Part 1: 27 April 2022, Wednesday Part 2: 28 April 2022, Thursday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8
|
Overview
Has your company taken the right measure to avoid data breaches and mitigate the risk? Are your 3rd party vendors well prepared? If you suffer a breach, do you have the right processes in place to manage it and ensure you take the right remedial action? Data sharing with external suppliers have been found to be one of the weakest links in any organisation’s defences when it comes to data protection.
Under the GDPR, CCPA and other key international data privacy acts, regulations have been put in place to protect and regulate the use of an individual’s personal data. Understanding what data and what categories of date you hold, how to identify a breach, who and when to notify are some of the essential factors in achieving success in breach management. This masterclass will examine all these elements.
This 2 part virtual masterclass will examine key principles of data protection and compliance requirements across both the GDPR, CCPA and other key international data privacy acts, mitigate weak data links and risks in third party contracts and supply chain and how data processors and controllers can avoid breaches of data privacy and avoid incurring penalties.
Who Should Attend
- Partner / Practicing Lawyers
- Chief Legal Officers, Head of Legal, VP Legal, Head of Compliance, Legal Director, GM (Legal)
- General Counsel, Senior Counsel, Regional Counsel, Legal Counsel, Legal Manager
- Data Protection / Information Security / Risk Officers
Masterclass Agenda
Agenda Day 1 – 27 April 2022, GMT+8
3.00 – 3.30pm
GDPR, CCPA and International Data Privacy Act Overview
- Who is protected? What is protected? Key differences in coverage and objectives between GDPR and "GDPR-like" data laws and CCPA.
- Understand how international privacy and security laws are enforced
- How are GDPR, CCPA and other International Data Privacy Acts relevant to your business?
- Recognize how GDPR requirements affect U.S. privacy practice
- Understand the effect of Brexit on UK GDPR
- Does GDPR apply to anonymised or pseudonymised data?
- Data Controllers and Joint controllers: the "closest, deepest pockets?"
- Data Processors and representatives in Europe and U.S
3.30 – 4.00pm
Data Protection Principles and Conditions
- What are the data protection principles?
- Data processing conditions, scope, consent, legitimate interests and special categories
- What is the accountability principle?
- Anonymization - what this means and when will be appropriate to implement
- How can you achieve data protection by design and default?
- Leveraging on existing GDPR compliance policies to ease the CCPA burden
4.00 – 4.15pm
Break
4.15 – 5.00pm
Data Breach, Penalties and Sanctions
- What constitutes a personal data breach?
- Documenting breaches
- Breach notification requirements and exemptions - Meeting the 72 hour deadline.
- Understanding the criminal and civil sanctions for data breaches
- How can US. And European regulators reach international organisations?
- Reducing risk of fines, enforcement actions and damaged reputation
- Penalties and administrative fines: who pays and how is it calculated?
- Case studies involving breaches and alleged breaches
5.00 – 5.30pm
Data Use by Sectors and at Workplace
- Data collection and use regulations specific to the medical, financial, education, telecommunications and marketing industries
- Requirements for government and court access to personal data
- Privacy issues related to disclosure of personal data in civil litigation, e.g. e-discovery, cross-border data flow etc.
- Workplace privacy concepts - maintaining employee data before, during and after employment.
5.30 – 6.00pm
Data Subject Rights, Privacy Notices and Transparency
- What are the data subject's rights?
- Issues affecting the right to rectification and the right to be forgotten
- Communication, information and privacy notices
- Protocols and principles for dealing with data subject rights
6.00pm
End of Day 1
Agenda Day 2 – 28 April 2022, GMT+8
3.00 – 3.45pm
Data Protection Officer – Dos and Don’t
- Data Protection Officers: when must your organisation appoint a DPO?
- Personal and organizational responsibilities. Why must you ensure your DPO is an independent advisor and not a decision-maker?
- Appointment and roles
- Responsibility to ensure compliance
- Performing privacy impact assessments and "high risk" processing
- Prior consultation with the regulatory bodies and supervisory authorities
3.45 – 4.00pm
Break
4.00 – 5.00pm
Third Party Contracts and Supply Chain Risk
- Engaging an external processor - Key considerations when drafting third party contracts
- What happens when a vendor is not a processor?
- Controller to Controller contracts: Data sharing agreement or data sharing protocols?
- Sub-processors
- Audit and entry clauses?
- Are indemnities and liability caps effective under GDPR?
5.00 – 5.20pm
Data Protection and E-Privacy
- Understanding the interaction of GDPR and PECR/E-privacy Regulation
- Direct marketing and "spam"
- Cookies and online tracking
- Data retention: how can you choose the appropriate data retention period?
5.20 – 6.00pm
International Transfers of Personal Data
- Cross-border transfers: how to avoid breach
- Adequacy decisions, model clauses and binding corporate rules: which tool should your organisation use to ensure compliance?
- Can you comply with law enforcement and investigatory orders without breaching GDPR?
- Can you rely on a court order or regulatory direction in one jurisdiction to excuse GDPR breach in another?
- Data mapping and essential compliance procedures
6.00pm
End of Day 2
Part 1: 27 April 2022, Wednesday Part 2: 28 April 2022, Thursday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8 |
Trainer
Malcolm Dowden
Partner
Squire Patton Boggs
Malcolm Dowden is a partner in the firm’s Data Privacy, Cybersecurity & Digital Assets Practice. Malcolm has more than 25 years’ experience advising UK and international clients on a wide range of technology, data protection, privacy and electronic communications issues.
Malcolm has a particular focus on planning and implementing cross-border data and privacy law compliance strategies. His experience covers EU GDPR, UK GDPR and (through liaison with local counsel) Dubai International Financial Centre (DIFC), Abu Dhabi Global Market (ADGM), Singapore, Kenya, South Africa and India. He also regularly advises businesses and government bodies on the contractual, technical and organisational measures required to support international transfers of personal data following the European Court of Justice (ECJ) ruling in Schrems II.
Internationally, Malcolm has designed and presented data protection and privacy law workshops for clients operating in Southeast Asia, the GCC region and Africa. His data protection and privacy compliance courses have been accredited by bodies including the Singapore Institute for Legal Education (SILE) and the Bar Councils of Hong Kong and Malaysia. Sessions conducted in the US for the Association of Corporate Counsel have focused on the interaction of GDPR, CCPA, HIPAA and recently enacted US state laws, including Virginia and Colorado.
Delivered Via: 2-Part Webinar |
Delegate Pricing (Including GST)
Before GST | After GST | |
Early Bird Rate (Ends 25 March) | USD 700 | USD 749 |
Standard Rate | USD 800 | USD 856 |
Click on the "Register Now" button above or contact the following to book your place at this webinar.
Jessy Koh
(65) 6973 8245 / jessy.koh@tr.com
Romulus Tham
(65) 6973 8248 / romulus.tham@tr.com
Group price: SAVE AN ADDITIONAL 20%. Register five participants from your organisation and the 5th person attends for free.
TERMS AND CONDITIONS
APPLICABILITY - These terms and conditions apply to the supply of conferences, workshops, events and exhibitions (the “Event”) by Thomson Reuters to delegates/attendees (“you”).
PAYMENT - Payment must be received by Thomson Reuters prior to attendance at the Event.
CANCELLATION - Should you be unable to attend, a substitute delegate/attendee is always welcome at no extra cost. Alternatively, provided you notify Thomson Reuters in writing (by letter, fax or email to julian.chiew@thomsonreuters.com) 14 full days before the Event, Thomson Reuters will refund your registration fee, less a 15% administration charge with a minimum administration fee of $50+gst. Regrettably, no refunds will be made if less than 14 full days notice of cancellation is given. However if you cancel less than 14 full days before the Event, you may where applicable elect to receive presentation notes from the Event either electronically or in hardcopy. Thomson Reuters reserves the right to change the date, venue and/or presenters of the Event at any time and without prior notice, and in any way deemed to be in the best interests of meeting the objectives of the Event. If Thomson Reuters cancels a workshop for any reason, your remedy is limited to a refund of the registration fee.
TRAVEL AND ACCOMMODATION - You are ultimately responsible for your own travel/accommodation bookings. Should the Event be rescheduled or cancelled, no compensation for such bookings will be available.
LIMITATION OF LIABILITY - Thomson Reuters will not accept any liability for damages or loss of property or valuables belonging to any delegate/attendee attending the Event.
DISCLAIMER - Thomson Reuters accepts no responsibility for the views or opinions expressed by the presenters or any other persons at the Event.
FORCE MAJEURE - Thomson Reuters will not be liable for compensation for any matter or disruption outside its control (e.g. evacuations, road closures, bad weather, earthquake, flight cancellations or road closures).