Archived Webinar: GDPR Data Protection Impact Assessments 


Thursday, 28 September 2017
12 pm (EDT) / 11 am (CDT) / 9 am (PDT) / 16:00 (UTC)
60 minutes
1 CPE (Members only)

In 2016, the European Union General Data Protection Regulation (GDPR) (effective on 25 May 2018) was adopted to replace the Directive 95/46/EC to implement a legally binding regulation that will be considered the EU data protection law. EU data protection law provides data subjects with a wide range of rights that can be enforced against organizations that process personal data. These rights will limit the ability of organizations to lawfully process the personal data of data subjects in many of the ways that they had regularly done in the past. These new rights could significantly impact an organization's business model. This change to an individual-focused protection model represents a major transformation for how organizations must now protect the personal data of individuals throughout Europe. Given the significant financial penalties for non-compliance, and what appear to be more proactive compliance efforts planned from the EU data protection supervisor, the GDPR truly compels action from all organizations not only doing business across Europe (including the United Kingdom post-Brexit, along with the EU and European Economic Area countries), but also all organizations with offices in Europe, workers in Europe (even if they are not there permanently), clients, customers, patients and any type of consumer in Europe. A significant requirement of GDPR is for organizations to conduct data protection impact assessments (DPIAs) to identify and reduce the data protection risks within projects and systems, as well as reduce the likelihood of privacy harms to data subjects.

Rebecca Herold,
The Privacy Professor

Rebecca is CEO and Founder of The Privacy Professor® consultancy she established in 2004, and is Co-Founder and President of SIMBUS, LLC, an information security, privacy, technology & compliance management cloud service, founded in 2014. Rebecca is an entrepreneur with over 25 years of systems engineering, information security, privacy and compliance experience. Rebecca has authored 19 books on privacy, information security and compliance to date, the last two of which were for ISACA: “ISACA Privacy Principles and Program Management Guide” and “Implementing a Privacy Protection Program: Using COBIT 5 Enablers with the ISACA Privacy Principles”. Rebecca led the NIST SGIP Smart Grid Privacy Subgroup for seven years, was a founding member and officer for the IEEE P1912 Privacy and Security Architecture for Consumer Wireless Devices Working Group, and serves on the Advisory Boards of numerous organizations. Rebecca also serves as an expert witness for information security, privacy, and compliance issues, and was an Adjunct Professor for the Norwich University MSISA program for many years. Rebecca has received numerous awards for her work, is frequently interviewed, including regularly on the CW Iowa Live morning television show, and quoted in diverse broadcasts and publications. Rebecca holds the following certifications: CISA, CISM, CISSP, FIP, CIPT, CIPM, CIPP/US, FLMI.