The EU’s General Data Protection Regulation applies to all companies trading in/with the EU and came into effect May 18, 2016 – though prosecutions will not start until May 18, 2018.
Current wisdom is that you can choose either to put 4% of your global turnover aside to pay the fine or to pay for the re-architecting of your data processes to accommodate the new rules. With the regulators geared up to dish out some "exemplary fines" at the earliest opportunity, this is no trivial matter. It’s time to take your head out of the sand.
David Gilmour, Director of PreterLex Ltd., a consultancy for the TOGAF® framework and GDPR training, and a Director of GDPR360 Ltd., a consultancy specializing in GDPR Process Change, will walk you through the new regulations so that you understand the legal background and the data processing implications.
Effectively the GDPR means the genesis of a whole new specialist field of Privacy Architecture – which is quite different from Security Architecture. Given that the Regulation explicitly states that you must be able to demonstrate "how privacy is architected into your processes" and there is also a requirement to be able to show that you have a documented Privacy Impact Assessment related to every process that impinges on Personal Data, there’s plenty to do in the next eleven months.
The webinar discusses just what is meant by Personal Data and the metatags that will be needed to be associated with each iota of it.
The need to re-engineer every web-page that takes on Personal Data for any purpose, what to engineer, and the obligation you have to give certain information to data subjects is examined.
Unfortunately, there will have to be close co-operation between corporate counsel and IS process designers. Many corporate legal eagles believe the GDPR to be a purely legal problem and have been "sitting on it". This is even true in Europe where understanding of the full horror is just beginning to dawn.
For non-EU companies there is no escape and compliance will be a business cost of trading in and with the EU. We will show why things like encryption and pseudonomysation are insufficient, and why it is necessary to know EXACTLY where all data exists, transits through, and is processed.
Are you a Controller, a Processor, or both – and what are the different potential liabilities arising?
You will probably leave this webinar with more questions than answers, but the General Data Protection Regulation of the EU is for sure something you cannot ignore and your corporation fails to address at the peril of its existence.
- Additional Information
Reference D197 Author(s) David Gilmour (Director of PreterLex Ltd. & Consultant for Good e-Learning) Published 11 May 2017 Duration 57 minutes Type Webinars Subject Architecture