Scribd Logo
Upload

Welcome to Scribd!

  • Demonstrating Compliance & The Role of Certification Under The GDPR

    Uploaded by

    TrustArc
    49 views16 pages
    Watch the webinar on-demand: https://info.trustarc.com/demonstrating-compliance-certification-role-gdpr-webinar.html The role of certification in GDPR compliance and broader global interoperability of privacy frameworks The EU GDPR creates a new compliance standard – demonstrable accountability. As companies respond increasingly requests from partners to confirm their GDPR compliance status, many are looking for the best way to do this. Articles 42-43 of the GDPR includes provision for Certification bodies to assess compliance and in certain instances issue an EU Data Protection Seal. What are the requirements for certification, how will these programs be operated and how soon will they be available to companies? Watch this webinar on-demand as our speakers: - Review the legal framework - Discuss the role of certification in GDPR compliance and broader global interoperability of privacy frameworks To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

    Original Title

    Demonstrating Compliance & the Role of Certification Under the GDPR

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Watch the webinar on-demand: https://info.trustarc.com/demonstrating-compliance-certification-role-gdpr-webinar.html The role of certification in GDPR compliance and broader global interoperability of privacy frameworks The EU GDPR creates a new compliance standard – demonstrable accountability. As companies respond increasingly requests from partners to confirm their GDPR compliance status, many are looking for the best way to do this. Articles 42-43 of the GDPR includes provision for Certification bodies to assess compliance and in certain instances issue an EU Data Protection Seal. What are the requirements for certification, how will these programs be operated and how soon will they be available to companies? Watch this webinar on-demand as our speakers: - Review the legal framework - Discuss the role of certification in GDPR compliance and broader global interoperability of privacy frameworks To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    49 views16 pages

    Demonstrating Compliance & The Role of Certification Under The GDPR

    Uploaded by

    TrustArc
    Watch the webinar on-demand: https://info.trustarc.com/demonstrating-compliance-certification-role-gdpr-webinar.html The role of certification in GDPR compliance and broader global interoperability of privacy frameworks The EU GDPR creates a new compliance standard – demonstrable accountability. As companies respond increasingly requests from partners to confirm their GDPR compliance status, many are looking for the best way to do this. Articles 42-43 of the GDPR includes provision for Certification bodies to assess compliance and in certain instances issue an EU Data Protection Seal. What are the requirements for certification, how will these programs be operated and how soon will they be available to companies? Watch this webinar on-demand as our speakers: - Review the legal framework - Discuss the role of certification in GDPR compliance and broader global interoperability of privacy frameworks To register for upcoming/on-demand webinars visit: https://www.trustarc.com/events/webinar-schedule/

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 16

    PRIVACY INSIGHT SERIES

    Summer / Fall 2017 Webinar Program

    Demonstrating Compliance & the


    Role of Certification Under the GDPR

    December 6th, 2017

    © 2017 TrustArc Inc Proprietary and Confidential Information


    Thank you for joining the webinar

    “Demonstrating Compliance & the Role of


    Certification Under the GDPR”

    • This webinar will be recorded – both the recording and


    slides will be sent out via email later today

    • Please use the GotoWebinar Control Panel on the right


    hand side to submit any questions for the speakers

    2 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Today’s Speakers

    Karolina Rosemary Jay


    Mojzesowicz Senior Consultant
    Deputy Head of Unit Attorney, Hunton &
    Data Protection, Williams LLP
    European
    Commission

    Eduardo Ustaran Josh Harris


    Partner, Hogan Director of
    Lovells International
    Regulatory Affairs,
    TrustArc

    3 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Today’s Agenda

    • Intro and Overview


    • Article 42 Description - Structure and Overview
    • The Business Impact of GDPR Certification
    • The Role of the EC and other Authorities and
    Next Steps
    • Q and A

    4 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    PRIVACY INSIGHT SERIES
    Summer / Fall 2017 Webinar Program

    Article 42 Overview
    Rosemary Jay
    Senior Consultant Attorney, Hunton & Williams LLP

    © 2017 TrustArc Inc Proprietary and Confidential Information


    What is the purpose of certification?

    • Certification is a way of showing publicly that


    specific processing of personal data by a data
    controller or data processor is compliant with the
    GDPR or selected aspects of the GDPR;
    • For example, that a data processor has
    appropriate security for a particular kind of data
    processing, or that a third party outside the EEA
    has a compliance system in place which meets
    GDPR standards and will be applied to protect
    personal data after transfer.

    6 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Who is involved?

    • Certification is carried out by an approved


    organisation (called a certification provider);
    • The certification provider examines the
    processing operation for which the controller or
    processor seeks certification; and
    • Assesses that operation against a set of
    previously approved standards applicable to
    processing of that type.
    • If the processing operation meets the standard
    the certification provider awards the certification.

    7 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    The actors

    • The standards for the different types of


    processing are set either by the Board (the
    EDPB) or by supervisory authorities;
    • The Board can set pan-EU standards which can
    become an EU “data protection seal”.
    • Certification providers are approved by
    supervisory authorities or the national
    accreditation body working with the supervisory
    authority.
    • Supervisory bodies can also issue certificates.

    8 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Common questions

    • Can any type of processing operation be covered


    by a certificate?
    • Will certificates have national effect or pan-EU
    effect or be mutually recognised across
    jurisdictions?
    • Can certificates be withdrawn?
    • Will certificates be expensive to obtain?
    • How difficult will the process be to obtain a
    certificate?
    • How long will certificates last?

    9 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    PRIVACY INSIGHT SERIES
    Summer / Fall 2017 Webinar Program

    The Business Impact of GDPR


    Certification
    Eduardo Ustaran
    Partner, Hogan Lovells

    © 2017 TrustArc Inc Proprietary and Confidential Information


    Why Certification?

    • Demonstrating accountability and compliance


    (Arts. 5 and 24)
    • Demonstrating data protection by design and by
    default (Art. 25)
    • Demonstrating "safe processor" status (Art. 28)
    • Demonstrating security (Art. 32)
    • Legitimising international data transfers (Art. 46)
    • Decisions over fines (Art. 83)

    11 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Role in relation to international dataflows

    • 3 step approach to legitimising dataflows:


    – Adequacy in third jurisdiction
    – Appropriate safeguards
    – Derogations

    • Appropriate safeguards:
    – Binding Corporate Rules
    – Contractual solutions
    – Codes of conduct & certification + binding &
    enforceable commitments to apply safeguards

    12 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    Business advantages

    • Legal certainty for an uncertain world

    • Optional nature will lead to market differentiation

    • Recognition by regulators

    • Likely to join BCR as 'gold standard' for transfers

    13 Privacy Insight Series - trustarc.com/insightseries © 2017 TrustArc Inc


    PRIVACY INSIGHT SERIES
    Summer / Fall 2017 Webinar Program

    The Role of the EC and other Authorities


    and Next Steps

    Karolina Mojzesowicz
    Deputy Head of Unit Data Protection, European Commission

    © 2017 TrustArc Inc Proprietary and Confidential Information


    PRIVACY INSIGHT SERIES
    Summer / Fall 2017 Webinar Program

    Questions?

    Josh Harris jharris@trustarc.com

    © 2017 TrustArc Inc Proprietary and Confidential Information


    PRIVACY INSIGHT SERIES
    Summer / Fall 2017 Webinar Program

    Thank You!
    Please take a quick minute and complete our post-webinar survey
    that will appear as you exit the GoToWebinar platform.

    Keep an eye out for the upcoming Winter / Spring schedule


    that will be released soon and view past webinar recordings
    at: https://www.trustarc.com/insightseries

    © 2017 TrustArc Inc Proprietary and Confidential Information

    You might also like