What's Next?
February 23, 2017
Amanda Gratchner
Global Privacy Counsel,
NAVEX Global
David Fowler
Chief Privacy & Digital Compliance Officer,
Act-On Software
Yes
No
In Progress
European law
From Directive 95 to GDPR
Address societal and technological changes
May 25, 2018
Stats
Companies impacted
Privacy jobs
Adequacy
Privacy Shield
Binding Corporate Rules
Controllers and Processors
Standard Contractual Clauses
Under GDPR codes of conduct
Intergroup agreement
Group defined
Transfer mechanism
Specifically mentioned in GDPR
Considered gold standard
Companies:
Binding Safe Processing Rules
BCRs for Controllers and Processors
Data
Policies
Practices
Legal/Compliance Specific
Consider certification programs
Data
inventory
classification
minimization
record retention
destruction
PIAs
Complaint process (must be easy)
Review and revise methods of obtaining consent
Data portability and erasure processes
Update incident response plans
notice to supervisory agencies within 72 hours