amcs and the general data protection regulation (gdpr · •this regulation applies to any...
TRANSCRIPT
![Page 1: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/1.jpg)
AMCsand
Does the new law apply
to my organization?
![Page 2: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/2.jpg)
• David Holtzman – VP Compliance Strategies, CynergisTek
• Karen Pagliaro-Meyer – Chief Privacy Officer, Columbia University Medical Center
• Lynn Rohland – Partner, RGP
• Robert Webster – Privacy Counsel, LabCorp
Panelists:
June 12,2018 2GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 3: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/3.jpg)
• Review the requirements of the General Data Protection Regulation (GDPR)
• Discuss how the GDPR may apply to AMCs
• Actionable steps to achieve compliance and mitigate risks
Session Objectives:
June 12,2018 GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference 3
![Page 4: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/4.jpg)
• We will use Poll Everywhere during our panel discussion.
• Participate by either sending a text message or by visiting
the URL from any web browser.
• Now would be a good time to take a moment to get you
set up; please pull out your electronic device.
• Don’t forget to silence it please to minimize disruption.
• Let’s take 1 minute to walk through it:
In-Session Surveys:
June 12,2018 4GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 5: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/5.jpg)
Let’s do one quick question right now to get the hang of it:
For text voting, start with a new text:5-digit number: ##### (To Be Provided)
For web voting, type into your browser: Pollev.com/lynnrohland
To: #####
Poll Everywhere Instructions:
June 12,2018 5GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 6: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/6.jpg)
• Is this the first time you have attended the AMC Conference?
– a) Yes
– b) No
– c) I can’t recall
Yes
Practice Question:
June 12,2018 6GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 7: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/7.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference7
![Page 8: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/8.jpg)
What are people saying about GDPR?
June 12,2018 8GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 9: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/9.jpg)
• Does GDPR impact your organization’s business goals or internal operations?
– a) Yes
– b) No
– c) Unsure
Survey Question #1:
June 12,2018 9GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 10: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/10.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference10
![Page 11: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/11.jpg)
• How far along is your organization in preparing for the GDPR?
– a) Completed or Near-Completion
– b) In-Progress or Beyond Planning Stage
– c) Not Started or in Planning Stage
– d) Not Applicable to my Organization
– e) Unsure
Survey Question #2:
June 12,2018 11GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 12: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/12.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference12
![Page 13: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/13.jpg)
• Are clients, vendors or other business partners inquiring about your organization’s the GDPR preparedness?
– a) Yes
– b) No
– c) Unsure
Survey Question #3:
June 12,2018 13GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 14: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/14.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference14
![Page 15: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/15.jpg)
• The GDPR is an omnibus data protection law, which will come into effect on May 25, 2018 and replace the EU Data Protection Directive (1995).
• The GDPR sets standards for the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data.
GDPR Overview:
June 12,2018 15GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 16: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/16.jpg)
• This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that controls or processes the data of an EU resident.
• Penalties for failing to comply with the basic processing principles of GDPR may subject the organization to fines up to €20 million or 4% of the organization’s total global revenue, whichever is greater
GDPR Overview (cont’d):
June 12,2018 16GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 17: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/17.jpg)
• Key definitions under the GDPR:
• Personal Data - any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier, including name, identification number, location data or online identifier
• Processing - obtaining, recording or holding information, or carrying out any operation or set of operations on information
GDPR Overview (cont’d):
June 12,2018 17GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 18: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/18.jpg)
• Key definitions under the GDPR:
• Controller - determines the purposes and means of processing personal data
• Processor - responsible for processing personal data on behalf of a controller
• Example: Company engages a vendor to help manage its payroll operations. The Company transmits the employee demographic data to the vendor so that the vendor can manage payroll for the employees.
GDPR Overview (cont’d):
June 12,2018 18GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 19: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/19.jpg)
GDPR Overview (cont’d):
June 12,2018 19GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 20: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/20.jpg)
US Company
EU Subsidiaries
EU Clients EU Citizens
Third Parties
GDPR Overview (cont’d):
June 12,2018 20GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 21: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/21.jpg)
• Does GDPR apply to non-EU organizations which onlyprocesses data about non-EU data subjects, but uses servers located in the EU to do so? Yes
• Does GDPR apply to non-EU organizations which onlyprocesses data about non-EU data subjects but which uses an EU processor to do so? Probably….understanding of GDPR is evolving
• Does GDPR apply to a non-EU organization which only uses non-EU equipment to process data about EU data subjects? No
FAQ on Scope of GDPR:
June 12,2018 21GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 22: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/22.jpg)
• Which health sectors does GDPR impact?
• And what are their greatest risks?
Q&A Session:
June 12,2018 22GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 23: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/23.jpg)
• Healthcare industry better positioned to comply with GDPR than most industries most notably due to the HIPAA Privacy Rule.
• GDPR builds upon similar HIPAA data protection principals, concepts and themes enforced since 4/14/2003.
• Impacts providers, insurers, third-party administrators, and researchers that collect and/or process data of EU residents.
Q&A: Which health sectors does GDPR impact?
June 12,2018 23GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 24: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/24.jpg)
• It also impacts ancillary markets such as telemedicine, virtual health solutions, clinical research on cures and pharmaceuticals.
• And of course, there are impacts for cloud services that process and store health data such as for genomic cloud computing.
• And here’s why…
Q&A: Which health sectors does GDPR impact (cont’d)?
June 12,2018 24GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 25: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/25.jpg)
• It further categorizes three (3) additional health data definitions:
1. Data Concerning Health, 2. Genetic Data, and 3. Biometric
• Companies must disclose precisely how they're using patient data.
• Patient permissions cannot be bundled together — patients must consent to each permission independently.
• Data Protection Impact Assessments (DPIAs) are required when health data of the three kinds mentioned above are processed on a large scale.
Q&A: Which health sectors does GDPR impact (cont’d)?
June 12,2018 25GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 26: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/26.jpg)
• GDPR has compelled a cultural shift.
• Data protection is no longer viewed simply as a ‘compliance’ activity but rather … a thorough examination of an organization’s data handling practices and its data flows.
• GDPR is privacy from the perspective of the EU data subject
• Those that fail to acknowledge and adopt this principle are at greatest risk.
Q&A: What risks does GDPR present to the health sectors?
June 12,2018 26GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 27: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/27.jpg)
What if you have incidental EU encounters?
Applicability Criteria Analysis
Is the processing of data ”in the context of the activities” of an establishment of a controller or processor in the EU?
• No
Are you offering goods and services to data subjects in the EU?
• Website localization? (Domain names, language, other?)
• Acceptance of EU currencies• Delivery to EU addresses?• Email registrants
• service vs marketing emails
Are you monitoring the behavior of data subjects in the EU?
• Use of targeting/retargeting platforms?
June 12,2018 27GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #1: You are a US-based online telehealth service.
![Page 28: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/28.jpg)
• You are a US-based online telehealth service. What if you have incidental EU encounters?– Conclusion: Maybe subject to GDPR
– Many factual considerations to take into account. “Mere accessibility” not enough…Consider “nexus” to European data subjects
– Even if technically subject to GDPR, may be low risk to proceed as if GDPR does not apply until quantity of EU encounters grow or other risk triggers (i.e. complaints)
– Risk based decisions need to be weighed against likelihood of enforcement vs burdens of compliance overheads
• appointment of EU rep, compliance with GDPR fair processing requirements, vendor terms, data export rules
June 12,2018 28GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #1: Analysis
![Page 29: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/29.jpg)
Applicability Criteria Analysis
Is the processing of data ”in the context of the activities” of an establishment of a controller or processor in the EU?
• Unclear. Is the processing “in the context of the activities” of the US based data controller in which case this limb does not apply? Or, the EU data processor in which case it does apply?
• Even if controller not directly subject, process will be w/indirect compliance considerations for the controller
Are you offering goods and services to data subjects in the EU?
• Website localization?• Domain names, language, other?
• Acceptance of EU currencies• Delivery to EU addresses?• Email registrants
• Service vs marketing emails
Are you monitoring the behavior of data subjects in the EU?
• Use of targeting/retargeting platforms?
June 12,2018 29GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #2: Data hosted in the EU?
![Page 30: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/30.jpg)
• What if you host the data from US operations in the EU?
• Bottom line: Maybe subject to GDPR
• Unclear legal test of whose “activities” trigger GDPR requirements
• Even if technically subject to GDPR, may be low risk to proceed as if GDPR does not apply. Some Data Processors may try to “flow-up” some compliance responsibilities through the vendor terms required by GDPR
June 12,2018 30GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #2: Analysis
![Page 31: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/31.jpg)
Applicability Criteria Analysis
Is the processing of data ”in the context of the activities” of an establishment of a controller or processor in the EU?
• No—No EU establishment
Are you offering goods and services to data subjects in the EU?
• No--You are not processing personal data of data subjects in the EU
• What about when they return to the EU? Is it “apparent” that you “envisage” processing their data?
• What if you also send promotional follow-ups?• Is it apparent that you intend to market to individuals
in the EU? Is it focused to EU “customers”?
Are you monitoring the behavior of data subjects in the EU?
• Are you conducting email opening analysis?• Monitoring access to PHR or EHR?
June 12,2018 31GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #3: EU patient(s) in US healthcare facility?
![Page 32: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/32.jpg)
• EU patients treated in US facility
• Bottom line: Unlikely data be subject to GDPR
• No establishment of business located in EU
• No processing of personal data of data subjects in the EU—your patients are not in the EU
• What about when the patient returns to the EU?
• What if you continue to contact or monitor the patient after they return to the EU?
June 12,2018 32GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Scenario #3: Analysis
![Page 33: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/33.jpg)
• If an AMC is impacted by the GDPR, what are some approaches to compliance?
June 12,2018 33GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Q&A Session:
![Page 34: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/34.jpg)
June 12,2018 34GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
![Page 35: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/35.jpg)
• What are some common misunderstandings or oversights about the GDPR in your organization?
June 12,2018 35GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Q&A Session:
![Page 36: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/36.jpg)
• The GDPR is already in effect. How can I expedite my organizations compliance efforts and what are the “Do’s and Don’ts” to look out for?
June 12,2018 36GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Q&A Session:
![Page 37: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/37.jpg)
• Open to the audience.
June 12,2018 37GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Q&A Session:
![Page 38: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/38.jpg)
• Most EU member states have not established their laws enacting GDPR standards or enforcement programs
• Activists are pursuing test cases in against companies that collect or process large amounts of personal data– Google
• Electronic data standards under development
June 12,2018 38GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Emerging Themes:
![Page 39: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/39.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference39
![Page 40: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/40.jpg)
• Do I have the information necessary to assist my organization’s GDPR compliance efforts?
– a) Yes
– b) No
– c) Getting There
– d) Unsure
June 12,2018 40GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Survey Question #4:
![Page 41: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/41.jpg)
June 12,2018GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy
Conference41
![Page 42: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/42.jpg)
• Do I now think that my organization may need to look further into the compliance requirements of the GDPR?
– a) Yes
– b) No
– c) Still Unsure
June 12,2018 42GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Survey Question #5:
![Page 43: AMCs and the General Data Protection Regulation (GDPR · •This regulation applies to any organization offering goods and services in the EU, regardless of geographic location, that](https://reader031.vdocument.in/reader031/viewer/2022041216/5e0578927d71c8496169cbc7/html5/thumbnails/43.jpg)
• Additional information on the GDPR:
June 12,2018 43GDPR Panel: NCHICA Conference June 11-12, 2018 – 14th AMC Security and Privacy Conference
Thank You for Participating
Resource Description Web Link to Source
Full Text of the GDPR http://ec.europa.eu/justice/data-protection/reform/files/regulation_oj_en.pdf
Information Commissioner’s Office (ICO) Guide to the GDPR
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr
EU GDPR Information https://www.eugdpr.org/
European Commission Article 29 Working Group Newsroom on the GDPR (Guidance Papers)
http://ec.europa.eu/newsroom/article29/news-overview.cfm
A Primer on the GDPR: What You Need to Know http://privacylaw.proskauer.com/2015/12/articles/european-union/a-primer-on-the-gdpr-what-you-need-to-know/
5-Minute Video on the GDPR https://www.youtube.com/watch?v=cBRUYUheTTs
What Does the GDPR Mean for Global Data Protection? (Infographic)
https://digitalguardian.com/blog/what-does-gdpr-mean-global-data-protection-infographic