GDPR for non-EU based companies: The new privacy and security requirements
- SKU: N/A
About the Course
The GDPR (General Data Protection Regulation) is applicable to non-EU companies that are offering goods or services to identified or identifiable EU natural persons (“data subjects”), organizations processing personal data of EU data subjects, or organizations that monitor the online behaviour of EU data subjects.
Non-EU companies that have no local presence in the EU are also in the scope of the GDPR legislation. This program helps attendees understand the new regulatory obligations of the GDPR to effectively perform their GAP Analysis in order to meet those obligations.
- Managers and employees working at the strategic, tactical, and operational levels of risk management, compliance, information security and IT management.
- Data protection and privacy managers, employees, auditors, and consultants.
- Marketing managers and persons involved in profiling.
- Controllers and processors.
Duration & Delivery
1 day (09:00-17:00)
Understanding the General Data Protection Regulation (GDPR)
1. An overview of the GDPR.
2. What is different now.
Understanding the new regulatory obligations
1. Important Articles of the GDPR
2. The increased importance of information security, international standards, and best practices
(Art 2, 4, 5, 9, 10, 25, 30, 32, 35, 40, 45, 47)
3. Privacy by design” and “privacy by default“(Art. 25 GDPR)
4. “Due regard to the state of the art“((78), (83), Art. 25, Art. 32 GDPR)
1. Performing a data privacy assessment for each department – understanding current business processes that create or use customer data.
2. Establishing what must be changed: Enterprise-wide privacy governance structure with clearly defined roles and responsibilities, privacy risks and controls, customer profiling, enterprise-wide personal data retention and destruction, handling customers’ personal data requests, privacy data breaches, data breach response, third parties and outsourcing, data across the borders, privacy training tailored to the employee’s roles and responsibilities.
3. Policies, Procedures, Communication, Enforcement. Everybody must understand the new obligations-the Board, the CEO, senior management, and all departments.
1. Non – EU organizations that offer goods or services to EU data subjects via their web site or an online shop
2. Non – EU organizations that process data in EU countries
3. Non – EU firms that collect data of EU data subjects’ behaviour for marketing purposes
The revised DPA – largely analogical rules and provisions with the GDPR
21 May 2019
- Store Name: Cyber Risk GmbH
- Vendor: Christina Lekati
- No ratings found yet!
€ 1,990.00 excl. VAT€ 1,990.00 excl. VAT
€ 990.00 excl. VAT€ 990.00 excl. VAT