Any organization that collects personal data of European Union (EU) residents must comply with the General Data Protection Regulation (GDPR) that comes into effect on May 25, 2018. The GDPR provides sweeping changes to privacy requirements in the EU and has teeth behind it with fines that can reach 4% of global revenue. While much has been written about, discussed, and tweeted about GDPR, often times that information is inaccurate. In this session, hear from "mythbusting" data security and privacy attorneys on what the GDPR really means and how organizations can ensure compliance.
After completing this session, learners will:
- Understand generally what GDPR compliance requires and what it does not
- Understand whether an organization must comply with GDPR
- Understand the information security and breach reporting Requirements of GDPR
Nick Merker is a partner and co-chair of Ice Miller’s Data Security and Privacy Practice. His experience is unique, as he is only one of a handful of DSP lawyers in the country who can say that they’ve worked as a computer systems, network and security engineer for 10 years before practicing law. Nick’s forte is being able to quickly judge a room at a client site and determining which hat to wear - lawyer, technologist, or some combination thereof. Nick’s technology background gives him the unique ability to bridge the gap between lawyers and technologists, often times translating between the two disparate disciplines to resolve legal issues. He strives to provide practical advice to clients that they can go implement immediately rather than generate long-winded academic answers to basic legal questions.
Stephen Reynolds, CISSP, CIPP/US is former Computer Programmer and now Partner in Ice Miller's Litigation Group, and co-chair of the Data Security and Privacy Practice, with a practice that focuses on commercial litigation and data security and privacy law.