gdpr iceland - gagnaeyding.is · gdpr 4 confidential replaced 94/95 data protection directive...
TRANSCRIPT
![Page 1: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/1.jpg)
GDPR – Iceland
Dr. Ross Federgreen, CIPM, CIPP/US/E/C/G Fellow – European Privacy Association
January 2017
![Page 2: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/2.jpg)
Why Does It Matter?
CONFIDENTIAL 2
![Page 3: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/3.jpg)
What You Will Take Away
• Critical Components of the GDPR
• Global Effect
• Benefits of CSR Readiness® Pro
CONFIDENTIAL 3
![Page 4: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/4.jpg)
GDPR
CONFIDENTIAL 4
Replaced 94/95 Data Protection Directive
Approved December 2015 – Effective May 2018 (now)
Officially Numbered: Regulation 2016/679
GENERAL DATA PROTECTION REGULATION
Modernize Data Protection Strengthen Citizen’s Rights
Harmonize Member State Laws Streamline Data Protection Agencies (One-Stop-Shop)
![Page 5: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/5.jpg)
Iceland
CONFIDENTIAL 5
Regulation no. 712/2008 of notification obligations and authorization processing of personal data
Act on the Protection and Processing of Personal Data, No. 77/2000
• All electronic processing of personal data, which falls under the Data Protection Act, must be notified to the Icelandic Data Protection Authority, by the controller of the data, unless an exemption applies.
No rules. 837/2006 on electronic monitoring and processing of personal data by electronic monitoring
• Already closely related to the GDPR • “7. Consent: A specific, unambiguous declaration, which is given freely by
an individual, signifying that he agrees…”
![Page 6: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/6.jpg)
6 CONFIDENTIAL
Important Points
• Consent – Opt-In
Complexity
• Data Subject Rights – Unobstructed access
– 30 days to respond
– Copy, modify, transfer, erase
• 173 Recitals, 99 Articles • Global reach
• Records of Processing Activities – Applies to Controller & Processor
– Derogation for under 250 employees
• Data Protection Officer – Expert knowledge & experience
– Shortage of experts
• Third-Parties / Processors – Data Protection Officer law applicable
– Compliance within Contract
![Page 7: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/7.jpg)
Important Points Global Reach
CONFIDENTIAL 7
• Territorial Scope – Established controller or processor in the EU, regardless
of processing location
– Controller or processor, regardless of location, that processes EU personal data related to:
• Offering of goods or services (regardless of payment)
• Monitoring of behavior (for behavior taking place in the EU
Article 3
![Page 8: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/8.jpg)
CSR Readiness Pro®
CONFIDENTIAL 8
Readiness delivers a PROACTIVE solution
SELF-ASSESSMENT QUESTIONNAIRE REMEDIATION OFFERINGS
Best Practices / Templates
COMPLETE
Expires 01/28/17
SELF ASSESSED
DISPLAY SEAL
MAINTAIN
Appendix
![Page 9: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/9.jpg)
Program Components
CONFIDENTIAL 9
User clicks “Register” from the Sidebar Menu Built in work-flow directs users to the appropriate screen
Welcome Page
![Page 10: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/10.jpg)
User Completes at Own Pace
CONFIDENTIAL 10
Readiness covers 6 domains: Privacy, Compliance, Security, Incident Response, Governance, and Iceland specific questions.
The status bar, shown above, lets user track completion progress.
![Page 11: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/11.jpg)
Results and Action Steps Page
CONFIDENTIAL 11
Scores
Follow instructions to improve processes
Download and implement best practices and purchase policies
![Page 12: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/12.jpg)
Best Practices and Policies
CONFIDENTIAL 12
Best Practices Documents
Policies
Train employees on policies and procedures
![Page 13: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/13.jpg)
Certification of Readiness Completion
Upon completion of the Readiness questionnaire, remediation instructions and implementation of policies and best practices, your business customers will earn a Certificate of Completion and receive their ID Stay Safe Seal.
Appendix
Readiness assists in “demonstrating compliance” for GDPR Article 5.2: Accountability
![Page 14: GDPR Iceland - gagnaeyding.is · GDPR 4 CONFIDENTIAL Replaced 94/95 Data Protection Directive Approved December 2015 – Effective May 2018 (now) Officially Numbered: Regulation 2016/679](https://reader036.vdocuments.us/reader036/viewer/2022090603/6056fed4971c0a6905535933/html5/thumbnails/14.jpg)
THANK YOU
[email protected] Headquarters: +1 772.225.0007 Toll Free: +1 888.294.6971
Ross Federgreen