General overview GDPR entry in force: 25 May 2018

Slides:



Advertisements
Similar presentations
What does the Data Protection Act do? It sets standards which must be satisfied when obtaining, recording, holding, using, disclosing or disposing of.
Advertisements

The ICO and the DPA Ken Macdonald Assistant Commissioner Information Commissioner’s Office ScotStat Public Sector Analysts Network 30 th September 2010.
Local Government Reform: Incorporating Planning Functions Ken Macdonald Assistant Commissioner (Scotland & Northern Ireland) Information Commissioner’s.
WHOIS data The EU legal principles ICANN - GNSO meeting 2 March 2004 George Papapavlou, European Commission ICANN - GNSO meeting 2 March 2004 George Papapavlou,
© University of Reading Lee Shailer 06 June 2016 Data Protection the basics.
The EU General Data Protection Regulation Frank Rankin.
Data protection—training materials [Name and details of speaker]
Clark Holt Limited (Co. No ), Hardwick House, Prospect Place, Swindon, SN1 3LJ Authorised and regulated by the Solicitors Regulation.
General Data Protection Regulation (EU 2016/679)
Data Protection Officer’s Overview of the GDPR
GDPR (General Data Protection Regulation)
Overview General Data Protection Regulation (GDPR)
Data Protection/Privacy Activities
Presentation to GTMC on GDPR
General Data Protection Regulations: what you really need to know
Data Protection The Current Regime
General Data Protection Regulation
General Data Protection Regulations Preparing for the upcoming changes in data protection law David Jones & Angharad Williams.
General Data Protection Regulation
International Regulatory Trends
Museums + Heritage webinar, 30 November 2017
GDPR Overview Gydeline – October 2017
GDPR support January GDPR support January 2018.
GDPR Overview Gydeline – October 2017
GDPR Road map to Compliance.
GDPR - Individual’s Rights
GENERAL DATA PROTECTION REGULATION (GDPR)
General Data Protection Regulations
GDPR is There, Are you Ready?
General Data Protection Regulation
Introduction to GDPR 09/11/2018.
GDPR and paper records Why it’s not all cyber and fines Gary Shipsey
The Audit Function.
Sue Cawthray, CEO/ Gill Thrush, Catering Manager
New Data Protection Legislation
GDPR and Health and Safety
Privacy: a work in progress
Information Governance
G.D.P.R General Data Protection Regulations
From DPA to GDPR: the key elements
GDPR – Practical Implementation Managing contracts, procurement and relationships with suppliers Terry Brewer Chief Executive.

GDPR Overview and Use Cases.
General Data Protection Regulation
Preparing for the GDPR - What do we need to do if we process children’s personal data? Data Protection Practitioners’ Conference 2018 #DPPC2018.
Data Protection What’s new about The General Data Protection Regulation (GDPR) May 2018? Call Kerry on Or .
Mathew Norman, Policy & Public Affairs Officer, RLA Wales
GDPR How does it apply to me?.
GDPR (General Data Protection Regulation)
How we’ll prepare for the General Data Protection Regulation (GDPR)
GDPR For The Voluntary Sector
GDPR Workshop MEU Symposium Prague 2018
General Data Protection Regulations 2018
What is the Data Protection Act (DPA)? 1998
 How does GDPR impact your business? Pro Tip: Pro Tip: Pro Tip:
The General Data Protection Regulation Six months on – What’s changed
Presentation privacy law
 GDPR Readiness Quiz Quick Insight: Quick Insight: Quick Insight:
The title: The implementation of Data Protection
Welcome IITA Inbound Insider Webinar: An Introduction to GDPR
#eaThinkData Get Ready for GDPR #eaThinkData.
Privacy and Cyber Security for Payroll Pros: A Global Perspective
Data Protection in Law Enforcement Area Chapter 9a of the draft law
GDPR PERSONDATAFORORDNINGEN I PRAKSIS
What Governors need to know about GDPR
The General Data Protection Regulations 2016
GDPR: Understanding your obligations and the ongoing challenges
THE IMPACT OF DATA PROTECTION RULES ON CORPORATE INFO SECURITY AND INCIDENT RESPONSE MANAGEMENT – The Energy sector CEER Cybersecurity Workshop Massimo.
General Data Protection Regulation Community Councils
Getting Ready For GDPR Simon Marks Director
Presentation transcript:

ICANN61, ccNSO Members Meeting, 14 March 2018 Legal Session: impact of GDPR on ccTLD registries

General overview GDPR entry in force: 25 May 2018 Impact goes far beyond EU! Organisations outside EU/EEA but with offer for EU customers Significant changes to gTLD’s (Calzone model) Model/inspiration for other legislations

General overview Most critical issue: whois Fake news! I can’t process registrant contact data anymore I need consent from all my data subjects Reference case: .frl & opinion of Dutch DPA

General overview Basic GDPR principles Processing personal data = legal ground Consent data subject is most known but tricky Performance of contract, protect vital interest, legal obligation, legitimate interest Processing goal is explicit, specific and legitimate + data are adequate, relevant, accurate, limited and secure Inform your data subjects on processing + their rights Privacy by design/default

General overview To do list Register of processing activities Create awareness in your business environment Make a privacy policy and publish it Appoint a DPO-equivalent (even if you don’t need to) Implement privacy by design/default Check if you transfer/process data outside EU Check your contracts and those with your suppliers Prepare for a data breach Be responsive for requests of data subjects

GDPR/Whois Changes to WHOIS Serious changes ahead!!! 3 GDPR/Whois Changes to WHOIS Serious changes ahead!!! For private .be registrations: e-mail address + language will no longer appear in WHOIS For all .be registrations: “name” field of registrant, onsite and tech contact handles will no longer appear in WHOIS Onsite contact handle will no longer appear in WHOIS if “organisation” field is not filled in (cfr. registrant for private registrations)

3 GDPR/Whois

3 GDPR/Whois

3 GDPR/Whois

WHOIS output private registrant

Contact form Drop down list

GDPR - Tiered access Who should get more access for what reason? Some thoughts: Access to CAs Should RARs have full access ? Some law enforcement agencies probably Problem: giving full access vs. privacy by design/default Tiered access: yes but preferably “case by case” based

GDPR – Other stuff Have a DPO(equivalent) SPOC for everything related to data privacy Privacy by design/default Integrate this in your project planning/management Focus on the bigger picture Having a view and attitude to care about protecting PI is more important than 100% compliance focus

GDPR – Other stuff Check for controller/processor relations If you are controller -> add processing agreement to contract with supplier Emergency plan for data breaches Smart idea even outside scope of GDPR ;-) Data retention is a hard nut to crack