The new General Data Protection Regulation (GDPR) is the EU’s most important change in data privacy regulation in 20 years, replacing the 1995 Data Protection Directive.

In our ongoing series of GDPR-focused webinars, we guide attendees through the (GDPR) provisions, which will take effect on May 25, 2018 for all companies conducting business with EU citizens.

With the deadline for compliance quickly approaching, these sessions provide practical, detailed advice on preparations, as well as developments related to GDPR compliance preparations. We have included links to each of these sessions and a summary of what was covered below.

These past presentations and webinar recordings can be viewed online or downloaded:

Overview of Preparing for the GDPR

  • Outlines a high-level plan for preparing for implementation

Conducting a Data Inventory and Mapping

  • How to conduct a data inventory and mapping, including identifying what personal data is collected, where it is stored, how it is being used and how long it is being retained.

Establishing a Data Protection Officer

  • Requirements concerning the appointment of a Data Protection Officer, options for structuring the role, required skills and training, and restrictions relating to conflicts of interest.

Conducting Data Protection Impact Assessments

  • Overview of the content of a Data Protection Impact Assessment (DPIA), suggested options for implementing an internal DPIA process, and highlights of when a DPIA must be submitted to data protection authorities.

Determining Your Lead Data Protection Authority

  • Determining a lead data protection authority and options for companies whose existing structures do not allow them to take advantage of this one-stop-shop mechanism.

Right to Data Portability

  • A review of the main elements of data portability, when data portability applies, its relationship to other rights and how portable data must be provided.

Legal Bases for Processing

The legal bases for processing personal data, the conditions for valid consent to processing personal data, and when the legitimate interest provision applies.