Up until now, organizations have assumed that all data subject requests were the same.

But, today under GDPR, and in 2023 under CDPA, employees can access, update and delete their personal data the same way consumers can.

In consumer DSARs, unless the organization is highly complex, the information is usually found in a small and distinct set of locations. But an employee of long tenure who has held many roles will have information across nearly every database, system and application.

Come join us and learn more about employee DSARs:

  • Current activity under GDPR and potential for abuse
  • Differentiating employee DSARs vs. consumer requests
  • Technology requirements for automating complex employee DSARs
  • How legal and privacy teams can achieve compliance with both current GDPR and upcoming CPRA mandates

Meet the Speakers:

Rebecca Perry

Director of Strategic Partnerships, Exterro

Rebecca Perry is the Director of Strategic Partnerships at Exterro, the leader in helping companies manage their information compliantly and defensibly – in compliance with data privacy and cybersecurity regulations like the GDPR, NYS DFS, CCPA and others.

Rebecca has been with Exterro more than 25 years helping legal, compliance, privacy and IT executives in the areas of information governance, data mapping, data minimization, records retention and third-party diligence. She manages the Alliance Partnership with the Association of Corporate Counsel and builds strategic relationships with leading law firms.

Meribeth Banaschik

Partner, Forensic & Integrity Services, EY Germany

Meribeth Banaschik is a partner in EY‘s Forensics & Integrity Services team. As an American litigator and Solicitor of England & Wales with more than 14 years of professional experience, including 10 years’ experience in Germany, Meribeth is focused on analytics and applied technologies to isolate and address various risks facing modern global organizations, particularly legal risks. She focuses on the measurement and quality imperatives that impact defensibility and acceptance of technology and technology-driven results in a legal/investigative context.

In addition to leading the German eDiscovery and Managed Document Review practice, she is also responsible within Forensics for GDPR compliance projects, document intelligence and litigation operations.

David Navetta

Partner, Cooley LLP

David Navetta, vice chair of Cooley’s cyber/data/privacy practice, is a prominent leader in privacy, information security and technology law. He has extensive experience counseling clients on novel and cuttingedge data protection issues, including data breach response, cybersecurity risk management, consumer and employee privacy, incident response planning and preparedness, technology transactions, vendor management, board of director advice and consultation, regulatory investigations, litigation and due diligence in corporate transactions.

David serves as a “breach coach” on an approved panel for numerous cyber insurance carriers and companies, and he has helped some of the world’s leading corporations to effectively respond to complex data security breaches and protect their enterprise.

David’s clients range from startups to large Fortune 500 multinationals across a range of industries, including ecommerce, consumer products, name-brand traditional brick-and-mortar, hotels and hospitality, social media, technology, professional services, healthcare, financial institutions and energy.