Knowing and Implementing the GDPR Web Conference Series

Spanning hundreds of sections – and with vast territorial scope – the EU General Data Protection Regulation is clearly the most important privacy regulation the world has seen in decades. It asks a great deal of organizations all over the world who collect and process data about European individuals. It imposes hefty fines on those who fail to comply. What do you need to know to get started? What are the initial steps that every organization needs to take to implement the GDPR?

In this three-part series, the IAPP explores the GDPR’s mandates and offers first insights into creating a compliance program that will stand the test of time.

Part 1

In Part 1, speakers Omer Tene, VP of research and education at the IAPP, and Eduardo Ustaran, partner at Hogan Lovells, will offer a primer on the history of data protection law in the EU, including background on the Data Protection Directive that is currently in place. This will help you understand important new concepts and definitions in the GDPR. Further, Tene and Ustaran explore the rights given to data subjects, new rules on cross-border data transfers, and the legitimate bases for processing personal data.

Panelists:
Omer Tene, Vice President of Privacy Research and Education, IAPP
Eduardo Ustaran, CIPP/E, Partner, Hogan Lovells LLP, London

Access recording

Part 2

In Part 2, speakers Omer Tene, VP of research and education at the IAPP, and Jyn Schultz-Melling, explain the GDPR’s operational demands. Who are the data protection officers and what are their duties? How must you document your operations in order to demonstrate accountability to regulators? What do privacy by design and privacy by default mean in practice and how do you build these concepts into your operations? Finally, Tene and Schultz-Melling, delve into the controller-processor relationship and discuss how obligations change depending on your relationship with personal data.

Panelists:
Omer Tene, Vice President of Privacy Research and Education, IAPP
Jyn Schultz-Melling, Director for Privacy Policy, Europe at Facebook

Access recording

Part 3

In Part 3, speakers Omer Tene, VP of research and education at the IAPP, and Ruth Boardman, partner at Bird & Bird, look further into operational considerations, while also explaining the process of enforcement, including the concept of “one stop shop” among European regulators. In particular, they dive into the special carve-out for children under the age of 16, when and how to conduct data protection impact assessments, and how to communicate with data protection authorities. Finally, Tene and Boardman explain what you need to know about new data security and breach notification requirements.

Panelists:
Omer Tene, Vice President of Privacy Research and Education, IAPP
Ruth Boardman, Partner, Bird & Bird LLP, London

Access recording