The Rise of Privacy: A Risk-based Approach to Privacy Oversight, Compliance and Management for Research Facilities

A great deal of confusion is swirling around about the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA). With GDPR enforcement in full force and CCPA coming soon, many research institutions, universities, and government contractors are struggling with compliance. This discussion focused on how to evaluate privacy risks and build sustainable privacy programs using real-world examples.

Specifically, participants: (1) Gained an understanding of the regulation and its impact on research; (2) Learned to quantify the risk to an institution with multiple privacy and compliance requirements; (3) Better understood data subject rights and how they apply in a complex environment; and (4) Understood the need and role of a Data Privacy Officer (DPO) programs using real-world examples. Participants benefited from a basic level understanding of the GDPR.

Presented on April 3rd at the 2019 Large Facilities Workshop.

Mike Cullen

Senior Manager, Baker Tilly Virchow Krause, LLP


David Ross

Principal & Cybersecurity Growth Leader, Risk, Internal Audit & Cybersecurity Practice