are you ready for the new eu data privacy regulation?
DESCRIPTION
The EU Commission is in the process of voting a new (highly debated) Data Privacy Regulation. In these slides you'll find an overview of the most important changes and issues. ADM members can download the complete presentations made by Deloitte and Allen&Overy (24/10/2013) on the website : http://adm.be/news/the-european-data-protection-regulation-situation-24-10-2013TRANSCRIPT
#admbe
Are you ready for the EU General Data
Protection Regulation?
Brussels, 24 October 2013
#admbe Highlights of the session
The slides hereafter give you an overview of the essentials presented during the ADM session on 24 October 2014 – based on the situation as decided upon just 2 days earlier in the Commission.
The complete presentation by Deloitte and Allen&Overy is available to ADM members on the ADM website .
#admbe Privacy vs Information Security?
Lawfully Fairly Transparancy Adequate … (GDPR)
Confidentiality Integrity Availability (ISO 27k)
#admbe Why talking about privacy?
“Het probleem ligt niet bij toezicht, maar bij inzicht (Edward Snowden)”
“Commissie maakt werk van privacy-politie”
#admbe Where are we today?
Bron http://lobbyplag.eu/lp
#admbe Table of content (highlights)
The upcoming EU Data Protection Regulation From Directive to Regulation
Scope
Internal Privacy Organization
Security of personal data processing
Relations with privacy regulators
Enforcement
Legitimate processing grounds
Notice to data subjects
Data subject rights
(International) data transfers
Other changes
Conclusion / Recommended next steps to be compliant
Quentin Van Peteghem- Attorney-at-lawat Allen & Overy LLP
David Lenaerts - Manager at Deloitte
Erik Luysterborg - BE Security & Privacy Leader,
EMEA Data Protection & Privacy Leader at Deloitte
© 2013 Deloitte Belgium
A. From a Directive to a Regulation Future Legal Framework
7 ADM - Are you ready for the EU General Data Protection Regulation?
All national general Data Protection laws (and decrees) will be directly
replaced by the General Data Protection Regulation.
Consequences
© 2013 Deloitte Belgium
B. Scope of the Regulation Highlight of Key Changes
8 ADM - Are you ready for the EU General Data Protection Regulation?
• Assess under which role you (will) act.
• Assess whether you have to comply with new requirements, depending on
your role.
How to prepare
© 2013 Deloitte Belgium
C. Internal Privacy Organization Highlight of Key Changes
9 ADM - Are you ready for the EU General Data Protection Regulation?
• Create template for privacy documentation.
• Review privacy & compliance policies & procedures.
• Update public reporting procedures.
• Verify if you’ll have to appoint a DPO.
• Decide on who will be DPO, where in the organization ? Etc. (Come to our
next info session for more details )!
• Review and update your internal procedures regarding the setup of new
projects to make sure that privacy is appropriately taken into account.
• Review current/planned software systems and applications from a privacy
angle
• Update the (privacy) risk assessment procedures (roles & responsibilities,
templates, triggers to escalate, …) to include specific privacy concerns such
as usage of data, location/access to data etc.
How to prepare
© 2013 Deloitte Belgium
D. Security of personal data processing Highlight of Key Changes
10 ADM - Are you ready for the EU General Data Protection Regulation?
• Review your current security policies & procedures and their implementations
(especially at third parties)
• Check your cybersecurity measures and come to our next info session!
How to prepare
© 2013 Deloitte Belgium
E. Relations with Privacy Regulators Highlight of Key Changes
11 ADM - Are you ready for the EU General Data Protection Regulation?
• Identify when and what may need to be published by default to the DPA.
• Update the procedures of internal DP review and DPA notification.
How to prepare
© 2013 Deloitte Belgium
F. Enforcement & Redress Highlight of Key Changes
12 ADM - Are you ready for the EU General Data Protection Regulation?
• Tell the Board!
• Update the impact and probability parameters of your risk matrices!
How to prepare
© Allen & Overy LLP 2010
Personal data
13
Current status EU Data Protection Regulation
Proposal – Pseudonymous data concept: personal data processed in such a way that the data cannot
be attributed to a specific data subject without the use of additional information
New Original EU Data Protection Regulation Proposal – Anonymous data concept: data subject is no longer identifiable
Current EU Data Protection Directive – Personal Data concept : information relating to an identified or identifiable natural person, ie
the data subject
– “Identifiable”: the data directly or indirectly allows for the identification of the individual
© Allen & Overy LLP 2010
Notice to data subjects – breach notification
14
New Original EU Data Protection Regulation Proposal – Obligation to report data security breaches for data controllers without undue delay (within
24 hours where feasible) to supervisory authority
– Exemption: controller demonstrates it has implemented appropriate technological protection
measures
Current EU Data Protection Directive – No obligation to notify data security breaches
Current status EU Data Protection Regulation
Proposal – “24 hours” deleted
– New notification condition: severely affect the rights and freedoms of the data subject
– Exemption: controller demonstrates that it has implemented appropriate technological
protection measures applied in particular to pseudonymous data
#admbe Next in this track
12 March 2014:
The DPO office(r) 15.00 hrs
Communication about data breach 17.00 hrs
© 2013 Deloitte Belgium ADM - Are you ready for the EU General Data Protection Regulation? 16
David Lenaerts Manager, CIPP/E
Deloitte Enterprise Risk Services
Direct: + 32 2 800 25 03
Mobile: + 32 479 20 07 91
Erik Luysterborg Partner, CIPP
EMEA Data Protection &
Privacy Leader [email protected]
Deloitte Enterprise Risk Services
Direct: + 32 2 800 23 36
Mobile: + 32 497 51 53 95
+32 3 543 73 23
@admteam (#admbe)
ADM: Where business and ICT meet
www.youtube.com/user/ADMVideoChannel
www.slideshare.net/ADM-Slideshare
www.adm.be