ALB Virtual Data Protection and Privacy for Commercial Lawyers – GDPR, CCPA and International Data Privacy Regulations
Part 1: 29 April 2021, Thursday Part 2: 30 April 2021, Friday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8
|
Overview
Has your company taken the right measure to avoid data breaches and mitigate the risk? Are your 3rd party vendors well prepared? If you suffer a breach, do you have the right processes in place to manage it and ensure you take the right remedial action? Data sharing with external suppliers have been found to be one of the weakest links in any organisation’s defences when it comes to data protection.
Under the GDPR, CCPA and other key international data privacy acts, regulations have been put in place to protect and regulate the use of an individual’s personal data. Understanding what data and what categories of date you hold, how to identify a breach, who and when to notify are some of the essential factors in achieving success in breach management. This masterclass will examine all these elements.
This 2 part virtual masterclass will examine key principles of data protection and compliance requirements across both the GDPR, CCPA and other key international data privacy acts, mitigate weak data links and risks in third party contracts and supply chain and how data processors and controllers can avoid breaches of data privacy and avoid incurring penalties.
Who Should Attend
- Partner / Practicing Lawyers
- Chief Legal Officers, Head of Legal, VP Legal, Head of Compliance, Legal Director, GM (Legal)
- General Counsel, Senior Counsel, Regional Counsel, Legal Counsel, Legal Manager
- Data Protection / Information Security / Risk Officers
Masterclass Agenda
Agenda Day 1 – 29 April 2021, GMT+8
3.00 – 3.30pm
GDPR, CCPA and International Data Privacy Act Overview
- Who is protected? What is protected? Key differences in coverage and objectives between GDPR and "GDPR-like" data laws and CCPA.
- Understand how international privacy and security laws are enforced
- How are GDPR, CCPA and other International Data Privacy Acts relevant to your business?
- Recognize how GDPR requirements affect U.S. privacy practice
- Understand the effect of Brexit on UK GDPR
- Does GDPR apply to anonymised or pseudonymised data?
- Data Controllers and Joint controllers: the "closest, deepest pockets?"
- Data Processors and representatives in Europe and U.S
3.30 – 4.00pm
Data Protection Principles and Conditions
- What are the data protection principles?
- Data processing conditions, scope, consent, legitimate interests and special categories
- What is the accountability principle?
- Anonymization - what this means and when will be appropriate to implement
- How can you achieve data protection by design and default?
- Leveraging on existing GDPR compliance policies to ease the CCPA burden
4.00 – 4.15pm
Break
4.15 – 5.00pm
Data Breach, Penalties and Sanctions
- What constitutes a personal data breach?
- Documenting breaches
- Breach notification requirements and exemptions - Meeting the 72 hour deadline.
- Understanding the criminal and civil sanctions for data breaches
- How can US. And European regulators reach international organisations?
- Reducing risk of fines, enforcement actions and damaged reputation
- Penalties and administrative fines: who pays and how is it calculated?
- Case studies involving breaches and alleged breaches
5.00 – 5.30pm
Data Use by Sectors and at Workplace
- Data collection and use regulations specific to the medical, financial, education, telecommunications and marketing industries
- Requirements for government and court access to personal data
- Privacy issues related to disclosure of personal data in civil litigation, e.g. e-discovery, cross-border data flow etc.
- Workplace privacy concepts - maintaining employee data before, during and after employment.
5.30 – 6.00pm
Data Subject Rights, Privacy Notices and Transparency
- What are the data subject's rights?
- Issues affecting the right to rectification and the right to be forgotten
- Communication, information and privacy notices
- Protocols and principles for dealing with data subject rights
6.00pm
End of Day 1
Agenda Day 2 – 30 April 2021, GMT+8
3.00 – 3.45pm
Data Protection Officer – Dos and Don’t
- Data Protection Officers: when must your organisation appoint a DPO?
- Personal and organizational responsibilities. Why must you ensure your DPO is an independent advisor and not a decision-maker?
- Appointment and roles
- Responsibility to ensure compliance
- Performing privacy impact assessments and "high risk" processing
- Prior consultation with the regulatory bodies and supervisory authorities
3.45 – 4.00pm
Break
4.00 – 5.00pm
Third Party Contracts and Supply Chain Risk
- Engaging an external processor - Key considerations when drafting third party contracts
- What happens when a vendor is not a processor?
- Controller to Controller contracts: Data sharing agreement or data sharing protocols?
- Sub-processors
- Audit and entry clauses?
- Are indemnities and liability caps effective under GDPR?
5.00 – 5.20pm
Data Protection and E-Privacy
- Understanding the interaction of GDPR and PECR/E-privacy Regulation
- Direct marketing and "spam"
- Cookies and online tracking
- Data retention: how can you choose the appropriate data retention period?
5.20 – 6.00pm
International Transfers of Personal Data
- Cross-border transfers: how to avoid breach
- Adequacy decisions, model clauses and binding corporate rules: which tool should your organisation use to ensure compliance?
- Can you comply with law enforcement and investigatory orders without breaching GDPR?
- Can you rely on a court order or regulatory direction in one jurisdiction to excuse GDPR breach in another?
- Data mapping and essential compliance procedures
6.00pm
End of Day 2
ALB Virtual Data Protection and Privacy for Commercial Lawyers – GDPR, CCPA and International Data Privacy Regulations
Part 1: 29 April 2021, Thursday Part 2: 30 April 2021, Friday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8
|
Trainer
Malcolm Dowden
Legal Director
Womble Bond Dickinson
Malcolm Dowden is a Legal Director at Global 100 law firm Womble Bond Dickinson. Qualified in 1994, Malcolm is a UK-based solicitor with extensive experience of law and legal developments relating to technology and electronic communications. In 2017 Malcolm contributed to and edited a ground-breaking report addressed to the UK government and published by Lord Holmes, a member of the UK upper legislative chamber. Following publication of that report Malcolm was invited to chair a legal working group to analyse and report on the legal and regulatory implications of blockchain and distributed ledger technology for government and the private sector. He also chairs the Supply Chain Working Group of the Accord Project, a collaborative international group of lawyers, technologists and business professionals seeking to develop techno-legal standards and open source software to support the development and adoption of smart legal contracts. Malcolm's previous ALB workshops have focused on the "internet of things". This new workshop is broader in coverage, and draws on the latest legal and technical developments and thought leadership to bring you up to date with developments in this rapidly moving and economically crucial area.
ALB Virtual Data Protection and Privacy for Commercial Lawyers – GDPR, CCPA and International Data Privacy Regulations
Part 1: 29 April 2021, Thursday Part 2: 30 April 2021, Friday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8
|
Pricing (USD - inclusive of 7% GST)
USD749
Click on the "Register Now" button above or contact the following to book your place at this webinar.
Romulus Tham
(65) 6973 8248 / romulus.tham@tr.com
Group price: SAVE AN ADDITIONAL 20%. Register five participants from your organisation and the 5th person attends for free.
TERMS AND CONDITIONS
APPLICABILITY - These terms and conditions apply to the supply of conferences, workshops, events and exhibitions (the “Event”) by Thomson Reuters to delegates/attendees (“you”).
PAYMENT - Payment must be received by Thomson Reuters prior to attendance at the Event.
CANCELLATION - Should you be unable to attend, a substitute delegate/attendee is always welcome at no extra cost. Alternatively, provided you notify Thomson Reuters in writing (by letter, fax or email to julian.chiew@thomsonreuters.com) 14 full days before the Event, Thomson Reuters will refund your registration fee, less a 15% administration charge with a minimum administration fee of $50+gst. Regrettably, no refunds will be made if less than 14 full days notice of cancellation is given. However if you cancel less than 14 full days before the Event, you may where applicable elect to receive presentation notes from the Event either electronically or in hardcopy. Thomson Reuters reserves the right to change the date, venue and/or presenters of the Event at any time and without prior notice, and in any way deemed to be in the best interests of meeting the objectives of the Event. If Thomson Reuters cancels a workshop for any reason, your remedy is limited to a refund of the registration fee.
TRAVEL AND ACCOMMODATION - You are ultimately responsible for your own travel/accommodation bookings. Should the Event be rescheduled or cancelled, no compensation for such bookings will be available.
LIMITATION OF LIABILITY - Thomson Reuters will not accept any liability for damages or loss of property or valuables belonging to any delegate/attendee attending the Event.
DISCLAIMER - Thomson Reuters accepts no responsibility for the views or opinions expressed by the presenters or any other persons at the Event.
FORCE MAJEURE - Thomson Reuters will not be liable for compensation for any matter or disruption outside its control (e.g. evacuations, road closures, bad weather, earthquake, flight cancellations or road closures).