Understanding Your Responsibilities and Mitigating Risks under the General Data Protection Regulation

Although the General Data Privacy Protection Regulation (GDPR) is a data privacy law implemented by the European Union, its impact extends across the world and affects many American organizations. This pioneering regulation is designed to safeguard its citizens’ personal data and privacy rights, which are approached as fundamental rights. Across the Atlantic, businesses in the United States are not presently domestically governed by a comprehensive federal privacy law; instead, they are subject to an increasing number of sectoral and state regulations. Yet, as trade between the EU and the US has continued to develop and expand since the advent of the internet, digital services and data are now key imports and exports. Today, the GDPR’s strict data protection standards apply to many US businesses, and regulators have shown through steep enforcement fines that failure to comply will not be tolerated. Practitioners conducting business in the EU or looking to enter the region will find this webinar a helpful resource to ensure that they can understand the GDPR and adjust their practices to comply with the regulation.
In this seminar, our privacy experts begin by introducing the GDPR, both its origins and its defining characteristics. Next, our speakers explain the difference between Data Controllers and Data Processors, clarifying the critical distinction between the two positions. The conversation then moves to discuss how the GDPR regulates data transfers, as well as the liability businesses face for non-compliance, citing some of the most notable recent examples. The panel also provides practitioners with key takeaways and risks for organizations to consider, as well as thoughts on the direction of where enforcement is headed in the future.
Topics covered in this webinar:
1. Introduction to the General Data Protection Regulation (GDPR)
2. GDPR Obligations for the Data Controller and Processor
3. GDPR Data Transfers
4. GDPR Liability, Fines, and Class Actions
5. Key Takeaways and What Lies Ahead

Our Mission is to bridge the knowledge gap between law and technology professionals by educating attorneys on technology to attorneys and technology executives on its laws and regulations. Legal Cyber Academy provides a comprehensive tool and evolving knowledge base through exclusive insights from world class cybersecurity, privacy, web 3.0, forensic, and e-discovery legal and technical practitioners. Earn CLE, CPE, and CE credits. (Refunds are available if you do not receive credit) At Legal Cyber Academy We recognize that technology, the cybersecurity threats it faces, and relevant laws and regulation are rapidly evolving, presenting unique challenges and opportunities. Our platform is dedicated to empowering legal professionals with the skills and understanding necessary to navigate the complex landscape of technology in their field, enabling them to effectively advise clients, draft contracts, and navigate legal implications in a technology-driven world. Simultaneously, we strive to equip technology professionals with the legal knowledge they need to make informed decisions, ensure compliance with regulations, and limit liability. By fostering a deep understanding of legal frameworks, we hope to support technology professionals in creating innovative, compliant, and socially conscious technological advancements. Join us in our mission to reshape the way legal professionals and technology experts understand and interact with each other in a rapidly changing technical and legal landscape. Together, they will mitigate risk better, ensure compliance, and actively shape the future of technology and its accompanying laws.

LAW & FORENSICS LLC – FOUNDER; JAMS – NEUTRAL; HARVARD – ADJUNCT;
Danie Garrie, Esq., is the Co-Founder of Law & Forensics LLC, where he heads the Computer Forensics and digital discovery Cybersecurity teams. Daniel has been a dominant voice in the computer forensics and cybersecurity space for the past 20 years, as an attorney and technologist. He is an adjunct professor at Harvard for Computer Forensics, and prior to Law & Forensics, he successfully built and sold several technology start-up companies. Since co-founding Law & Forensics LLC in 2008, Daniel has built it into one of the leading boutique firms specializing in cybersecurity and forensic engineering. He is a mediator, arbitrator, and e-discovery special master for JAMS and is a partner and head of Cybersecurity practice at Zeichner, Ellman & Krause LLP. Daniel earned both a Bachelor’s and a Master’s degree in computer science from Brandeis University, as well as a J.D. from Rutgers Law School. Daniel has led cyber and forensic teams in some of the most visible and sensitive incidents in the United States. He and his team have worked globally for two of the top five banks and dozens of the largest private and public companies in the world. In addition, Daniel has been awarded several patents for advanced cybersecurity and forensic platforms he built with his team, including TableTop.AI, CustodyTrack.IO, and Forensic Scan. Daniel is also well-published in the cybersecurity space and has authored more than 200 articles and books. His work is cited by Black’s Law Dictionary 10th Ed. defining the terms 'software', 'internet', and 'algorithm'. Lastly, he has been recognized by several United States Supreme Court Justices for his legal scholarship and is a trusted source and thought leader for cybersecurity articles and opinions, cited over 500 times to date.

SafeGuard Privay – Co-Founder
I am an attorney recognized by my peers as a leading expert in a wide range of legal, information technology, and data issues, including data protection, data privacy, GDPR, CCPA, data breaches, and data analytics, as well as digital and traditional investigations, eDiscovery, eCompliance, cyber-security, intellectual property, litigation, and information governance. I am the recipient of numerous awards and honors, including Chambers and Partners Band 1 rankings (Global and USA Nationwide - eDiscovery, Privacy, Data Security), The Legal 500 recognition (Data Protection and Privacy - US), The Burton Award, and The New York County Lawyers Association Boris Kostelanetz President's Medal. I have extensive experience in law firms and in-house settings, specializing in litigation, investigations, privacy, compliance, and information governance. I am adept at solving eDiscovery, privacy, and data-related problems for large and small organizations, as well as managing both the day-to-day operations and long-term projects of global teams of attorneys and IT professionals. I have successfully built high-performing, world-class professional groups from the ground up, both at a major law firm and within a leading global financial institution. Additionally, I have successfully grown and managed departments in litigation, privacy, and intellectual property law, coordinated and managed projects and operations among Legal, Compliance, IT, and external professional services firms, and supervised the collection, review, and analysis of data, as well as cross-border privacy issues, in hundreds of matters, including many of the world’s largest financial crime investigations and data breach litigations.

Orrick, Herrington & Sutcliffe LLP – Partner
Shannon Yavorsky is the head of Orrick’s global Cyber, Privacy & Data Innovation group and a leading authority on United States (U.S.) and European (EU) privacy, cybersecurity, and artificial intelligence (AI) issues. She is uniquely qualified in California, England, and Wales and helps global companies navigate the increasingly complex global privacy, cybersecurity, and artificial intelligence regulatory landscape. She advises public and private companies across several sectors, including life sciences and health technology, financial services, private equity, insurance, social media, and technology, on a range of EU and U.S. federal and state privacy laws. Shannon’s strategic counseling advice includes, but is not limited to: Advertising and payment card processing self-regulatory frameworks; Controlling the Assault of Non-Solicited Pornography And Marketing Act (CAN-SPAM); Electronic Communications Privacy Act (ECPA); EU Artificial Intelligence Act; EU e-Privacy Directive; EU General Data Protection Regulation (GDPR); Fair Credit Reporting Act (FCRA); Gramm–Leach–Bliley Act (GLBA); Health Insurance Portability and Accountability Act (HIPAA); National Institute of Standards and Technology (NIST) Artificial Intelligence Risk Management Framework; Telephone Consumer Protection Act (TCPA); U.S. state breach notification laws; U.S. state privacy laws in California, Colorado, Connecticut, Utah, and Virginia (CCPA, CPRA, CPA, CTDPA, UCPA, VCDPA). Shannon also helps clients undertake comprehensive privacy, cybersecurity, and artificial intelligence risk assessments, evaluates privacy, security, and artificial intelligence risks in corporate transactions, and drafts and negotiates data-related contracts. She advises clients on cross-border data transfers, data breaches, and developing global privacy and artificial intelligence compliance programs.

General Counsel at TED Conferences
Nishat Ruiter, general counsel of the non-profit TED Conferences, LLC, first became familiar with the organization in 2006. That was the year that TED posted its first TED Talks — influential 18-minutes or less videos from expert speakers on education, business, science, tech and creativity — online. Her husband Pieter, a Dutch native, introduced her to them. “My husband is a writer, and he was tracking TED from the beginning. At the time, he was an avid follower of [the English musician and producer] Brian Eno and some incredible thinkers of the Long Now Foundation who were driving interesting concepts and solutions from a global and creative perspective,” she remembers. Within three months of becoming available, the first six TED Talk videos garnered more than one million views. Headshot of Nishat Ruiter standing in front of signs in Amherst As a result of the inspiring impact of TED Talks, Ruiter and her husband began discussing TED Talks with friends and family. “We would have these get-togethers at our house where we would discuss the concepts from TED Talks with them,” she explains. “In one scenario, we discussed misconceptions of poverty and the common stereotypes that are held, despite the data. This is when we showed our babysitter, who was also a junior in high school, the TED talk from Hans Rosling, ‘New Insights on Poverty,’ from 2007. She ended up showing it to her entire junior class and later ended up studying journalism in college. We were all very excited, because these ideas were impacting people immediately, which is so incredible. They helped you reframe your notions about so many things.” The free media platform surpassed one billion video views in 2012. Currently, TED Talk videos average 17 new page views per second. TED’s origin story begins in 1984. It started as a small California conference known as Technology, Entertainment, and Design – the original meaning of TED. Since then, the nonprofit has grown into a global community devoted to sharing ideas and knowledge on various disciplines in over 100 languages. Over the past 35 years, the organization has created a myriad of programs, including the flagship TED Talks and conferences, TEDx, TEDWomen, TED Salons, the TED Fellows program, the Audacious Project, TEDSummit, TED-Ed, and various original podcasts, including The TED Interview with Chris Anderson, Sincerely, X, and WorkLife with Adam Grant. In 2015, Ruiter went from hosting monthly devotional gatherings called Spiritual Café, which delved into topics related to how we are all connected, to helping organize an official TEDx event in Hillsborough, New Jersey. She and other organizers worked for six months on curating local speakers and helping them cultivate their TEDx Talks. The talk brought the community together around the theme “Change Matters.” The experience required obtaining a license from TED, giving Ruiter a taste of TED’s process and “what it takes to put on a mini, micro TED event in your own community.” Nine months later, she would interview for TED’s first general counsel position.

Morrison & Foerster - Partner
Alex van der Wolk, partner and co-chair of the firm’s preeminent Global Privacy & Data Security practice, is based in the firm’s Brussels office. With over 15 years of experience, he advises global companies on their most complex data protection strategies and compliance, governing all aspects of information management. Alex assists clients in developing privacy strategies for digital transformations, industrial IoT, telematics, Big Data, commercial and marketing programs, and data analytics. He has particular expertise in assisting clients with structuring their approach to data privacy in specialized areas such as health-tech, AgTech, and AdTech. Additionally, he represents clients in privacy litigation in Europe, including European privacy class actions, where he has successfully represented clients in some of the first class action cases in the Netherlands and the UK. Alex is often called upon to lead crisis management teams for clients facing investigations by data protection authorities or responding to cybersecurity incidents. Notably, Alex was one of the first practitioners in Europe to assist companies in setting up Binding Corporate Rules (BCRs) and has since used this expertise to develop a longstanding and proven track record in helping companies obtain regulatory approval for BCRs, both in the EU and in the UK. Alex is a frequent speaker at international data privacy conferences, including IAPP, and serves as a guest lecturer at the Tilburg Institute for Law, Technology, and Society and the University of Amsterdam. He is a Dutch-qualified lawyer and a member of the Amsterdam and Brussels Bars. He is fluent in English and Dutch.