Protecting Personal Data from Cyber-Attacks

Size: px
Start display at page:

Download "Protecting Personal Data from Cyber-Attacks"

Transcription

1 News Alert May 2017 Protecting Personal Data from Cyber-Attacks Last week the world woke up to the latest cyber-attack of Initially striking the NHS in the UK, the malicious WannaCrypt ransomware then quickly spread across the globe with more than 200,000 computers infected across 150 countries. Once infected, the malware prevents organisations from accessing their data holdings unless a ransom is paid. The story is becoming increasingly familiar and with each high profile attack the protection of personal data held by businesses becomes an ever increasing concern. Cybercrime is fuelled by the sheer volume of data now available, and the increasing use of offsite and cloud storage systems has dispersed that data giving criminals many more points to access it. Faced with such threats, businesses have been encouraged to review their cyber security and upgrade their IT systems. But technology on its own cannot stop a cyber-attack unless the organisation fully understands the data assets that the technology is trying to protect. An effective cyber security strategy requires a legal analysis of an organisation s whole approach to data protection - how the organisation controls the collection, use and sharing of its data. Data protection and cyber security are no longer just IT concerns; they are now board level issues. Do not delay All businesses located outside the EU who offer goods and services to EU citizens will need to ensure compliance with the EU s General Data Protection Regulation (GDPR) which comes into effect in May The GDPR includes requirements for personal data security and, in the event of a data breach, notification to the relevant regulatory authority and any affected individual data subjects. Comprehensive data protection legislation has also recently been passed in Bermuda and the Cayman Islands. Drafted around a set of EU-style data privacy principles, both laws are expected to come into force during 2018 and will apply to all organisations processing personal data in those jurisdictions. Organisations operating in offshore centres need to get it right reputations, large fines (in some cases up to the greater of 20 million or 4% of global annual turnover) and criminal liability are now at stake. Developing a cyber security compliance plan: At a high level, the steps towards developing an effective compliance plan are as follows: What personal data does the business hold and in what format paper, electronic, tape? How was that personal data captured, and for what purposes is it being used and processed by the business? Is that personal data being transferred to any other company within the group or to third parties for any purpose? If yes, into which jurisdictions is the data being sent? What data protection and cyber security regulatory regimes apply to the organisation s personal data holdings, considering both the location in or from which the data was collected and the locations where it is being processed?

2 Are the organisation s existing policies and procedures compliant with applicable data protection laws? Where are the gaps? In the event of a data breach, are systems in place to ensure that the breach can be quickly identified and the appropriate authorities and any affected data subjects notified? Looking to the future, what plans does the business have for processing personal data, having regard to new business lines, new jurisdictions, new technologies, new business models and other opportunities for commercialising its data holdings? Identifying vulnerabilities Offshore financial centres represent an attractive target for cyber criminals because of the large and often highly sensitive data holdings being collectively managed by those centres. As organisations increasingly outsource a significant part of their day-to-day operations to external service providers, these transfers also leave them vulnerable to attack. Cyber criminals can easily identify and exploit weak links in the flow of information between the organisation and its external providers. Data that may have been anonymised or aggregated by an organisation will still require careful handling. The rise of social media and the increase in online public data sources means cyber criminals are now easily able to re-identify individuals by combining that information with the anonymised or aggregated datasets. Transferring data to third parties In an age where highly sensitive information can be exchanged at the touch of a button, data protection issues must be considered before any transfers of personal data are made to third parties. There is no substitute for proper due diligence on the systems, policies and procedures of third party providers to ensure that personal data is handled appropriately and securely. Regular physical audits and independent testing of a service provider s controls would also be advisable. Contractual provisions should be put in place between the organisation and the third party service provider to ensure that any personal data is processed only for authorised purposes, that all data is stored and transmitted securely and that disaster recovery practices are in place in the event of a data breach. Use of unauthorised subcontractors by the service provider should be prohibited without the prior approval of the transferor. Data protection and new technologies Financial technologies or FinTech are emerging technologies that have the potential to supplement or disrupt the offshore financial services industry. FinTech solutions also raise data protection and cyber security concerns that need to be carefully considered before they are adopted. Blockchain, or distributed ledger technology, is starting to be used to centralise a number of back-office and compliance functions. Designed to keep a permanent, immutable record of all transactions that have taken place, the technology is at odds with the requirement under modern data protection legislation to ensure that all personal data is securely purged once the purpose of use has been fulfilled. As users of the ledgers may be anonymous, there is also the potential for criminal organisations to apply powerful data analytics to these datasets to match data that appears to be clear of personally identifiable information to those which are not, thereby allowing the re-identification of individuals from that data. The attraction of flexible working has led to a growth in the popularity of bring-your-own-device (BYOD) policies. While some organisations are issuing smartphones and tablets for employees, other employees may be using their personal devices for business purposes without approval. Where BYOD is offered, a careful balance needs to be struck between employee satisfaction and protecting personal data. Organisations should put in place a clear BYOD strategy that sets out minimum do s and don ts for using a device. Data should be encrypted and the organisation should have the ability to remotely access, monitor and wipe the data and prevent data access from third party apps.

3 Top-down compliance Effective data protection starts with knowing your data, but in the era of mobile devices and cloud computing, identifying the full extent of an organisation s personal data holdings can be difficult, as the databases are not always clearly marked out as such. A data audit should be conducted to establish a clear view of the data, both proprietary data and client-specific personal data. Implementing a data protection and cyber security compliance programme involves engagement with the right stakeholders across the organisation. An effective governance regime for approving, overseeing, implementing and reviewing the various policies also needs to be established. A coordinated chain of command should be developed, together with written reporting procedures, authority levels and protocols including seeking and complying with legal advice. The appointment of official roles such as a Data Protection Officer is also recommended. Compliance training will be required for personnel at all levels, including key external service providers, to emphasise the importance of compliance to the organisation. Serious misconduct should be addressed with appropriate disciplinary action, regardless of seniority. The compliance programme should be reviewed regularly reflecting changes in the law and regulation, changes in the types of data being collected and used, and any changes in the technologies utilised by the organisation. Protecting personal data is now business critical. Even if monetary losses are not sustained as a result of a cyber-attack, the reputational damage to an organisation following a data breach could be devastating. At Appleby we offer advice to clients on all aspects of data protection and cyber security compliance, including: Privacy impact assessments, which includes a general framework for the organisation to assess privacy impacts due to proposals for organisational, technological or policy change; Data collection and capture, including policies concerning the mechanics of collecting consents; Advising on the transfer of personal data as part of business merger and acquisition and joint venture activity; Structuring cross-border data transfers including as part of shared services and cloud arrangements; Human resources management, including policies dealing with job applicant data, retention of and access to employee files, employee monitoring, management of sensitive employee data and the use of external vendors for functions such as payroll and counselling; Data subject access, including procedures for assessing and verifying requests and responding to those requests; Data analytics, including policies specifying the types of profiling data that may be used, and anonymisation/aggregation principles; Responding to data requests from foreign regulators; Data breach management, including policies for escalating, containing and remediating breaches and making breach notifications to regulators and affected parties; Complaints handling, including complaints from customers, employees and other affected individuals; and Data quality management, including procedures for updating and correcting databases and determining if data is to be erased.

4 If you have any questions, please do not hesitate to contact a member of the Technology and Cyber Team. Technology and Cyber Team Steven Rees Davies Bermuda sreesdavies@applebyglobal.com Andrew Jowett British Virgin Islands ajowett@applebyglobal.com Claire Milne WS Isle of Man +44 (0) cmilne@applebyglobal.com Richard Sheldon Counsel Dispute Resolution Guernsey +44 (0) rsheldon@applebyglobal.com Peter Colegate Senior Associate Cayman Islands pcolegate@applebyglobal.com Melissa Virahsawmy Senior Associate Mauritius mvirahsawmy@applebyglobal.com Katherine Johnson Associate Isle of Man +44 (0) kjohnson@applebyglobal.com Paul Worsnop Associate Jersey +44 (0) pworsnop@applebyglobal.com Offshore Legal Services applebyglobal.com

5 Appleby Global Group Services Limited 2017 All Rights Reserved This ealert is published by APPLEBY and is not intended to be, nor should it be used as, a substitute for specific legal advice on any particular transaction or set of circumstances. It does not purport to be comprehensive or to render legal advice and is only intended to provide general information for the clients and professional contacts of Appleby as of the date hereof. Appleby (Bermuda) Limited (the Legal Practice) is a limited liability company incorporated in Bermuda and approved and recognised under the Bermuda Bar (Professional Companies) Rules is a title referring to a director, shareholder or an employee of the Legal Practice. A list of such persons can be obtained from your relationship partner. Appleby (Cayman) Ltd. (the Legal Practice) is a limited liability company incorporated in the Cayman Islands and approved and recognised under the Legal Practitioners (Incorporated Practice) Regulations 2006 (as amended). is a title referring to a director, shareholder or an employee of the Legal Practice. A list of such persons can be obtained from your relationship partner. Appleby (Guernsey) LLP is a limited liability partnership with registration number 53, incorporated in Guernsey, that converted from a Guernsey ship of Advocates, known as Appleby, Guernsey Office, on 15 March Its registered office is Regency Court, Glategny Esplanade, St Peter Port, Guernsey, GY1 1WW. Appleby (Isle of Man) LLC (the Legal Practice) is a limited liability company with company number L incorporated in the Isle of Man with its registered office at Athol Street, Douglas, Isle of Man, IM1 1LB. is a title referring to a member or employee of the Legal Practice. A list of such persons can be obtained from your relationship partner.

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As

More information

Our Data Protection Officer is Andrew Garrett, Operations Manager

Our Data Protection Officer is Andrew Garrett, Operations Manager Construction Youth Trust Privacy Notice We are committed to protecting your personal information Construction Youth Trust is committed to respecting and keeping safe any personal information you share

More information

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS

TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology

PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology PRC Cyber Security Law --- How does it affect a UK business? Xun Yang Of Counsel, Commercial IP and Technology 24 October 2017 Content Overview of Cyber Security Law Observations on Implementation of Cyber

More information

Plus500UK Limited. Website and Platform Privacy Policy

Plus500UK Limited. Website and Platform Privacy Policy Plus500UK Limited Website and Platform Privacy Policy Website and Platform Privacy Policy Your privacy and trust are important to us and this Privacy Statement (Statement) provides important information

More information

Cyber Security. Building and assuring defence in depth

Cyber Security. Building and assuring defence in depth Cyber Security Building and assuring defence in depth The Cyber Challenge Understanding the challenge We live in an inter-connected world that brings a wealth of information to our finger tips at the speed

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

ADMA Briefing Summary March

ADMA Briefing Summary March ADMA Briefing Summary March 2013 www.adma.com.au Privacy issues are being reviewed globally. In most cases, technological changes are driving the demand for reforms and Australia is no exception. From

More information

NYDFS Cybersecurity Regulations

NYDFS Cybersecurity Regulations SPEAKERS NYDFS Cybersecurity Regulations Lisa J. Sotto Hunton & Williams LLP (212) 309-1223 lsotto@hunton.com www.huntonprivacyblog.com March 9, 2017 The Privacy Team at Hunton & Williams Over 30 privacy

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ

GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation

More information

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

Cyber Risks in the Boardroom Conference

Cyber Risks in the Boardroom Conference Cyber Risks in the Boardroom Conference Managing Business, Legal and Reputational Risks Perspectives for Directors and Executive Officers Preparing Your Company to Identify, Mitigate and Respond to Risks

More information

Canada Life Cyber Security Statement 2018

Canada Life Cyber Security Statement 2018 Canada Life Cyber Security Statement 2018 Governance Canada Life has implemented an Information Security framework which supports standards designed to establish a system of internal controls and accountability

More information

Version 1/2018. GDPR Processor Security Controls

Version 1/2018. GDPR Processor Security Controls Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in

More information

Motorola Mobility Binding Corporate Rules (BCRs)

Motorola Mobility Binding Corporate Rules (BCRs) Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,

More information

Cyber Security Law --- Are you ready?

Cyber Security Law --- Are you ready? Cyber Security Law --- Are you ready? Xun Yang Of Counsel, Commercial IP and Technology 9 May 2017 1 / B_LIVE_APAC1:2207856v1 Content Overview of Cyber Security Law Legislative Development Key Issues in

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

FIRESOFT CONSULTING Privacy Policy

FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING Privacy Policy FIRESOFT CONSULTING abides by the Australian Privacy Principles ( APPs ), which provides relative information to businesses in relation to the collection, disclosure,

More information

Please note that throughout this Privacy Statement the word "website" refers to any web page hosted under the walkersglobal.com domain.

Please note that throughout this Privacy Statement the word website refers to any web page hosted under the walkersglobal.com domain. Privacy Statement Introduction is an international law firm and professional services business with offices in a number of countries (""). is committed to protecting the privacy of people who use our services

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

General Data Protection Regulation

General Data Protection Regulation General Data Protection Regulation Workshare Ltd ( Workshare ) is a service provider with customers in many countries and takes the protection of customers data very seriously. In order to provide an enhanced

More information

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK

THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK THE CYBER SECURITY PLAYBOOKECTOR SHOULD KNOW BEFPRE, DURING & AFTER WHAT EVERY DIRECTOR SHOULD KNOW BEFORE, DURING AND AFTER AN ATTACK 03 Introduction 04 Step 1: Preparing for a breach CONTENTS 08 Step

More information

Information Security Incident

Information Security Incident Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions

A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions May 2018 TMT INSIGHTS From the Debevoise Technology, Media & Telecommunications Practice A Checklist for Cybersecurity and Data Privacy Diligence in TMT Transactions Companies in the technology, media

More information

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

Blue Alligator Company Privacy Notice (Last updated 21 May 2018) Blue Alligator Company Privacy Notice (Last updated 21 May 2018) Who are we? Blue Alligator Company Limited (hereafter referred to as BAC ) is a company incorporated in England with company registration

More information

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities

More information

Information Security Strategy

Information Security Strategy Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection

More information

Cyber Security Incident Response Fighting Fire with Fire

Cyber Security Incident Response Fighting Fire with Fire Cyber Security Incident Response Fighting Fire with Fire Arun Perinkolam, Senior Manager Deloitte & Touche LLP Professional Techniques T21 CRISC CGEIT CISM CISA AGENDA Companies like yours What is the

More information

Privacy Policy Wealth Elements Pty Ltd

Privacy Policy Wealth Elements Pty Ltd Page 1 of 6 Privacy Policy Wealth Elements Pty Ltd Our Commitment to you Wealth Elements Pty Ltd is committed to providing you with the highest levels of client service. We recognise that your privacy

More information

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order

More information

Data Processor Agreement

Data Processor Agreement Data Processor Agreement Data Controller: Customer located within the EU (the Data Controller ) and Data Processor: European Representative Company: ONE.COM (B-one FZ-LLC) One.com A/S Reg.no. Reg.no. 19.958

More information

2. Who we collect information (data) from & why we collect it

2. Who we collect information (data) from & why we collect it 1. Introduction Our Privacy Policy applies to the personal data that Ambrey collects and uses. References in this Privacy Policy to Ambrey, we, us or our mean Ambrey Limited and the Ambrey Group of companies:

More information

Cyber Security Strategy

Cyber Security Strategy Cyber Security Strategy Committee for Home Affairs Introduction Cyber security describes the technology, processes and safeguards that are used to protect our networks, computers, programs and data from

More information

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland. PRIVACY STATEMENT +41 (0) 225349799 www.energymarketprice.com Rue du Rhone 5 1921, Martigny, Switzerland dpo@energymarketprice.com Introduction Your privacy and trust are important to us and this Privacy

More information

Data Protection Policy

Data Protection Policy The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

Privacy Policy Inhouse Manager Ltd

Privacy Policy Inhouse Manager Ltd Privacy Policy Inhouse Manager Ltd April 2018 This privacy statement is designed to tell you about our practices regarding the collection, use and disclosure of information held by Inhouse Manager Ltd.

More information

PRIVACY POLICY. [Last updated : May 24th, 2018]

PRIVACY POLICY. [Last updated : May 24th, 2018] PRIVACY POLICY [Last updated : May 24th, 2018] 1. WHO WE ARE. 1.1 MCO CONGRÈS SERVICES. We are a ticketing and registration platform dedicated to bringing the world together through live experiences. Through

More information

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System

DATA PRIVACY & PROTECTION POLICY POLICY INFORMATION WE COLLECT AND RECEIVE. Quality Management System DATA PRIVACY & PROTECTION POLICY POLICY This Data Privacy & Protection Policy applies to ELMO Software Limited s Cloud HR & Payroll applications and platform (collectively, the Services ), elmosoftware.com.au

More information

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above.

As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above. As set out in the Hong Kong ID card, or any relevant identification document referred to in 1(g) above. B (1)B (2) * In the case of a non-hong Kong ID cardholder, state the passport number or any identification

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Sage Data Security Services Directory

Sage Data Security Services Directory Sage Data Security Services Directory PROTECTING INFORMATION ASSETS ENSURING REGULATORY COMPLIANCE FIGHTING CYBERCRIME Discover the Sage Difference Protecting your business from cyber attacks is a full-time

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes

More information

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand

More information

SCHOOL SUPPLIERS. What schools should be asking!

SCHOOL SUPPLIERS. What schools should be asking! SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated

More information

Data Protection policy (GDPR)

Data Protection policy (GDPR) Data Protection policy (GDPR) This is the statement of general policy and arrangements for: Overall and final responsibility for health and safety is that of: Day-to-day responsibility for ensuring this

More information

An overview of mobile call recording for businesses

An overview of mobile call recording for businesses An overview of mobile call recording for businesses 1 3 WHY DO WE NEED MOBILE CALL RECORDING? 4 STAYING AHEAD OF THE CHANGING REGULATORY LANDSCAPE Regulatory compliance and mobile call recording FCA (Financial

More information

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice

1. Muscat & Co Mortgage Solutions Ltd - Privacy Notice 1. This Muscat & Co Mortgage Solutions Ltd privacy notice provides information on how we and any of our subsidiaries, and any 3 rd party providers collect, use, secure, transfer and share your information.

More information

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2

NWQ Capital Management Pty Ltd. Privacy Policy. March 2017 v2 NWQ Capital Management Pty Ltd Privacy Policy March 2017 Page 1 of 8 Privacy and Spam Policy NWQ Capital Management Pty Ltd s Commitment NWQ Capital Management Pty Ltd (NWQ) is committed to providing you

More information

Ferrous Metal Transfer Privacy Policy

Ferrous Metal Transfer Privacy Policy Updated: March 13, 2018 Ferrous Metal Transfer Privacy Policy Ferrous Metal Transfer s Commitment to Privacy Ferrous Metal Transfer Co. ( FMT, we, our, and us ) respects your concerns about privacy, and

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018

ma recycle GDPR Privacy Policy .com Rely and Comply... Policy Date: 24 May 2018 ma recycle.com Rely and Comply... GDPR Privacy Policy Policy Date: 24 May 2018 Max Recycle Hawthorne House Blackthorn Way Sedgeletch Industrial Estate Fencehouses Tyne & Wear DH4 6JN T: 0845 026 0026 F:

More information

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers;

Xpress Super may collect and hold the following personal information about you: contact details including addresses and phone numbers; 65 Gilbert Street, Adelaide SA 5000 Tel: 1300 216 890 Fax: 08 8221 6552 Australian Financial Services Licence: 430962 Privacy Policy This Privacy Policy was last updated on 27 February 2017. Our Commitment

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Introductory guide to data sharing. lewissilkin.com

Introductory guide to data sharing. lewissilkin.com Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external

More information

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )

Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection

More information

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd

Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd Privacy and Spam Policy Ten Tigers Grain Marketing Pty Ltd Our Commitment Ten Tigers Grain Marketing Pty Ltd and Ten Tigers Pty Ltd are committed to providing you with the highest levels of client service.

More information

Emerging Technologies The risks they pose to your organisations

Emerging Technologies The risks they pose to your organisations Emerging Technologies The risks they pose to your organisations 10 June 2016 Digital trends are fundamentally changing the way that customers behave and companies operate Mobile Connecting people and things

More information

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS

EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified

More information

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd

GDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document

More information

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E

SCCE ECEI 2014 EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS. Monica Salgado JANINE REGAN CIPP/E EU DATA PRIVACY COMPLIANCE FOR US DRIVEN PROJECTS 18 May 2014 Monica Salgado Portuguese Laywer (Advogada) / Registered European Lawyer Janine Regan Solicitor Monica Salgado Monica is a Portuguese qualified

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions

More information

Token Sale Privacy Policy

Token Sale Privacy Policy Token Sale Privacy Policy PRIVACY POLICY LAST UPDATED ON: [11 SEP 2018] A. OVERVIEW You must read the entirety of this Privacy Policy carefully before making any decision to purchase Tokens. You must also

More information

1 Privacy Statement INDEX

1 Privacy Statement INDEX INDEX 1 Privacy Statement Mphasis is committed to protecting the personal information of its customers, employees, suppliers, contractors and business associates. Personal information includes data related

More information

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE

NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE COMPLIANCE ADVISOR NEW YORK CYBERSECURITY REGULATION COMPLIANCE GUIDE A PUBLICATION BY THE EXCESS LINE ASSOCIATION OF NEW YORK One Exchange Plaza 55 Broadway 29th Floor New York, New York 10006-3728 Telephone:

More information

CYBER INSURANCE: MANAGING THE RISK

CYBER INSURANCE: MANAGING THE RISK CYBER INSURANCE: MANAGING THE RISK LEON FOUCHE PARTNER & NATIONAL CYBERSECURITY LEAD BDO AUSTRALIA MEMBER OF THE GLOBAL CYBERSECURITY LEADERSHIP GROUP ii CYBER INSURANCE: MANAGING THE RISK There s no doubt

More information

Emsi Privacy Shield Policy

Emsi Privacy Shield Policy Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku

Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku Privacy Policy of the products of Ilves Solutions Ltd and Ilves Valmisohjelmistot Ltd / Ilveshaku Data protection is your fundamental right, which we commit to safeguard. In this Data protection statement

More information

POMONA EUROPE ADVISORS LIMITED

POMONA EUROPE ADVISORS LIMITED POMONA EUROPE ADVISORS LIMITED Personal Information Notice Pomona Europe Advisors Limited (Pomona, we/us/our) wants you to be familiar with how we collect, use and disclose personal information. This Personal

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Legal, Ethical, and Professional Issues in Information Security

Legal, Ethical, and Professional Issues in Information Security Legal, Ethical, and Professional Issues in Information Security Downloaded from http://www.utc.edu/center-information-securityassurance/course-listing/cpsc3600.php Minor Changes from Dr. Enis KARAARSLAN

More information

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!

General Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN! General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires

More information

NYDFS Cybersecurity Regulations: What do they mean? What is their impact?

NYDFS Cybersecurity Regulations: What do they mean? What is their impact? June 13, 2017 NYDFS Cybersecurity Regulations: What do they mean? What is their impact? Gus Coldebella Principal, Boston Caroline Simons Principal, Boston Agenda 1) Overview of the new regulations 2) Assessing

More information

Checklist: Credit Union Information Security and Privacy Policies

Checklist: Credit Union Information Security and Privacy Policies Checklist: Credit Union Information Security and Privacy Policies Acceptable Use Access Control and Password Management Background Check Backup and Recovery Bank Secrecy Act/Anti-Money Laundering/OFAC

More information

Starflow Token Sale Privacy Policy

Starflow Token Sale Privacy Policy Starflow Token Sale Privacy Policy Last Updated: 23 March 2018 Please read this Privacy Policy carefully. By registering your interest to participate in the sale of STAR tokens (the Token Sale ) through

More information

Information Security Controls Policy

Information Security Controls Policy Information Security Controls Policy Classification: Policy Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January

More information

Eight Minute Expert GDPR

Eight Minute Expert GDPR Eight Minute Expert GDPR GDPR Login Password MIN1 What is the GDPR? The General Data Protection Regulation is a new regulation by the EU that will replace the current Data Protection Directive of 1995.

More information

Guide to Cyber Security Compliance with GDPR

Guide to Cyber Security Compliance with GDPR Guide to Cyber Security Compliance with GDPR Security V1.3 General Data Protection Regulation GDPR Overview What is GDPR? An EU regulation coming into force in May 2018 Which means it applies to all EU

More information

DIGITAL TRUST Making digital work by making digital secure

DIGITAL TRUST Making digital work by making digital secure Making digital work by making digital secure MARKET DRIVERS AND CHALLENGES THE ROLE OF IT SECURITY IN THE DIGITAL AGE 2 In today s digital age we see the impact of poor security controls everywhere. Bots

More information

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action

2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action 2018 Data Security Incident Response Report Building Cyber Resilience: Compromise Response Intelligence in Action April 11, 2018 Contact Information Casie D. Collignon Partner Denver 303.764.4037 ccollignon@bakerlaw.com

More information

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No

Cyber Insurance PROPOSAL FORM. ITOO is an Authorised Financial Services Provider. FSP No PROPOSAL FORM Cyber Insurance Underwritten by The Hollard Insurance Co. Ltd, an authorised Financial Services Provider www.itoo.co.za @itooexpert ITOO is an Authorised Financial Services Provider. FSP.

More information

INFORMATION SECURITY AND RISK POLICY

INFORMATION SECURITY AND RISK POLICY INFORMATION SECURITY AND RISK POLICY 1 of 12 POLICY REFERENCE INFORMATION SHEET Document Title Document Reference Number Information Security and Risk Policy P/096/CO/03/11 Version Number V02.00 Status:

More information

Are we breached? Deloitte's Cyber Threat Hunting

Are we breached? Deloitte's Cyber Threat Hunting Are we breached? Deloitte's Cyber Threat Hunting Brochure / report title goes here Section title goes here Have we been breached? Are we exposed? How do we proactively detect an attack and minimize the

More information

GDPR is coming in less than 2 months Are you ready?

GDPR is coming in less than 2 months Are you ready? GDPR is coming in less than 2 months Are you ready? Charles-Albert Helleputte Partner, Brussels +32 2 551 5982 chelleputte@mayerbrown.com 30 March 2018 2 GDPR is everywhere... You were invited by UNICEO

More information

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY 25 2018 A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 A 7-step practical guide to achieving and maintaining

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group" Notice Whose Personal Data do we collect?

Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice The Stonhard Group Notice Whose Personal Data do we collect? Fritztile is a brand of The Stonhard Group THE STONHARD GROUP Privacy Notice For the purposes of applicable data protection and privacy laws, The Stonhard Group, a division of Stoncor Group, Inc. ( The

More information

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across

More information

Electronic Communication of Personal Health Information

Electronic Communication of Personal Health Information Electronic Communication of Personal Health Information A presentation to the Porcupine Health Unit (Timmins, Ontario) May 11 th, 2017 Nicole Minutti, Health Policy Analyst Agenda 1. Protecting Privacy

More information