Scribd Logo
Upload

Welcome to Scribd!

  • Privacy Shield Self-Certification - Privacy Insight Series Webinar

    Uploaded by

    TrustArc
    29 views25 pages
    Webinar on the next steps after Privacy Shield to include employee data transfers, third party vendor management and Binding Corporate Rules Readiness, along with deltas between the privacy shield requirements and other privacy shield frameworks such as the GDPR and APEC CPBRs. Visit http://bit.ly/2loa1pp to watch the webinar

    Original Title

    Privacy Shield Self-Certification | Privacy Insight Series Webinar

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Webinar on the next steps after Privacy Shield to include employee data transfers, third party vendor management and Binding Corporate Rules Readiness, along with deltas between the privacy shield requirements and other privacy shield frameworks such as the GDPR and APEC CPBRs. Visit http://bit.ly/2loa1pp to watch the webinar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    29 views25 pages

    Privacy Shield Self-Certification - Privacy Insight Series Webinar

    Uploaded by

    TrustArc
    Webinar on the next steps after Privacy Shield to include employee data transfers, third party vendor management and Binding Corporate Rules Readiness, along with deltas between the privacy shield requirements and other privacy shield frameworks such as the GDPR and APEC CPBRs. Visit http://bit.ly/2loa1pp to watch the webinar

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 25

    Privacy Shield Self-Certification

    What's Next?
    February 23, 2017

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 1
    TRUSTe Inc., 2017
    Todays Speakers

    K Royal, JD, CIPP/E/US


    Senior Privacy Consultant,
    TRUSTe

    Amanda Gratchner
    Global Privacy Counsel,
    NAVEX Global

    David Fowler
    Chief Privacy & Digital Compliance Officer,
    Act-On Software

    Privacy Insight Series


    v - truste.com/insightseries 2
    TRUSTe Inc., 2017
    Todays Agenda

    Welcome & Introductions


    Privacy Shield
    Self-certification
    Updates
    Relationships
    Various frameworks
    Leveraging Privacy Shield
    Q&A

    Privacy Insight Series


    v - truste.com/insightseries 3
    TRUSTe Inc., 2017
    Webinar Poll

    Have you Self-certified for Privacy Shield?

    Yes
    No
    In Progress

    Privacy Insight Series


    v - truste.com/insightseries 4
    TRUSTe Inc., 2017
    Privacy Shield One Year On

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 5
    TRUSTe Inc., 2017
    Understanding the Privacy Shield Framework
    Whats different compared to Safe Harbor?
    New Privacy Protections
    Notice requirements, accountability for onward
    transfer, purpose limitation and data retention
    Enhanced Complaint Resolution
    Response time to EU individuals, free dispute
    resolution, binding arbitration as last-resort option
    Improved Cooperation and Transparency
    Monitoring and dispute resolution requires
    cooperation with International Trade Administration
    (ITA) Privacy Shield Team, ongoing requirements (if
    withdraw and maintain data), publication of FTC
    compliance reports (if subject to enforcement action)

    6 Privacy Insight Series


    v - truste.com/insightseries 6
    TRUSTe Inc., 2017
    Joining the Privacy Shield Program

    1. Confirm Your Organizations Eligibility to


    Participate
    2. Develop a Compliant Privacy Policy
    3. Establish an Independent Recourse Mechanism
    (IRM)
    4. Ensure a Verification Mechanism is in place
    5. Identify your Privacy Shield Point of Contact
    6. Self-certify Using the Privacy Shield Website
    7. Reaffirm Self-certification Annually
    8. Reply to Inquiries from EU citizens, IRM,
    Commerce, and/or DPAs as Required

    7 Privacy Insight Series


    v - truste.com/insightseries 7
    TRUSTe Inc., 2017
    Practical Considerations and Challenges
    Understanding the Privacy Shield Framework
    Understanding your business operations
    Developing compliant privacy statements and notices
    Developing privacy program governance, policies, and
    procedures
    Verification of privacy practices and monitoring of
    compliance
    Keeping records of Privacy Shield Principles implementation
    Employee training and awareness
    Dealing with onward transfer issues
    Dealing with data subject access requests and privacy
    complaints

    8 Privacy Insight Series


    v - truste.com/insightseries 8
    TRUSTe Inc., 2017
    Privacy Shield Self-Certification

    Companies that had EU/US Safe Harbor


    Filed by September 30, 2016
    9 months to come into compliance
    - June 30, 2017
    Posted: 1705
    What about those that did not certify?
    What about those who were not in Safe Harbor?

    Privacy Insight Series


    v - truste.com/insightseries 9
    TRUSTe Inc., 2017
    Privacy Shield Updates

    Whats the future for Privacy Shield?


    Brexit
    Irish lawsuit
    French lawsuits
    Executive orders

    What about other Data Transfer Compliance


    Mechanisms?

    Privacy Insight Series


    v - truste.com/insightseries 10
    TRUSTe Inc., 2017
    Frameworks

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 11
    TRUSTe Inc., 2017
    Privacy Shield vs.
    the GDPR

    Privacy Insight Series


    v - truste.com/insightseries 12
    TRUSTe Inc., 2017
    General Data Protection Regulation

    European law
    From Directive 95 to GDPR
    Address societal and technological changes
    May 25, 2018
    Stats
    Companies impacted
    Privacy jobs

    Privacy Insight Series


    v - truste.com/insightseries 13
    TRUSTe Inc., 2017
    Cross Border Data Transfers

    Adequacy
    Privacy Shield
    Binding Corporate Rules
    Controllers and Processors
    Standard Contractual Clauses
    Under GDPR codes of conduct

    Privacy Insight Series


    v - truste.com/insightseries 14
    TRUSTe Inc., 2017
    Binding Corporate Rules

    Intergroup agreement
    Group defined
    Transfer mechanism
    Specifically mentioned in GDPR
    Considered gold standard
    Companies:
    Binding Safe Processing Rules
    BCRs for Controllers and Processors

    Privacy Insight Series


    v - truste.com/insightseries 15
    TRUSTe Inc., 2017
    Cross Border Privacy Rules

    Asia-Pacific Economic Cooperation


    Voluntary program
    2011
    Independent accountability agent required
    4 economies so far
    - USA, Mexico, Japan and Canada
    Crosswalk published BCRs/CBPRs
    - Merck

    Privacy Insight Series


    v - truste.com/insightseries 16
    TRUSTe Inc., 2017
    Leveraging Privacy Shield

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 17
    TRUSTe Inc., 2017
    What should a company do?

    Data
    Policies
    Practices
    Legal/Compliance Specific
    Consider certification programs

    Privacy Insight Series


    v - truste.com/insightseries 18
    TRUSTe Inc., 2017
    Data To-Dos

    Data
    inventory
    classification
    minimization
    record retention
    destruction

    Privacy Insight Series


    v - truste.com/insightseries 19
    TRUSTe Inc., 2017
    Policy To-Dos

    Information security policies


    training
    monitor compliance
    Privacy policies
    easily accessible
    clear and plain language
    full disclosure of data collection and processing

    Privacy Insight Series


    v - truste.com/insightseries 20
    TRUSTe Inc., 2017
    Practices To-Dos

    PIAs
    Complaint process (must be easy)
    Review and revise methods of obtaining consent
    Data portability and erasure processes
    Update incident response plans
    notice to supervisory agencies within 72 hours

    Privacy Insight Series


    v - truste.com/insightseries 21
    TRUSTe Inc., 2017
    Legal-Specific To-Dos

    DPO (Data Protection Officer)


    authority and independence, monitor compliance,
    perform training, and conduct internal audits.
    Accountability:
    detailed records of the processing performed
    on personal data
    Review BCRs (or SCCs) for compliance w/ GDPR
    Addendums for onward transfer requirements
    Vendor oversight and accountability
    Insurance policies
    global or enterprise coverage, types of data
    issues, and increased costs and liabilities

    Privacy Insight Series


    v - truste.com/insightseries 22
    TRUSTe Inc., 2017
    Questions?

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 23
    TRUSTe Inc., 2017
    Contacts
    K Royal kroyal@truste.com
    Amanda Gratchner agratchner@navexglobal.com
    David Fowler david.fowler@act-on.net

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 24
    TRUSTe Inc., 2017
    Thank You!
    Register now for the next webinar in our 2017 Winter/Spring Webinar Series
    on March 23 Privacy Program Management: A Framework for Success

    See http://www.truste.com/insightseries for the 2017 Privacy Insight Series


    and past webinar recordings.

    v TRUSTe Inc., 2017


    Privacy Insight Series
    v - truste.com/insightseries 25
    TRUSTe Inc., 2017

    You might also like