What Health Care Organizations and Their Attorneys Need to Know About GDPR Implementation


This is a virtual event, accessible online and over the phone. Access instructions will be provided after registration.


On May 25, 2018, a new comprehensive data protection law called the General Data Protection Regulation (GDPR) took effect in the European Union (EU).  The GDPR imposes a number of new rules on companies, government agencies, non-profits, and other organizations that offer goods and services to people located in the EU, or that collect and analyze data tied to people located in the EU. This session will focus on practical GDPR implementation tips for health care organizations and their attorneys.  We will discuss key tools we have developed to help health care organizations with ongoing GDPR compliance efforts, including but not limited to a notice checklist, consent checklist, legal basis tool, and Data Processing Agreement decision tree.  

Educational Objectives:
• Understanding the applicability of and key concepts under GDPR (Controller, Processor, Consent, Article 30)
• Practical tips on data mapping and Article 30 record keeping
• Tools to assist in ongoing compliance efforts related to notice, consent, DPAs, etc.
• Practical tips for continued training and communication efforts
• Understanding the cost of non-compliance 

Who would benefit most from attending this program?
In-house and outside counsel working with and advising health care, pharmaceutical and life sciences organizations.


Lisa Acevedo
  • Shareholder
  • Polsinelli PC

Lisa Acevedo is a shareholder at Polsinelli PC in the firm’s Chicago office.  She brings nearly two decades of deep experience in HIPAA and health information privacy and security to provide clients with business-focused compliance strategies.  As the Chair of Polsinelli’s Health Information Privacy and Security team, Lisa provides strategic counsel in the areas of federal health privacy laws and regulations, including HIPAA, the Confidentiality of Alcohol and Drug Abuse Treatment Records (42 CFR Part 2), as well as state laws governing the confidentiality of health information. Ms. Acevedo also advises multi-national health care companies with international data protection laws that impact their use and transfer of health data, including the EU Privacy Directive, the General Data Protection Regulation, and Privacy Shield compliance.

Katie Kenney
  • Associate
  • Polsinelli PC

Ms. Kenney is an associate at Polsinelli PC in the firm's Chicago office. She specializes in HIPAA/HITECH and international privacy issues, including the General Data Protection Regulation (GDPR), and focuses her practice on the health care industry. Prior to joining the firm, Ms. Kenney worked for HHS/OCR in Washington DC, where, among other duties, she served as the subject matter expert for breach notification and actively participated on the agency's audit team. Ms. Kenney received her J.D. from Saint Louis University School of Law and her B.A. from the University of Notre Dame.

Continuing Education

1.0 CLE; 1.0 General COA
A general knowledge of GDPR compliance.
Production Date: