With only months to go until the GDPR’s enforcement date, it’s time to build an executable action plan for compliance success or to assess the progress if you have already started. How to approach this? The GDPR is dense and complex; it’s difficult to identify where you should focus your money, time, and resources. Join Annika Sponselee, Partner at Deloitte and Nicole Vreeman, Manager at Deloitte, as they walk through the most significant aspects of the GDPR and share their advice for prioritizing privacy program tasks in preparation for May 25, 2018.

Under the GDPR, organizations are now required to have contracts in place with all their vendors addressing the details of the processing activity. It is also your responsibility to ensure you have “sufficient guarantees” from your vendors “to implement appropriate technical and organizational measures” to safeguard personal data. But how do you get these guarantees, and what other questions should you even be asking your vendors? While vendor assessments have traditionally been focused on security, vendor assessments under the GDPR will need to incorporate privacy considerations. Join Cynthia O’Donoghue, Partner at Reed Smith and Dr. Andreas Splittgerber, Partner at Reed Smith, to discuss the topic of vendor risk assessments—what they entail and how they should be used to evaluate vendors and renegotiate existing contracts for compliance with the GDPR.

Under the GDPR, controllers are now required to notify their supervisory authority when a personal data breach occurs, unless it is unlikely to result in risks to the rights and freedoms of individuals. The notification needs to be done without undue delay, no later than 72 hours after the controller has become aware of the breach (with some exceptions). It is crucial for privacy practitioners to understand the details of this tight timeline as well as the risk-based trigger, and what they entail. In this session, Tim Van Baelen ,Advisor at KPMG,  and Joris Weyn, Senior Manager at KPMG, review the personal data breach rules under the GDPR and provide tips to help you map out a 72-hour personal data breach action plan.

Consent is a frequently discussed topic under the GDPR and often times misunderstood. Still, organizations will likely need to rely on consent to perform many common marketing tasks, which means complying with the more stringent consent requirements under the Regulation and being able to demonstrate that consent has been properly given. In practice, there are ways to collect valid consent and produce an accurate audit trail in the event that it’s needed. During this online webinar, Sonia Siddiqui, Senior Associate at Grant Thornton, and Ariana Davis, Manager of  Privacy and Data Protection at Grant Thornton, will highlight common consent use cases that are affected by the GDPR and walk you through real steps you can implement in practice.

Cookie banners have become commonplace since the passing of the ePrivacy Directive. Unfortunately, they ended up causing unnecessary burden on consumers who accept them without understanding their meaning. Pop-up cookie banners have therefore failed to achieve the objective of the ePrivacy Directive to protect the confidentiality of the information stored on individuals’ devices, as they resulted in consent fatigue. But with the impending ePrivacy Regulation making its way through the legislative process, the new rules should give control back to consumers over the cookies that are stored on their devices, providing them with real choices. In practice, companies will need to implement changes, starting with the choices they give to website visitors. In this session, we’ll explore the evolution of the cookie banner and explain steps you can take to help steer your organization to compliance as well as better understand the relationship the ePrivacy Directive has with the GDPR.