session 5: 1:30-2:30 presented by baker mckenzie · session 5: 1:30-2:30 presented by baker...

DEALORNODEAL:EPISODEVII–THELASTCONTRACT

Session 5: 1:30-2:30 Presented by Baker McKenzie

Title:

GDPR 2.0 - Non-Privacy Implications of Europe's Privacy Regulation

Speakers:

Matthew Gemellow - Partner, Baker McKenzie, Palo Alto

Yana Komsitsky - Associate, Baker McKenzie, Palo Alto

Barbara Klementz - Partner, Baker McKenzie, San Francisco

Veronika Nemeth - Partner, Baker McKenzie, San Francisco

Lothar Determann - Partner, Baker McKenzie, Palo Alto

Margaret Bang – Director, Legal, Gigamon

Partner

Baker & McKenzie LLP

Palo Alto

[email protected]

T + 1 650 856 5533

Lothar Determann has been assisting companies take products, business models,

intellectual property and contracts global for nearly 20 years. He advises on data

privacy law compliance, information technology commercialization, copyrights,

open source licensing, electronic commerce, technology transactions, sourcing and

international distribution at Baker McKenzie in San Francisco & Palo Alto. He is a

member of the Firm's International/Commercial Group and the Global Privacy &

Information Management Working Group.

Lothar has been a member of the Association of German Public Law Professors since

1999 and teaches Data Privacy Law, Computer Law and Internet Law at Freie

Universität Berlin (since 1994), UC Berkeley School of Law (Boalt Hall, annually since

2004), Hastings College of the Law (since 2010), Stanford Law School (2011) and

University of San Francisco School of Law (2000-2005). He has authored more than 100

articles and treatise contributions as well as 5 books, including Determann’s Field

Guide to Data Privacy Law (2nd Edition, 2015) and California Privacy Law - Practical

Guide and Commentary (2016).

Dr. Determann's practice is focused on Information technology, data privacy,

copyrights, commercial law.

Lothar Determann

Biography

Practice Focus

Related Expertise

Compliance & Investigations

Copyright & Digital Media

Design, Sourcing &Manufacturing

Digital Media

Energy, Mining &Infrastructure

Environment & ClimateChange

Franchise & Distribution

Healthcare

Information Technology &Communications

International Commercial &Trade

International Trade

IP Disputes

http://www.bakermckenzie.com/en/people/d/determann-lothar 1

Advises global mobile and web gaming developers, including VR, AR, on

regulatory restrictions, IP, contracting and data privacy, security.

Counsels E-commerce and Internet companies on various international and

domestic business and compliance matters.

Assists companies with establishing and maintaining data privacy and security

compliance matters.

Advises on data security breach incidents and responses.

Assists more than 100 US companies with the establishment and maintenance of

electronic waste compliance schemes and product compliance regimes under

U.S., European, Chinese and other countries’ laws (WEEE, RoHS, CE marking,

REACH, conflict minerals, Prop 65, etc.).

Advises major technology companies, start-ups and non-profit organizations

regarding the use and release of open source software products and related

business model and compliance matters.

Provides strategic advice and contract localization assistance with respect to

technology license and distribution contracts (formation, electronic

contracting, termination, disputes, franchise laws, competition law matters)

around the world.

Supports and guides technology companies, manufacturers and service

companies with expanding their business globally, including guidance

regarding business models, entity formation, strategic contracts and

compliance matters.

Frankfurt/M.~Germany (1998)

California~United States (2000)

Free University of Berlin (Habilitation) (1999)

State of Berlin (Second State Exam) (1997)

Free University of Berlin (Dr. iur.) (1996)

Author, "U.S. Privacy SafeHarbor - More Myths and Facts,"Bloomberg BNA, November2015

Quoted in MLex's article, "USInternet Giants ConfrontRealities of RussianData-Residency Law," 9 April2015

Author, What Happens in theCloud: Software as a Service andCopyrights, BerkeleyTechnology Law Journal,Volume 29, Article 2, January2015

New Competition Rules forTechnology LicenseAgreements in Europe, Baker &McKenzie, July 2004

Representative Legal Matters

Admissions

Education

Marketing, Regulatory &Publ ic

Privacy & InformationManagement

Risk Protection

Sales & After Sales

Technology & Outsourcing

Previous Offices

San Francisco

Languages

English

French

German


State of Berlin (First State Exam) (1994)

State of Bavaria (Publicly Certified Banker) (1990)

Baker & McKenzie LLP is a Limited Liability Partnership organized under the laws of the State of Illinois

(USA) and is a member of Baker & McKenzie International, a Verein organized under the laws of Switzerland.


SPEAKER BIO: SESSION 5

Margaret Bang Director, Legal Gigamon, Inc. • Implement and manage efforts to comply with the General Data Protection Regulation (GDPR) through the following: Identify and map out the data flows of each business unit to develop a comprehensive overview and record of the data flows, within, to and from the company; • Identify, negotiate and complete Data Sub-processing Agreements (DPA’s) with applicable vendors to support the transfer of data internationally; Negotiate and complete vendor agreements to insure compliance with the GDPR for “data subject rights” and company rights; Develop training modules summarizing the consent requirements, restrictions on data use and transfer, for marketing communications by mail, e-mail, text message, phone and fax; Support and complete the data protection impact assessment; Provide training on the data breach and security protocol; and Prepare privacy policies, including the privacy website notice. • Principal legal support for a wide variety of go-to-market agreements with channel partners, strategic alliance partners and end customers, including end user licenses, professional services, support and maintenance and other purchase agreements; Prepare and provide training on marketing, trademark and logo guidelines; Coordinate and review customer and partner-facing marketing materials, web, digital and print marketing and advertising campaigns and associated corporate communications and press releases. • Coordinate and collaborate with different business units on streamlining processes related to the procurement and contract management process, draft and automate templates for vendor service agreements, statement of work agreements and data processing agreements.

Associate


Palo Alto

[email protected]

T + 1 650 251 5930

Yana Komsitsky is an associate in the Firm’s Palo Alto office. Ms. Komsitsky focuses her

practice on domestic and international employment and data privacy law. She advises

on a range of employment matters, from pre-employment and global workforce

management to terminations and disputes.

Ms. Komsitsky provides strategic counseling on all matters related to managing the

employment relationship, with particular emphasis on employment-related issues

arising out of cross-border transactions. She routinely assists US multinationals with

employment aspects of entering and doing business in new jurisdictions across the

globe, including pre-hire matters, engagement of independent contractors, employee

transfer, workplace policies and global code of conduct implementation, data privacy

compliance, whistleblower policy and hotline implementation, confidential and

proprietary information and non-compete agreements, and planning and

implementing reductions in force and performance terminations.

American Bar Association

State Bar of California - International Law and Labor & Employment Law

Sections

Yana Komsitsky

Biography

Practice Focus

Professional Associations and Memberships

Related Expertise

Employee Benefits & EquityServices

Employment & Compensation

http://www.bakermckenzie.com/en/people/k/komsitsky-yana 1

Law Society of England & Wales - Non-practicing member

England & Wales~United Kingdom (2009)


College of Law of England and Wales (L.P.C. Distinction) (2007)

College of Law of England and Wales (Graduate Diploma Law Commendation) (2005)

New York University (B.A. Art History and Journalism cum laude) (2003)



Admissions

Education

http://www.bakermckenzie.com/en/people/k/komsitsky-yana 2

Partner


San Francisco

[email protected]

T + 1 415 591 3211

F + 1 415 576 3099

Barbara Klementz is the managing partner of the Firm's San Francisco and Palo Alto

offices. She also leads the San Francisco/Palo Alto Global Equity Services subpractice

and co-leads the San Francisco/Palo Alto Compensation and Employment Law Practice

Group. She has practiced in the area of global equity and executive compensation for

seventeen years and currently serves on the Board of Directors of the Global Equity

Organization. Barbara has authored several articles on global equity issues for the

BNA Executive Compensation Journal, Journal of Corporate Taxation and San

Francisco and Los Angeles Daily Journal, among others, and she is the author of a blog

on global equity related topics called the Global Equity Equation. She is also a

frequent speaker on a variety of global equity topics. Barbara has been recognized as a

ranked practitioner by Chambers USA 2017. Chambers states that she "consistently

delivers top-notch assistance and work product, and is a true expert in the field."

Barbara is admitted to private practice in California and Düsseldorf, Germany.

Barbara focuses her practice on global equity compensation programs, employee

benefits and executive compensation. She regularly advises multinational companies

on implementing their equity compensation programs worldwide — particularly as it

relates to tax and securities law matters and exchange control regulations. Barbara

also frequently advises on the treatment of such programs in corporate spin-offs and

The Global Equity Equation

Author, "China SAFERequirements for Equity-BasedAwards," Baker & McKenzie LLP,October 2016

Author, "What To Do WhenYour Board Goes Global," ABABusiness Tax Quarterly, August2016

Author, "Boots on the Ground:

Barbara Klementz

Biography

Practice Focus

Related Expertise

Employee Benefits & EquityServices

Employment & Compensation

Global Equity Services

Languages

English

French

German

http://www.bakermckenzie.com/en/people/k/klementz-barbara 1

other corporate transactions, as well as on the tax treatment of cross-border

employees.

Advised on regulatory and tax issues surrounding employee equity awards in

over 40 countries related to Computer Sciences Corporation’s merger with a

subsidiary of a global technology company to form an independent, public

company, DXC Technologies, Inc.

Advised Symantec Corporation on the global tax and regulatory consequences

surrounding their equity awards in the USD 6.3 billion sale of its information

management and storage unit, Veritas Technologies Inc., to The Carlyle Group, a

private investment firm specializing in global alternative asset management.

Advised Citrix Systems, Inc. on the tax and legal issues affecting equity awards

held by employees of GetGo subsidiary in spin-off and subsequent merger with

LogMeIn.

Advised semiconductor company on international equity compensation issues

related to spin-off of subsidiary.

Advised Fortune 100 software company on implementation of RSU program in

approximately 90 countries.

Advised Fortune 100 software company on tax and regulatory issues related to

adjustment of equity awards as a result of extraordinary dividend distribution.

Represented internet company in assuming various equity plans operated by

acquired companies and advised on related tax and regulatory issues.

Provided advice on tax treatment of cross-border transferring employees with

regard to outstanding equity awards.

Advised semiconductor company on implementation of global recharge

program for equity awards in 25 countries.

Ranked Practitioner, Chambers USA, Employee Benefits & Executive

Compensation, 2017

Recognized Practitioner, Chambers USA, Employee Benefits & Executive

Compensation, 2016

Recognized Lawyer, Legal 500, Employee Benefits & Executive Compensation,

2016

Employment Considerations forCompanies Expanding Abroad,"BNA Corporate CounselWeekly, August 2013

Author, "The Global Side ofOption Exchange Programs,"BNA Pension & Benefits Daily,January 2013

Author, "Ten Best Practices forGranting Global EquityAwards," Baker & McKenzie LLP,May 2011

VIEW ALL


Professional Honors


Named one of Silicon Valley's "Incubators of Innovation," The Recorder, 2015

Global Equity Organization - Board of Directors

National Association of Stock Plan Professionals

State Bar of California

San Francisco Bar Association

Düsseldorf~Germany (1999)


University of San Francisco School of Law (LL.M. International & Comparative Law)

(2000)

University of Bonn (Assessor Exam) (1998)

University of Bonn (First State Exam) (1995)




Admissions

Education


Partner


Palo Alto

[email protected]

T + 1 650 856 5541

Matthew Gemello is a corporate/M&A partner in Baker McKenzie's Palo Alto office and

the chair of the Firm's North America Corporate & Securities Practice Group. Mr.

Gemello is also chair of the Firm's North America Pro Bono Practice. He has been

frequently recognized as a leading lawyer by multiple publications and peer surveys,

and was recently selected by the San Francisco and Los Angeles Daily Journal as being

one of the Top 10 Innovative Corporate Lawyers in California.

Mr. Gemello guides technology companies and their financial sponsors through

transformational corporate transactions. These deals range from private company

buyouts and public takeovers in the United States and around the world, to complex

multijurisdictional spinoffs and business carve-outs.

Advised a global communications company in multiple domestic and cross-

border transactions including public and private acquisitions, dispositions and

spin-offs of major business units.

Advised a global semiconductor company in connection with multiple domestic

and cross-border acquisitions.

Advised a global technology company in connection with multiple domestic

Baker & McKenzie Cross BorderIndex Q3 2015

Matthew R. Gemello

Biography

Practice Focus


Related Expertise

Capital Markets

Consumer Goods & Retail

Financial Institutions

Joint Ventures & StrategicAll iances

Mergers & Acquisitions

Private Equity

Previous Offices

San Francisco

Languages

English

Publications

http://www.bakermckenzie.com/en/people/g/gemello-matthew-r 1

and cross-border acquisitions.

Advised a leading global private equity fund in connection with multiple

cross-border acquisitions.

Advised a global network solutions company in connection with a Dutch-based

joint venture with a global telecommunications company.

Advised a global biotechnology company in connection with multiple cross-

border transactions including multi-jurisdictional dispositions and spin-offs of

major business units.

Advised a South American winery in connection with a major brand acquisition

in the United States.

Advised a global pharmaceutical company in connection with the disposition

of its Asia Pacific business.

Advised a global renewal products company in connection with an

ethanol-based joint venture in Brazil.

Advised a global electronics manufacturing company in connection with

domestic and cross-border acquisitions and divestitures.

VIEW ALL

American Bar Association - Business Law Section

Keys School - Trustee, Board of Trustees

State Bar of California - Business Law Section

San Mateo County Bar Association - Business Law Section

Youth Law Center - Member, Board of Directors


Northwestern University School of Law (J.D.) (1997)

University of California at San Diego (B.A. American History) (1993)



Foreign Suitors Snatching UpMore US Companies

M&A: Good Practices & BadPit fa l ls

A New Frontier: SuccessfullyNavigating the Pitfalls andParadigms of Cross-BorderMergers and Acquisitions

Winning Strategies inInternational Cross-BorderDeals: Top 10 Keys to Successfor In-House Counsel

Legal Opinions in BusinessTransactions (excluding theRemedies Opinion)

Corporation Committee of theBusiness Law Section of theState Bar of California

Handbook for Incorporating aBusiness in California


Admissions

Education

http://www.bakermckenzie.com/en/people/g/gemello-matthew-r 2

Partner


San Francisco

[email protected]

T + 1 415 984 3886

Veronika A. Nemeth began her career with Baker McKenzie as a summer associate in

the San Francisco/Palo Alto and Frankfurt offices during the Summer of 1998. In 1999,

she joined the Firm’s San Francisco/Palo Alto office as an associate and then became a

partner in 2007. Ms. Nemeth currently serves as the Professional Development

Partner of the Firm’s San Francisco/Palo Alto office.

Ms. Nemeth focuses primarily on global corporate restructuring projects, including

post-acquisition integrations, pre-transaction separations and tax-planning

restructurings. In addition, she counsels clients on a range of general international

corporate and commercial issues.

Ms. Nemeth represents mostly multinational clients in a variety of industries

including the software, hardware, life sciences and retail sectors. She has significant

experience with the implementation of both large and small-scale international

corporate restructuring projects, including several high-profile post-acquisition

integrations and spin-off transactions.

She also assists clients with the formation and ongoing governance of foreign

subsidiaries and advises on documenting intercompany and other commercial

transactions.

Veronika A. Nemeth

Biography

Practice Focus

Related Expertise

Compliance & Investigations

Consumer Goods & Retail

Corporate Compliance &Governance

Corporate Reorganizations

Design, Sourcing &Manufacturing

Franchise & Distribution

Information Technology &Communications

International Commercial &Trade

International Trade

IP Transactions

Marketing, Regulatory &Publ ic

Mergers & Acquisitions

http://www.bakermckenzie.com/en/people/n/nemeth-veronika-a 1


University of California at Berkeley (Boalt Hall) (J.D.) (1999)

Georgetown University (B.S.F.S. Honors) (1995)

L'Institut d'Etudes Politiques (Certificate d'Etudes Politiques) (1994)



Contributed toPost-Acquisition IntegrationHandbook

Contributed to Pre-TransactionRestructuring Handbook

"Companies Must ExamineWork Provided by AuditorsWorldwide," article on theinternational implications ofthe auditor independence rulesof Sarbanes-Oxley article, SFDaily Journal, October 22, 2002

Presented on the formation andmaintenance of internationalsubsidiaries

Admissions

Education

Risk Protection

Sales & After Sales

Tax Optimized IP

Languages

English

French

German

http://www.bakermckenzie.com/en/people/n/nemeth-veronika-a 2

GDPR 2.0 ACC “Deal or No Deal”

November 9, 2017

© 2017 Baker & McKenzie LLP

Speaking Today

2

Barbara Klementz Partner (415) 591-3211 [email protected]

Margaret Bang Director, Legal at Gigamon (650) 804-6088 [email protected]

Matthew Gemello Partner (650) 856-5541 [email protected]

Yana Komsitsky Associate (650) 251-5930 [email protected]

Click icon to add picture

Lothar Determann Partner +1 (650) 856-5533 [email protected]

1 GDPR Compliance

Let the preparation begin…


Tasks

8

§  Records of data processing activities (aka 'maps') §  Accountability documentation: dossier §  Vendor & intercompany contracts §  Data protection by design, toms §  Notices

2 In-House Perspective


Determine Which Articles Mainly Apply to Your Business

10

§  Are you a B2B or B2C Company? §  Focus: Employee Personal Information or Customer Personal

Information. §  There are 99 Articles in the General Data Protection Act (GDPR); Which

Articles mainly apply? §  Dossier


Work with Business Units to Collect Data & Establish an Internal Privacy Team

11

§  Work with Business Units to identify which vendors receive personal information on EU data subjects §  HR, IT, Marketing, Finance, Sales §  Confirm which vendor agreements are relevant

§  Identify Key Stakeholders to participate on Privacy Team


Create an Infrastructure for Filing and Tracking Documents

12

§  Consider setting up an online file system to mirror the Articles in the Dossier

§  Organize Data in a manner allowing support of multiple Article requirements simultaneously §  Create a Vendor Matrix


Navigate International Data Transfers

13

§  Article 46 §  Standard Contractual Clauses (Data Processing Agreements), Privacy

Shield or Binding Corporate Rules? §  Variations and Challenges posed by dealing with many vendors

§  Privacy Shield Certified - Vendor Agreement Only §  Large SaaS Providers – Post their own agreements on their websites

and agree to comply with all transfer mechanisms and vendor requirements under the GDPR (but they won’t sign agreements)


Determine Justification for Data Processing & Information to be Provided to Data Subjects when Collecting Personal Data

14

§  Article 6 - Consent §  "Legitimate Interest" is our primary justification for processing Personal

Information §  Internal Administrative Work (HR/Benefits) §  Protect and Preserve our network and computer system (IT)

§  Article 13 - Information to be provided when collecting Personal Information from Data Subjects §  Employee Onboarding:

§  "Notice Regarding the Monitoring of Gigamon Computer Systems" – Most of the information required to be provided under Article 13 is included in this Notice regarding IT related data

§  "Data Processing Notice" – Most of the information required to be provided under Article 13 is included in this Notice regarding human resource related data


Provide Training

15

§  Marketing – Review Marketing Protocol – consent/unsubscribe requirements for email and phone communication

§  Human Resources – Notice Regarding the Monitoring of Gigamon Computer Systems, Data Processing Notice, Whistleblowing agreements

§  Data Subject Requests – Managing Data subject request with vendors and key stake holders (Art 12-22)

§  Data Security Measures and Personal Data Breach Management.

3 Privacy in the Deal


Privacy in the Deal

17

§  Increased focus in M&A and other corporate transactions §  Key considerations @ deal kickoff §  Due diligence: contemporaneous yet often competing activities §  Allocation of liability for noncompliance

§  Impact of rep and warranty insurance §  Compliance in post acquisition reorganizations

4 Employee Privacy


Justification for Processing HR Data

19

§  Identify data processed, location and extent of processing §  Consider whether minimization is required §  Determine if each type of data processing is legally justified

§  Contract, local law, legitimate interests OR §  Consent – a last resort

§  Can it be freely given by an employee? §  May be withdrawn

§  Vendors with access to HR data and other third parties §  Existing or new terms?


Adequate Transparency

20

§ §  Create new or update notices to meet new robust requirements: Create new or update notices to meet new robust requirements: §  Employees §  Employees §  Employee data protection notice §  IT monitoring/security/acceptable use policy §  Hotline notice (if applicable), consider addressing recent local

§  Hotline notice (if applicable), consider addressing recent local law compliance changes §  Job applicants

§  Candidate statement on job portal, elsewhere? law compliance changes

§  Employees’ beneficiaries, contractors, others


Adequate Transparency (Cont’d) Adequate Transparency (Cont’d)

21

21

Specify, among other things, all of the following: § §  Employer and DPO/privacy contact information

Specify, among other things, all of the following: §  Purposes and legal basis for processing §  Categories of recipients §  Description of non EU transfers, including details of safeguarding

§  Employer and DPO/privacy contact information §  Retention period §  Purposes and legal basis for processing


Adequate Transparency (Cont’d)

22

§  Whether provision of data is required §  Whether provision of data is required §  By statute or contract, or optional §  Consequences of failing to provide

§  By statute or contract, or optional § §  Consequences of failing to provide

§  If automated decision making will take place § 

§  Finalized wording (possibly, even extent of processing) Implementation of updated employee privacy documentation

© 2017 Baker & McKenzie LLP 23

§  New requirements/risks §  New requirements/risks

§ New processes

§  Data Protection Impact Assessments §  Data security breaches

§  Data intake and governance, including legacy HR data

The image cannot be displayed. Your computer may not have enough memory to open the image, or the image may have been corrupted. Restart your computer, and then open the file again. If the red x still appears, you may have to delete the image and then insert it again.

5 Employee Share/Incentive Programs


Background

25

§  US companies granting stock options and other share-based or incentive awards to employees of subsidiaries in Europe

§  Awards administered by US parent company, usually with assistance from US-based broker (e.g., E*Trade, Fidelity, Charles Schwab)

§  Employee personal data maintained by US parent and US broker (to administer employee’s participation in plan) §  Services agreement entered into between US parent and US broker §  Grant agreement entered into between US parent and employee §  Participant agreement entered into between US broker and

employee


Landscape under Privacy Directive

26

§  Most companies (and US brokers) relying on employee’s consent to collect, process and transfer employee data (to administer employee’s participation in plan)

§  Consent included in grant agreement and participant agreement (or may have been obtained separately) §  Need express acceptance §  Issue of informed/coerced employee consent

§  Some companies relying on Safe Harbor/Privacy Shield, Model Contractual Clauses or Binding Corporate Rules, but won’t cover transfer of data to broker

§  Some companies argue that collection/processing/transfer necessary for execution of grant agreement (notification sufficient), but uncertain if covers transfer of data to broker


Changes under GDPR

27

§  Still able to rely on consent? §  Coercion issue unchanged under GDPR §  If continue to rely on consent, update consent language to reflect GDPR

and require separate acceptance (may need separate consent language for rest of world)

§  Alternatively, could rely on Privacy Shield, MCC or BCR or legitimate aim defense to justify transfer to US parent §  But would need to require US broker to enter into MCC with US parent to

cover onward data transfer (not all brokers may agree)

6 Commercial Contracts, Negotiations


Commercial Implications

29

§  Services contracts inbound, outbound §  SCC 2010, Privacy Shield, BCR in practice

7 Q&A and take-aways

Baker & McKenzie LLP is a member firm of Baker & McKenzie International, a Swiss Verein with member law firms around the world. In accordance with the common terminology used in professional service organizations, reference to a "partner" means a person who is a partner, or equivalent, in such a law firm. Similarly, reference to an "office" means an office of any such law firm. This may qualify as "Attorney Advertising" requiring notice in some jurisdictions. Prior results do not guarantee a similar outcome.


www.bakermckenzie.com

DEALORNODEAL2017:EPISODEVII–THELASTCONTRACT

________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________ ________________________________________________________________