IAPP | OneTrust Webinar – Subject Access Rights: GDPR Implementation Guide

Join us for a free IAPP web conference, brought to you by OneTrust

Subject Access Rights: GDPR Implementation Guide

Broadcast date: Wednesday, December 6, 2017
8:00 – 9:00 a.m. PST, 11:00 a.m. – 12:00 p.m. EST, 4:00 – 5:00 p.m. UTC

CLICK HERE to Register

The GDPR grants data subjects new rights including: data portability, access to their data, erasure or “the right to be forgotten,” and rectification. For data controllers, there are specific record-keeping requirements around the time to respond, the ability to request an extension, the requirement to validate the identity, and securely transmitting the response to the individual. Join us for this educational web conference to hear about the new rights of data subjects and how organisations can use privacy management software to streamline and automate requests, validation, and notification processes.

Brian Philbrook, CIPP/E, CIPP/US, CIPM, CIPT, Privacy Counsel, OneTrust

• Dr. Andreas Splittgerber, Technology and Privacy Lawyer, Reed Smith LLP, Germany

1.0 CPE credit

CLICK HERE to Register

The GDPR goes into effect on 25 May 2018, and outlines distinct data subject rights for EU customers and employees:

These GDPR Articles have also created new operational requirements for organisations to “facilitate” the requests (Art 12(2); Rec 59) both “electronically” (Art 12(1), (3); Rec 59), and within a specified time-period (Art 12(3); Rec 59), through demonstrable record keeping (Art 5; Rec 39) and clear communication (Art 12(1); Rec 58). Thus, international organisations, across size and sector, are significantly transforming their business processes to comply with the new data subject rights obligations.

Non-compliance and infringements of data subject rights triggers the highest tier of administrative fines in the GDPR – up to 4% global revenue, or €20M. Perhaps more concerning is that data subjects are granted the right to seek compensation for damages suffered (Art 82; Rec 146), which is why many regulators and industry experts expect the new regulations to lead to an increased risk of class action law suits and brand/reputation damage if companies fail to properly meet the rights of data subjects.