EU Privacy Background for the Upcoming GDPR

Transcript

1. EU Privacy Background for GDPR Presented by Ben Holt Privacy

   Law Presentation with Taylor-Wessing and Stoel Rives January 2017

2. 2 US VS EU PRIVACY EU Privacy Article 8 and

   Data Protection Principles German Regulator UK Regulator General Data Protection Regulations French Regulator US Privacy HIPAA PCI Banking (GLB) Data Breach FCRA / FACTA COPPA DPPA

3. 3 ON YOUR RADAR – INTERNATIONAL PRIVACY • General Data

   Protection Regulations (2018) – Repeals • Data Protection Directive (95/46/EC) - Individuals • Council Framework Decision 2008/977/JHA – Police and Judicial • Privacy Shield Framework – Replacement for Safe Harbor – Are you in? • Brexit • Data Breach Plan

4. 4 SOME DEFINITIONS • Personal Data-Art. 4(1) – Personal data

   means any information relating to an identified or identifiable natural person ("data subject"); an identifiable person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. – Online Cookies!

5. 5 SOME DEFININTIONS • Sensitive Personal Data - Rec.10, 34,

   35, 51; Art.9(1) – Sensitive Personal Data are personal data, revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade-union membership; data concerning health or sex life and sexual orientation; genetic data or biometric data. Data relating to criminal offences and convictions are addressed separately.

6. 6 SOME DEFINITIONS • Processing - Art.4(2) – Processing means

   any operation or set of operations performed upon personal data or sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

7. 7 SOME DEFINITIONS • Controller - Art.4(7) – Controller means

   the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.

8. 8 SOME DEFINITIONS • Processor - Art.4(8) – Processor means

   a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.

9. 9 SOME DEFINITIONS • Data Breach - Art.4(12) – Data

   breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

10. 10 CAN DATA BE SILOED? US Data Storage EU Data

11. 11 EU REGULATIONS HAVE BITE Your Business Upcoming EU Regulations