![Page 1: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/1.jpg)
Copyright©2016BCDTravelN.V.Allrightsreserved.
General Data Protec-on Regula-on (GDPR) NBTS-Stockholm 10.02.2017
![Page 2: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/2.jpg)
PatrikPsota
BCDTravel
InhouseCorporateCounsel&DataProtec8onEMEA
BasedinBremen/Germany
T+49(0)4213500262
E-Mail:[email protected]
![Page 3: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/3.jpg)
AgendaRoadmaptotheGDPR
5thingstoknow
Summary
![Page 4: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/4.jpg)
RoadmaptotheGDPR…
1 2 3 4 5
Adop8onoftheGDPR
Regula8on2016/679
Analysisoftheobliga8ons
undertheGDPR
LocalDPLaws? Enteringintoforce
27.April2016
25May2018
Implementa8onofchanges
![Page 5: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/5.jpg)
ThepathtotheGDPR5thingstoknowabouttheGDPR
![Page 6: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/6.jpg)
TerritorialReach
![Page 7: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/7.jpg)
EU:28countries EEA:Norway,Iceland,Liechtenstein
CountriescoveredbytheadequacydecisionoftheEUCommission
![Page 8: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/8.jpg)
Datagovernance
![Page 9: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/9.jpg)
• Privacy by design – Appropriate technical and organisa-onal measures – Within each project (both structural and conceptual) from the design stage – Pseudonymisa-on/Data minimisa-on
• Privacy Impact Assessments (PIAs)
• Using service providers (processors) – High duty of care in selec-ng a provider – Contractual requirements (processed data, dura-on, obliga-ons…)
• Record of processing ac-vi-es
![Page 10: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/10.jpg)
WhenPNRdatatravel…
![Page 11: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/11.jpg)
Databreachno8fica8on
![Page 12: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/12.jpg)
• Data controllers must report personal data breaches to their supervisory authority / affected data subjects – Timing:
Without undue delay and, where feasible, not later than 72 hours aXer becoming aware of it
– Exemp-on: No repor-ng if the breach is unlikely to result in a risk for the rights and freedoms of a data subject.
![Page 13: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/13.jpg)
Interna8onalTransfers
![Page 14: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/14.jpg)
• Exis-ng transfer mechanisms remain valid – Standard Contractual Clauses (Model Clauses) – BCRs – Commission Adequacy Decisions
• New transfer mechanisms: – DPA Clauses (na-onal alterna-ve to the Model Clauses) – Code of Conduct – Cer-fica-ons
![Page 15: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/15.jpg)
Fines
![Page 16: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/16.jpg)
• Administra-ve fines up to € 20.000.000 or
• up to 4% of the total worldwide annual turnover of the preceding financial year (whichever is higher)
• Points to be considered by the Supervisory Authori-es: – Nature – Gravity – Dura-on – Character of the infringement
![Page 17: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/17.jpg)
![Page 18: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/18.jpg)
The GDPR is not the much feared revolu-on…
but it is a game changer!
![Page 19: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/19.jpg)
Ques8ons?
![Page 20: General Data Protecon Regula-on (GDPR)€¦ · EU: 28 countries EEA: Norway, Iceland, Liechtenstein Countries covered by the adequacy decision of the EU Commission](https://reader033.vdocuments.us/reader033/viewer/2022060518/604b760cbe83ca676d23f818/html5/thumbnails/20.jpg)
Thankyou!
Copyright©2016BCDTravelN.V.Allrightsreserved.