The new EU data protection framework - the General Data Protection Regulation (GDPR) - came into effect in May 2018. The GDPR has increased the protection of personal data by introducing a range of strengthened provisions, affecting both data controllers and processors. Most importantly, the operation of the GDPR has been extended beyond EU territorial borders and now applies to many Australian businesses.
EU based customers and business partners are keen to meet their GDPR obligations and are taking steps to ensure that all parts of their supply chain, including their Australian partners and service providers, are compliant. The GDPR contains some onerous obligations, many of which will take time to become compliant with. And failure to comply may lead to hefty penalties and lost business.
But what does this mean for Australian companies who already are complying with privacy obligations pursuant to Australian laws?
This two-hour live on-line seminar will outline the main provisions of the GDPR, with a focus on the ‘compliance gap’ between the EU GDPR and Australian privacy laws. The actions that Australian organisations are likely to need to take to become compliant with the new regulation, whether acting as data controller or data processor will be highlighted, together with some suggestions on how to create and implement a GDPR compliance roadmap.
- 2-hours of tuition
- 100% up-to-date material
- Comprehensive course notes
- Access to recorded session
The session will be recorded and made available to all attendees for their future reference. Please let us know in advance if this is a problem.
This course focuses on the main issues for Australian organisations looking to become GDPR compliant.
It will cover:
- The EU definition of ‘personal data’
- Data controller vs data processor
- What is a ‘lawful basis for processing’
- Marketing and consent
- Increased transparency and disclosure in privacy notices
- Supporting expanded individual rights, such as the right to be forgotten, limitation on automated profiling and data portability
- Obligations to appoint a DPO and EU Representative
- Maintaining records and demonstrating compliance
- Entering into Data Processing Agreements (DPAs)
- Transferring personal data outside of the EU
- Extended security and data breach notification requirements
- Data protection impact assessments (DPIAs)
- Data protection by design and by default.
Each of these areas will be touched on in this 2-hour on-line seminar.
This course will focus on the EU GDPR. Participants interested in learning more about general privacy issues should consider the separate session on Introduction to Privacy Law.
To participate, you will require a computer, headset and a good internet connection. Once your registration has been confirmed, we will forward you the link to the session.
This course is directed at information security professionals and privacy officers, as well as legal practitioners who are interested in privacy and confidentiality legal issues. It is also of relevance to risk managers, auditors, internal legal counsel and anyone in any sort of organisation who is responsible for privacy compliance obligations.