Relevant Schedule 1 conditions
More informationPrivacy Policy Statement
Privacy Policy Statement QuoteDevil is committed to protecting and respecting your privacy. It is the intention of this privacy policy statement to explain to you the information practices of QuoteDevil
More informationNewsletter NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN: Similarities and Differences. Atsumi & Sakai
Newsletter Atsumi & Sakai NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN: Similarities and Differences ATSUMI & SAKAI TOKYO LONDON FRANKFURT www.aplaw.jp/en NEW DATA PROTECTION REGIMES IN THE EU AND JAPAN:
More informationDATA PROCESSING ADDENDUM
This Data Processing Addendum (the DPA ) forms part of Telia Bedriftsavtale or other written or electronic agreement between the Parties for the purchase of telecommunication services, and regulates any
More information2018 Australian privacy outlook
www.pwc.com.au 2018 Australian privacy outlook LegalTalk Alert Authors: Sylvia Ng, Steph Baker, Rohan Shukla 12 March 2018 Contents Notifiable Data Breaches Scheme EU General Data Protection Regulation
More informationWhat U.S.- Based Investment Advisers Should Know
BulletPoint June 2018 What U.S.- Based Investment Advisers Should Know The European Union s ( EU ) General Data Protection Regulation (the GDPR ) became effective on May 25, 2018, and provides individuals
More informationGuidance: The new EU General Data Protection Regulation: Implications for Australia
Guidance: The new EU General Data Protection Regulation: Implications for Australia Introduction After years of negotiations, the new EU General Data Protection Regulation (GDPR) was passed in 2016, bringing
More informationThe Race to GDPR: A Study of Companies in the United States & Europe
The Race to GDPR: A Study of Companies in the United States & Europe Sponsored by McDermott Will & Emery LLP Independently conducted by Ponemon Institute LLC Publication Date: April 2018 2018 McDermott
More informationCalifornia s Consumer Privacy Act Vs. GDPR
Portfolio Media. Inc. 111 West 19 th Street, 5th Floor New York, NY 10011 www.law360.com Phone: +1 646 783 7100 Fax: +1 646 783 7161 customerservice@law360.com California s Consumer Privacy Act Vs. GDPR
More informationImpact of the European General Data Protection Regulation on U.S. M&A
CLIENT MEMORANDUM Impact of the European General Data Protection Regulation on U.S. M&A March 26, 2018 The winds of change will shortly sweep across the data privacy landscape in the European Union ( E.U.
More informationGDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS
GDPR DATA PROCESSING ADDENDUM INSTRUCTIONS FOR JOSTLE CUSTOMERS WHO SHOULD EXECUTE THIS DPA: If you have determined that you qualify as a data controller under the GDPR, and need a data processing addendum
More informationDATA PROCESSING AGREEMENT/ADDENDUM
DATA PROCESSING AGREEMENT/ADDENDUM This Data Processing Agreement ( DPA ) is made and entered into as of this day of, 2018 forms part of our Terms and Conditions (available at www.storemaven.com/terms-of-service)
More informationCLOUDINARY DATA PROCESSING ADDENDUM
CLOUDINARY DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the agreement for the subscription by the Customer to the Cloudinary Service ("Subscription Agreement") between Cloudinary
More informationWebinar: Deep Dive into Risk, High Risk and Risk Assessments in the GDPR
Webinar: Deep Dive into Risk, High Risk and Risk Assessments in the GDPR Tuesday, 24 May 2016 11:00 AM US EDT #CIPLGDPR 1 Webinar Agenda 1. Introduction 2. Risk, High Risk and Risk Assessments in the General
More informationData Processing Addendum
Data Processing Addendum This Data Processing Addendum (" DPA "), forms part of the Agreement or other written or electronic agreement between Pleo Technologies ApS (" Pleo ) and Customer for the purchase
More informationThe General Data Protection Regulation (GDPR): action plan for pension scheme trustees
The General Data Protection Regulation (GDPR): action plan for pension scheme trustees July 2017 (revised March 2018) Pension briefing HIGHLIGHTS The European General Data Protection Regulation (GDPR)
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the End User License and Services Agreement (the Agreement ) between Customer and Ivanti, to reflect the parties agreement about
More informationMoxtra, Inc. DATA PROCESSING ADDENDUM
Moxtra, Inc. DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Terms of Service found at http://moxtra.com/terms-of-service/, unless Company has entered into a superseding
More informationWorld Bank Group Policy
World Bank Group Policy Personal Data Privacy Bank Access to Information Policy Designation Public Catalogue Number SEC4.05-POL.101 Issued May 30, 2018 Effective May 25, 2018 Content Policy setting forth
More informationON24 DATA PROCESSING ADDENDUM
ON24 DATA PROCESSING ADDENDUM This Data Processing Addendum ( Addendum ) is entered into by and between ON24 Inc., on behalf of itself and its Affiliates ( ON24 ), and Client, on behalf of itself and its
More informationMan and Machine - Data Protection Policy
Man and Machine - Data Protection Policy 1. Introduction This Policy sets out the obligations of Man and Machine Ltd, whose registered office is at Unit 8 Thame 40, Jane Morbey Road, Thame, Oxfordshire,
More informationGDPR: Frequently Asked Questions to Brokers Ireland, February 2018.
GDPR: Frequently Asked Questions to Brokers Ireland, February 2018. 1. Does my Firm require a Data Protection Officer ( DPO )? Not necessarily, but the legislation and current guidance is not definitive.
More informationGROUP PRIVACY POLICY. Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ).
GROUP PRIVACY POLICY Adopted June 20th, 2017 by each of the Boards of Carnegie Holding AB and Carnegie Investment Bank AB (publ). 1 PURPOSE AND SCOPE 1.1 The aim of this policy is to establish uniform,
More informationARE YOU READY FOR THE NEW DATA PROTECTION LAWS?
ARE YOU READY FOR THE NEW DATA PROTECTION LAWS? GETTING READY FOR THE GDPR PART ONE DATA PROTECTION LAWS ARE CHANGING DATA PROTECTION LAWS ARE CHANGING On 25 May 2018, the General Data Protection Regulation
More informationDATA PROTECTION LAWS OF THE WORLD. Czech Republic
DATA PROTECTION LAWS OF THE WORLD Czech Republic Downloaded: 15 July 2018 CZECH REPUBLIC Last modified 24 May 2018 LAW The General Data Protection Regulation (Regulation (EU) 2016/679) (" GDPR") is a European
More informationThe contract is important so that both parties understand their responsibilities and liabilities.
Contracts At a glance Whenever a controller uses a processor it needs to have a written contract in place. The contract is important so that both parties understand their responsibilities and liabilities.
More informationWHAT DOES THE GDPR MEAN FOR PENSIONS? HANDY GUIDE
WHAT DOES THE GDPR MEAN FOR PENSIONS? HANDY GUIDE The General Data Protection Regulation How will the pensions industry be affected? The pensions industry processes huge amounts of personal data - member's
More informationPlease note that these terms and conditions cover and the Typhoo online shopping service provided within.
Terms and conditions Please note that these terms and conditions cover www.ridgwaystea.co.uk and the Typhoo online shopping service provided within. PLEASE READ THESE TERMS AND CONDITIONS CAREFULLY BEFORE
More informationWHAT DOES THE GDPR MEAN FOR PENSIONS?
WHAT DOES THE GDPR MEAN FOR PENSIONS? The General Data Protection Regualtion How will the pensions industry be affected? The pensions industry processes huge amounts of personal data - member's names,
More informationGDPR : We protect your data
GDPR : We protect your data Dear customer, From the 25th May 2018 the new law of Personal Data Protection (GDPR) will enter into force. At Almagest Wealth Management S.A., we understand your need to be
More informationDEAL BY SEA LTD PRIVACY NOTICE
DEAL BY SEA LTD PRIVACY NOTICE 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1. The Data Protection Officer is responsible
More informationAmgen Binding Corporate Rules (BCRs) Public Document
Amgen Binding Corporate Rules (BCRs) Public Document Introduction: Amgen is a biotechnology leader committed to serving patients with grievous illness. Binding Corporate Rules (BCRs) express Amgen s commitment
More informationGlobalaw-MCI Webinar Tuesday, 12 July at 4 pm CEST. Featured Speakers. Karin McGinnis Susanne Klein LL.M. Dr. Benno Barnitzke LL.M.
Globalaw-MCI Webinar Tuesday, 12 July at 4 pm CEST Featured Speakers Karin McGinnis Susanne Klein LL.M. Dr. Benno Barnitzke LL.M. David Marchese Attorney, Member, Moore & Van Allen, PLLC, USA Rechtsanwältin
More informationA guide for the insurance industry
A guide for the insurance industry IMPORTANT NOTE: This guide is based on the text of Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural
More informationBig Web Warehouse Ltd GDPR Data Processor Policy Warehouse and Fulfilment April 2018
Big Web Warehouse Ltd GDPR Data Processor Policy Warehouse and Fulfilment April 2018 1. Introduction This Policy sets out the obligations of, Big Web Warehouse Ltd (BWW), a company registered in the United
More informationManagement of Personal Information Policy (Privacy Policy)
Management of Personal Information Policy (Privacy Policy) Henkel Australia and New Zealand Prepared by: Reviewed by: Human Resources Henkel Australia ANZ EXCOM Henkel Australia & New Zealand Approved
More informationGDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers
Area 1 Security, Inc. 142 Stambaugh Street Redwood City, CA 94063 EU GDPR DPA GDPR Data Processing Addendum (DPA) Instructions for Area 1 Security Customers Who should execute this DPA: If you qualify
More informationDATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES)
DATA PROCESSING ADDENDUM (INCLUDING EU STANDARD CONTRACTUAL CLAUSES) This Data Processing Addendum ( DPA ) shall become effective without any further action by the parties: (a) if Customer signing this
More informationLOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS
LOCAL GOVERNMENT ASSOCIATION TEMPLATE MEMORANDUM OF UNDERSTANDING FOR LGPS FUNDS 1. This template memorandum of understanding has been prepared for the Local Government Association. We understand that
More informationDATA PROCESSING ANNEX
Page 1 (5) 1 BACKGROUND AND PURPOSE DATA PROCESSING ANNEX 1.1 The terms of this Annex shall apply to the Agreement between Solibri Oy and/or its Subsidiary/Subsidiaries (Solibri Oy and the Subsidiaries
More informationPERSONAL DATA PROCESSOR AGREEMENT
1 PERSONAL DATA PROCESSOR AGREEMENT PARTIES This personal data processor agreement ( Processor Agreement ) has been entered into between: Buyer/Client/Customer ( Controller ), and The company within the
More informationDATA PROTECTION LAWS OF THE WORLD. Angola vs Czech Republic
DATA PROTECTION LAWS OF THE WORLD Angola vs Czech Republic Downloaded: 15 July 2018 ANGOLA CZECH REPUBLIC Last modified 24 January 2018 LAW Data Protection Law (Law no. 22/11 of 17 June), Electronic Communications
More informationPrivacy vs Data Protection: The Impact of EU Data Protection Legislation
Privacy vs Data Protection: The Impact of EU Data Protection Legislation Thomas Rivera / Hitachi Data Systems Original Author: SNIA Security TWG SNIA Legal Notice The material contained in this tutorial
More informationCustomer GDPR Data Processing Agreement
Customer GDPR Data Processing Agreement Version May 2018 This Customer Data Processing Agreement reflects the requirements of the European Data Protection Regulation ( GDPR ) as it comes into effect on May
More informationTransborder data transfers briefly explained
Federal Data Protection and Information Commissioner FDPIC Transborder data transfers briefly explained For the attention of federal bodies and private industry (Last modified: January 2017) 1) What is
More informationDATA PROCESSING ADDENDUM
Page 1 of 20 DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms a part of the Customer Terms of Service found at https://slack.com/terms-of-service, unless Customer has entered into a
More informationThe California Consumer Privacy Act: Overview and Comparison to the EU GDPR
The California Consumer Privacy Act: Overview and Comparison to the EU GDPR Introduction During the months preceding the European Union s General Data Protection Regulation (GDPR) go-live, which occurred
More informationHIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier. March 22, 2018
1 HIPAA vs. GDPR vs. NYDFS - the New Compliance Frontier March 22, 2018 2 Today s Panel: Kimberly Holmes - Moderator - Vice President, Health Care, Cyber Liability & Emerging Risks, TDC Specialty Underwriters,
More informationProcessing under the GDPR: risk and liability shifts
Processing under the GDPR: risk and liability shifts October 2016 With the GDPR now technically in force, and just over 18 months before it applies in Member States, we look at how this new regime will
More informationWhat does GDPR and the new Data Protection Act mean to Brokers/Intermediaries?
YYYYYYYYYYY The New Class 2016-2017 Report 2: General Date Protection Regulation (GDPR) What does GDPR and the new Data Protection Act mean to Brokers/Intermediaries? 1 2 Contents The Insurance Institute
More informationHOW TO EXECUTE THIS DPA:
DATA PROCESSING ADDENDUM (GDPR, and EU Standard Contractual Clauses) (Rev. April 20, 2018) This Data Processing Addendum ( DPA ) forms part of the Master Subscription Agreement or other written or electronic
More informationThe Allied Group Privacy Shield Policy
The Allied Group Privacy Shield Policy The Allied Group, Inc. ("Allied") has adopted this Privacy Shield Policy ("Policy") to establish and maintain an adequate level of Personal Data privacy protection.
More informationCLIENT DATA PROCESSING AGREEMENT
CLIENT DATA PROCESSING AGREEMENT This Data Processing Agreement for the Data Protection (the Agreement ) of Data Processed is entered into on./../ (hereinafter referred to as the Effective Date ) by and
More informationThe Information Commissioner s response to the Financial Conduct Authority s call for inputs on big data in retail general insurance
The Information Commissioner s response to the Financial Conduct Authority s call for inputs on big data in retail general insurance 1. The Information Commissioner has responsibility for promoting and
More informationPersonal Data. Protection Policy
Personal Data Protection Policy Version 1 May 2018 Contents Terms Definitions... 3 1. Objective and Scope... 4 2. What are Personal Data?... 4 3. Who are affected by Personal Data Processing?... 4 4. What
More informationCover option 2. The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability. Subtitle or Company Name
The Interplay of HIPAA, Privacy and Data Security Principles, and Health Information Interoperability Cover option 2 MedInnovation Boston Subtitle or Company Name June 25, 2018 Colin J. Zick Month Day,
More informationPrivacy Policy and Personal Data
ERGO Insurance SE Lithuanian Branch Privacy Policy and Personal Data ERGO Insurance SE Lithuanian Branch and ERGO Life Insurance SE (hereinafter referred to as ERGO or we ) understand that personal data
More informationBlockchain, data protection, and the GDPR
Blockchain, data protection, and the GDPR v1.0 25.05.2018 Contributors: Natalie Eichler, Silvan Jongerius, Greg McMullen, Oliver Naegele, Liz Steininger, Kai Wagner Introduction GDPR was created before
More informationDATA PRIVACY & FAIR PROCESSING NOTICE
Scope All data subjects whose data is processed by TC Debt Solutions, which is part of Thomson Cooper Accountants. Responsibilities Thomson Cooper Partner Mark Mitchell (mmitchell@thomsoncooper.com) is
More informationRigor, Inc. GDPR Data Processing Addendum
Rigor, Inc. GDPR Data Processing Addendum This GDPR Data Processing Addendum, including the Standard Contractual Clauses referenced herein ( DPA ), supplements any existing and currently valid Rigor license
More informationGDPR update and its impact on accountancy practices
GDPR update and its impact on accountancy practices Richard Kemp, Kemp IT Law 29 March 2017 Presentation to The Alternative Accountancy Strategic IT Conference Elizabeth Denham speech to ICAEW, 17.01.17
More informationDATA PROCESSING ADDENDUM
DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) forms part of the Master Purchase Agreement, Customer Agreement, Channel Partner Agreement, End User License Agreement or other written agreement
More informationData Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team
Data Transfer Policy Version 1.1 Last amended: 18 September 2014 Policy Owner: Governance Team The University of Nottingham ( the University ) Tri-Campus Data Transfer Policy Background and Statement of
More informationDATA PROCESSING TERMS AND CONDITIONS
DATA PROCESSING TERMS AND CONDITIONS These Data Processing Terms and Conditions apply in respect of Personal Data that we process on behalf of Customers who purchase the Powwownow Premium Service. Please
More informationTHE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT
THE IMPACT OF THE CALIFORNIA CONSUMER PRIVACY ACT WHO IS INTRAEDGE? PROVIDING TECH SOLUTIONS FOR DATA PROTECTION IS HEATING UP Source: https://www.dlapiperdataprotection.com/ WHAT IS THE CCPA? California
More informationYour Data Your Rights
Your Data Your Rights Introduction Here at Standard Bank we take your privacy seriously. When you provide us with information from which you can be identified or which renders you identifiable (your personal
More informationEuropean Union General Data Protection Regulation
European Union General Data Protection Regulation Policy 25 May 2018 Bendigo and Adelaide Bank Limited ABN 11 068 049 178 General Data Protection Regulation (GDPR) Application This GDPR section of our
More informationCUSTOMER DATA PROCESSING ADDENDUM
CUSTOMER DATA PROCESSING ADDENDUM This Data Processing Addendum ( DPA ) and applicable Attachments apply when HP acts as a Data Processor and processes Customer Personal Data on behalf of Customer in order
More informationa publication of the health care compliance association SEPTEMBER 2018
hcca-info.org Compliance TODAY a publication of the health care compliance association SEPTEMBER 2018 Strengthening the relationship between DOJ attorneys and compliance professionals an interview with
More informationData Processing Addendum
Data Processing Addendum Based on the General Data Protection Regulation (GDPR) and European Commission Decision 2010/87/EU - Standard Contractual Clauses (Processors) This Data Processing Addendum ( DPA
More informationBREXIT AND DATA PROTECTION Q & A
BREXIT AND DATA PROTECTION Q & A What happens now? The UK decision to leave the EU will not affect existing data protection and privacy laws in the UK. These laws (the UK Data Protection Act 1998 (DPA)
More informationStates of Guernsey EU General Data Protection Regulation (GDPR) - High-level impact assessment
CI Advisory EU General Data Protection Regulation (GDPR) - High-level impact assessment Basis for this report This document has been prepared only for the and solely for the purpose and on the terms agreed
More informationDATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses)
DATA PROCESSING AGREEMENT (GDPR, Privacy Shield, and Standard Contractual Clauses) This Data Processing Agreement ("DPA") forms part of the Master Services and Subscription Agreement between Customer and
More informationEU Data Processing Addendum
EU Data Processing Addendum This EU Data Processing Addendum ( Addendum ) is made and entered into by and between AlienVault, Inc., a Delaware corporation ( AlienVault ) and the customer specified in the
More informationNew legislation brings changes to how data is handled
New legislation brings changes to how data is handled April 2018 Lockton Companies New European Union (EU) data protection rules may require changes to how businesses handle personal data even if the businesses
More informationCCPA and GDPR Comparison Chart
Resource ID: w-016-7418 LAURA JEHL AND ALAN FRIEL, BAKERHOSTETLER LLP, WITH PRACTICAL LAW DATA PRIVACY ADVISOR Search the Resource ID numbers in blue on Westlaw for more. A Chart comparing some of the
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY OVERVIEW KEY DETAILS Policy prepared by: Roger Dunn Approved by Board/committee on: 23/05/2018 Next review date: 20/05/2020 INTRODUCTION In order to operate, Lancaster and District
More informationThe BVRLA Guide to. The General Data Protection Regulation British Vehicle Rental and Leasing Association
The BVRLA Guide to The General Data Protection Regulation British Vehicle Rental and Leasing Association BVRLA Guide to the General Data Protection Regulation March 2018 Table of Contents Introduction...
More information