TR_DPA_Confidence Matters_Woman_v2_S063545_gif_728x90_ros_020718
Notes from the IAPP DPO on how she's doing her work.

Explaining the GDPR to an American

Rita Heimes, CIPP/E, CIPP/US, CIPM
Law students at American law schools take property, torts, and contracts during their first year. It is difficult not to view consumer privacy interests through one or more of those lenses, particularly when U.S. consumer privacy law has been based on a notice and consent, enforced by principles of ...
Responding to subject access requests
Rita Heimes, CIPP/E, CIPP/US, CIPM
IAPP Research Director and DPO Rita Heimes, CIPP/E, CIPP/US, CIPM, discusses the challenges of responding to subject access requests and offers a step-by-step look into her process in this DPO Confessional post....
Making a (privacy) statement
Rita Heimes, CIPP/E, CIPP/US, CIPM
This week, the IAPP posted a new privacy statement. We encourage our members not only to read it so they can better understand what personal information the IAPP collects and how it’s processed, but also to provide feedback, comments and suggestions on what might be missing or how it can be improved...
When is a vendor a processor?
Rita Heimes, CIPP/E, CIPP/US, CIPM
Privacy professionals have been involving themselves in their organizations’ vendor management programs for a few years now. Indeed, according to the 2016 IAPP-EY Privacy Governance Survey, 70 percent of respondents (up from 63 percent in 2015) were involved in a formal vendor management program — a...
The GDPR in 20 Minutes
Dan McCue
In June of this year, I started an internship at the IAPP as the University of Maine School of Law’s inaugural Privacy Fellow. My goal was to spend the summer helping the IAPP’s Data Protection Officer, Rita Heimes, CIPP/US, CIPM, work toward IAPP compliance with the upcoming General Data Protection...
The case of the unsolicited email
Rita Heimes, CIPP/E, CIPP/US, CIPM
Privacy and data protection issues do not present themselves in any particular order, so when starting out as a data protection officer, one has to be able to address the most pressing privacy issues “on the fly” while simultaneously moving methodically through a GDPR-readiness program. For the IAP...
The IAPP DPO: Countdown to May 2018
Rita Heimes, CIPP/E, CIPP/US, CIPM
In January 2017, I began serving as the IAPP’s new data protection officer. Like many IAPP members, I’m tasked with bringing my employer up to speed on implementation of the European Union’s General Data Protection Regulation, now just one year away from coming into force. Over the next 12 months, ...