Author

Andrew Clearwater10 posts 0 comments

Andrew Clearwater serves as Director of Privacy at OneTrust. Clearwater is a Certified Information Privacy Professional (CIPP/US) and is a licensed privacy attorney in Maine and Massachusetts. In this role, Clearwater provides counsel, leadership, and guidance on all legal issues relating to OneTrust’s corporate environment. He also provides public policy analysis in the areas of privacy, data security, information policy, and technology transactions.

Data Protection

The California Consumer Privacy Act and the GDPR: Identifying Operational Overlap

Andrew Clearwater Jul 27, 2018 0

The California Consumer Privacy Act (CCPA) is the latest in privacy compliance. Although not as comprehensive as what is provided by the GDPR, there are useful operational overlap that can help with compliance with the CCPA.

Data Privacy

Privacy by Design and GDPR: Putting Policy into Practice

Andrew Clearwater Jun 29, 2018 0

While privacy by design is not a new concept, the GDPR makes it a legal requirement, and thus practical guidance is needed for putting policy into practice. What are the concepts and requirements in the context of recent guidance published by the EDPS and UK ICO?

Data Protection

Direct Marketing Under the GDPR: Consent vs Legitimate Interests

Andrew Clearwater May 25, 2018 0

Out of all six legal bases for processing offered by the GDPR, consent and legitimate interests are the legal bases most likely to be relied upon to justify direct marketing. Where the direct marketing involves electronic communications, however, is where things get muddy.

Data Protection

Legitimate Interests: Being Comfortable with Uncertainty

Andrew Clearwater Mar 30, 2018 0

With the EU GDPR right around the corner, you have probably heard that there will be six legal bases for processing personal data. For organizations who are currently preparing for GDPR, there is a strong focus on – as well as some confusion around – legitimate interests, in particular. Let's take a closer look.

Data Protection

Consent Under the GDPR: Requirements and Recommendations for Data Controllers

Andrew Clearwater Jan 26, 2018 0

The concept of consent has had a long history in privacy and data protection. Privacy consent has been evolving, especially under the GDPR. What are the expanded requirements for consent and what actions must organizations begin taking today to prepare for the coming of the GDPR on 25 May 2018?

Data Protection

Access, Erasure and Portability: Examining Data Subject Rights Under the GDPR

Andrew Clearwater Dec 29, 2017 1

Data subject rights are being expanded under the EU General Data Protection Regulation (GDPR), impacting the business processes of data controllers and processors. With the increased complexities that lie in within each distinct right, a variety of new issues will need to be considered.

Data Protection

Revisiting the DPIA in Light of the Revised Article 29 Working Party Guidelines

Andrew Clearwater Oct 27, 2017 0

Avoid the common pitfall of using pre-existing approach to Data Protection Impact Assessment (DPIA) without knowing the Article 29 Working Party guidelines.

Data Protection

GDPR Derogations and How to Prepare for Member State Variation

Andrew Clearwater Sep 29, 2017 0

While one of the primary goals of the GDPR is to harmonize data protection laws across the EU, there are over 50 provisions, which allow GDPR derogations by Member States.

Data Privacy

Operationalising GDPR and Privacy by Design

Andrew Clearwater Nov 25, 2016 0

We give some insight into how companies could use a privacy impact assessment (PIA) in conjunction with data mapping practices to understand how data flows through an organisation, making it the perfect tool to document and track new initiatives.

Data Protection

PIAs and Data Mapping – Operationalizing GDPR and Privacy by Design

Andrew Clearwater Nov 9, 2016 0

As a privacy professional responsible for GDPR, how do you determine the privacy impacts of your new products and services? A privacy impact assessment (PIA) in conjunction with data mapping practices to understand how data flows through an organization, is the perfect tool to document and track these new initiatives.