Expanded Scope
Applies to all EU organizations that control or process the personal data of EU residents. It also applies to non-EU companies whose processing activities relate to the offering of goods and services or behavior monitoring in the EU.
Data Governance Requirements
Obligations include conducting privacy impact assessments, audits and policy reviews; maintaining activity records; and, in certain circumstances, appointing a data protection officer.
Independent Liability for Processors
The GDPR extends liability to processors and imposes requirements for data processing agreements, controller instructions, and recordkeeping and consent when using sub-processors.
Expanded Rights of Data Subjects
Subjects have the right to understand what personal data is being held, withdraw consent, and request the deletion of all personal information.
Lawful Grounds for Processing
Establishes the lawful bases for which companies may process personal data and mechanisms for data transfers.
Gartner predicts that by the
end of 2018, more than
50%
of companies
affected by the GDPR
will not be in full compliance
with its requirements.
The Regulation affords Supervisory Authorities with expanded powers, including to issue warnings of non-compliance, carry out audits, require remediation, and suspend data transfers to other countries. It also increases their investigative and corrective powers. Most important, however, is that the regulation empowers Supervisory Authorities to issue substantial penalties for non-compliance – depending on the violation, organizations could face up to the higher of £20m or 4% of an organization’s global annual turnover.
Jamie Brown
Vice President of Global Advisory Services
As the Vice President of Global Advisory Services, Jamie focuses on information law, compliance, and governance issues. She has more than 17 years of in-house, government, and law firm experience, which she draws upon to advise corporations, particularly those in heavily regulated industries, on legal and compliance risk mitigation strategies. Common areas include ediscovery, digital investigations, data protection, legacy data remediation, and IT transformation initiatives.
Jamie has worked for several leading financial institutions, including UBS in New York, where she was an Executive Director in Legal and Compliance and responsible for designing, implementing, and managing a centralized litigation and investigations response program to support the firm’s litigation and investigation matters worldwide. Jamie also worked for Barclays, leading and implementing a global program to reduce legal, regulatory, and privacy risk associated with legacy systems and data.
Prior to corporate, Jamie spent several years in government service, first as a trial attorney in the Division of Enforcement at the U.S. Commodity Futures Trading Commission in Washington, D.C., and later, as Assistant General Counsel for the Agency, where she advised Enforcement attorneys on investigation techniques, strategies, and protocols on cases with global prominence. She also managed several key congressional investigations, Inspector General investigations, and internal investigations, including advising the Commission on strategy and risk mitigation.
Jamie has testified in federal court and has qualified as an ediscovery expert. In her corporate and government roles, she served as a 30(b)(6) designee for formal and informal testimony, and regularly interfaced with regulators and Congress on ediscovery strategy and internal practices. Independently, Jamie has advised corporate legal departments on ediscovery best practices and operating model development and enhancement, particularly in the face of regulatory scrutiny.
Jamie began her career as a litigation and government investigations associate at King and Spalding in Washington, D.C., and later, was a litigation partner at Fennemore Craig, in Phoenix, Arizona. Jamie is a graduate of Duke Law School and Arizona State University and a former law clerk to the Honorable Roslyn O. Silver of the U.S. District Court for the District of Arizona. She is a frequent speaker and lecturer at educational events and legal conferences internationally.
... in 2012, the General Data Protection Regulation (GDPR) was proposed to standardize data protection laws across the 28 EU ... non-EU companies to do business with European companies. The GDPR is still in the final stages of being drafted and has not yet gone into ...
... UK firms would have been expected to have implemented the GDPR by May 2018, and whilst this was a potentially onerous and costly change ... generally seen as being a positive move. Brexit aside, the GDPR will likely (for a short time at least), become law in the UK. However ...
Awareness is important, as non-compliance with the new rules could lead to potentially jaw-dropping financial penalties. These new rules are comprehensive and are enforced by serious compliance requirements that contain potentially jaw-dropping financial penalties...
Copyright © 2012-2022 Lighthouse; All Rights Reserved.