Demonstrating Compliance to Regulators - Part II: From theory to practice
This event builds on the first Demonstrating Compliance event, hosted by Nymity during the 38th International Privacy Conference In Marrakesh, Morocco. The event is part of a three-year Nymity-funded research project into Demonstrating Compliance to a Rule of Law and into Certification of a Privacy Program.
Our team of experts is preparing a 90 minutes interactive session in which we will present and discuss a number of topics with the participants:
- an evidence-based structured approach to accountability, that will help organisations to comply with a rule of law in any jurisdiction, and will help regulators/data protection authorities with compliance assessments during investigations, inspections and audits;
- benchmark data from a multitude of companies, providing insight in the technical and organisational measures implemented to meet their legal requirements
- a possible approach to obtain certifications based on the evidence, that could serve as a based for cross-border data transfers.
Attendees will receive copies of the following Nymity Research initiatives:
- Demonstrating Compliance to Regulators (Part 2) Paper
- Demonstrating Compliance Benchmarking Study
- Next Generation PIAs – The Accountability PIA Paper
- Call for a New Privacy Principle – “Maximizing Benefits to Individuals” (Feedback Release)
- Nymity Data Processing Benefits Framework (Feedback Release)
If you wish to attend, will only need to register via this page.
Part I – Compliance Self-reporting
- Illustration as to how privacy officers/DPOs take a governance approach using accountability documentation as evidence to demonstrate compliance to a Regulator - José Bermudez
- Introducing a new project-based approach using the new Accountability PIA™ - Terry McQuay
Part II – What are organisations doing?
- Understand statistically what appropriate technical and organisations measures organisations are implementing globally as compared to what is being implemented in response to the GDPR. Benchmark report provided. – Teresa Troester-Falk
- Comments on the Benchmark results – Jennifer Stoddart & David Smith
Part III – Certifications
- Update on certification research, based on accountability, including a new hybrid model of certification where the Regulator maintains the oversight and the certification agent monitors the organisation’s capacity to comply – Paul Breitbarth
- Certification plans in the EU – Karolina Mojzesowicz, European Commission (invited)
- APEC CBPRs and BCRs as a form of accountability-based certification – Bojana Bellamy, CIPL
With the General Data Protection Regulation (GDPR) in sight, Nymity has launched its next research projects: Demonstrating Compliance to Regulators, Based on a Rule of Law and The Possible Introduction of a New Certification Mechanism Tied to a Rule of Law. The outcomes of this project will be relevant for both organisations and regulators. During the course of these two Regulator Projects we will cooperate with data protection authorities and data controllers in order to test our ideas. The GDPR is the driver for the research and is the main example used throughout the Regulator Projects. As has been the custom for all of Nymity’s previous research, the outcomes of the projects will be jurisdiction-neutral and thus, can be applied around the world.
The first paper of the Regulator Project can be downloaded here. The second paper will be made available during the Hong Kong side event.
If you are not able to attend the 39th International Privacy Conference, or the Nymity side event, why don’t you join us for a webinar discussing the outcomes of the Conference? This webinar will take place on 11 October 2017 at 10:00 (EDT) / 16:00 (CET). More information is available here.
Other webinars that may be of interest to you are:
Director of EU Certification Research and Senior Solutions Advisor and former Senior International Officer, Dutch DPA, Nymity, Netherlands
David Smith (Via video conference)
EU Research Advisor and former Deputy Commissioner & Director of Data Protection Information Commissioners Office
Regulator Advisor - Demonstrating Compliance Project and former Privacy Commissioner of Canada, Nymity, Head Office
José Alejandro Bermúdez
Managing Director, Latin America and former Colombian Superintendent for Personal Data Protection
Chief Global Privacy Strategist and former Associate General Counsel (Privacy), Information Services, Nymity, US
Centre for Information Policy Leadership at Hunton & Williams LLP
Deputy Head of Unit Data Protection in the DG for Justice and Consumer with the European Commission