EU General Data Protection Regulation webinars
The EU General Data Protection Regulation (GDPR) significantly reshapes the data protection landscape for organisations worldwide that collect and process the data of European residents. The Regulation also imposes fines up to 4% of annual global turnover or €20 million (whichever is higher), grants extended rights to data subjects and allows data subjects to bring legal action against organisations in case of data breach.
The GDPR comes into effect on 25 May 2018, which leaves organisations with less than 18 months to develop and update business processes, policies and systems to comply with the GDPR’s requirements.
To support organisations in their GDPR compliance projects, IT Governance has launched a second series of webinars:
Webinar topic: Accountability under the GDPR, and what it means for boards and senior management
Date: 19 January 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Alan Calder, founder and executive chairman of IT Governance
Description: The General Data Protection Regulation (GDPR) has major penalties for non-compliance. Boards and senior management are responsible for taking immediate steps to align their organisations with the requirements of the GDPR, and to protect the confidentiality, integrity and availability of the personal information of EU residents. This webinar is designed to update senior management and boards about the potential impact of the GDPR on their organisations, and provides an overview of:
-
The principle of accountability and what it means.
-
The application of the principle of accountability.
-
The task of developing policies and procedures that comply with the Regulation.
-
The need to raise GDPR awareness and provide employees with training.
-
The board’s responsibility to appoint a dedicated data privacy team or DPO.
-
The requirement to conduct data privacy audits and impact assessments.
Webinar topic: Privacy and the GDPR: How Cloud computing could be your failing
Date: 24 January 2017
Time: 3:00 – 3:45pm (GMT) with 15-minute Q&A at the end of the session
Presenter: Adrian Ross, IT Governance GRC consultant and Nigel Hawthorn, SkyHigh Networks European spokesperson
Read more >>
Description: The General Data Protection Regulation (GDPR) creates a new set of requirements for Cloud service providers processing the data of EU residents, regardless of whether or not the service provider is based or has operations in Europe. This webinar is designed to equip individuals involved in GDPR compliance and organisations storing data in the Cloud with an understanding of the GDPR’s requirements. The webinar will discuss:
-
An overview of the GDPR.
-
Breach notification requirements under the GDPR and a showcase of recent data breaches and their costs.
-
Organisations’ responsibilities when storing data in the Cloud, and the roles of controller and processor.
-
The outcome of subcontracting on Cloud service providers and notifications on activities in the Cloud.
-
The role and responsibilities of Cloud adoption.
-
ISO 27018 and implementing security controls for PII in the Cloud.
Webinar topic: GDPR requirements for Cloud providers
Date: 9 February 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Alan Calder, founder and executive chairman of IT Governance
Read more >>
Description: The General Data Protection Regulation (GDPR) creates a new set of requirements for Cloud service providers processing the data of EU residents, whether or not the service provider is based, or has operations, in Europe. To help Cloud service providers understand their GDPR compliance requirements, this webinar will deliver an overview of:
-
The GDPR and what it means for Cloud service providers.
-
The technical and organisational measures applicable to Cloud service providers.
-
The policies and procedures required by the GDPR.
-
The ‘privacy by design’ and ‘privacy by default’ requirements.
-
The rights of data subjects.
-
Breach notification obligations.
-
The impact of subcontracting on Cloud service providers.
-
ISO 27018 and implementing security controls for PII in the Cloud.
Webinar topic: Appointing a data protection officer (DPO) under the GDPR
Date: 9 March 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: Under the General Data Protection Regulation (GDPR), some organisations that collect and process the data of EU residents will be required to appoint a data protection officer (DPO). This webinar is designed to inform those organisations looking to appoint a DPO on the following:
-
The specific situation in which organisations are required to appoint a DPO.
-
The DPO’s relation to the controller, processor and senior management/the board.
-
The responsibilities of the DPO.
-
The function of data protection impact assessments under the GDPR.
-
The legal requirements for appointing a DPO.
Webinar topic: Data flow audit and data mapping for GDPR compliance
Date: 6 April 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: An essential step in preparing for compliance with the General Data Protection Regulation (GDPR) is conducting a data flow audit to map and identify the sources of your organisation’s personally identifiable information (PII). In light of this, we are offering a webinar that provides an overview of:
-
The regulatory landscape and its territorial scope.
-
The integration of standards and codes for risk management.
-
The operational, strategic, regulatory, statutory and contractual aspects of risk management.
-
The benefits and challenges of conducting a data flow mapping exercise.
-
The best techniques for data flow mapping.
Webinar topic: The GDPR and NIS Directive: Risk-based security measures and incident notification requirements
Date: 4 May 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: Both the General Data Protection Regulation (GDPR) and the Network and Information Security (NIS) Directive create new requirements for organisations to implement. To equip organisations that provide ‘essential services’ with a comprehensive understanding of the GDPR and NIS Directive requirements, this webinar provides an overview of:
-
The key implications of the GDPR.
-
The technical and organisational measures that organisations need to adopt to comply with the NIS Directive.
-
The GDPR and NIS Directive data breach notification requirements.
-
The risk-based security measures needed to create cyber resilience.
-
The policies and procedures required for breach notification and incident response.
Webinar topic: Data transfers to countries outside the EU/EEA under the GDPR
Date: 1 June 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: The General Data Protection Regulation (GDPR) creates a number of key practical implications for organisations that transfer the personal data of EU residents to countries outside the European Union. This webinar provides an overview of:
-
The Regulation itself.
-
The rights of data subjects and rights related to automated decision-making and profiling.
-
The international transfer of data and appropriate safeguards.
-
The derogations from general prohibition of data transfers outside the European Union.
-
The requirements that govern one-off and infrequent transfers of personal data.
-
The role of the supervisory authority in international transfers.
Webinar topic: Data protection by design and by default under the GDPR
Date: 6 July 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: The EU General Data Protection Regulation (GDPR) highlights how the principles of ‘privacy by design’ and ‘privacy by default’ are fundamental to ensuring that organisations protect the rights of data subjects. This webinar outlines:
-
The implications of data protection by design and by default.
-
The foundational principles of ‘privacy by design’.
-
The benefits of taking a ‘privacy by design’ and ‘privacy by default’ approach.
-
The role of privacy impact assessments in designing efficient and effective processes.
Webinar topic: Legal obligations for and responsibilities of data processors and controllers under the GDPR
Date: 3 August 2017
Time: 3:00 – 3:45pm (GMT)
Presenter: Adrian Ross, GRC consultant
Read more >>
Description: The General Data Protection Regulation (GDPR) imposes a significant number of obligations and responsibilities on controllers and processors. To help organisations that are seeking compliance to understand these implications, this webinar provides an overview of:
-
The definitions of ‘data controller’ and ‘data processor’ under the GDPR.
-
The responsibilities and obligations of controllers and processers.
-
The data breach reporting responsibilities of controllers and processors.
-
The liability of, and penalties that may be imposed on, data processers and controllers.
-
The appointment of joint controllers and the restrictions on subcontracting processors.
Did you miss the first series of EU General Data Protection Regulation webinars?
If you missed our previous EU GDPR webinar series, you can now watch the webinar recordings or download the presentation slides for each webinar.
Prepare for the EU GDPR (presented by Alan Calder)
Data breaches and the EU GDPR (presented by Adrian Ross)
The role of data protection officer (DPO) (presented by Adrian Ross)
Revising policies and procedures under the GDPR (presented by Richard Campo)
Data flow mapping for GDPR compliance (presented by Adrian Ross)
The EU GDPR and you: Requirements for marketing (presented by Richard Campo)
