Home

What does it mean to demonstrate compliance under the GDPR? What kind of documentation is expected from an organisation to show that they meet their legal requirements? Nymity is midway through a 3-year project on demonstrating compliance to regulators to help provide more clarity on this issue, as published in a recent paper Demonstrating Compliance to Regulators. In a series of workshops with companies and data protection authorities and several conference sessions, we discuss a structured approach to ensure your documentation is in order, should you be subject to an audit, investigation or inspection. In addition, we provide you with an up-to-date overview of the developments regarding certification of data protection compliance. Can this new option provided by the GDPR become a success, and if so, under what conditions?

During this webinar, you will hear about our learnings to date, as well as about the questions that are still up for discussion.

Registration Link: https://attendee.gotowebinar.com/register/3850584661200700417

Free IAPP Web Conference
Brought to you by OneTrust

Operationalizing GDPR and Privacy By Design
What to Automate in Your Privacy Program

Broadcast date: Thursday, September 21, 2017
Time: 11:00 a.m.—12:00 p.m. EDT, 3:00—4:00 p.m. UTC

To operationalize GDPR, companies will need to build the principles of privacy by design into all their business processes. Join us for this educational web conference, and learn about the different parts of a privacy program, from PIA/DPIAs, data mapping, consent management, and cookie compliance to subject rights requests and vendor risk management. Discover how your organization can streamline privacy management through software automation, and where people are absolutely essential in the process.

Panelists:
• Ron De Jesus, CIPP/A, CIPP/C, CIPP/E, CIPP/US, CIPM, CIPT, FIP, Coach, Inc. Director, Privacy Compliance
• Julie Inderlied, CIPM, Chief Privacy Officer, Brambles
• Brian Philbrook, CIPP/US, CIPP/E, CIPM, CIPT, Privacy Counsel, OneTrust

In connection with this sponsored web conference (called the “Innovation Series,”) the IAPP provides an attendee list to the sponsor(s) of the Innovation Series for that particular web conference, which includes attendee names, titles, organizations and email addresses.

We have contracted with the sponsors so that they are:

• Only allowed to contact you about the subject of the Innovation Series;
• Not allowed to pass your email to a third party;
• Not allowed to retain your email if they have not established a business relationship with you after six months; and
• Obligated to provide you with a proper opt-out mechanism to prevent subsequent communications.

If you do not wish for your information to be passed along to the Innovation Series sponsor(s), you should not sign up for this free web conference. Alternatively, you may access the archive of the Innovation Series without providing information to sponsors. However, access to the archive is not live and provides less functionality.

Eligible CPEs: CIPP/A, CIPP/C, CIPP/E, CIPP/G, CIPP/US, CIPM and CIPT
1.0 CPE credit

Apart from just showing internally that you are compliant with the law, many companies are also looking for more public ways to confirm that they are meeting their data protection obligations. The GDPR offers various options to do so: adherence to a (sectoral) code of conduct, the development of Binding Corporate Rules or certification.

Article 42 and 43 GDPR allow for the development of certification mechanisms, seals and trust marks to demonstrate compliance with the provisions of the Regulation. In addition, the GDPR offers the possibility to non-EU data controllers, to certify their privacy program to assert they have implemented appropriate safeguards for data protection. This specific certification would allow for data transfers, even when no adequacy decision is in place. Nymity currently has a research project ongoing that looks into the various elements of GDPR certification.

During this webinar, we will look at both past and current certification mechanisms across the world and discuss lessons learned, based on our research project. Next, we will look ahead at what certification mechanisms under the GDPR could look like and why companies should consider to certify their privacy programs or their privacy technology. This will include the question if, and to what extent, Binding Corporate Rules could be regarded as a form of certification. Finally, we will discuss with representatives of the Article 29 Working Party what their guidance on the use of certifications under the GDPR could entail.

Registration Link: https://register.gotowebinar.com/register/4045464301131086849

New TrustArc / IAPP Benchmarking Research on Current Compliance and High Priority Risk Areas

The EU GDPR presents compliance challenges for organizations across the globe. With the compliance clock ticking, companies have to prioritize where to invest their efforts and resources in the run up to potential enforcement actions from May 2018 onwards. TrustArc and the International Association of Privacy Professionals (IAPP) have conducted research benchmarking current compliance and what companies considered the highest priority areas, the risks of non-compliance and what can help – whether outside counsel or technology solutions.

Register now for this webinar to hear first hand:
– Ranking of top GDPR compliance risks from over 500 privacy professionals
– Differing compliance concerns between US and EU-based companies
– Most common steps taken to mitigate compliance risks
– Analysis of the findings from leading privacy experts at IAPP and TrustArc

Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar!

Webinar Speakers:

Sam Pfeifle
Content Director, IAPP – International Association of Privacy Professionals

Hilary Wandall
General Counsel & Chief Data Governance Officer, TrustArc

Insights and best practices for managing individual rights under the GDPR. The GDPR introduces new individual rights for consumers such as the right of deletion, rectification and data portability – and non-compliance can lead to the highest level of fines. Many regulators are planning consumer campaigns that are likely to increase awareness and action on these new data subject access rights once the GDPR comes into effect on May 26th. What are your obligations? What volume of requests should a company prepare for? What best practices and tools are available to support these new requirements? This webinar will provide insights and best practices for managing individual rights under the GDPR. *IAPP CPE credits available* Can’t make it? Register anyway – we’ll automatically send you an email with both the slides and recording after the webinar! Webinar Speakers Steve Wright Data Protection & Information Security Officer, John Lewis Partnership Jacqueline Cooney Senior Director Privacy and Cybersecurity, Paul Hastings LLP Janalyn Schreiber Consulting Director, East, TrustArc