Managing vendor risk is a continuous effort under the General Data Protection Regulation, California Consumer Privacy Act of 2018, and other global regulations. As organizations continue to improve their privacy and security programs, streamlining third- and fourth-party vendor risk has become a priority. This includes everything from filling out vendor assessments, such as the Cloud Security Alliance Consensus Assessments Initiative Questionnaire (CSA CAIQ), getting sufficient guarantees from your vendors to efficiently working with them during an audit or incident and much more. In this webinar, you’ll learn how to implement successful vendor risk processes, expedite vendor on-boarding, and hear practical advice to automate vendor risk management within a software technology platform, all while meeting your legal compliance obligations.

OneTrust hosts many events throughout the year, including in-person workshops and live webinars (collectively “events”). If you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event. Please note that we use WebEx to assist with registration. By registering, you acknowledge that your information will be transferred from WebEx to OneTrust headquarters in the United States.

We keep a record of your participation in OneTrust events. With your consent, this information may be used to contact you about OneTrust products and services, as well as future events. It may also be used for the purpose of our legitimate interests in better understanding your needs and interests, and to better tailor our products and services..

Some of our events are sponsored. After the event takes place, OneTrust provides an attendee list to event sponsors, co-sponsors and presenters (collectively “partners”) for the purpose of our legitimate interests in connecting partners with attendees who have attended or downloaded a partner’s content. If you do not wish to have your information included in the attendee list or to not have your information shared with partners, you can opt out at the time of registration, or up until the day of the event by contacting OneTrust directly at [email protected]

As January 1, 2020 quickly approaches, the California Consumer Privacy Act enforces new privacy rights for consumers making companies that conduct business in California to implement structural changes to their privacy program. In this webinar, we’ll provide insight into how the new law will impact your organization’s operations, provide useful insight into how to evaluate your company’s readiness, highlights new rights for consumers, and explain how to apply transformation to your privacy program.

OneTrust hosts many events throughout the year, including in-person workshops and live webinars (collectively “events”). If you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event. Please note that we use WebEx to assist with registration. By registering, you acknowledge that your information will be transferred from WebEx to OneTrust headquarters in the United States.

We keep a record of your participation in OneTrust events. With your consent, this information may be used to contact you about OneTrust products and services, as well as future events. It may also be used for the purpose of our legitimate interests in better understanding your needs and interests, and to better tailor our products and services..

Some of our events are sponsored. After the event takes place, OneTrust provides an attendee list to event sponsors, co-sponsors and presenters (collectively “partners”) for the purpose of our legitimate interests in connecting partners with attendees who have attended or downloaded a partner’s content. If you do not wish to have your information included in the attendee list or to not have your information shared with partners, you can opt out at the time of registration, or up until the day of the event by contacting OneTrust directly at [email protected]

In today’s privacy environment, creating an actionable breach reporting plan is critical under global privacy laws. Under Article 30 of the GDPR requires that organizations maintain internal records of their data processing activities to stay compliant. Knowing how to identify and prepare proper documentation for your organization is critical to being able to secure and analyze risks. In this presentation, we will deep dive into how to use the OneTrust tool for breach reporting, as well as the benefits of Article 30 and completing asset and data inventories.

OneTrust hosts many events throughout the year, including in-person workshops and live webinars (collectively “events”). If you register for one of our events, we will collect your name and contact information, which we will store in our database(s) and use to provide you with information and services associated with the event. Please note that we use WebEx to assist with registration. By registering, you acknowledge that your information will be transferred from WebEx to OneTrust headquarters in the United States.

We keep a record of your participation in OneTrust events. With your consent, this information may be used to contact you about OneTrust products and services, as well as future events. It may also be used for the purpose of our legitimate interests in better understanding your needs and interests, and to better tailor our products and services..

Some of our events are sponsored. After the event takes place, OneTrust provides an attendee list to event sponsors, co-sponsors and presenters (collectively “partners”) for the purpose of our legitimate interests in connecting partners with attendees who have attended or downloaded a partner’s content. If you do not wish to have your information included in the attendee list or to not have your information shared with partners, you can opt out at the time of registration, or up until the day of the event by contacting OneTrust directly at [email protected]

Much has already occurred since the May 25^th, 2018 effective date of the GDPR. California passed a major privacy law that has the potential to transform US privacy law. Tens of thousands of data subjects have exercised their rights as outlined under the GDPR. Major lawsuits have been levied against the world’s largest tech companies. But what does this mean for your organization? In this presentation, we will dissect major occurrences since the GDPR’s effective date and how they may influence the future of global privacy compliance.

Due to its complexity, understanding your organizations preparedness for a GDPR-related regulatory inquiry is a challenge. Still, there are many ways to get ahead of the curve and gain a greater sense of where your organization stands on the compliance spectrum. In this session, we will discuss how to diagnose your compliance status, what to do to remediate gaps and risks, and what steps you should take to ready yourself for potential regulatory probe.

In a first-of-its-kind US privacy law, California residents will be granted new online privacy protections under the recently passed California Consumer Privacy Act (CCPA) of 2018. In this webinar, we dive into the new rights for California consumers as well as discuss the CCPA’s scope and potential influence on US privacy law. We will also explore how the CCPA compares to the EU GDPR and what organizations should do to prepare.

Consent and compliance? Articles and recitals? These aren’t typical topics of discussion for most marketing teams. However, protecting the privacy of data subjects and remaining compliant with the GDPR are items of emphasis throughout organizations, especially marketing teams. In this webinar, we will discuss strategies to remain compliant with the GDPR while still executing the marketing activities your organization relies on.

With 2019 rapidly approaching, the next major privacy regulation looms. In this session, Mark Webber, US Managing Partner at Fieldfisher will discuss key considerations regarding the new ePrivacy Regulation, including: territorial scope, opt-in consent (and consent exemptions), cookie compliance, how the ePrivacy regulation is expected to function alongside the GDPR, and what you need to know to prepare.

With only months to go until the GDPR’s enforcement date, it’s time to build an executable action plan for compliance success or to assess the progress if you have already started. How to approach this? The GDPR is dense and complex; it’s difficult to identify where you should focus your money, time, and resources. Join Annika Sponselee, Partner at Deloitte and Nicole Vreeman, Manager at Deloitte, as they walk through the most significant aspects of the GDPR and share their advice for prioritizing privacy program tasks in preparation for May 25, 2018.

Under the GDPR, organizations are now required to have contracts in place with all their vendors addressing the details of the processing activity. It is also your responsibility to ensure you have “sufficient guarantees” from your vendors “to implement appropriate technical and organizational measures” to safeguard personal data. But how do you get these guarantees, and what other questions should you even be asking your vendors? While vendor assessments have traditionally been focused on security, vendor assessments under the GDPR will need to incorporate privacy considerations. Join Cynthia O’Donoghue, Partner at Reed Smith and Dr. Andreas Splittgerber, Partner at Reed Smith, to discuss the topic of vendor risk assessments—what they entail and how they should be used to evaluate vendors and renegotiate existing contracts for compliance with the GDPR.

Under the GDPR, controllers are now required to notify their supervisory authority when a personal data breach occurs, unless it is unlikely to result in risks to the rights and freedoms of individuals. The notification needs to be done without undue delay, no later than 72 hours after the controller has become aware of the breach (with some exceptions). It is crucial for privacy practitioners to understand the details of this tight timeline as well as the risk-based trigger, and what they entail. In this session, Tim Van Baelen ,Advisor at KPMG,  and Joris Weyn, Senior Manager at KPMG, review the personal data breach rules under the GDPR and provide tips to help you map out a 72-hour personal data breach action plan.

Consent is a frequently discussed topic under the GDPR and often times misunderstood. Still, organizations will likely need to rely on consent to perform many common marketing tasks, which means complying with the more stringent consent requirements under the Regulation and being able to demonstrate that consent has been properly given. In practice, there are ways to collect valid consent and produce an accurate audit trail in the event that it’s needed. During this online webinar, Sonia Siddiqui, Senior Associate at Grant Thornton, and Ariana Davis, Manager of  Privacy and Data Protection at Grant Thornton, will highlight common consent use cases that are affected by the GDPR and walk you through real steps you can implement in practice.

Cookie banners have become commonplace since the passing of the ePrivacy Directive. Unfortunately, they ended up causing unnecessary burden on consumers who accept them without understanding their meaning. Pop-up cookie banners have therefore failed to achieve the objective of the ePrivacy Directive to protect the confidentiality of the information stored on individuals’ devices, as they resulted in consent fatigue. But with the impending ePrivacy Regulation making its way through the legislative process, the new rules should give control back to consumers over the cookies that are stored on their devices, providing them with real choices. In practice, companies will need to implement changes, starting with the choices they give to website visitors. In this session, we’ll explore the evolution of the cookie banner and explain steps you can take to help steer your organization to compliance as well as better understand the relationship the ePrivacy Directive has with the GDPR.