Part 1: 27 April 2022, Wednesday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8 12:30pm to 3:30pm (India Time) GMT+5.5  11:00am to 2:00pm (UAE Time) GMT+4   Part 2: 28 April 2022, Thursday 3:00pm to 6:00pm (Singapore/Hong Kong/China Time) GMT +8 12:30pm to 3:30pm (India Time) GMT+5.5  11:00am to 2:00pm (UAE Time) GMT+4 Delivered Via:     2-Part Webinar

 

 

Overview

Has your company taken the right measure to avoid data breaches and mitigate the risk? Are your 3rd party vendors well prepared? If you suffer a breach, do you have the right processes in place to manage it and ensure you take the right remedial action? Data sharing with external suppliers have been found to be one of the weakest links in any organisation’s defences when it comes to data protection.

Under the GDPR, CCPA and other key international data privacy acts, regulations have been put in place to protect and regulate the use of an individual’s personal data. Understanding what data and what categories of date you hold, how to identify a breach, who and when to notify are some of the essential factors in achieving success in breach management. This masterclass will examine all these elements.

This 2 part virtual masterclass will examine key principles of data protection and compliance requirements across both the GDPR, CCPA and other key international data privacy acts, mitigate weak data links and risks in third party contracts and supply chain and how data processors and controllers can avoid breaches of data privacy and avoid incurring penalties.
 

Who Should Attend

• Partner / Practicing Lawyers
• Chief Legal Officers, Head of Legal, VP Legal, Head of Compliance, Legal Director, GM (Legal)
• General Counsel, Senior Counsel, Regional Counsel, Legal Counsel, Legal Manager
• Data Protection / Information Security / Risk Officers
   

Masterclass Agenda

Agenda Day 1 – 27 April 2022, GMT+8

3.00 – 3.30pm
GDPR, CCPA and International Data Privacy Act Overview

• Who is protected?  What is protected? Key differences in coverage and objectives between GDPR and "GDPR-like" data laws and CCPA.
• Understand how international privacy and security laws are enforced
• How are GDPR, CCPA and other International Data Privacy Acts relevant to your business?
• Recognize how GDPR requirements affect U.S. privacy practice
• Understand the effect of Brexit on UK GDPR
• Does GDPR apply to anonymised or pseudonymised data?
• Data Controllers and Joint controllers: the "closest, deepest pockets?"
• Data Processors and representatives in Europe and U.S

3.30 – 4.00pm
Data Protection Principles and Conditions

• What are the data protection principles?
• Data processing conditions, scope, consent, legitimate interests and special categories
• What is the accountability principle?
• Anonymization - what this means and when will be appropriate to implement
• How can you achieve data protection by design and default?
• Leveraging on existing GDPR compliance policies to ease the CCPA burden

4.00 – 4.15pm
Break


4.15 – 5.00pm
Data Breach, Penalties and Sanctions

• What constitutes a personal data breach?
• Documenting breaches
• Breach notification requirements and exemptions - Meeting the 72 hour deadline.
• Understanding the criminal and civil sanctions for data breaches
• How can US. And European regulators reach international organisations?
• Reducing risk of fines, enforcement actions and damaged reputation
• Penalties and administrative fines: who pays and how is it calculated?
• Case studies involving breaches and alleged breaches

5.00 – 5.30pm

Data Use by Sectors and at Workplace

• Data collection and use regulations specific to the medical, financial, education, telecommunications and marketing industries
• Requirements for government and court access to personal data
• Privacy issues related to disclosure of personal data in civil litigation, e.g. e-discovery, cross-border data flow etc.
• Workplace privacy concepts - maintaining employee data before, during and after employment.

5.30 – 6.00pm
Data Subject Rights, Privacy Notices and Transparency

• What are the data subject's rights?
• Issues affecting the right to rectification and the right to be forgotten 
• Communication, information and privacy notices
• Protocols and principles for dealing with data subject rights

6.00pm
End of Day 1

 

Agenda Day 2 – 28 April 2022, GMT+8

3.00 – 3.45pm
Data Protection Officer – Dos and Don’t

• Data Protection Officers: when must your organisation appoint a DPO?
• Personal and organizational responsibilities. Why must you ensure your DPO is an independent advisor and not a decision-maker?
• Appointment and roles
• Responsibility to ensure compliance
• Performing privacy impact assessments and "high risk" processing
• Prior consultation with the regulatory bodies and supervisory authorities

3.45 – 4.00pm
Break
 

4.00 – 5.00pm
Third Party Contracts and Supply Chain Risk

• Engaging an external processor - Key considerations when drafting third party contracts
• What happens when a vendor is not a processor?
• Controller to Controller contracts: Data sharing agreement or data sharing protocols?
• Sub-processors
• Audit and entry clauses?
• Are indemnities and liability caps effective under GDPR?

5.00 – 5.20pm
Data Protection and E-Privacy

• Understanding the interaction of GDPR and PECR/E-privacy Regulation
• Direct marketing and "spam"
• Cookies and online tracking
• Data retention: how can you choose the appropriate data retention period?

5.20 – 6.00pm
International Transfers of Personal Data

• Cross-border transfers: how to avoid breach
• Adequacy decisions, model clauses and binding corporate rules: which tool should your organisation use to ensure compliance?
• Can you comply with law enforcement and investigatory orders without breaching GDPR?
• Can you rely on a court order or regulatory direction in one jurisdiction to excuse GDPR breach in another?
• Data mapping and essential compliance procedures

6.00pm
End of Day 2