Privacy Level Agreement

Back to discussions
Expand all | Collapse all

PLA WG call - April 27th [Meeting Minutes]

  • 1.  PLA WG call - April 27th [Meeting Minutes]

    Posted Apr 28, 2021 02:44:00 AM

    Dear members,
                               please find below a summary of the discussions that took place during our recent meeting.

    Agenda Items (AIs):

    1. Progress status check on the CCPA-GDPR Gap Analysis Activity and next steps
    2. Other points discussed during the meeting
    3. AoB

    Participants (3):

    Paul Benedek
    Maxine Henry
    Lefteris Skoutaris (PM)


    Meeting Minutes (MMs)

    1. Progress status check on the CCPA-GDPR Gap Analysis Activity and next steps (CCPA-GDPR mapping tool)
    • The objective of the gap analysis is determining what are the CCPA provisions which bring, in full or partially, additional compliance requirements, when compared to the mapped GDPR articles,
    • The PLA WG has completed both the mapping and gap analysis between the CCPA and the GDPR,
    • Paolo (co-chair) and his team have reviewed the gap analysis results and have posted their feedback (agree/disagree with justification) under column 'I' of the mapping tool and gap analysis tab for discussing at the next call,
    • Paul and Mark have responded to the call and have replied back under column 'J' and to the co-chair team's feedback,
    • The activity is still missing the reply from Mariusz and Ramon (both contacted and agreed to reply back by our next PLA WG meeting) (AP1),
    • Martim informed the panel that the co-chair's team is working to identify the recently applied CCPA amendments, and how these might possibly affect the current mapping & gap analysis exercise. Results of this analysis are to be presented at the next group call (AP2),
    • The next step, after meeting consensus with respect to the identified gaps (or deltas to the GDPR), the group will be tasked to compare those with the PLA CoP, and propose an addendum that will extend the PLA CoC to offer compliance to the CCPA as well,
    • The group will discuss all provided comments during the next PLA WG session on May11th.

      2. Other points discussed during the meeting
      • Paul pointed out that there are several learning points out of the exercise that need further consideration for the next analysis phase,
      • One point made is that we need to be specific in the differences and highlight where there are any deviations from the GDPR (identified gaps in GDPR in relation to the CCPA) . Going forwards, it would be good to agree on an approach and where we need to be specific,
      • The second point is that it may also be worthwhile to have a partial review of comments after the second iteration so we can agree if everything is on track and that the right approach is being taken.

      3. AoB
      • Next call is scheduled on May 11th, 6 pm EEST (5 pm CET / 9 am PST / 12 pm EST). 


      Action Points (APs)

      AP1: The activity is still missing the reply from Mariusz and Ramon (both contacted and agreed to reply back by our next PLA WG meeting).
      AP2: Martim informed the panel that the co-chair's team is working to identify the recently applied CCPA amendments, and how these might possibly affect the current mapping & gap analysis exercise. Results of this analysis are to be presented at the next group call.


      Please let me know if something essential is missed above.
      Thank you again for your attendance and support.
      Best regards,
      Lefteris


      Please let me know if something essential is missed above.
      Thank you again for your attendance and support.
      Best regards,
      Lefteris

      ------------------------------
      Eleftherios Skoutaris
      Program Manager
      Cloud Security Alliance
      ------------------------------