Data Protection and You.
Come and be Informed.
This two-day seminar will help you to understand the impact General Data Protection Regulation (GDPR) will have on your organnization and how to prepare for it in a pragmatic and phased basis.
To illustrate how organizations must embrace and approach compliance efforts, the Jamaica Stock Exchange (JSE), through its e-Campus and in collaboration with the European Union (EU) GDPR Institute of Copenhagen Compliance Global GRC Solutions, will be conducting a two-day seminar at The Jamaica Pegasus on February 5 & 6, 2019, titled Data Protection and You.
GDPR international promulgation impacts entities in varying ways whether or not they are domiciled in the respective jurisdiction. The expected DPR promulgation in Jamaica, has seen some organizations focusing on the scary aspects of failing to comply with the Regulation. But there are many long-term benefits of following through with plans for sustainable DPR compliance, such as gaining a competitive edge or developing new products and/or services.
This Seminar seeks to delve into the biggest opportunities and challenges faced by firms due to Global Data Protection promulgated internationally.
Who should attend?
Anyone that needs to understand the impact GDPR will have on their business.
Territorial scope: How GDPR applies to organisations:
• Processing personal data as a controller or processor in your respective jurisdiction (regardless of whether the processing takes place in the respective jurisdiction).
• Processing personal data as a processor on behalf of a client controller subject to GDPR even if based outside the Jurisdiction,
• processing date that are not established in the jurisdiction, but process personal data about data subjects who are in the respective jurisdiction in relation to:
a) offering goods or services to them, irrespective of payment by them, or
b) monitoring their behaviour taking place within the jurisdiction
One stop shop: Where an organisation has more than one establishment in their jurisdiction, it may be able to deal only or mainly with a single national data protection authority as its “lead supervisory authority” for regulation of cross-border processing activities carried out by that organisation.
Accountability: A controller is responsible for and must be able to demonstrate compliance with the principles relating to the processing of personal data.
Consent: Consent must be a freely given, specific, informed and unambiguous indication of the data subject’s wishes which, by a statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to them. Implied consent and pre-ticked boxes will no longer be valid.
Data minimisation: Personal data shall be adequate, relevant, and limited to what is necessary in relation to the purposes for which they are processed.
Direct processor obligations: Data processors have direct obligations under the GDPR when processing on behalf of client controllers in relation to matters including data security, international data transfers, appointment of sub-processors and security breach notification.
International transfers: The GDPR codifies new adequate safeguards for data transfers outside the respective jurisdiction, including:
• binding corporate rules
• standard contractual clauses approved by a local supervisory authority
• approved codes of conduct
• approved certification mechanisms.
COME AND BE INFORMED
DAY 1: FEBRUARY 5TH
DAY 2: FEBRUARY 6TH
JAMAICA PEGASUS HOTEL ** SEE YOU THERE **
• Data controllers and processors are required to ensure that they have a structured and efficient means to ensure DPR compliance.
• There is significant administrative and documentation burden to establish and maintain compliance with a code of conduct or earning certification status.
• These costs can be offset by reducing audit costs and automation.
• Getting your organization ready will play a significant role in facilitating cross-border data transfers.