We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Login or sign up: Please either login to Lexology or sign up for our free legal news service to be able to register for this event.

Leveraging GDPR initiatives to comply with the California Consumer Privacy Act and other privacy laws



From privacy project to privacy programme

10:00 EDT

With the dust of the entry into application of the EU General Data Protection Regulation (GDPR) barely settled, the data protection community is shaping up to deal with the next set of challenges: the California Consumer Privacy Act 2018 (CCPA). Before the GDPR there were already hundreds of privacy and data protection laws and regulations, and there will continue to be many more new privacy laws in the months and years to come. For many organisations, the GDPR was viewed as a project with an end date of 25 May 2018. In reality, this is only the beginning of a new era during which organisations must demonstrate an ongoing capacity to comply with the new law. Regardless of the jurisdiction in which your company resides, vigilance for the ever-evolving compliance obligations is essential.

Join us for this interactive web conference as we focus on why an accountability approach is the most pragmatic, scalable and proven method for supporting compliance with multiple laws. You will hear about how an accountability approach to multi-jurisdictional compliance works in both theory and practice, and time will be reserved for your questions.

What you will learn

  • Which activities you already have in place for GDPR compliance that can be leveraged for CCPA compliance
  • How to identify existing policies, procedures and other accountability mechanisms that are already providing rules and guidelines for processing personal data in your organisation
  • Strategies for documenting privacy law requirements and related accountability mechanisms and leveraging them for enterprise-wide privacy management
  • How to effectively report on key compliance requirements so that you are ‘regulator ready’


Paul Breitbarth, director of strategic research & regulator outreach, Nymity

Paul Breitbarth joined Nymity in 2016 to support our EU operations. Based at Nymity’s office in The Hague, the Netherlands, Paul maintains the relations with regulators and key customers across Europe. He is also Senior Visiting Fellow at Maastricht University’s European Centre for Privacy and Cybersecurity. Before joining Nymity, Paul served as senior international officer at the Dutch Data Protection Authority.

He was an active member of various Article 29 Working Party subgroups, co-authoring a large number of opinions, including on the data protection reform, surveillance and the Privacy Shield. Paul holds a Master of Laws from Maastricht University in the Netherlands.

Kimberly Bubnes, global director of privacy operations, General Motors

Kimberly Bubnes currently serves as the global director of privacy operations for General Motors (GM). In this role, she is responsible for the global development and management of the company’s enterprise privacy programme. She provides oversight for the implementation of GM’s privacy programme strategy by developing privacy policies and procedures, leading privacy training initiatives and workshops, and supporting the organisation’s global data strategies for employee and consumer products and services. She has broad expertise in supporting privacy-impacting initiatives at GM and has held various positions within the company – both domestically and abroad – including data protection roles for human resources, legal and information security. She is a Certified Information Privacy Professional/United States and is also a recognised privacy practitioner outside of GM, including by the International Association of Privacy Professionals, where she most recently served as a KnowledgeNet Leader.

Jennie Hargrove, global data privacy manager, HID Global

As a privacy professional with over 11 years of experience, Jennie has a strong background in global data privacy regulations, information security, and compliance. She is responsible for implementing HID’s Global Data Protection Compliance Program as well as managing day to day privacy needs for all business units and departments across HID Global.

Prior to joining HID, Jennie was a privacy and cybersecurity consultant for Ernst & Young where she was responsible for assisting her clients with a wide range of privacy and information security needs. Jennie has a demonstrated record of assisting complex global organizations similar to HID in implementing data privacy programs, as well as identifying and remediating data privacy and information security risks. Additionally, prior to joining Ernst & Young, Jennie worked for a global business process outsourcing company where she was responsible for implementing various risk and compliance programs. She holds two International Association of Privacy Professionals (IAPP) Certifications: Certified Information Privacy Manager (CIPM) and Certified Information Privacy Technologist (CIPT).

Alexys Carlton, director, information assurance & privacy, Otter Products & Blue Ocean Enterprises

Alexys Carlton is the Director of Information Assurance and Privacy for Blue Ocean Enterprises and Otter Products. She is a privacy technologist with professional and academic backgrounds in IT, information security, privacy, and data compliance. Alexys leads a global privacy program for Otter Products and advises the diverse Blue Ocean portfolio of companies. She has experience embedding privacy and security into operations to ensure compliance with global data protection regulations while ensuring the company remains resilient to regulatory and business change. Alexys is also an information security doctoral candidate with a privacy research focus and holds CIPT and GSNA certifications. 






Paul Breitbarth


30 October 2018
14:00 - 14:55 UTC
55 min