On October 5, 2018, the Centre for Information Policy Leadership (“CIPL”) at Hunton Andrews Kurth LLP hosted a workshop on how to implement, demonstrate and incentivize accountability under the EU General Data Protection Regulation (“GDPR”), in collaboration with AXA in Paris, France. In addition to the workshop, on October 4, 2018, CIPL hosted a Roundtable on the Role of the Data Protection Office (“DPO”) under the GDPR at Mastercard and a pre-workshop dinner at the Chanel School of Fashion, sponsored by Nymity.
Roundtable on the Role of the DPO Under the GDPR
On October 4, 2018, CIPL hosted a Roundtable on the Role of the DPO under the GDPR. The industry-only session consisted of an open discussion among CIPL members who have firsthand experience in carrying out the role and tasks of a DPO in diverse and complex multinational organizations. Following opening remarks by CIPL president Bojana Bellamy, participants discussed practical challenges, best practices and solutions to the effective exercise of the DPO’s functions. The Roundtable addressed issues such as the position of the DPO in the organization, independence and conflict of interests and rights, duties and liability of the DPO. View the full program and discussion topics as listed in the program agenda.
CIPL Pre-Workshop Dinner at Chanel School of Fashion
On the evening of October 4, 2018, CIPL hosted a pre-workshop dinner at the Chanel School of Fashion, sponsored by Nymity. The event brought together CIPL members and data protection authorities (“DPAs”) in advance of CIPL’s all day accountability workshop. During the dinner, remarks were given by Bojana Bellamy, as well as Anna Pouliou, Head of Privacy at Chanel and Terry McQuay, Nymity president and sponsor of the event.
CIPL Workshop on How to Implement, Demonstrate and Incentivize Accountability Under the GDPR
On October 5, 2018, CIPL hosted an all day workshop on How to Implement, Demonstrate and Incentivize Accountability Under the GDPR, in collaboration with AXA. CIPL’s two newest papers on the Central Role of Accountability in Data Protection formed the basis of the program, placing an emphasis on how accountability enables effective data protection and trust in the digital society, and on the need for DPAs to encourage and incentivize accountability. Over 100 CIPL members and invited guests attended the session, including over 10 data privacy regulators.
Following opening remarks by Emmanuel Touzeau, Group Communication and Brand Director – GDPR Sponsor at AXA and CIPL’s Bojana Bellamy, introductory scene setting keynotes by Peter Hustinx, Former European Data Protection Supervisor and Patrick Rowe, Deputy General Counsel at Accenture laid the foundation for the day’s discussions.
The first panel on “Accountability under the GDPR” featured a wide ranging discussion by DPAs and industry experts on the important role of accountability in data protection. The meaning of accountability and its role in enabling effective privacy protections for individuals while ensuring innovation by organizations informed the discussion, along with dialogue around the key elements of accountability and how specific requirements of the GDPR map to these core elements. An important topic of discussion during this session concerned how to reconcile the need for proactive engagement between companies and DPAs with enforcement practices.
The second panel on “How to Demonstrate Accountability Internally and Externally” progressed the discussion from what constitutes accountability to how to implement and demonstrate it in practice, both within an organization and externally to DPAs. Participants also discussed whether accountability should be showcased proactively and how it can be demonstrated by participation in accountability schemes such as Binding Corporate Rules and future GDPR certifications and codes of conduct.
The final session of the day on “Best Practices: How are DPAs Incentivizing Accountability?” considered how DPAs can incentivize accountability under the GDPR. A wide range of incentives that are – or could be - used to encourage organizations to implement strong accountability measures were discussed, along with those that feature in CIPL’s paper on incentivizing accountability.
The workshop formed part of CIPL’s ongoing work around the concept of accountability in data protection and reaching consensus on its essential elements. View the full workshop agenda. CIPL’s papers on The Case for Accountability: How it Enables Effective Data Protection and Trust in Digital Society and Incentivizing Accountability: How Data Protection Authorities and Law Makers Can Encourage Accountability are the latest papers in this initiative and form the foundations for more work on accountability to follow from CIPL .
Search
Recent Posts
Categories
- Behavioral Advertising
- Centre for Information Policy Leadership
- Children’s Privacy
- Cyber Insurance
- Cybersecurity
- Enforcement
- European Union
- Events
- FCRA
- Financial Privacy
- General
- Health Privacy
- Identity Theft
- Information Security
- International
- Marketing
- Multimedia Resources
- Online Privacy
- Security Breach
- U.S. Federal Law
- U.S. State Law
- Workplace Privacy
Tags
- Aaron Simpson
- Accountability
- Adequacy
- Advertisement
- Advertising
- American Privacy Rights Act
- Anna Pateraki
- Anonymization
- Anti-terrorism
- APEC
- Apple Inc.
- Argentina
- Arkansas
- Article 29 Working Party
- Artificial Intelligence
- Australia
- Austria
- Automated Decisionmaking
- Baltimore
- Bankruptcy
- Belgium
- Biden Administration
- Big Data
- Binding Corporate Rules
- Biometric Data
- Blockchain
- Bojana Bellamy
- Brazil
- Brexit
- British Columbia
- Brittany Bacon
- Brussels
- Business Associate Agreement
- BYOD
- California
- CAN-SPAM
- Canada
- Cayman Islands
- CCPA
- CCTV
- Chile
- China
- Chinese Taipei
- Christopher Graham
- CIPA
- Class Action
- Clinical Trial
- Cloud
- Cloud Computing
- CNIL
- Colombia
- Colorado
- Committee on Foreign Investment in the United States
- Commodity Futures Trading Commission
- Compliance
- Computer Fraud and Abuse Act
- Congress
- Connecticut
- Consent
- Consent Order
- Consumer Protection
- Cookies
- COPPA
- Coronavirus/COVID-19
- Council of Europe
- Council of the European Union
- Court of Justice of the European Union
- CPPA
- CPRA
- Credit Monitoring
- Credit Report
- Criminal Law
- Critical Infrastructure
- Croatia
- Cross-Border Data Flow
- Cyber Attack
- Cybersecurity
- Cybersecurity and Infrastructure Security Agency
- Data Brokers
- Data Controller
- Data Localization
- Data Privacy Framework
- Data Processor
- Data Protection Act
- Data Protection Authority
- Data Protection Impact Assessment
- Data Transfer
- David Dumont
- David Vladeck
- Delaware
- Denmark
- Department of Commerce
- Department of Health and Human Services
- Department of Homeland Security
- Department of Justice
- Department of the Treasury
- District of Columbia
- Do Not Call
- Do Not Track
- Dobbs
- Dodd-Frank Act
- DPIA
- E-Privacy
- E-Privacy Directive
- Ecuador
- Ed Tech
- Edith Ramirez
- Electronic Communications Privacy Act
- Electronic Privacy Information Center
- Elizabeth Denham
- Employee Monitoring
- Encryption
- ENISA
- EU Data Protection Directive
- EU Member States
- European Commission
- European Data Protection Board
- European Data Protection Supervisor
- European Parliament
- Facial Recognition Technology
- FACTA
- Fair Credit Reporting Act
- Fair Information Practice Principles
- Federal Aviation Administration
- Federal Bureau of Investigation
- Federal Communications Commission
- Federal Data Protection Act
- Federal Trade Commission
- FERC
- FinTech
- Florida
- Food and Drug Administration
- Foreign Intelligence Surveillance Act
- France
- Franchise
- Fred Cate
- Freedom of Information Act
- Freedom of Speech
- Fundamental Rights
- GDPR
- Geofencing
- Geolocation
- Georgia
- Germany
- Global Privacy Assembly
- Global Privacy Enforcement Network
- Gramm Leach Bliley Act
- Hacker
- Hawaii
- Health Data
- Health Information
- HIPAA
- HIPPA
- HITECH Act
- Hong Kong
- House of Representatives
- Hungary
- Illinois
- India
- Indiana
- Indonesia
- Information Commissioners Office
- Information Sharing
- Insurance Provider
- Internal Revenue Service
- International Association of Privacy Professionals
- International Commissioners Office
- Internet
- Internet of Things
- IP Address
- Ireland
- Israel
- Italy
- Jacob Kohnstamm
- Japan
- Jason Beach
- Jay Rockefeller
- Jenna Rode
- Jennifer Stoddart
- Jersey
- Jessica Rich
- John Delionado
- John Edwards
- Kentucky
- Korea
- Latin America
- Laura Leonard
- Law Enforcement
- Lawrence Strickling
- Legislation
- Liability
- Lisa Sotto
- Litigation
- Location-Based Services
- London
- Madrid Resolution
- Maine
- Malaysia
- Markus Heyder
- Maryland
- Massachusetts
- Meta
- Mexico
- Microsoft
- Minnesota
- Mobile App
- Mobile Device
- Montana
- Morocco
- MySpace
- Natascha Gerlach
- National Institute of Standards and Technology
- National Labor Relations Board
- National Science and Technology Council
- National Security
- National Security Agency
- National Telecommunications and Information Administration
- Nebraska
- NEDPA
- Netherlands
- Nevada
- New Hampshire
- New Jersey
- New Mexico
- New York
- New Zealand
- Nigeria
- Ninth Circuit
- North Carolina
- Norway
- Obama Administration
- OECD
- Office for Civil Rights
- Office of Foreign Assets Control
- Ohio
- Oklahoma
- Opt-In Consent
- Oregon
- Outsourcing
- Pakistan
- Parental Consent
- Payment Card
- PCI DSS
- Penalty
- Pennsylvania
- Personal Data
- Personal Health Information
- Personal Information
- Personally Identifiable Information
- Peru
- Philippines
- Phyllis Marcus
- Poland
- PRISM
- Privacy By Design
- Privacy Policy
- Privacy Rights
- Privacy Rule
- Privacy Shield
- Protected Health Information
- Ransomware
- Record Retention
- Red Flags Rule
- Regulation
- Rhode Island
- Richard Thomas
- Right to Be Forgotten
- Right to Privacy
- Risk-Based Approach
- Rosemary Jay
- Russia
- Safe Harbor
- Sanctions
- Schrems
- Scott H. Kimpel
- Scott Kimpel
- Securities and Exchange Commission
- Security Rule
- Senate
- Serbia
- Service Provider
- Singapore
- Smart Grid
- Smart Metering
- Social Media
- Social Security Number
- South Africa
- South Carolina
- South Dakota
- South Korea
- Spain
- Spyware
- Standard Contractual Clauses
- State Attorneys General
- Steven Haas
- Stick With Security Series
- Stored Communications Act
- Student Data
- Supreme Court
- Surveillance
- Sweden
- Switzerland
- Taiwan
- Targeted Advertising
- Telecommunications
- Telemarketing
- Telephone Consumer Protection Act
- Tennessee
- Terry McAuliffe
- Texas
- Text Message
- Thailand
- Transparency
- Transportation Security Administration
- Trump Administration
- United Arab Emirates
- United Kingdom
- United States
- Unmanned Aircraft Systems
- Uruguay
- Utah
- Vermont
- Video Privacy Protection Act
- Video Surveillance
- Virginia
- Viviane Reding
- Washington
- Whistleblowing
- Wireless Network
- Wiretap
- ZIP Code