QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

Size: px
Start display at page:

Download "QBS Talks. June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK"

Transcription

1 QBS Talks June GDPR a Microsoft perspective Ole Kjeldsen, CTO Microsoft DK

2 House rules: All participants are on mute Use the chat window for questions during presentation moderator will collect and include in end if not answered in chat window We will open up for spoken questions after presentation Session will be recorded and made available afterwards Slides will be shared in pdf format

3 GDPR why should you care? Fines audits customer complaints loosing deals. But in the end it s because you want to run a responsible business and respect your customers data GDPR - Who should care? This is not something that is just to be managed and effectuated by one department in the business this involves all functions. GDPR what to care about? Data breaches can happen anywhere. Have you thought about who empties your paper waste baskets? Do you do remote support? Customers worry about their data in the cloud.

4 Accelerate GDPR compliance with the Microsoft Cloud Ole Kjeldsen CTO & CISO Microsoft Danmark Status - June 2017 This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

5 Businesses and users are going to embrace technology only if they can trust it. Satya Nadella Chief Executive Officer Microsoft Corporation Make no mistake, the GDPR sets a new and higher bar for privacy rights, for security, and for compliance. And while your journey to GDPR may seem challenging, Microsoft is here to help all of our customers around the world. Brad Smith President & Chief Legal Officer Microsoft Corporation Principled approach creates the framework needed: Privacy by Design Security by Design Compliance Transparency Microsoft Cloud can be a part of the solution to compliance!

6

7

8 Providing clarity and consistency for the protection of personal data The General Data Protection Regulation (GDPR) imposes new rules on organizations that offer goods and services to people in the European Union (EU), or that collect and analyze data tied to EU residents, no matter where they are located. Enhanced personal privacy rights Increased duty for protecting data & documenting compliance/accountability Mandatory breach reporting Significant penalties for non-compliance Microsoft believes the GDPR is an important step forward for clarifying and enabling individual privacy rights

9 Personal data regulation elements not changing!! Stakeholders Data types Data transfer COMPLIANCE Data subject Data controller Data processor Personal Identifieable Name Address account IP address etc. Sensitive PI Health data Sexual orientation Political affiliations Biometric data etc. Dataprocessing can take place anywhere within EU/EØS AND also with the right legal frameworks (EU SCC) + adequate security controls outside the EU/EØS If your are compliant with the current regulation today, being compliant with GDPR is a lot easier!

10 What are the key changes with the GDPR? Personal privacy Controls and notifications Transparent policies IT and training Individuals have the right to: Processors will need to: Processors are required to: Processors will need: Access their personal data Correct errors in their personal data Erase their personal data Object to processing of their personal data Export personal data Protect personal data using appropriate security practices Notify authorities within 72 hours of breaches Receive consent before processing personal data Keep records detailing data processing Provide clear notice of data collection Outline processing purposes and use cases Define data retention and deletion policies Train privacy personnel & employee Audit and update data policies Employ a Data Protection Officer (for larger organizations) Create & manage processor/vendor contracts

11

12

13 Danish process & interpretations The Danish Justice Department on May 24 th, 2017 published a 1200 page document* describing in some detail the thoughts and interpretations that will go into the coming proposals for a new Danish DPL by Oct 17. The Danish DPA will during 2017H2 publish a series of guidance papers on DPO, dpia, Cloud etc. ** You may find the 1200 pages and overview of coming guidance here: Also you can find the first DoJ interpretations from February 9 th, 2017 here: ** Read the first initial guidance from the DPA here: FIRST NOTEWORTHY INTERPRETATIONS** from DoJ: ONLY A MINORITY of private companies required to have a DPO EXISTING systems are not required to have a dpia SWITCHING DATAPROCESSOR is not basis for requiring a new dpia PUBLIC sector organizations* MUST have a DPO, but are exempt from rights such as Dataportability, R2BF 41-4 aka the War Rule might need to be interpreted differently and these special data protected not by location Danish Excutive Order on Security is eliminated

14

15 IMPORTANT IT IS NOT POSSIBLE, TO BUY A COMPLETE SYSTEM, PRODUCT OR SERVICE TO MAKE YOU GDPR COMPLIANT! THE RIGHT TECHNOLOGY CAN ASSIST YOU IN GETTING TO COMPLIANCE & THE RIGHT PLATFORM CAN MAKE COMPLIANCE A MUCH MORE ACCESSIBLE TASK!

16 Protecting customer privacy with GDPR

17 Our commitment to you To simplify your path to compliance, we are committing to GDPR compliance across our cloud services when enforcement begins on May 25, We will share our experience in complying with complex regulations such as the GDPR. Together with our partners, we are prepared to help you meet your policy, people, process, and technology goals on your journey to GDPR.

18 In effect this means for our customers that MICROSOFT CLOUD CONTRACTS (INCL. DATAPROCCESING AGREEMENT AMENDMENT M434) HAVE BEEN UPDATED TO BE COMPLIANT WITH GDPR TO ALLOW AMPLE TIME TO PREPARE (MARTS 17) & ASSESS MICROSOFT CLOUD MICROSOFT WILL BE OFFERING ALL THE DOCUMENTATION NEEDED FOR OUR CLOUD CUSTOMERS TO BE GDPR COMPLIANT* MICROSOFT WILL FURTHERMORE CONTINUE TO DRIVE OUR COMMITMENT TO CLOUD COMPLIANCE & SECURITY WITH ALL RELEVANT INTERNATIONAL STANDARDS** * Read more about separations of responsibilities here: ** Read more about Microsoft Cloud Compliance here:

19

20 39 Cloud regions worldwide North Central US United Kingdom South West US 2 West Central US West US US Gov Arizona 3 US Gov Texas 3 Central US US Gov Iowa US DoD West South Central US Canada Central US Gov Virginia Canada East US DoD East United Kingdom West East US East US 2 North Europe France 3 France 3 West Europe Germany Northeast 2 Germany Central 2 West India Central India China West 1 China East 1 South India Korea Central 3 East Asia Korea South 3 Japan East Japan West 130+ datacenters One of the 3 largest networks in the world 1 Southeast Asia Chineese datacenters run by 21Vianet 2 German data trustee is T-systems Brazil South South Africa Australia East 3 France, South Korea & some US Gov datacenter regions have been announced but not yet fully operational Australia Southeast Global datacenters Sovereign datacenters

21 Cloud stack seperation of responsibility Data Governance and Rights Management Client End-points Account and Access Management Identity and Directory Infrastructure SaaS PaaS IaaS On-Prem Microsoft handles Customer handles Application Network Controls Operating System Physical Hosts Physical Network Whitepaper: Physical Datacenter Security Privacy and Control Compliance Transparency Microsoft Confidential 21

22 Expanded Cloud stack seperation of responsibility incl ISV SaaS solutions Data Governance and Rights Management Client End-points Account and Access Management Identity and Directory Infrastructure Application Network Controls Operating System MS SaaS PaaS IaaS ISV SaaS On-Prem Support & maintenance by Microsoft by ISV Partner by Customer Physical Hosts Physical Network Whitepaper: Physical Datacenter Security Privacy and Control Compliance Transparency Microsoft Confidential 22

23

24 Where is data stored? Who has access to what? Notifications and documentation? Microsoft Cloud customers can specify which region they what their data stored in (Europa, US, Asia, etc.) Clear real-time data maps and information about geographic location for each individual customer Customer data are only processed by instruction and only for eg. troubleshooting & support Core customer data are processed only by especially appointed and certified personel Transparency about subcontractors who Microsoft guarentees lives up to same principles and certifications. Microsoft notifies about changes in data location Microsoft notifies 180 days before any changes to sub-contractor portfolio ALL audit reports, standards certificates & SoAs are available to all cloud customers throught the online Trust Center.

25 REGIONAL INDUSTRY US GOV GLOBAL Microsoft Cloud has the broadest and most comprehensive compliance portfolio of any ISO ISO ISO ISO ISO 9001 SOC 1 Type 2 SOC 2 Type 2 SOC 3 CSA STAR Self-Assessment CSA STAR Certification CSA STAR Attestation Moderate JAB P-ATO High JAB P-ATO DoD DISA SRG Level 2 DoD DISA SRG Level 4 DoD DISA SRG Level 5 SP FIPS Section 508 VPAT ITAR CJIS IRS 1075 PCI DSS Level 1 CDSA MPAA FACT UK Shared Assessments FISC Japan HIPAA / HITECH Act HITRUST GxP 21 CFR Part 11 MARS-E IG Toolkit UK FERPA GLBA FFIEC Argentina PDPA EU Model Clauses UK G-Cloud China DJCP China GB China TRUCS Singapore MTCS Australia IRAP/CCSL New Zealand GCIO Japan My Number Act ENISA IAF Japan CS Mark Gold Spain ENS Spain DPA India MeitY Canada Privacy Laws Privacy Shield Germany IT Grundschutz workbook

26 BESKYTTER VORE KUNDERS DATA PRIVACY

27 Microsoft Cloud Platform differentiation summary... Region based storing with full transparency on data location & access + added Data Trustee model Second to none & State of the art security- & privacy setup! We have done this a long time! 3. Party certifications & a long list of partner solutions on top of the cloud platform Principled approach to data protection and authority requests for access We have and will continue to fight for privacy rights and proper legal documentation

28 GDPR Compliance Simplify your privacy journey Uncover risk & take action Leverage guidance from experts

29 How do I get started? 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect, and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data requests and breach notifications

30 1 Discover: In-scope: Inventory: Example solutions Microsoft Azure Microsoft Azure Data Catalog Enterprise Mobility + Security (EMS) Microsoft Cloud App Security Dynamics 365 Audit Data & User Activity Reporting & Analytics Office & Office 365 Data Loss Prevention Advanced Data Governance Office 365 ediscovery SQL Server and Azure SQL Database SQL Query Language Windows & Windows Server Windows Search

31 2 Manage: Example solutions Data governance: Data classification: Microsoft Azure Azure Active Directory Azure Information Protection Azure Role-Based Access Control (RBAC) Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Security Concepts Office & Office 365 Advanced Data Governance Journaling (Exchange Online) Windows & Windows Server Microsoft Data Classification Toolkit

32 3 Protect: Preventing data attacks: Detecting & responding to breaches: Example solutions Microsoft Azure Azure Key Vault Azure Security Center Azure Storage Services Encryption Enterprise Mobility + Security (EMS) Azure Active Directory Premium Microsoft Intune Office & Office 365 Advanced Threat Protection Threat Intelligence SQL Server and Azure SQL Database Transparent data encryption Always Encrypted Windows & Windows Server Windows Defender Advanced Threat Protection Windows Hello Device Guard

33 4 Report: Example solutions Microsoft Trust Center Service Trust Portal Record-keeping: Reporting tools: Microsoft Azure Azure Auditing & Logging Azure Data Lake Azure Monitor Enterprise Mobility + Security (EMS) Azure Information Protection Dynamics 365 Reporting & Analytics Office & Office 365 Service Assurance Office 365 Audit Logs Customer Lockbox Windows & Windows Server Windows Defender Advanced Threat Protection

34 Microsoft Cloud Security GDPR Requires access today use the guidance from DoJ and Data Processing Authority Focus on the Intent of GDPR Microsoft will be 100% in compliance day 1 PS! Also being a Data Controller, we will naturally be compliant day 1 Principled Approach Privacy by Design Security by Design Compliance Transparency ALWAYS up to par and often beyond MICROSOFT CLOUD can be a big help in getting to compliance! All Clouds are not equal Security is most often not the issue HOW you use cloud and for WHICH data is. Proper Legal Framework Standard Certifications & Data Location should be in focus

35 Microsoft.com/GDPR (trust center)

36 Danish Webinar On-Demand: aka.ms/cloudjuraoverblik Danish DPA good questions: aka.ms/datatilsyngdpr Danish DoJ on GDPR : aka.ms/dkdojgdprfeb17

37 Ole Kjeldsen

38

39 Thank you for participating!

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway

Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway Accelerate GDPR compliance with the Microsoft Cloud Ole Tom Seierstad National Security Officer Microsoft Norway This presentation is intended to provide an overview of GDPR and is not a definitive statement

More information

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law.

This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Privacy, Trust, and the General Data Protection Regulation (GDPR) Robertas Tamosaitis Microsoft Business Solution Sales Specialist E-mail: rtamosa@microsoft.com This presentation is intended to provide

More information

U susret GDPR regulativi Dočekajmo spremni Maj 2018

U susret GDPR regulativi Dočekajmo spremni Maj 2018 U susret GDPR regulativi Dočekajmo spremni Maj 2018 Dragan Tasić Technology Solutions Professional This presentation is intended to provide an overview of GDPR and is not a definitive statement of the

More information

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1

By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 By 2020, a corporate no-cloud policy will be as rare as a no-internet policy is today. 1 The question is no longer: How do I move to the cloud? Instead, it s Now that I m in the cloud, how do I make sure

More information

Morgan Independent Software Vendor Lead

Morgan Independent Software Vendor Lead Morgan Webb @morgan_msft Independent Software Vendor Lead Digital transformation Hybrid Cloud Platform Choice Global: Hyper-scale, globally connected cloud services deployed from regional Microsoft datacenters.

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Accelerate GDPR compliance with the Microsoft Cloud Michal Jaworski National Technology Officer Microsoft Poland This presentation is intended to provide an overview of GDPR and is not a definitive statement

More information

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft

Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies. Ronit Reger, Senior Program Manager at Microsoft Closing Keynote: Addressing Data Privacy and GDPR on Microsoft Data Platform Technologies Ronit Reger, Senior Program Manager at Microsoft Session goals 1. Data Privacy and the GDPR - Data privacy as a

More information

Our Mission. Empower every person and every organization on the planet to achieve more.

Our Mission. Empower every person and every organization on the planet to achieve more. #techsummitch Our Mission Empower every person and every organization on the planet to achieve more. Innovation, Security, and Education Microsoft s investment in Switzerland David Kurth Cloud + Enterprise

More information

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017

Kimberly Nelson Executive Director Government Solutions US SLG. March 2017 Kimberly Nelson Executive Director Government Solutions US SLG March 2017 We will always be partner led. Satya Nadella Fourth industrial revolution Gartner s Digital Maturity Model for Government

More information

Microsoft 365 Das modern Büro der Zukunft

Microsoft 365 Das modern Büro der Zukunft Microsoft 365 Das modern Büro der Zukunft DI. Harald Leitenmüller Chief Technology Officer 3. Digital Business Forum, 14. Sept. 2017 Microsoft Österreich GmbH. Cloud Principles Standardisierung Automatisierung

More information

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti

Avanade Zerouno : Cloud Experience. Version 1.0 May 16, 2017 Author(s): Ivan Loreti Avanade Zerouno : Cloud Experience Version 1.0 May 16, 2017 Author(s): Ivan Loreti Cloud s opportunities range beyond IT The Intelligent Business Cloud enables the digital business Smartly connects infrastructure,

More information

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος

Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General

More information

COMPLIANCE IN THE CLOUD

COMPLIANCE IN THE CLOUD COMPLIANCE IN THE CLOUD 3:45-4:30PM Scott Edwards, President, Summit 7 Dave Harris Society for International Affairs COMPLIANCE IN THE CLOUD Scott Edwards scott.edwards@summit7systems.com 256-541-9638

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

Today s top THREAT ACTORS pose unique challenges

Today s top THREAT ACTORS pose unique challenges Today s top THREAT ACTORS pose unique challenges An effective strategy must respond to a broad range of continually evolving attack types CYBERCRIMINALS NATION-STATE HACKTIVISTS INSIDERS FINANCIAL Persistent

More information

Klaus Schwab, Founder & Executive Chairman

Klaus Schwab, Founder & Executive Chairman "We stand on the brink of a technological revolution that will fundamentally alter the way we live, work, and relate to one another. In its scale, scope, and complexity, the transformation will be unlike

More information

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera

Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera Accelerate GDPR compliance with the Microsoft Cloud Agustín Corredera This presentation is intended to provide an overview of GDPR and is not a definitive statement of the law. Businesses and users are

More information

What is Dell EMC Cloud for Microsoft Azure Stack?

What is Dell EMC Cloud for Microsoft Azure Stack? What is Dell EMC Cloud for Microsoft Azure Stack? Harry Meier GLOBAL SPONSORS Why Hybrid Cloud? The Trend Toward Hybrid Cloud Larger circles = most cost and complexity IDC 2016 Hybrid cloud is now % 9

More information

Compliance & Security in Azure. April 21, 2018

Compliance & Security in Azure. April 21, 2018 Compliance & Security in Azure April 21, 2018 Presenter Bio Jeff Gainer, CISSP Senior Information Security & Risk Management Consultant Senior Security Architect Have conducted multiple Third-Party risk

More information

Microsoft + SUSE This partnership gets stronger every day

Microsoft + SUSE This partnership gets stronger every day Microsoft + SUSE This partnership gets stronger every day Johan Sollbe Business Manager, Open Source Azure Microsoft WE THE WORLD HAS CHANGED Forrester: open source will lie at the heart of the applications

More information

Microsoft Azure. The cloud platform for digital transformation

Microsoft Azure. The cloud platform for digital transformation Microsoft Azure The cloud platform for digital transformation What is Microsoft Azure Microsoft Azure is Microsoft s cloud computing platform Azure is a comprehensive set of cloud services that developers

More information

Hyper scale Infrastructure is the enabler

Hyper scale Infrastructure is the enabler Hyper scale Infrastructure is the enabler 100+ Datacenters across 34 Regions Worldwide US DoD West TBD US Gov Iowa West US California Central US Iowa South Central US Texas North Central US Illinois Canada

More information

Enterprise Mobility + Security

Enterprise Mobility + Security Enterprise Mobility + Security Assume Breach Identity Data Flexible Workforce 250 million Millions Billions 700 million 40 billion 18+ billion 420 million Millions 35 billion messages/month United Kingdom

More information

Matt Holden-Milner Richard Willmott

Matt Holden-Milner Richard Willmott Matt Holden-Milner Richard Willmott 1780s 1870s 2015+ 1969-70 s Astonishing Pace of Change Drones 2007 $100,000 2013 $700 Typical Fortune 500 20 3D Printing 2007 $40,000 2014 $100 Google Facebook 6 8

More information

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz

Die intelligente Cloud als Kernelement der IT Transformation. Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz Die intelligente Cloud als Kernelement der IT Transformation Dr. Bernd Kiupel Business Group Lead Cloud & Enterprise, Microsoft Schweiz The next strategic opportunity is here Cloud Mobile Social How do

More information

PostgreSQL & The Cloud

PostgreSQL & The Cloud PostgreSQL & The Cloud Deploying PostgreSQL on Azure Ali Sufyan Butt Microsoft Most Valuable Professional for Visual Studio & Development Technologies Agenda Agenda for the meetup session Introduction

More information

Dublin* Amsterdam. London

Dublin* Amsterdam. London Onur Dogruoz Chicago Dublin* Amsterdam Korea Central Silicon Valley US DoD West Dallas Atlanta New York Washington DC US DoD East London Korea South Osaka Tokyo Chennai Hong Kong Mumbai* Singapore Sydney

More information

Microsoft Azure: Using the Public Cloud to solve the Big Questions

Microsoft Azure: Using the Public Cloud to solve the Big Questions Microsoft Azure: Using the Public Cloud to solve the Big Questions Kent Altena Global Black Belt TSP, Big Compute Microsoft kaltena@microsoft.com http://microsoft.com/hpc Introduction to Azure Hyper-scale

More information

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines

Azure: The Cloud On Your Terms. Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines Azure: The Cloud On Your Terms Herns Hermida Cloud and Enterprise Business Lead Microsoft Philippines hhermida@microsoft.com Business & Government are powered by the cloud Cloud is a given. CIOs no longer

More information

Amit Panchal Enterprise Technology Strategist

Amit Panchal Enterprise Technology Strategist Amit Panchal Enterprise Technology Strategist amitp@microsoft.com Who is Amit Panchal IT Industry Personal Education Executive Experience MORE DEVICES I love my PC, my phone, and my slate. MORE MOBILE

More information

CAN MICROSOFT HELP MEET THE GDPR

CAN MICROSOFT HELP MEET THE GDPR CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com

More information

Cloud Transformation and Significance of Security

Cloud Transformation and Significance of Security Cloud Transformation and Significance of Security Mohit Sharma, Chief Architect & Cloud Evangelist @onlinesince2009 www.cloudsec.com Datacenter Management Change Management Policy Physical Network Management

More information

Introductie Intercept

Introductie Intercept Introductie Intercept Intercept Microsoft Azure Triple Gold Cloud Partner Managed Partner Microsoft ISO27001 BSI gecertificeerd Azure Expert MSP Azure Solution Architects / CISSP Focus op Azure Cloud Security

More information

Your vision, your results, your cloud

Your vision, your results, your cloud Your vision, your results, your cloud Engage your customers Transform your products Digital transformation Empower your employees Optimize your operations 1 million/hour new devices coming online by 2020

More information

celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta

celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta celerate GDPR compliance h the use of new technologies oni Papanikolaou orate, External & Legal Affairs Director soft Greece, Cyprus & Malta Regulations Digital Economy Externa al Challenges g Cyber Crime

More information

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is

What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is R3 What is Blockchain? Cryptographically Authentic Shared Distributed Ledger. Cryptographically Authentic Each transaction recorded in the database is digitally signed and mathematically guaranteed to

More information

Your vision. Your cloud.

Your vision. Your cloud. Your vision. Your cloud. John F. Schaller Azure Solutions Specialist Optimized Data Center Cloud Attributes Consolidated Managed Virtualized Cost Efficient Pooled resources Automation + Self-service Elasticity

More information

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov.

GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services. Konstantin Sviridov Andrey Ivanov. You Trust IT Путь к безопасности бизнеса GDPR - What does this mean for you? Accelerate GDPR compliance with the Microsoft Services Konstantin Sviridov Andrey Ivanov 06 September 2017 This presentation

More information

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung

Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden. 14. Dezember 2017, München Oliver Niedung Herausforderungen und Lösungen um Devices mit der Cloud zu verbinden 14. Dezember 2017, München Oliver Niedung olivern@microsoft.com Herausforderungen - Gerätekonnektivität Geschäftsmodell Referenzarchitektur

More information

Introduction to AWS GoldBase

Introduction to AWS GoldBase Introduction to AWS GoldBase A Solution to Automate Security, Compliance, and Governance in AWS October 2015 2015, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Workday s Robust Privacy Program

Workday s Robust Privacy Program Workday s Robust Privacy Program Workday s Robust Privacy Program Introduction Workday is a leading provider of enterprise cloud applications for human resources and finance. Founded in 2005 by Dave Duffield

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

Security & Compliance in the AWS Cloud. Amazon Web Services

Security & Compliance in the AWS Cloud. Amazon Web Services Security & Compliance in the AWS Cloud Amazon Web Services Our Culture Simple Security Controls Job Zero AWS Pace of Innovation AWS has been continually expanding its services to support virtually any

More information

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web

Security & Compliance in the AWS Cloud. Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Security & Compliance in the AWS Cloud Vijay Rangarajan Senior Cloud Architect, ASEAN Amazon Web Services @awscloud www.cloudsec.com #CLOUDSEC Security & Compliance in the AWS Cloud TECHNICAL & BUSINESS

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

Microsoft Azure Security, Privacy, & Compliance

Microsoft Azure Security, Privacy, & Compliance Security, Privacy, & Compliance Andreas Grigull Geschäftsentwicklung Assekuranz Installation von 2000 Servern in 3 Stunden Technology trends: driving cloud adoption BENEFITS Speed Scale Economics Cloud

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

Our agenda. The basics

Our agenda. The basics GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially

More information

The growing global data platform market

The growing global data platform market OSS DB on Azure The growing global data platform market Global Data Platform Market is growing at 11.2% CAGR 120.0 106.9 Growth is expected to exceed $100B in FY22 Primary growth is driven by relational

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

ProCloud An Overview

ProCloud An Overview ProCloud An Overview Why Should I Move To The Cloud? What You May Manage Today How We Transform You Tomorrow Virus/Malware Protection Legal Compliance Data Loss Prevention Multiple Contracts & Agreements

More information

Intermedia s Private Cloud Exchange

Intermedia s Private Cloud Exchange Intermedia s Private Cloud Exchange This is a practical guide to implementing Intermedia s Private Cloud Exchange on AWS. Intermedia, the world s independent provider of Hosted Exchange, and AWS, the leading

More information

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5

Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Data Protection in the AWS Cloud: Implementing GDPR and Overview of C5 Gerald Boyne, Christian Hesse Security Assurance Germany 25.11.2017 2017, Amazon Web Services, Inc. or its Affiliates. All rights

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops.

Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. George Gerchow, Sumo Logic Chief Information Security Officer Cloud is the 'Only' Way Forward in Information Security. Leveraging Scale to Make the Unknown Known, in Dev, Sec & Ops. Agenda Sumo Security

More information

Magento GDPR Frequently Asked Questions

Magento GDPR Frequently Asked Questions Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle

More information

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities

More information

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers

Data Protection. Code of Conduct for Cloud Infrastructure Service Providers Data Protection Code of Conduct for Cloud Infrastructure Service Providers 27 JANUARY 2017 Introduction... 3 1 Structure of the Code... 5 2 Purpose... 6 3 Scope... 7 4 Data Protection Requirements... 9

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information

Data Security and Privacy at Handshake

Data Security and Privacy at Handshake Data Security and Privacy at Handshake Introduction 3 A Culture of Security 3 Employee Background Checks 3 Dedicated Security and Privacy Teams 3 Ongoing Team Training 4 Compliance 4 FERPA 4 GDPR 4 Security

More information

Safeguards on Personal Data Privacy.

Safeguards on Personal Data Privacy. Safeguards on Personal Data Privacy. Peter Koo Partner, Enterprise Risk Services Deloitte Touche Tohmatsu Maverick Tam Associate Director, Enterprise Risk Services Deloitte Touche Tohmatsu Deloitte ERS

More information

Security Information & Policies

Security Information & Policies Security Information & Policies 01 Table of Contents OVERVIEW CHAPTER 1 : CHAPTER 2: CHAPTER 3: CHAPTER 4: CHAPTER 5: CHAPTER 6: CHAPTER 7: CHAPTER 8: CHAPTER 9: CHAPTER 10: CHAPTER 11: CHAPTER 12: CHAPTER

More information

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to Suzanne Dibble 2018. Copyright in this document belongs to Suzanne Dibble. You may not copy or use it for any purpose unless you have purchased this template document from Suzanne Dibble. You may not allow

More information

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes:

Controlled Document Page 1 of 6. Effective Date: 6/19/13. Approved by: CAB/F. Approved on: 6/19/13. Version Supersedes: Page 1 of 6 I. Common Principles and Approaches to Privacy A. A Modern History of Privacy a. Descriptions, definitions and classes b. Historical and social origins B. Types of Information a. Personal information

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV

Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Information Technology Security Plan Policies, Controls, and Procedures Identify Governance ID.GV Location: https://www.pdsimplified.com/ndcbf_pdframework/nist_csf_prc/documents/identify/ndcbf _ITSecPlan_IDGV2017.pdf

More information

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security

Compliance of Panda Products with General Data Protection Regulation (GDPR) Panda Security Panda Security Compliance of Panda Products with General Data Protection Regulation (GDPR) 1 Contents 1.1. SCOPE OF THIS DOCUMENT... 3 1.2. GENERAL DATA PROTECTION REGULATION: OBJECTIVES... 3 1.3. STORED

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE

AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated

More information

TRACKVIA SECURITY OVERVIEW

TRACKVIA SECURITY OVERVIEW TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the

More information

How do you decide what s best for you?

How do you decide what s best for you? How do you decide what s best for you? Experience Transparency Leadership Commitment Cost reduction Security Trustworthiness Credibility Confidence Reliability Compliance Privacy Expertise Flexibility

More information

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.

More information

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud

A Checklist for Compliance in the Cloud 1. A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 A Checklist for Compliance in the Cloud A Checklist for Compliance in the Cloud 1 With the industrialization of hacking and the enormous impact of security breaches,

More information

White Paper. How Organizations. Can Use The Cloud In Confidence. In business for people.

White Paper. How Organizations. Can Use The Cloud In Confidence. In business for people. White Paper How Organizations Can Use The Cloud In Confidence In business for people. Safety in the Cloud According to a recent Forrester Research study, spending on public cloud services is expected to

More information

10 Considerations for a Cloud Procurement. March 2017

10 Considerations for a Cloud Procurement. March 2017 10 Considerations for a Cloud Procurement March 2017 2017, Amazon Web Services, Inc. or its affiliates. All rights reserved. Notices This document is provided for informational purposes only. It represents

More information

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE

INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing

More information

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your). Our Privacy Policy 1 Purpose Mission Australia is required by law to comply with the Privacy Act 1988 (Cth) (the Act), including the Australian Privacy Principles (APPs). We take our privacy obligations

More information

All you need to know and do to comply with the EU General Data Protection Regulation

All you need to know and do to comply with the EU General Data Protection Regulation All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal

More information

Knowing and Implementing the GDPR Part 3

Knowing and Implementing the GDPR Part 3 Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education

More information

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10 GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data

More information

A practical guide to using ScheduleOnce in a GDPR compliant manner

A practical guide to using ScheduleOnce in a GDPR compliant manner A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

Avanade s Approach to Client Data Protection

Avanade s Approach to Client Data Protection White Paper Avanade s Approach to Client Data Protection White Paper The Threat Landscape Businesses today face many risks and emerging threats to their IT systems and data. To achieve sustainable success

More information

SCHOOL SUPPLIERS. What schools should be asking!

SCHOOL SUPPLIERS. What schools should be asking! SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated

More information

HITRUST Common Security Framework - Are you prepared?

HITRUST Common Security Framework - Are you prepared? ALLINIAL HITRUST Common Security Framework - Are you prepared? Michael Kanarellis, HITRUST CCSFP May 17, 2017 MEMBER OF PKF ALLINIAL NORTH GLOBAL, AMERICA, AN ASSOCIATION AN OF LEGALLY OF LEGALLY INDEPENDENT

More information

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant

More information

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist,

More information

Importance of the Data Management process in setting up the GDPR within a company CREOBIS

Importance of the Data Management process in setting up the GDPR within a company CREOBIS Importance of the Data Management process in setting up the GDPR within a company CREOBIS 1 Alain Cieslik Personal Data is the oil of the digital world 2 Alain Cieslik Personal information comes in different

More information

Cloud Customer Architecture for Securing Workloads on Cloud Services

Cloud Customer Architecture for Securing Workloads on Cloud Services Cloud Customer Architecture for Securing Workloads on Cloud Services http://www.cloud-council.org/deliverables/cloud-customer-architecture-for-securing-workloads-on-cloud-services.htm Webinar April 19,

More information

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall

More information

GDPR: A GUIDE TO READINESS

GDPR: A GUIDE TO READINESS SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services

More information

Welcome & Introductions

Welcome & Introductions Addressing Data Privacy and Security Compliance in Cloud Computing Benjamin Hayes, Director of Legal Services, Data Privacy Compliance North America Accenture Copyright 2011 Accenture All Rights Reserved.

More information