GDPR - Are You Ready: Mapping the Road to GDPR and ePrivacy Compliance to Avoid Significant Financial Penalties

REGISTRATION FOR THIS EVENT HAS NOW CLOSED

Squire Patton Boggs and NCC Group in partnership with the Irish American Bar Association, the German American Chamber of Commerce and the BABC Northern California invite you to attend a training on Europe’s General Data Protection Regulation (GDPR).

GDPR - Are You Ready?:  Mapping the Road to GDPR and ePrivacy Compliance to Avoid Significant Financial Penalties

The EU’s new data protection regulation – known as the General Data Protection Regulation (GDPR) –  imposes a broad range of additional compliance obligations on organizations anywhere in the world that that collect or process EU residents’ personal data. This means any organization that employees EU residents, offers goods or services or monitors the behavior of individuals located in the EU or processes the personal data of EU residents on behalf of other businesses must comply with the GDPR.  Organizations that fail to comply could face penalties of up to €20 million or 4% of annual worldwide turnover. 
 
Also on the horizon are the EU’s proposed regulation on Privacy and Electronic Communications (ePrivacy Regulation).  If adopted, the ePrivacy Regulation will bring communication privacy rules relating to cookies data and analytical data in line with the GDPR consent and anonymization rules.  The proposed implementation date and penalties track the GDPR’s.
 
With the May 25, 2018 implementation date just twelve months away, organizations should start taking immediate action to develop a coordinated organizational and technological response to address the new requirements. With 173 recitals and 99 Articles, organizing and implementing GDPR and ePrivacy compliance efforts in addition to the normal day-to-day activities is challenging for most organizations.  In this program, we will provide a roadmap on how to more efficiently prepare for and move toward GDPR and ePrivacy compliance. 

When you leave you will have a good understanding of:
 

• The GDPR and ePrivacy’s Key Privacy and Security Requirements
• How to Plan and Prepare for GDPR and ePrivacy Compliance
• The Steps Necessary to Become GDPR Compliant
• The Technological Measures Companies May Need to Take to Secure Data and Respond to Data Subject Requests to Access, Rectify or Erase Personal Data

Gretchen Ramos Partner				Gretchen Ramos, CIPP/US, CIPP/E, is an aggressive litigator with a long track record in complex commercial disputes and a certified privacy professional. In addition to her prodigious legal skills, Gretchen brings a direct, no-nonsense approach to client service and uses her creativity to simplify matters for in-house counsel with dozens of other cases – and little time – on their hands. Gretchen is known for her ability to get to the heart of any dispute. She can quickly identify the key issues, eliminate the extraneous ones and draw out a strategic roadmap that is both cost-effective and likely to succeed. Litigation is never an end in itself and she will not hesitate to advise her clients if a case should be settled early. Her ability to focus on the best resolution comes from having resolved complex commercial matters and class actions across the country involving bad faith, breach of contract, breach of fiduciary duty, intellectual property, misappropriation, trade secret/unfair competition and unfair business practice claims for over a decade. She has tried numerous cases to verdict, where appropriate. Gretchen also has extensive experience handling claims and litigating insurance coverage matters involving various types of coverage including environmental, products, including asbestos, toxic tort, cyber, directors and officers, and errors and omissions. In addition to her litigation experience, Gretchen counsels companies on three continents in the rapidly growing field of privacy and data security. A Certified Information Privacy Professional in both the US and Europe, she is also thoroughly knowledgeable on data protection laws in Asia Pacific. She advises clients on a wide range of compliance issues, making sure policies and procedures are in place both to protect against data breaches and to deal with them should they occur, and to make sure clients have sufficient security in place to protect the data and support the privacy policies. Her extensive insurance coverage experience means she can advise clients on the new types of cyber liability policies now being issued. Gretchen is well positioned both to assess the scope and language of these new policies and to litigate for or against them. Gretchen served as a Law Clerk for US District Court of the District of Nevada and was a full-time Judicial Extern for the Honorable Anne E. Thompson, US District Court for the Eastern District of New Jersey. She holds a 4th degree black belt in sword (Kwan Um Do Kwang), a 1st degree black belt in karate and teaches sword in San Francisco.
Rob Chahin, Director of Risk Management				Rob Chahin is the Regional Director of Risk Management and Governance at NCC Group, an information security consultancy. Rob has been based at the company’s San Francisco office for four years, having formerly spent two years at the same company, based in London.   As a consultant, he provides advice on technology, security and privacy to clients around the world. This includes performing risk assessments, implementing and advising on security programs, and how to apply technology to create more secure environments and comply with regulatory requirements, rather than thinking about how to become secure and compliant within the limitations of technology. Rob has advised clients on international security standards and frameworks such as ISO 27001 and PCI DSS, as well as the implications of the UK Data Protection Act, the German Bundesdatenschutzgesetz, US state data protection and breach notification laws, and the developments of EU-US Safe Harbor and the GDPR.
Philip R Zender, Partner				Philip R. Zender is the US practice group leader of the Technology Transactions and Brands Management groups within the firm’s Intellectual Property & Technology Practice, as well as the Media & Brands industry group. He also co-leads the firm’s global Data Privacy & Cybersecurity group. Philip has more than 20 years of experience counseling clients on intellectual property matters and business and commercial transactions with a particular emphasis on transactions and legal issues involving intellectual property and technology. He also provides general business and corporate counseling. Philip has extensive experience with a wide variety of technologies and industries, including computer and semiconductor technology, medical devices and pharmaceuticals, biotechnology, internet and e-commerce, and media and entertainment. Philip’s transactional experience includes the licensing and commercialization of patents, copyrights, trademarks and trade secrets; e-commerce and internet transactions; hosting, cloud computing and software-as-a-service agreements; mobile applications; software licensing and development agreements; open source licenses; outsourcing agreements; distribution agreements; research and technology development arrangements; technology transfers; video game agreements; and licensing of entertainment properties. He is very experienced in university and government laboratory licensing in a variety of fields, including life sciences, electronics and defense technologies. His intellectual property and business counseling experience includes assisting clients with the creation and implementation of strategies for protecting and leveraging their intellectual property assets, including patents, trademarks, copyrights and trade secrets and providing strategic and general advice on business and legal issues that confront companies on a daily basis, including internet domain name disputes, infringement and unfair competition disputes, advertising issues, gray market goods and right of publicity issues. He also advises on data protection and privacy issues, including the EU-US Privacy Shield, company privacy policies, privacy law compliance and data breach notification laws.