How the GDPR will impact your software delivery processes

Size: px
Start display at page:

Download "How the GDPR will impact your software delivery processes"

Transcription

1 How the GDPR will impact your software delivery processes

2 About Redgate ,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use our tools 4m website visits each year 1058 product releases last year 68 User Groups sponsored last year

3 Your Presenter Richard Macaskill Product

4 Disclaimer This is NOT legal advice No legal review has been undertaken of this material I am not a lawyer!

5 We will discuss The principles of data protection Understanding GDPR jargon Steps to consider to ensure compliance building your defensible position under GDPR An introduction to Redgate s Data Privacy and Protection Solution

6 History

7 Data Breaches are the New Normal Data Breaches Millions of Records Exposed Source: Identity Theft Resource Center

8 The General Data Protection Regulation REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) 50,000 word Document

9 The General Data Protection Regulation The Biggest Legislative Change The Data Industry has Ever Seen There s a lot in the GDPR you ll recognise from the current law but make no mistake, this one s a game changer for everyone Elizabeth Denham, UK Information Commissioner, 17 Jan 2017

10 The global scope of the GDPR Non-EU organisations will be subject to the GDPR where they process personal data about EU citizens in connection with: The offering of goods or services (payment is not required); or monitoring their behaviour within the EU

11 What about the U.S.?

12 GDPR as blueprint Japan: Act on the Protection of Personal Information (GDPR copy) Australia: Privacy Amendment (Notifiable Data Breaches) Bill 2016 UK (post Brexit): Data Protection Bill (GDRP copy) US: NIST Special Publication State regulations

13 Key Changes Increased Territorial Scope Consent Penalties 4% turnover or EUR 20 million, whichever is greater Such penalties shall be effective, proportionate and dissuasive

14 Roles Controller Processor Data Subject

15 Categories. Privacy of what? Not all data is private Before GDPR even becomes law, you ll be expected to have audited your data and identified the two categories of personal data that require special handling Standard personal data Special personal data By implication, other and data not yet classified?

16 Personal data breaches can include: Access by an unauthorised third party Deliberate or accidental action (or inaction) by a controller or processor Sending out personal data to an incorrect recipient Computing devices containing personal data being lost or stolen Alteration of personal data without permission Loss of availability of personal data

17 Data subjects rights Right to be informed Right to access Right to rectification Right to be erasure Right to restrict processing Right to data portability Right to object Rights in relation to automated decision making and profiling.

18 The principles of GDPR are the principles of good data protection

19 1) Lawful, fair and transparent Data shall be processed lawfully, fairly and in a transparent manner in relation to individuals What makes processing lawful and transparent?

20 2) Purpose Limitation Data shall be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes How is the data you collect used?

21 3) Data Minimisation Data shall be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed More data = more risk

22 4) Data Accuracy Data shall be accurate and, where necessary, kept up to date; every reasonable step must be taken to ensure that personal data that are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay Are you making decisions based on inaccurate data?

23 5) Storage Limitation Data shall be kept in a form which permits identification of data subjects for no longer than is necessary for the purposes for which the personal data are processed

24 6) Integrity and Confidentiality Data shall be processed in a manner that ensures appropriate security of the personal data, including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organisational measures What are appropriate technical measures?

25 Understanding GDPR jargon

26 Data Protection by Design and by Default A general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities Do it early, not as an afterthought

27 Appropriate Technical Measures Documentation Encryption, pseudonymization, anonymization Oversight of protection Change Control Procedures for out-of-process change

28 Documentation

29 Pseudonymization vs Anonymization The principles of data protection should therefore not apply to anonymous information, that is [...] data rendered anonymous in such a way that the data subject is not or no longer identifiable

30 Most organizations do copy-down live data

31 Consented vs non-consented processing

32 Data Protection Impact Assessment (DPIA) A description of the envisaged processing operations and the purposes of the processing An assessment of the necessity and proportionality of the processing operations An assessment of the risks to the rights and freedoms of the data subjects concerned The measures which will be put in place to address those risks and demonstrate compliance

33 Data Protection Impact Assessment Is it necessary? 9 criteria; Evaluation or scoring e.g. consulting an AML or fraud prevention database Automated decision taking leading to legal or similarly significant effects Systematic monitoring in publicly accessible areas Processing of sensitive or highly personal data (communications data, location data, financial data) Large scale Matching databases Vulnerable data subjects where there is an imbalance of power children, employees, patients, the elderly Innovative uses of technology the example given is that IoT applications may require a DPIA Processing which could exclude individuals from using a service or contract, or from exercising a right. ARTICLE 29 DATA PROTECTION WORKING PARTY October 2017 revision

34 Data Protection Impact Assessment In practice, this means that controllers must continuously assess the risks created by their processing activities in order to identify when a type of processing is likely to result in a high risk to the rights and freedoms of natural persons ARTICLE 29 DATA PROTECTION WORKING PARTY October 2017 revision

35 Subject access requests in relation to; Right to be informed Right to access Right to rectification Right to be erasure Right to restrict processing Right to data portability Right to object Rights in relation to automated decision making and profiling.

36 Breach notification We have an assessment process We know who is the relevant supervisory authority We have a notification process (within 72 hours of becoming aware of it) We know what information we must give the ICO We have a process to inform affected individuals (if high risk) We know we must inform affected individuals without undue delay. We know what information to provide to individuals We document all breaches

37 Accountability The controller shall be responsible for, and be able to demonstrate, compliance with the principles 39 of the 99 GDPR Articles require evidence to demonstrate compliance

38 Demonstrating Compliance In order to be able to demonstrate compliance with this Regulation, the controller should adopt internal policies and implement measures which meet in particular the principles of data protection by design and data protection by default

39 Steps to consider in ensuring compliance 1. Where is your data? 2. What exactly is your data? 3. Who is accessing your data, and for what purpose? 4. How can you demonstrate adequate protection?

40 How will GDPR impact your software delivery?

41 The best compliance is deterministic It s not that you did the right thing It s that the right thing is ALWAYS done The use of data should be driven by the consent given and the processing policies agreed to. Behaviours of its use is then driven by its classification.

42 Redgate s Data Privacy and Protection Solution

43 What customers get from our solution Redgate helps you protect your business by providing a scalable, and repeatable process for managing personally-identifiable information as it moves through your SQL Server estate. Our solution maps a customer s SQL data estate, then monitors and controls it for protection appropriate to the sensitivity of the data, ensuring compliance during data handling.

44 1. Discover Save time mapping SQL Server estate, from production servers to copies for development and test Gain insight into where databases live, what data they contain, and who has access to it Tools for the job Provides a window into your SQL Server Estate Auto-discover SQL Servers in your domains See who has access to what, and their permission level

45 2. Classify Remove the guesswork in understanding which tables or columns contain sensitive data for compliance Give data context by assigning descriptive labels aligned to Microsoft taxonomy The foundation to apply the right security levels to data as it moves around SQL Server estate Tools for the job Label servers, databases, tables, columns to tag which contain PII Using taxonomy aligned to Microsoft: personal, nonpersonal, and special

46 3. Protect Safeguard against data breaches and unauthorized access by masking and encrypting sensitive data Automatically apply masking rules when provisioning new databases, or refreshing development and test environments with production data Ensure your business critical data is safe by always backing up your SQL Server databases Tools for the job Replace sensitive data with anonymized, yet realistic data Repeatable, transparent, and auditable process for provisioning Protect against accidental loss of user data, database corruption or hardware failures

47 4. Monitor Prove compliance through ongoing tracking, management and reporting of your data protection policy Be alerted to incidents affecting the ability to restore the availability and access to personal data in a timely manner Tools for the job Automatically generate reports mapping SQL Server estate Track changes with snapshots and receive notifications to Check user access permissions for servers containing PII Monitor the availability of servers and databases containing PII

48 Some suggestions Involve the whole organization Start work on your data map(s) Review your oversight of the data estate Review your SDLC Consider re-tooling Practise! (data breach response, DPIA) Show your work! (decisions taken, risk assessments)

49 and keep learning! What is your defensible position under GDPR? The landscape is changing and case law will soon be here. Regulators websites (e.g. Industry discussion (e.g. Meetups (e.g.

50 Question and Answer Session

51 Need help? Contact Us: Discover Redgate s Full Solution Data Privacy and Protection SQL Data Privacy Suite

52

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

Islam21c.com Data Protection and Privacy Policy

Islam21c.com Data Protection and Privacy Policy Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

Element Finance Solutions Ltd Data Protection Policy

Element Finance Solutions Ltd Data Protection Policy Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

The isalon GDPR Guide Helping you understand and prepare for the legislation

The isalon GDPR Guide Helping you understand and prepare for the legislation The isalon GDPR Guide Helping you understand and prepare for the legislation 01522 887200 isalonsoftware.co.uk Read our guide today to help you plan for the new legislation.. The General Data Protection

More information

A Homeopath Registered Homeopath

A Homeopath Registered Homeopath A Homeopath Registered Homeopath DATA PROTECTION POLICY Scope of the policy This policy applies to the work of homeopath A Homeopath (hereafter referred to as AH ). The policy sets out the requirements

More information

Creative Funding Solutions Limited Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or

More information

Made In Hackney Data Protection Policy Last Updated:

Made In Hackney Data Protection Policy Last Updated: Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection

More information

GDPR - Are you ready?

GDPR - Are you ready? GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

Data Processing Clauses

Data Processing Clauses Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

Site Builder Privacy and Data Protection Policy

Site Builder Privacy and Data Protection Policy Site Builder Privacy and Data Protection Policy This policy applies to the work of the Third Age Trust s Site Builder Team. The policy sets out the approach of the Team in managing personal information

More information

Contract Services Europe

Contract Services Europe Contract Services Europe Procedure for Handling of Page 1 of 10 1. INTRODUCTION This procedure document supplements the data request and subject access request (SAR) provisions set out in DPS Contract

More information

UWTSD Group Data Protection Policy

UWTSD Group Data Protection Policy UWTSD Group Data Protection Policy Contents Clause Page 1. Policy statement... 1 2. About this policy... 1 3. Definition of data protection terms... 1 4. Data protection principles..3 5. Fair and lawful

More information

Arkadin Data protection & privacy white paper. Version May 2018

Arkadin Data protection & privacy white paper. Version May 2018 Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Worcester Action for Youth Last updated 26 November 2018 Definitions Charity means Worcester Action for Youth, a registered charity No. 1169888 GDPR Responsible Person Register of

More information

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant. GDPR and BMC Clubs Lawful basis for Processing Personal Data This article will explain how your club can lawfully process personal data and show steps you can take to ensure that your club is GDPR compliant.

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

Eco Web Hosting Security and Data Processing Agreement

Eco Web Hosting Security and Data Processing Agreement 1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have

More information

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE 2016 Saviour Cachia Commissioner for Information and Data Protection Conception of DPA Council of Europe ETS 108 Convention on the protection of

More information

All you need to know and do to comply with the EU General Data Protection Regulation

All you need to know and do to comply with the EU General Data Protection Regulation All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal

More information

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union;

- GDPR (General Data Protection Regulation) is the new Data Protection Regulation of the European Union; PRIVACY NOTICE INTRODUCTION During the operation of the website data controller processes the data of persons registered on the website in order to be able to provide them with adequate services. Service

More information

Technical Requirements of the GDPR

Technical Requirements of the GDPR Technical Requirements of the GDPR Purpose The purpose of this white paper is to list in detail all the technological requirements mandated by the new General Data Protection Regulation (GDPR) laws with

More information

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy DEPARTMENT OF JUSTICE AND EQUALITY Data Protection Policy May 2018 Contents Page 1. Introduction 3 2. Scope 3 3. Data Protection Principles 4 4. GDPR - Rights of data subjects 6 5. Responsibilities of

More information

Data Processing Agreement

Data Processing Agreement Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data

More information

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018 GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine

More information

enter into application on 25 May 2018

enter into application on 25 May 2018 General Data Protection Regulation What is GDPR? Is GDPR applicable for you? Which actions are required from you (and us)? Which rights do your clients have and which services can KBC Securities s provide

More information

Requirements for a Managed System

Requirements for a Managed System GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Preparing for the GDPR

Preparing for the GDPR Preparing for the GDPR 1 February 2018 EXPECT EXCELLENCE DUBLIN BELFAST LONDON NEW YORK SILICON VALLEY arthurcox.com The EU General Data Protection Regulation (known as the GDPR ) will replace the current

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the

More information

1. Type of personal data that we collect and process?

1. Type of personal data that we collect and process? PRIVACY POLICY Branch of the Walton International Search Associates Limited in the Republic of Serbia, with the registered seat in Belgrade, Bulevar Arsenija Carnojevica 52A, sixth floor, st 17, registration

More information

DATA PROTECTION POLICY

DATA PROTECTION POLICY DATA PROTECTION POLICY Introduction 1 In undertaking the business of the University of Stirling, we all create, gather, store and process large amounts of data on a variety of data subjects such as on

More information

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal What is GDPR? GDPR (General Data Protection Regulation) is Europe s new privacy law. Adopted in April 2016, it replaces the 1995 Data Protection Directive and marks the biggest change in data protection

More information

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business

More information

GLOBAL DATA PROTECTION POLICY

GLOBAL DATA PROTECTION POLICY GLOBAL DATA PROTECTION POLICY BRS UK Version 1.0 TABLE OF CONTENTS SCOPE 2 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 2 Compliance with the European data protection law and any additional applicable

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

GDPR Data Protection Policy

GDPR Data Protection Policy GDPR Data Protection Policy Volleyball England 2018 VE Data Protection Policy May 2018 Page 1 GDPR Data Protection Policy 1. Introduction This Policy sets how the English Volleyball Association Limited

More information

Privacy by Design, Security by Design

Privacy by Design, Security by Design Privacy by Design, Security by Design Dai Davis Chartered Engineer and Solicitor Percy Crow Davis & Co Session ID: PNG 302 Session Classification: General Interest Privacy by Design Original data protection

More information

Data Breaches and the EU GDPR

Data Breaches and the EU GDPR Data Breaches and the EU GDPR Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 30 June 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC Consultant Infrastructure Services Business Process

More information

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot

What You Need to Know About Addressing GDPR Data Subject Rights in Pivot What You Need to Know About Addressing GDPR Data Subject Rights in Pivot Not Legal Advice This document is provided for informational purposes only and must not be interpreted as legal advice or opinion.

More information

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

What is GDPR? https://www.eugdpr.org/ Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000 GDPR: The basics What is GDPR? The EU General Data Protection Regulation (GDPR) is the biggest European shake-up of data protection in a generation. It s the culmination of two decades of experience of

More information

Personal Data Protection Policy

Personal Data Protection Policy PALEOLOGOS S.A. Personal Data Protection Policy Date of entry into force of this policy May 17, 2018 The primary objective of this policy is to provide general guidelines regarding the protection of Personal

More information

Data Protection Privacy Notice

Data Protection Privacy Notice PETA Limited Page 1 of 7 Data Protection Privacy Notice PETA Limited provides a range of services to both members of the public and to those employed within business. To enable us to provide a service,

More information

UWC International Data Protection Policy

UWC International Data Protection Policy UWC International Data Protection Policy 1. Introduction This policy sets out UWC International s organisational approach to data protection. UWC International is committed to protecting the privacy of

More information

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

Little Blue Studio. Data Protection and Security Policy. Updated May 2018 Little Blue Studio Data Protection and Security Policy Updated May 2018 Contents Introduction... 3 Purpose... 3 Application... 3 General Data Protection Regulation (GDPR)... 3 Handling personal information,

More information

Data subject ( Customer or Data subject ): individual to whom personal data relates.

Data subject ( Customer or Data subject ): individual to whom personal data relates. Privacy Policy 1. Information on the processing of personal data We hereby inform you in this document about the principles and procedures for processing your personal data and your rights, in accordance

More information

Designing GDPR compliant software

Designing GDPR compliant software Designing GDPR compliant software 1 Alain Cieslik Agenda o GDPR Summary o What does compliance with GDPR mean? o Example of GDPR Accountability o Consent & Purpose Management o What does security mean

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

EventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation

EventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation EventLog Analyzer All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 2 Challenges, requirements, and action plans GDPR is borderless...

More information

GDPR Controls and Netwrix Auditor Mapping

GDPR Controls and Netwrix Auditor Mapping GDPR Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About GDPR The General Data Protection Regulation (GDPR) is a legal act of the European Parliament and the Council (Regulation

More information

PRIVACY POLICY PRIVACY POLICY

PRIVACY POLICY PRIVACY POLICY PRIVACY POLICY 1 A. GENERAL PART 1.1. COLLECTION AND PROCESSING OF USER DATA Within the scope of the availability of the website hosted in www.alpinushotel.com and of the services and communications made

More information

RVC DATA PROTECTION POLICY

RVC DATA PROTECTION POLICY RVC DATA PROTECTION POLICY POLICY and PROCEDURES Responsibility of Data Protection Officer Review Date July 2019 Approved by CEC Author D.Hardyman-Rice CONTENTS PAGE 1) Policy Statement 3 2) Key definitions

More information

GLOBAL DATA PROTECTION POLICY

GLOBAL DATA PROTECTION POLICY GLOBAL DATA PROTECTION POLICY Last update: April 2nd, 2018 SCOPE 3 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 3 Compliance with the European Data Protection Law and any additional applicable data

More information

Privacy Policy Inhouse Manager Ltd

Privacy Policy Inhouse Manager Ltd Privacy Policy Inhouse Manager Ltd April 2018 This privacy statement is designed to tell you about our practices regarding the collection, use and disclosure of information held by Inhouse Manager Ltd.

More information

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018 First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,

More information

Introductory guide to data sharing. lewissilkin.com

Introductory guide to data sharing. lewissilkin.com Introductory guide to data sharing lewissilkin.com Executive Summary Most organisations carry out some form of data sharing, whether it be data sharing between organisations within the group or with external

More information

Data Protection Policy

Data Protection Policy Introduction In order to; provide education, training, assessment and qualifications to its customers and clients, promote its services, maintain its own accounts and records and support and manage its

More information

Subject: Kier Group plc Data Protection Policy

Subject: Kier Group plc Data Protection Policy Kier Group plc Data Protection Policy Subject: Kier Group plc Data Protection Policy Author: Compliance Document type: Policy Authorised by: Kier General Counsel & Company Secretary Version 3 Effective

More information

Motorola Mobility Binding Corporate Rules (BCRs)

Motorola Mobility Binding Corporate Rules (BCRs) Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,

More information

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website,  , call or write to us. Privacy Policy Background This policy explains when and why we collect personal information about you; how we use it, the conditions under which we may disclose it to others and how we keep it secure.

More information

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than

More information

GDPR and the Privacy Shield

GDPR and the Privacy Shield GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

GDPR Customer Briefing. How Creditsafe is using GDPR to drive better business

GDPR Customer Briefing. How Creditsafe is using GDPR to drive better business GDPR Customer Briefing How Creditsafe is using GDPR to drive better business Introduction What is GDPR? The GDPR (General Data Protection Regulation) will provide a robust set of rules for the collection,

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

EU data security and privacy trends

EU data security and privacy trends EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst

More information

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data

Privacy Policy. Data Controller - the entity that determines the purposes, conditions and means of the processing of personal data Privacy Policy Datacenter.com (referred to as we, us, our, Datacenter or the Company ) is committed to protecting your privacy and handling your data in an open and transparent manner. The personal data

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Act CXII of 2011 on the right to information self-determination and freedom of information. Act ;

Act CXII of 2011 on the right to information self-determination and freedom of information. Act ; PRIVACY POLICY THE COMPANY'S DATA MANAGEMENT PRINCIPLES M2M Rendszerház Kft. and WM Systems LLC. (hereinafter referred to as the Company as a joint Data Administrator) provide detailed information management

More information

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant

More information

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES Forum financier du Brabant wallon 14.12.2017 Data Protection should be part of every company s or organisation s DNA Do you process

More information

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder GDPR effects on Gift Aid Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder Accountability Processed lawfully, fairly and in a transparent manner Collected for specified, explicit

More information

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms:

Privacy Policy. In this data protection declaration, we use, inter alia, the following terms: Last updated: 20/04/2018 Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of VITO (Vlakwa). The

More information

DLB Privacy Policy. Why we require your information

DLB Privacy Policy. Why we require your information At Etive Technologies Limited (Etive) which operates Digital Log Book, (DLB). We are committed to protecting the privacy of our customers and the responsible management of personal information in accordance

More information

SCHOOL SUPPLIERS. What schools should be asking!

SCHOOL SUPPLIERS. What schools should be asking! SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated

More information

Privacy and Data Protection Policy

Privacy and Data Protection Policy Manchester Imaging Limited Arch 29 North Campus Incubator Altrincham Street Manchester M1 3NL United Kingdom www.manchester-imaging.com Privacy and Data Protection Policy This notice is issued by: Manchester

More information

Identity of the controller: CHARVAT CTS a.s., ID No.: , with the registered office at Okrinek 53, Podebrady, Czech Republic, Postcode

Identity of the controller: CHARVAT CTS a.s., ID No.: , with the registered office at Okrinek 53, Podebrady, Czech Republic, Postcode Dear all, Welcome to the website of CHARVÁT CTS a.s. We appreciate your interest in our company. Protection of personal data you share with us is our priority and we have taken all the steps for you to

More information

Website Privacy Notice

Website Privacy Notice This privacy notice explains the processing of personal data on the website of Assurity Consulting Ltd (including the entity of Assurity Consulting Holdings Ltd). Assurity Consulting Ltd is committed to

More information

GDPR: A technical perspective from Arkivum

GDPR: A technical perspective from Arkivum GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection

More information

The Apple Store, Coombe Lodge, Blagdon BS40 7RG,

The Apple Store, Coombe Lodge, Blagdon BS40 7RG, 1 The General Data Protection Regulation ( GDPR ) is the new legal framework that will come into effect on the 25th of May 2018 in the European Union ( EU ) and will be directly applicable in all EU Member

More information

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10

GDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10 GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data

More information

Rights of Individuals under the General Data Protection Regulation

Rights of Individuals under the General Data Protection Regulation Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3

More information

How WhereScape Data Automation Ensures You Are GDPR Compliant

How WhereScape Data Automation Ensures You Are GDPR Compliant How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection

More information

Privacy Policy Identity Games

Privacy Policy Identity Games Document Name: Privacy Policy Reference: GDPR 1.0 This privacy policy was last modified on 26 July, 2018. Privacy Policy Identity Games In this policy, "we", "us" and "our" refer to Identity Games International

More information

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

General Data Protection Regulation (GDPR) and the Implications for IT Service Management General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection

More information

Data Processing Agreement

Data Processing Agreement In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal

More information

DATA SECURITY - DATA PROTECTION ACT

DATA SECURITY - DATA PROTECTION ACT DATA SECURITY - DATA PROTECTION ACT Data Security - Data Protection Act Many businesses are totally reliant on the data stored on their PCs, laptops, networks, mobile devices and in the cloud. Some of

More information

Data Breach Notification Policy

Data Breach Notification Policy Data Breach Notification Policy Policy Owner Department University College Secretary Professional Support Version Number Date drafted/date of review 1.0 25 May 2018 Date Equality Impact Assessed Has Prevent

More information

NEWSFLASH GDPR N 8 - New Data Protection Obligations

NEWSFLASH GDPR N 8 - New Data Protection Obligations GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine

More information