Notes from the IAPP DPO on how she's doing her work.

Cookies and consent at the IAPP

Rita Heimes, CIPP/E, CIPP/US, CIPM and Stephen Schoepke, CIPP/US
Today, the IAPP launched a new cookie notice and cookie consent tool. The process of creating this notice and tool took several months and involved a cross-departmental team with members from marketing, privacy/legal, and (most significantly) IT. We thought it might be interesting to hear about the ...
DPO Confessional: The prep for GDPR Day
Rita Heimes, CIPP/E, CIPP/US, CIPM
‘Twas the night before GDPR…. May 25 feels like a holiday of sorts. Not because there’s anything to celebrate or honor, necessarily, but because preparing for it was much like getting ready to have guests visit the house. Guests one really wants to or needs to impress, moreover, like the in-laws or...
DPO Confessional: Think globally, but direct market locally
Rita Heimes, CIPP/E, CIPP/US, CIPM
Like many privacy lawyers, I came to the field from an intellectual property law practice. Property rights are inherently territorial, so holding a patent or trademark in one country does not provide enforcement rights in another; one must register anew in each territory of interest.  This is a bit...
Explaining the GDPR to an American
Rita Heimes, CIPP/E, CIPP/US, CIPM
Law students at American law schools take property, torts, and contracts during their first year. It is difficult not to view consumer privacy interests through one or more of those lenses, particularly when U.S. consumer privacy law has been based on a notice and consent, enforced by principles of ...
Responding to subject access requests
Rita Heimes, CIPP/E, CIPP/US, CIPM
IAPP Research Director and DPO Rita Heimes, CIPP/E, CIPP/US, CIPM, discusses the challenges of responding to subject access requests and offers a step-by-step look into her process in this DPO Confessional post....
Making a (privacy) statement
Rita Heimes, CIPP/E, CIPP/US, CIPM
This week, the IAPP posted a new privacy statement. We encourage our members not only to read it so they can better understand what personal information the IAPP collects and how it’s processed, but also to provide feedback, comments and suggestions on what might be missing or how it can be improved...
When is a vendor a processor?
Rita Heimes, CIPP/E, CIPP/US, CIPM
Privacy professionals have been involving themselves in their organizations’ vendor management programs for a few years now. Indeed, according to the 2016 IAPP-EY Privacy Governance Survey, 70 percent of respondents (up from 63 percent in 2015) were involved in a formal vendor management program — a...
The GDPR in 20 Minutes
Dan McCue
In June of this year, I started an internship at the IAPP as the University of Maine School of Law’s inaugural Privacy Fellow. My goal was to spend the summer helping the IAPP’s Data Protection Officer, Rita Heimes, CIPP/US, CIPM, work toward IAPP compliance with the upcoming General Data Protection...