Regulation (EU) 2016/679, the European Union’s new General Data Protection Regulation (GDPR), governs the processing of personal data by any EU party. It also addresses the transfer of personal data outside the EU and EEA areas. The GDPR aims primarily to materially enhance the control by citizens and residents over their personal data and at the same time - to simplify the regulatory environment for international business.

Alexey Muntyan, Personal Data Protection & IT Security Officer, DHL Express (moderator) focused in his presentation on recent developments in the GDPR’s implementation practice, including data controllers and processors’ status, requirements applied to data protection officers (DPOs), activities undertaken by major data controllers (SAP, Microsoft, Adobe), GDPR vs. block chain, perspectives for the ratification the ETS No.108 - Convention for the Protection of Individuals with regard to Automatic Processing of Personal Data, social media legal status vs. GDPR and level of responsibility, Facebook investigation over a data breach recently launched by Ireland’s data regulator. 

Dorthe Katharina Jensen, Corporate Counsel & Global Data Protection Officer, Attorney-at-Law, Group Legal Affairs ROCKWOOL International A/S, presented the company’s  approach in implementing unified  policy toward GDPR at a global level, company’s experience in applying Russian data localization law, data deletion policy, tools used for implementing corporate rules through e-learnings, face-to-face trainings, etc. 

Ildar Zverev, Senior Manager, Tax and Legal Department, and Natalia Yakovleva, Senior Consultant, Technology Systems Integration, Deloitte Consulting LLC, focused in their presentation at the following aspects: processing big volumes of data, mechanisms for cross-border data transfer and its compliance with national law, recommendations on data processing documentation and data breach notifications, recommendations by the EU Agency for Network and Information security (ENISA) for data controllers, application of DLP systems in confidential data leaks prevention, data labeling and data deletion policies.  

Dmitry Zykov, Head of Data Protection Group, Pepeliaev Group, highlighted in his presentation the aspects related to national labour law jurisdiction vs. GDPR and jurisdiction clauses in terms the cross-border data transfer, practical aspects of recruiting EU citizens by Russian legal entities, GDPR in terms of business travel to the EU and Russia, intra-corporate data processing agreements, GDPR-compliant privacy notices application, etc.

Anastasia Gracheva, Associate, Intellectual Property and Technology, Dentons, covered in her presentation legal compliance of Russian Federal Law on Personal Data (No. 152-FZ) and GDPR, practical aspects of post-implementation period, controllers and processors duties,  ways to maintain a proper level of compliance, internal coordination and DPO’s function as the connecting link. 

The presentations were followed by a questions and answers session. 

Photo L-R: Anastasia Gracheva, Associate, Intellectual Property and Technology, Dentons; Dmitry Zykov, Head of Data Protection Group, Pepeliaev Group; Ildar Zverev, Senior Manager, Tax and Legal Department, Deloitte Consulting LLC; Dorthe Katharina Jensen, Corporate Counsel & Global Data Protection Officer, Attorney-at-Law, Group Legal Affairs ROCKWOOL International A/S; Alexey Muntyan, Personal Data Protection & IT Security Officer, DHL Express.