GDPR Compliance: Scope, Concepts, and Applicability
This course is approved for continuing legal education (CLE) credit in CA, CT, NJ, and NY: 2.0 CLE credits for CA. Please check with your local bar association for reciprocal state credit. Reporting requirements vary by state and we recommend that you check with your state's bar association for their guidelines on reporting requirements.
On May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) took effect. The GDPR is, arguably, the most significant legislation pertaining to the protection of personal data and, with its reach outside of the EU, impacts business entities on a global scale. This course examines the core concepts of the GDPR as set forth in the first 50 Articles. We will explore when and how the GDPR applies, key definitions and terms, the foundational principles, legal bases of processing and special protections for sensitive information. We will cover how to build a privacy notice, what are the data subject rights, and concepts such as data protection by design and default. This course will touch briefly on the role of controllers versus processors, but we will cover issues such as the role of the data protection officer, how to conduct a privacy impact assessment, what are the minimum security requirements, and obligations for breach notification. Finally, the course will cover certain business concepts including data mapping and how to make risk based determinations to help avoid boiling the ocean for compliance. By the end of this course, you will have a good overview of what it means to be “GDPR compliant” and provide an excellent foundation from which to build a GDPR compliance program.
You will understand when and to what extent the GDPR may apply to businesses and business functions around the world.
You will understand the foundational principles and the key terms, roles, and responsibilities associated with the GDPR and the fundamental rights of data subjects.
You will understand how the GDPR affects the business concerns (i.e., data management, processing, and protection) of entities within the EU and globally.