QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK
|
|
- Nathaniel Gaines
- 6 years ago
- Views:
Transcription
1 QBS Talks June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK
2 House rules: All participants are on mute Use the chat window for questions during presentation moderator will collect and include in end if not answered in chat window We will open up for spoken questions after presentation Session will be recorded and made available afterwards Slides will be shared in pdf format
3 GDPR why should you care? Fines audits customer complaints loosing deals. But in the end it s because you want to run a responsible business and respect your customers data GDPR - Who should care? This is not something that is just to be managed and effectuated by one department in the business this involves all functions. GDPR what to care about? Data breaches can happen anywhere. Have you thought about who empties your paper waste baskets? Do you do remote support? Customers worry about their data in the cloud.
4 Accelerate GDPR compliance with the Microsoft Cloud Ole Kjeldsen CTO & CISO Microsoft Danmark Status - June 2017 This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
5 Businesses and users are going to embrace technology only if they can trust it. Satya Nadella Chief Executive Officer Microsoft Corporation Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance. And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world. Brad Smith President & Chief Legal Officer Microsoft Corporation Principled approach creates the framework needed: Privacy by Design Security by Design Compliance Transparency Microsoft Cloud can be a part of the solution to compliance!
6
7
8 Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data & documenting compliance/accountability Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights
9 Personal data regulation elements not changing!! Stakeholders Data types Data transfer COMPLIANCE Data subject Data controller Data processor Personal Identifieable Name Address account IP address etc. Sensitive PI Health data Sexual orientation Political affiliations Biometric data etc. Dataprocessing can take place anywhere within EU/EØS AND also with the right legal frameworks (EU SCC) + adequate security controls outside the EU/EØS If your are compliant with the current regulation today, being compliant with GDPR is a lot easier!
10 What are the key changes with the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Processors will need to: Processors are required to: Processors will need: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Protect personal data using appropriate security practices Notify authorities within 72 hours of breaches Receive consent before processing personal data Keep records detailing data processing Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Train privacy personnel & employee Audit and update data policies Employ a Data Protection Officer (for larger organizations) Create & manage processor/vendor contracts
11
12
13 Danish process & interpretations The Danish Justice Department on May 24 th, 2017 published a 1200 page document* describing in some detail the thoughts and interpretations that will go into the coming proposals for a new Danish DPL by Oct 17. The Danish DPA will during 2017H2 publish a series of guidance papers on DPO, dpia, Cloud etc. ** You may find the 1200 pages and overview of coming guidance here: Also you can find the first DoJ interpretations from February 9 th, 2017 here: ** Read the first initial guidance from the DPA here: FIRST NOTEWORTHY INTERPRETATIONS** from DoJ: ONLY A MINORITY of private companies required to have a DPO EXISTING systems are not required to have a dpia SWITCHING DATAPROCESSOR is not basis for requiring a new dpia PUBLIC sector organizations* MUST have a DPO, but are exempt from rights such as Dataportability, R2BF 41-4 aka the War Rule might need to be interpreted differently and these special data protected not by location Danish Excutive Order on Security is eliminated
14
15 IMPORTANT IT IS NOT POSSIBLE, TO BUY A COMPLETE SYSTEM, PRODUCT OR SERVICE TO MAKE YOU GDPR COMPLIANT! THE RIGHT TECHNOLOGY CAN ASSIST YOU IN GETTING TO COMPLIANCE & THE RIGHT PLATFORM CAN MAKE COMPLIANCE A MUCH MORE ACCESSIBLE TASK!
16 Protecting customer privacy with GDPR
17 Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, We will share our experience in complying with complex regulations such as the GDPR. Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR.
18 In effect this means for our customers that MICROSOFT CLOUD CONTRACTS (INCL. DATAPROCCESING AGREEMENT AMENDMENT M434) HAVE BEEN UPDATED TO BE COMPLIANT WITH GDPR TO ALLOW AMPLE TIME TO PREPARE (MARTS 17) & ASSESS MICROSOFT CLOUD MICROSOFT WILL BE OFFERING ALL THE DOCUMENTATION NEEDED FOR OUR CLOUD CUSTOMERS TO BE GDPR COMPLIANT* MICROSOFT WILL FURTHERMORE CONTINUE TO DRIVE OUR COMMITMENT TO CLOUD COMPLIANCE & SECURITY WITH ALL RELEVANT INTERNATIONAL STANDARDS** * Read more about separations of responsibilities here: ** Read more about Microsoft Cloud Compliance here:
19
20 39 Cloud regions worldwide North Central US United Kingdom South West US 2 West Central US West US US Gov Arizona 3 US Gov Texas 3 Central US US Gov Iowa US DoD West South Central US Canada Central US Gov Virginia Canada East US DoD East United Kingdom West East US East US 2 North Europe France 3 France 3 West Europe Germany Northeast 2 Germany Central 2 West India Central India China West 1 China East 1 South India Korea Central 3 East Asia Korea South 3 Japan East Japan West 130+ datacenters One of the 3 largest networks in the world 1 Southeast Asia Chineese datacenters run by 21Vianet 2 German data trustee is T-systems Brazil South South Africa Australia East 3 France, South Korea & some US Gov datacenter regions have been announced but not yet fully operational Australia Southeast Global datacenters Sovereign datacenters
21 Cloud stack seperation of responsibility Data Governance and Rights Management Client End-points Account and Access Management Identity and Directory Infrastructure SaaS PaaS IaaS On-Prem Microsoft handles Customer handles Application Network Controls Operating System Physical Hosts Physical Network Whitepaper: Physical Datacenter Security Privacy and Control Compliance Transparency Microsoft Confidential 21
22 Expanded Cloud stack seperation of responsibility incl ISV SaaS solutions Data Governance and Rights Management Client End-points Account and Access Management Identity and Directory Infrastructure Application Network Controls Operating System MS SaaS PaaS IaaS ISV SaaS On-Prem Support & maintenance by Microsoft by ISV Partner by Customer Physical Hosts Physical Network Whitepaper: Physical Datacenter Security Privacy and Control Compliance Transparency Microsoft Confidential 22
23
24 Where is data stored? Who has access to what? Notifications and documentation? Microsoft Cloud customers can specify which region they what their data stored in (Europa, US, Asia, etc.) Clear real-time data maps and information about geographic location for each individual customer Customer data are only processed by instruction and only for eg. troubleshooting & support Core customer data are processed only by especially appointed and certified personel Transparency about subcontractors who Microsoft guarentees lives up to same principles and certifications. Microsoft notifies about changes in data location Microsoft notifies 180 days before any changes to sub-contractor portfolio ALL audit reports, standards certificates & SoAs are available to all cloud customers throught the online Trust Center.
25 REGIONAL INDUSTRY US GOV GLOBAL Microsoft Cloud has the broadest and most comprehensive compliance portfolio of any ISO ISO ISO ISO ISO 9001 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP FIPS Section 508 VPAT ITAR CJIS IRS 1075 PCI DSS Level 1 CDSA MPAA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act HITRUST GxP 21 CFR Part 11 MARS-E IG Toolkit UK FERPA GLBA FFIEC Argentina PDPA EU Model Clauses UK G-Cloud China DJCP China GB China TRUCS Singapore MTCS Australia IRAP/CCSL New Zealand GCIO Japan My Number Act ENISA IAF Japan CS Mark Gold Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Germany IT Grundschutz workbook
26 BESKYTTER VORE KUNDERS DATA PRIVACY
27 Microsoft Cloud Platform differentiation summary... Region based storing with full transparency on data location & access + added Data Trustee model Second to none & State of the art security- & privacy setup! We have done this a long time! 3. Party certifications & a long list of partner solutions on top of the cloud platform Principled approach to data protection and authority requests for access We have and will continue to fight for privacy rights and proper legal documentation
28 GDPR Compliance Simplify your privacy journey Uncover risk & take action Leverage guidance from experts
29 How do I get started? 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications
30 1 Discover: In-scope: Inventory: Example solutions Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 ediscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search
31 2 Manage: Example solutions Data governance: Data classification: Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit
32 3 Protect: Preventing data attacks: Detecting & responding to breaches: Example solutions Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard
33 4 Report: Example solutions Microsoft Trust Center Service Trust Portal Record-keeping: Reporting tools: Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection
34 Microsoft Cloud Security GDPR Requires access today use the guidance from DoJ and Data Processing Authority Focus on the Intent of GDPR Microsoft will be 100% in compliance day 1 PS! Also being a Data Controller, we will naturally be compliant day 1 Principled Approach Privacy by Design Security by Design Compliance Transparency ALWAYS up to par and often beyond MICROSOFT CLOUD can be a big help in getting to compliance! All Clouds are not equal Security is most often not the issue HOW you use cloud and for WHICH data is. Proper Legal Framework Standard Certifications & Data Location should be in focus
35 Microsoft.com/GDPR (trust center)
36 Danish Webinar On-Demand: aka.ms/cloudjuraoverblik Danish DPA good questions: aka.ms/datatilsyngdpr Danish DoJ on GDPR : aka.ms/dkdojgdprfeb17
37 Ole Kjeldsen
38
39 Thank you for participating!
Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway
Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway This presentation is intended to provide an overview of GDPR and is not a definitive statement
More informationThis presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.
Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide
More informationU susret GDPR regulativi Dočekajmo spremni Maj 2018
U susret GDPR regulativi Dočekajmo spremni Maj 2018 Dragan Tasić Technology Solutions Professional This presentation is intended to provide an overview of GDPR and is not a definitive statement of the
More informationBy 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1
By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure
More informationMorgan Independent Software Vendor Lead
Morgan Webb @morgan_msft Independent Software Vendor Lead Digital transformation Hybrid Cloud Platform Choice Global: Hyper-scale, globally connected cloud services deployed from regional Microsoft datacenters.
More informationAccelerate GDPR compliance with the Microsoft Cloud
Accelerate GDPR compliance with the Microsoft Cloud Michal Jaworski National Technology Officer Microsoft Poland This presentation is intended to provide an overview of GDPR and is not a definitive statement
More informationClosing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft
Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies Ronit Reger, Senior Program Manager at Microsoft Session goals 1. Data Privacy and the GDPR - Data privacy as a
More informationOur Mission. Empower every person and every organization on the planet to achieve more.
#techsummitch Our Mission Empower every person and every organization on the planet to achieve more. Innovation, Security, and Education Microsoft s investment in Switzerland David Kurth Cloud + Enterprise
More informationKimberly Nelson Executive Director Government Solutions US SLG. March 2017
Kimberly Nelson Executive Director Government Solutions US SLG March 2017 We will always be partner led. Satya Nadella Fourth industrial revolution Gartner s Digital Maturity Model for Government
More informationMicrosoft 365 Das modern Büro der Zukunft
Microsoft 365 Das modern Büro der Zukunft DI. Harald Leitenmüller Chief Technology Officer 3. Digital Business Forum, 14. Sept. 2017 Microsoft Österreich GmbH. Cloud Principles Standardisierung Automatisierung
More informationAvanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti
Avanade Zerouno : Cloud Experience Version 1.0 May 16, 2017 Author(s): Ivan Loreti Cloud s opportunities range beyond IT The Intelligent Business Cloud enables the digital business Smartly connects infrastructure,
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationCOMPLIANCE IN THE CLOUD
COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationToday s top THREAT ACTORS pose unique challenges
Today s top THREAT ACTORS pose unique challenges An effective strategy must respond to a broad range of continually evolving attack types CYBERCRIMINALS NATION-STATE HACKTIVISTS INSIDERS FINANCIAL Persistent
More informationKlaus Schwab, Founder & Executive Chairman
"We stand on the brink of a technological revolution that will fundamentally alter the way we live, work, and relate to one another. In its scale, scope, and complexity, the transformation will be unlike
More informationAccelerate GDPR compliance with the Microsoft Cloud Agustín Corredera
Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are
More informationWhat is Dell EMC Cloud for Microsoft Azure Stack?
What is Dell EMC Cloud for Microsoft Azure Stack? Harry Meier GLOBAL SPONSORS Why Hybrid Cloud? The Trend Toward Hybrid Cloud Larger circles = most cost and complexity IDC 2016 Hybrid cloud is now % 9
More informationCompliance & Security in Azure. April 21, 2018
Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk
More informationMicrosoft + SUSE This partnership gets stronger every day
Microsoft + SUSE This partnership gets stronger every day Johan Sollbe Business Manager, Open Source Azure Microsoft WE THE WORLD HAS CHANGED Forrester: open source will lie at the heart of the applications
More informationMicrosoft Azure. The cloud platform for digital transformation
Microsoft Azure The cloud platform for digital transformation What is Microsoft Azure Microsoft Azure is Microsoft s cloud computing platform Azure is a comprehensive set of cloud services that developers
More informationHyper scale Infrastructure is the enabler
Hyper scale Infrastructure is the enabler 100+ Datacenters across 34 Regions Worldwide US DoD West TBD US Gov Iowa West US California Central US Iowa South Central US Texas North Central US Illinois Canada
More informationEnterprise Mobility + Security
Enterprise Mobility + Security Assume Breach Identity Data Flexible Workforce 250 million Millions Billions 700 million 40 billion 18+ billion 420 million Millions 35 billion messages/month United Kingdom
More informationMatt Holden-Milner Richard Willmott
Matt Holden-Milner Richard Willmott 1780s 1870s 2015+ 1969-70 s Astonishing Pace of Change Drones 2007 $100,000 2013 $700 Typical Fortune 500 20 3D Printing 2007 $40,000 2014 $100 Google Facebook 6 8
More informationDie intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz
Die intelligente Cloud als Kernelement der IT Transformation Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz The next strategic opportunity is here Cloud Mobile Social How do
More informationPostgreSQL & The Cloud
PostgreSQL & The Cloud Deploying PostgreSQL on Azure Ali Sufyan Butt Microsoft Most Valuable Professional for Visual Studio & Development Technologies Agenda Agenda for the meetup session Introduction
More informationDublin* Amsterdam. London
Onur Dogruoz Chicago Dublin* Amsterdam Korea Central Silicon Valley US DoD West Dallas Atlanta New York Washington DC US DoD East London Korea South Osaka Tokyo Chennai Hong Kong Mumbai* Singapore Sydney
More informationMicrosoft Azure: Using the Public Cloud to solve the Big Questions
Microsoft Azure: Using the Public Cloud to solve the Big Questions Kent Altena Global Black Belt TSP, Big Compute Microsoft kaltena@microsoft.com http://microsoft.com/hpc Introduction to Azure Hyper-scale
More informationAzure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines
Azure: The Cloud On Your Terms Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines hhermida@microsoft.com Business & Government are powered by the cloud Cloud is a given. CIOs no longer
More informationAmit Panchal Enterprise Technology Strategist
Amit Panchal Enterprise Technology Strategist amitp@microsoft.com Who is Amit Panchal IT Industry Personal Education Executive Experience MORE DEVICES I love my PC, my phone, and my slate. MORE MOBILE
More informationCAN MICROSOFT HELP MEET THE GDPR
CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com
More informationCloud Transformation and Significance of Security
Cloud Transformation and Significance of Security Mohit Sharma, Chief Architect & Cloud Evangelist @onlinesince2009 www.cloudsec.com Datacenter Management Change Management Policy Physical Network Management
More informationIntroductie Intercept
Introductie Intercept Intercept Microsoft Azure Triple Gold Cloud Partner Managed Partner Microsoft ISO27001 BSI gecertificeerd Azure Expert MSP Azure Solution Architects / CISSP Focus op Azure Cloud Security
More informationYour vision, your results, your cloud
Your vision, your results, your cloud Engage your customers Transform your products Digital transformation Empower your employees Optimize your operations 1 million/hour new devices coming online by 2020
More informationcelerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta
celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta Regulations Digital Economy Externa al Challenges g Cyber Crime
More informationWhat is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is
R3 What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is digitally signed and mathematically guaranteed to
More informationYour vision. Your cloud.
Your vision. Your cloud. John F. Schaller Azure Solutions Specialist Optimized Data Center Cloud Attributes Consolidated Managed Virtualized Cost Efficient Pooled resources Automation + Self-service Elasticity
More informationGDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.
You Trust IT Путь к безопасности бизнеса GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services Konstantin Sviridov Andrey Ivanov 06 September 2017 This presentation
More informationHerausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung
Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden 14. Dezember 2017, München Oliver Niedung olivern@microsoft.com Herausforderungen - Gerätekonnektivität Geschäftsmodell Referenzarchitektur
More informationIntroduction to AWS GoldBase
Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationWorkday s Robust Privacy Program
Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationSecurity & Compliance in the AWS Cloud. Amazon Web Services
Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any
More informationSecurity & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web
Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationMicrosoft Azure Security, Privacy, & Compliance
Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationThe growing global data platform market
OSS DB on Azure The growing global data platform market Global Data Platform Market is growing at 11.2% CAGR 120.0 106.9 Growth is expected to exceed $100B in FY22 Primary growth is driven by relational
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationProCloud An Overview
ProCloud An Overview Why Should I Move To The Cloud? What You May Manage Today How We Transform You Tomorrow Virus/Malware Protection Legal Compliance Data Loss Prevention Multiple Contracts & Agreements
More informationIntermedia s Private Cloud Exchange
Intermedia s Private Cloud Exchange This is a practical guide to implementing Intermedia s Private Cloud Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading
More informationData Protection in the AWS Cloud: Implementing GDPR and Overview of C5
Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Gerald Boyne, Christian Hesse Security Assurance Germany 25.11.2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights
More informationIMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates
IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationCloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.
George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security
More informationMagento GDPR Frequently Asked Questions
Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle
More informationBHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD
BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities
More informationData Protection. Code of Conduct for Cloud Infrastructure Service Providers
Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9
More informationBest Practices in Securing a Multicloud World
Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers
More informationData Security and Privacy at Handshake
Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security
More informationSafeguards on Personal Data Privacy.
Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS
More informationSecurity Information & Policies
Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER
More informationYou will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to
Suzanne Dibble 2018. Copyright in this document belongs to Suzanne Dibble. You may not copy or use it for any purpose unless you have purchased this template document from Suzanne Dibble. You may not allow
More informationControlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:
Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationInformation Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV
Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf
More informationCompliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security
Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationTRACKVIA SECURITY OVERVIEW
TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationHow do you decide what s best for you?
How do you decide what s best for you? Experience Transparency Leadership Commitment Cost reduction Security Trustworthiness Credibility Confidence Reliability Compliance Privacy Expertise Flexibility
More informationCisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th
Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.
More informationA Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud
A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,
More informationWhite Paper. How Organizations. Can Use The Cloud In Confidence. In business for people.
White Paper How Organizations Can Use The Cloud In Confidence In business for people. Safety in the Cloud According to a recent Forrester Research study, spending on public cloud services is expected to
More information10 Considerations for a Cloud Procurement. March 2017
10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationIt applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).
Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations
More informationAll you need to know and do to comply with the EU General Data Protection Regulation
All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal
More informationKnowing and Implementing the GDPR Part 3
Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationA practical guide to using ScheduleOnce in a GDPR compliant manner
A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling
More informationGDPR Compliance. Clauses
1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The
More informationAvanade s Approach to Client Data Protection
White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success
More informationSCHOOL SUPPLIERS. What schools should be asking!
SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated
More informationHITRUST Common Security Framework - Are you prepared?
ALLINIAL HITRUST Common Security Framework - Are you prepared? Michael Kanarellis, HITRUST CCSFP May 17, 2017 MEMBER OF PKF ALLINIAL NORTH GLOBAL, AMERICA, AN ASSOCIATION AN OF LEGALLY OF LEGALLY INDEPENDENT
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationTHE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE
THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist,
More informationImportance of the Data Management process in setting up the GDPR within a company CREOBIS
Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different
More informationCloud Customer Architecture for Securing Workloads on Cloud Services
Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationGDPR: A GUIDE TO READINESS
SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services
More informationWelcome & Introductions
Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.
More information