The EU General Data Protection Regulation (GDPR) is a broadsweeping regulation that comes into effect on May 25, 2018. It replaces the aging Data Protection Directive (95/46/EC), modernizes the EUs approach to privacy and data protection and harmonizes privacy and data protection laws across the EU. It also brings with it fines as large as €20 million or 4% of global turnover (whichever is higher) for non-compliance.

The operational implications of this regulation are many and the Insights Association is here to help. We are pleased to offer the following series of webinars, each presented by Abby Devine, Director of Government and Public Affairs at the Insights Association. An attorney, Abby is a Certified Information Privacy Professional (CIPP/US) and a Certified Information Privacy Manager (CIPM) with extensive experience educating and advising member companies on regulatory compliance in the fields of market, opinion and social research and data analytics.

In addition to this slate of webinars, information on the GDPR may be accessed via our special Portal.

The information provided by the Insights Association is for informational purposes only and not for the purpose of providing legal advice. Please contact your attorney to obtain advice on specific issues or questions.


Wednesday, December 20, 11:30 a.m. –
GDPR How: Legal Basis for Processing – Consent

The GDPR requires a legal basis for all processing activities. Attend this webinar to learn about the strict requirements for using consent as a legal basis. We will also discuss examples of suitable approaches to obtaining consent.

Thursday, January 11, 11:30 a.m. –
GDPR How: Legal Basis for Processing -- Legitimate Interests

The GDPR requires a legal basis for all processing activities. Learn about when the legitimate interests of the controller or third party can be used as a legal basis. This webinar will include a review of the balancing test used to determine if legitimate interests can be used in certain circumstances.

Thursday, January 25, 11:30 a.m. –
GDPR How: Data Protection Officer

The GDPR requires many companies to designate a Data Protection Officer. Attend this webinar to learn when appointment of a DPO is required, who can serve as a DPO with a discussion of the most recent guidance on conflict of interest in this role, and key duties of the DPO.

Thursday, February 8, 11:30 a.m. –
GDPR How: Transferring Data from the EU

The GDPR only permits data transfers to countries whose regulatory regime is deemed by the European Commission to provide an “adequate” level of personal data protection. In the absence of a formal adequacy decision, transfers are also allowed outside EU states under certain circumstances. This webinar will outline compliant mechanisms for cross-border transfer of personal data under the GDPR.

Thursday, February 22, 11:30 a.m. –
GDPR How: Companies’ Duties - Accountability, Data Security

The GDPR brings with it increased emphasis on accountability, marking a major shift in companies’ duty to maintain and demonstrate compliance with the Regulation. This webinar will discuss the accountability principle and will include information about the GDPR guidance offered on appropriate data security standards.

Thursday, March 8, 11:30 a.m. –
GDPR How: Companies’ Duties - Data Impact Assessments

The GDPR requires controllers to carry out Data Protection Impact Assessments ("DPIAs") when they engage in potentially high-risk processing activities and to consult supervisory authorities in certain instances. In this webinar we will discuss what DPIAs are, when they are necessary and when consultation with supervisory authorities is indicated.

Thursday, March 22, 11:30 a.m. –
GDPR How: Companies’ Duties - Data Breach Notification - Access to Recording Coming Soon

The GDPR requires companies report personal data breaches to the competent national supervisory authority and, in some cases, communicate the breach to the data subjects who have been affected by the breach. Attend this webinar to hear about the timing requirements for reporting and factors to be considered in determining when data subjects must be notified.

Thursday, April 5, 11:30 a.m. –
GDPR How: Data Subjects’ Rights - Access, Correction, Erasure - Access to Recording Coming Soon

The GDPR requires companies to give effect to rights granted to data subjects under the Regulation. This webinar will discuss requirements and best practices for data subject rights to access, correct, and erase their personal data.