O slideshow foi denunciado.
Utilizamos seu perfil e dados de atividades no LinkedIn para personalizar e exibir anúncios mais relevantes. Altere suas preferências de anúncios quando desejar.

EU General Data Protection Regulation

2.731 visualizações

Publicada em

On 14/4/2016 EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it - deadline: 25/05/2016

Publicada em: Direito
  • I think you need a perfect and 100% unique academic essays papers have a look once this site i hope you will get valuable papers, ⇒ www.HelpWriting.net ⇐
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui
  • Dear Ramiro, Glad you liked my slide about GDPR Actors (slide 5) and I am ok for you to reuse it, but I would appreciate if you could to mention the credit. Thank you Giampiero Nanni - Government Affairs - Legal and Public Affairs - Symantec.
    Tem certeza que deseja  Sim  Não
    Insira sua mensagem aqui

EU General Data Protection Regulation

  1. 1. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Ramiro Cid | @ramirocid EU Data Protection regulation:  General Data Protection Regulation (GDPR)
  2. 2. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 2 Index 1. Approval process Slide 3 2. Main actors Slide 5 3. Main changes introduced by the GDPR Slide 6 4. Economic penalties Slide 10 5. Sources used to expand knowledge Slide 11
  3. 3. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 3 1. Approval process Proposed Formal approval Common position of the European Parliament "Trilogue" Agreed Final 2015 Common position of the Council of Europe Application in the 28 EU Member States January 2012  May 2018  April 14th  2016  2nd half of 2015 June 2015  March 2014 Time adjustment / adaptation: 2 years
  4. 4. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 4 1. Approval process Approval main dates:  14/4/2016: EU Data Privacy had been approved the regulation which is, nowadays, mandatory. However companies have 2 years to carry out its suitability before receiving an economic penalty for not having completed it.  04/05/2016: EU Data Privacy regulation had been published in the official bulletin of the European Union, after 20 days (25/05/2016) the new EU Data Privacy regulation became official. (*) (*) Published here: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC
  5. 5. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 5 2. Main actors Image courtesy of: Symantec Corporation
  6. 6. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 6 a) The need for registration files to the National Data Protection Authorities is deleted. However, both the responsible and the person in charge of treatment should keep a written record, of the treatments they made. b) The “main establishment responsible” means the place of central administration in the EU with the exception that if the purposes and means of processing are done in another state that this will determined to be the principal establishment. c) Reinforce the need to test and demonstrate compliance with the regulation by the Head of treatment through the adoption and implementation of policies and measures. d) The applicant must give express consent . This consent must be freely given, specific, informed and unequivocal. For minors, a range of age between 13 and 16 years is set to give consent validly. 3. Main changes introduced by the GDPR
  7. 7. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 7 e) It is mandatory to report at the time of data collection. In addition, you will have to inform of the contact  details of the DPO, the shelf life of the data and the right to file a complaint, if necessary, to the  Supervisory Body. f) Concerning the processing of personal data related to convictions and criminal offenses it is restricted to  public authorities. g) Nothing new about ARCO rights, however, new rights have been incorporated: the right of withdrawal  (related to the right to forget), the right to limitation of the data and the right to data portability. h) Introduction of the "Privacy by Design“ which consists on data protection by design and by default. The  concept is introduced into any new project that sustain a business. In addition, two new duties are  established: impact assessments when treatment is likely to be high risk and prior consultation to the  Supervisory Body, when an impact assessment is carried out. 3. Main changes introduced by the GDPR
  8. 8. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 8 i) Technical and organizational measures to ensure a level of security appropriate to the risk stockings have  to be applied in security measures. j) Obligation to notify within 72 hours (from detection), about any violation of data security to the Control  Authority and, in certain cases, the person concerned is established. k) Introduction of the leading figure “DPO” (Data Protection Officer) in large‐scale treatments. l) Two new documents are introduced: a) code of conduct and b) certifications which help to ensure the  people who are outside that Regulation. A new European Data Protection seal has been created. 3. Main changes introduced by the GDPR
  9. 9. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 9 m) Regarding to international transfers, we distinguish between 4 scenarios: 1º list of countries which ensure an adequate level of safety, 2º the authorizations granted before the Regulation becomes effective shall remain valid until they are repealed, amended or replaced by the Control Authority or the Commission; 3º transfers will be delivered by courts and; 4º the criterion of exceptions regulated in the above Directive is maintained. n) In this sense, when treatment is related to the supply of goods and services or monitoring of behaviors, those responsible, who are not established in the EU, will have the obligation to appoint a representative. o) Control Authorities, shall cooperate, provide mutual assistance and establish consistency mechanisms  for the implementation of the Regulation. p) Penalties of 10 million or up to 2% of the turnover of the previous year and 20 million or up to 4% of the  turnover of the previous year will be set. 3. Main changes introduced by the GDPR
  10. 10. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid 10 4. Economic penalties The General Data Protection Regulation (GDPR) have big economic penalties which will start to be real after 2 years this regulation was approved so: May 2018 Penalties of 10 millions or up to 2% of global turnover for the previous year and 20 millions or up to 4% of global turnover for the previous year are established
  11. 11. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid  “General Data Protection Regulation (GDPR)” complete text + Formal approval | Eur-Lex Access to European Union Law URL: http://eur-lex.europa.eu/legal-content/EN/TXT/?uri=uriserv:OJ.L_.2016.119.01.0001.01.ENG&toc=OJ:L:2016:119:TOC  Reform of EU data protection rules | Eur-Lex Access to European Union Law URL: http://ec.europa.eu/justice/data-protection/reform/index_en.htm  Agreement on Commission's EU data protection reform will boost Digital Single Market - Press release | European Commission website URL: http://europa.eu/rapid/press-release_IP-15-6321_en.htm  Questions and Answers - Data protection reform | European Commission website URL: http://europa.eu/rapid/press-release_MEMO-15-6385_en.htm  “General Data Protection Regulation” - Wikipedia URL: https://en.wikipedia.org/wiki/General_Data_Protection_Regulation 5. Sources used to expand knowledge
  12. 12. ramirocid.com ramiro@ramirocid.com Twitter: @ramirocid Questions? Many thanks ! Ramiro Cid CISM, CGEIT, ISO 27001 LA, ISO 22301 LA, ITIL ramiro@ramirocid.com @ramirocid http://www.linkedin.com/in/ramirocid http://ramirocid.com http://es.slideshare.net/ramirocid http://www.youtube.com/user/cidramiro