Académique Documents
Professionnel Documents
Culture Documents
Todays Speakers
Mr Andrea Glorioso,
Counselor, Digital Economy /
Cyber Delegation of the
European Union to the USA
Dr Kai Westerwelle,
Partner,
Taylor Wessing
Dennis Dayman,
Chief Privacy and
Security Officer,
Return Path Inc.
Eleanor Treharne-Jones,
Director, EMEA & Global
Communications, TRUSTe
Todays Agenda
Eleanor Treharne-Jones
Mr Andrea Glorioso
Dr Kai Westerwelle
Dennis Dayman
Q&A
All
10
11
More information
General information: http://ec.europa.eu/justice/dataprotection/
Supporting documents (fact sheets, background studies,
surveys): http://ec.europa.eu/justice/dataprotection/document/index_en.htm
Extra-EU data transfers: http://ec.europa.eu/justice/dataprotection/international-transfers/index_en.htm
12
13
Harmonization
Actual
European privacy laws based on EU DP Directive (to be transferred into local law)
Result: different privacy laws in all European States (even within the states)
Result: different levels of data protection (UK vs. France vs. Germany)
Result: different regulatory requirements (e.g.: applications / registrations)
Result: data protection officers only in some Member States
Business Impact
14
Harmonization
Future
Regulation should create more harmonization (no transfer into local law)
Result: the same law in all European states
Result: the same regulatory requirements (e.g.: applications / registrations)
But: room for interpretation by local authorities ?
Business Impact
15
Harmonization
Regulation creates the same level of data protection in all Member States
For most European countries: stricter data protection rules
For some European countries (e.g. Germany): lower standard
Again: room for interpretation by local authorities ?
Business Impact
16
Applicability
To non-EU companies
Direct relation
Companies having their seat outside the EU must name a contact person within the EU
Direct claims of EU data subjects in the US (umbrella agreement and US transfer)
17
No Changes
Group privilege
18
Minor Changes
Business Impact
19
Major Changes
Data subjects have a right to request data transfer to another service provider
Practical impact
20
Major Changes
Business Impact
May lead to substantial savings for companies dealing with international projects
21
Major Changes
Data protection certificates, seals, and marks (unclear relation to ASA or ISO)
One-stop approach applies
Supports outsourcing processes (audit requirements)
22
No change
Exceptions
23
24
TRUSTe
Auditor
Mediator
Easy to read
Smaller sections
Hyper-transparent
Express Opt-in model
25
26
Security
SSAE16 and ISO 27001 audit(s)
Access limitations/security account based roles/2Fa/OKTA
Breach management
Response plan(s)
Staff
Education/Certification
Localization
Considering EU Data Centres
Admin staff in local countries.
27
Questions?
28
Contacts
Andrea Glorioso
Kai Westerwelle
Dennis Dayman
Eleanor Treharne-Jones
andrea.glorioso@eeas.europa.eu
k.westerwelle@taylorwessing.com
@ddayman
eleanor@truste.com
29
Thank You!
Dont miss the next webinar in the Series Building an Effective
Privacy Program Six Practical Steps on September 24th
See http://www.truste.com/insightseries for details of future
webinars and recordings.
30