WP29’s New GDPR Breach Notification Guidance: Actionable Takeaways

Broadcast date: Thursday, November 16, 2017

In October the Article 29 Data Protection Working Party (WP29) released proposed data breach notification guidance under the GDPR. The guidelines include details about data breach notification mechanisms as well as notification obligations to data subjects and supervisory authorities. They also assert that an incident response plan and a risk assessment are critical to compliance, and that failure to comply has serious consequences, including an administrative fine of up to 4% of global annual revenue. With so much GDPR information out there, how do you distill it down to its essential, actionable elements? And how do you continue to comply with existing data breach notification regulations while simultaneously preparing your organization for GDPR and its 72-hour breach notification timeframe, among other requirements?  

Join us for this educational web conference and learn how to:

  • Discover the differences between US and EU data breach regulatory frameworks based on the current guidance.
  • Understand key points of the WP29’s proposed data breach notification guidance, including risk assessment, notification requirements (Article 33), communication requirements (Article 34), and documentation (Articles 5(2) and 33(5)).
  • Find out how establishing and regularly reporting on your organization’s privacy program metrics can help you prepare for GDPR compliance.
  • Develop an incident response program that is compliant with the GDPR and US data breach notification requirements, plus third-party contractual notification obligations.

Alex Wall, CIPP/E, CIPP/US, CIPM, FIP, Senior Counsel and Global Privacy Officer, RADAR, Inc.

Julia Jacobson, CIPP/US, CIPM, FIP, Partner, K&L Gates LLP