GDPR: A technical perspective from Arkivum

Size: px
Start display at page:

Download "GDPR: A technical perspective from Arkivum"

Transcription

1 GDPR: A technical perspective from Arkivum

2 Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection into your processing activities. ICO

3 GDPR Basic Summary The GDPR becomes EU law on 25 May 2018 unaffected by Brexit Applies to all EU-resident citizens wherever their data is stored Data Protection Officer (DPO) appointment necessary in many cases, plus impact assessments Fines up to EUR 20m or 4% of previous year s global turnover There are even higher standards around special category data eg Genetic data, Children s data Data Controllers and Processors have accountability for subjects data, 6 main principles: Data processing shall be lawful, fair, transparent etc. Data collection shall be performed for reasons made explicit to individual Data shall only be collected for specific, necessary and relevant purposes Data shall be accurate and kept up-to-date Means shall be provided for individuals to change details, be forgotten, data portability etc. Data shall be kept for no longer than necessary

4 Technical measures: risk management Technical measures = Reduced probability, lower impact Consequences of a GDPR breach = Scale of breach x Severity of breach x Brand Governance x Systems x Monitoring Fines, reputational damage, litigation Technical measures = Demonstrable compliance, transparency, fast response

5 Ways to manage GDPR risk Risk Management Approach Avoid Mitigate Transfer Accept and insure Technical measures and approach Reduce data footprint Anonymisation Encryption Information Security Governance systems Monitoring Third-party development or hosting Risk register Governance systems Example Minimise the number of online applications and servers holding personal data. If personal data is held, then store it in encrypted form. Implement strong access control on online applications, keep good records of all personal data, have a DR plan, do regular testing and monitoring. Use a reputable company to develop/host your data/applications. Make sure they can demonstrate strong security and comply with standards. Nail everything down in the contact. Create a risk register. Decide what is cost effective to avoid/mitigate/transfer. Get insurance for the residual risk.

6 Do you know your data and risk profile? Organisations have 20x more cloud apps than they think An enterprise has 841 cloud apps in use on average 98% of cloud apps are not GDPR ready Symantex + Blue Coat Shadow Data Report, 1H 2016 If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. If you are a controller, you are not relieved of your obligations where a processor is involved the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR. Designed by Alvaro_cabrera, Freepik.com ICO website

7 Get data under proper management Business data creators and consumers IM CRM Other Extract, move, replicate Live data apps and environments Transparency Accountability Compliance Archive Audit trails Compliance assessments Disposal reports Risk profiles Retention holds and reviews Reporting Discovery and analytics Secure Storage Version of record Secure environment

8 GDPR Shock Scenario: Ransomware Web app attacks are the most common form of data breaches (40%) and 95% of web app breaches are financially motivated * 1. Secure your web apps! 2. Keep separate records and a fully managed copy of the personal data Quantify scale of the problem - know exactly what personal data is affected Baseline for disaster recovery check that nothing is lost or corrupted Contact data subjects quickly and notify ICO use records and check consent Minimise extent of unlawful processing unauthorised access yes, but not data loss Demonstrate governance record keeping, risk and breach assessment, PIA * Verizon 2016 Data Breach Investigations Report: incidents, 3141 breaches

9 New regulation, familiar systems GDPR Lawful processing Accountability Privacy by Design Subject Rights Consent Common Requirements Confidentiality Controlled access Authenticity Integrity Usability Retention Deletion Policies Procedures Supporting Systems Records Keeping Data Archiving Information Security Digital Preservation Risk Management Information Lifecycle Management (ILM) Logging and Monitoring

10 Three-stage technical approach to GDPR Data location, data type, data format, data apps, data safety, data security 1 Know your data Minimise data footprint and attack vectors, get data under proper management Management systems: data lifecycle, information security, record keeping 2 3 Reduce immediate Risks Governance and Privacy by Design

11 Phase 1: Know what you have Accountability Transparency Check for consent Supporting Technologies Data Discovery Privacy Impact Assessments Inventory of applications & services Data register Documented data flows Consent records Confidence in deleting data Digital Forensics Business Intelligence Databases Spreadsheets Sharepoint Check CSP contracts Convert for portability EDRMS Test security Fast, low cost response to subjects

12 Phase 2: Reduce immediate risks Accountability Transparency Isolate the personal part of data Supporting Technologies Privacy Impact Assessments Minimise processing by third-parties Access control Encryption Pseudoanonymisation Data minimisation Safe/secure storage Reduce impact of breaches Minimise data losses Privacy Enhancing Technologies (PET) Two factor authentication Security testing Backup and archive Data Warehouse Document Managememt Enforce data sovereignty Easier monitoring and detection

13 Phase 3: Governance and Privacy by Design Privacy Impact Assessments Proactive and preventative privacy Accountability Transparency Records Management ISMS Risk Register Data lifecycle policies Discovery and audit Monitoring Privacy across the full lifecycle Records of consent and processing Early detection of problems Retention policies and schedules Continual security review and improvement Supporting Technologies Risk Management Information Lifecycle Management Electronic Document and Record Management Systems (EDRMS) Compliance archiving Digital Preservation Platforms/Services Enterprise dashboards and logging

14 Example GDPR technical measures GDPR Requirement Lawful processing (no unauthorised access) Lawful processing (no loss, destruction, damage) Lawful processing (accurate and up-to-date ) Lawful processing (retained only if necessary) Accountability and Governance Consent Transfer Breach Notification Subject rights (informed, access, rectification, erasure, restrict, portability, objection). Technological Measures Access control, secure servers, encryption, pseudo-anonymisation, security testing. Access control, backups, archiving, tamper-proof storage, data integrity, disaster recovery. Version control, audit trails, digital signatures and fixity checks, tamper-proof systems. Record keeping, retention policies, assured deletion, audit trails, anonymisation. Systems for: records management, risk management, information security management Record keeping, audit trails, identifiers Restrict data locations, audit trails Access monitoring, intrusion detection, penetration testing. Cataloguing, search/indexing tools, records management, file format management

15 Example GDPR Data Lifecycle Arkivum GDPR module UC IM CRM Other Business Data Generators / Consumers GDPR Metadata Tagging Mediation Layer Enhanced Business Value Legal Justifications for storage, processing, retention and deletion rules Unified E- discovery File export Reporting Search Access control Pseudonymisation Design Certification Audit Trail

16 Summary Technical measures have an important role to play in GDPR Risk Management: reduce the chances, scale and severity of breaches Show you have proper processes and systems in place Don t re-invent the wheel, but instead look to what s already available GDPR requirements are shared with many other regulated sectors Suitable technology, techniques, tools and systems already exist Three stage approach Know what you have (data, apps, services, risks) Address the immediate risks and get data under proper management Implement systems to support governance and Privacy by Design

17 Thank you

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place

More information

ZIMBRA & THE IMPACT OF GDPR

ZIMBRA & THE IMPACT OF GDPR ZIMBRA & THE IMPACT OF GDPR 1 WHAT IS THE GENERAL DATA PROTECTION REGULATION? What Privacy law that applies to personal data of EU residents Privacy It also ensures those holding the information protects

More information

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2 COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...

More information

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM AIRMIC ENTERPRISE RISK MANAGEMENT FORUM Date 10 November 2016 Name Nick Gibbons Position, PARTNER BLM T: 0207 457 3567 E: Nick.Gibbons@blmlaw.com SUMMARY Cyber crime is now a daily reality Every business

More information

GDPR - Are you ready?

GDPR - Are you ready? GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review

More information

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

Our agenda. The basics

Our agenda. The basics GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially

More information

The isalon GDPR Guide Helping you understand and prepare for the legislation

The isalon GDPR Guide Helping you understand and prepare for the legislation The isalon GDPR Guide Helping you understand and prepare for the legislation 01522 887200 isalonsoftware.co.uk Read our guide today to help you plan for the new legislation.. The General Data Protection

More information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

Unified Communications Phase 2 Presentation to IT Services Users Group

Unified Communications Phase 2 Presentation to IT Services Users Group Unified Communications Phase 2 Presentation to IT Services Users Group Wednesday 2 nd May 2018 Dr. Geoff Bradley, Head of Academic Services & IT Operations / UC2 Project Sponsor Sara McAneney, Information

More information

How the GDPR will impact your software delivery processes

How the GDPR will impact your software delivery processes How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use

More information

General Data Protection Regulation (GDPR) NEW RULES

General Data Protection Regulation (GDPR) NEW RULES General Data Protection Regulation (GDPR) NEW RULES AGENDA A. GDPR : general overview B. Sectorial topics and concerns GDPR GENERAL OVERVIEW 1. GDPR : WHAT IS IT AND WHY CARE? 27 April 2016 : Approval

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist,

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

Element Finance Solutions Ltd Data Protection Policy

Element Finance Solutions Ltd Data Protection Policy Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

GDPR compliance: some basics & practical to do list

GDPR compliance: some basics & practical to do list GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

Creative Funding Solutions Limited Data Protection Policy

Creative Funding Solutions Limited Data Protection Policy Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the

More information

Toucan Telemarketing Ltd.

Toucan Telemarketing Ltd. Toucan Telemarketing Ltd. GDPR Data Protection Policy Introduction Toucan Telemarketing is committed to protecting the rights and freedoms of data subjects and safely and securely processing their data

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

How WhereScape Data Automation Ensures You Are GDPR Compliant

How WhereScape Data Automation Ensures You Are GDPR Compliant How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection

More information

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018 GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine

More information

Eco Web Hosting Security and Data Processing Agreement

Eco Web Hosting Security and Data Processing Agreement 1 of 7 24-May-18, 11:50 AM Eco Web Hosting Security and Data Processing Agreement Updated 19th May 2018 1. Introduction 1.1 The customer agreeing to these terms ( The Customer ), and Eco Web Hosting, have

More information

SCHOOL SUPPLIERS. What schools should be asking!

SCHOOL SUPPLIERS. What schools should be asking! SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated

More information

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

Data Protection and GDPR

Data Protection and GDPR Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

A practical guide to IT security

A practical guide to IT security Data protection A practical guide to IT security Ideal for the small business The Data Protection Act states that appropriate technical and organisational measures shall be taken against unauthorised or

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017 General Data Please note: - This legislation is untested and open to interpretation. - I am not a Privacy or Data Protection Solicitor. - Should you have any concerns or queries please seek legal advice

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Guide to Cyber Security Compliance with GDPR

Guide to Cyber Security Compliance with GDPR Guide to Cyber Security Compliance with GDPR Security V1.3 General Data Protection Regulation GDPR Overview What is GDPR? An EU regulation coming into force in May 2018 Which means it applies to all EU

More information

GDPR Workflow White Paper

GDPR Workflow White Paper White Paper The European Union is implementing new legislation with the objective of protecting personal data of citizens within the EU and giving them more control over how their data is used. Hefty fines

More information

Requirements for a Managed System

Requirements for a Managed System GDPR Essentials Requirements for a Managed System QG Publication 6 th July 17 Document No. QG 0201/4.3 Requirements for a Managed GDPR System The General Data Protection Regulation GDPR will apply in the

More information

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY 25 2018 A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018 A 7-step practical guide to achieving and maintaining

More information

Eight Minute Expert GDPR

Eight Minute Expert GDPR Eight Minute Expert GDPR GDPR Login Password MIN1 What is the GDPR? The General Data Protection Regulation is a new regulation by the EU that will replace the current Data Protection Directive of 1995.

More information

Islam21c.com Data Protection and Privacy Policy

Islam21c.com Data Protection and Privacy Policy Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach

More information

Made In Hackney Data Protection Policy Last Updated:

Made In Hackney Data Protection Policy Last Updated: Made In Hackney Data Protection Policy Last Updated: 16.05.2018 Definitions Charity GDPR Responsible Person Register of Systems Made In Hackney (MIH), a registered charity. means the General Data Protection

More information

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

Arkadin Data protection & privacy white paper. Version May 2018

Arkadin Data protection & privacy white paper. Version May 2018 Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data

More information

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February, GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

PRIVACY NOTICE (TIER 4)

PRIVACY NOTICE (TIER 4) Page: 1 of 6 1. Scope All data subjects whose personal data is collected, in line with the requirements of the GDPR. 2. Responsibilities 2.1 The Data Protection Officer / GDPR Owner is responsible for

More information

Knowing and Implementing the GDPR Part 3

Knowing and Implementing the GDPR Part 3 Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education

More information

GDPR. Lessons Learned

GDPR. Lessons Learned GDPR Lessons Learned Introduction 01 Privacy is a hot topic Privacy and Data Protection is increasingly in the spotlight and undergoing a paradigm shift in light of the new General Data Protection Regulation

More information

Data Warehouse Risk Assessment (GDPR)

Data Warehouse Risk Assessment (GDPR) Data Warehouse Risk Assessment (GDPR) The new data protection law is effective from 25.05.2018. Individuals will have more control of their personal data and organisations will have to implement a risk

More information

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017 Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World September 20, 2017 The information and opinions expressed by our panelists today are their own, and do not necessarily represent the views of

More information

Data Protection Impact Assessment (DPIA) Last Updated: 21 June, 2018

Data Protection Impact Assessment (DPIA) Last Updated: 21 June, 2018 Data Protection Impact Assessment (DPIA) Last Updated: 21 June, 2018 About CareMonkey CareMonkey is an online and mobile platform for Forms, Medical Records and Field Trip Management. CareMonkey is designed

More information

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than

More information

Information Security. How to be GDPR compliant? 08/06/2017

Information Security. How to be GDPR compliant? 08/06/2017 Information Security How to be GDPR compliant? CREOBIS 08/06/2017 1 Alain Cieslik What Is the Difference Between Security and Privacy? Security: The primary goal of InfoSec is to protect confidentiality,

More information

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018 First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,

More information

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection

DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE Saviour Cachia Commissioner for Information and Data Protection DATA PROTECTION ISACA MALTA CHAPTER BIENNIAL CONFERENCE 2016 Saviour Cachia Commissioner for Information and Data Protection Conception of DPA Council of Europe ETS 108 Convention on the protection of

More information

All you need to know and do to comply with the EU General Data Protection Regulation

All you need to know and do to comply with the EU General Data Protection Regulation All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal

More information

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper

GDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper White paper GDPR preparedness with OpenText InfoArchive The new EU privacy law, GDPR, will be in effect in less than a year. OpenText has the solutions to help you prepare and comply to this new law. Contents

More information

Helping you to be GDPR compliant

Helping you to be GDPR compliant Helping you to be GDPR compliant Helping you to be GDPR compliant 01 Privacy Compliance Dashboard Your campaign Privacy Compliance Dashboard is a transparent view where you identify the contact information

More information

Wonde may collect personal information directly from You when You:

Wonde may collect personal information directly from You when You: Privacy Policy Updated: 17th April 2018 1. Scope At Wonde, we take privacy very seriously. We ve updated our privacy policy ( Policy ) to ensure that we communicate to You, in the clearest way possible,

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Eight Minute Expert GDPR. Login. Password

Eight Minute Expert GDPR. Login. Password Eight Minute Expert GDPR Login Password MIN1 What is the GDPR? The General Data Protection Regulation is a new regulation by the EU that will replace the current Data Protection Directive of 1995. It is

More information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.

More information

Building Trust in the Cloud Era - Protect, Respect Personal Data

Building Trust in the Cloud Era - Protect, Respect Personal Data Cloud Expo Asia 18 May 2016 Building Trust in the Cloud Era - Protect, Respect Personal Data Stephen Kai-yi Wong Privacy Commissioner for Personal Data, Hong Kong The Hong Kong Data Protection Law The

More information

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES Forum financier du Brabant wallon 14.12.2017 Data Protection should be part of every company s or organisation s DNA Do you process

More information

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers

More information

enter into application on 25 May 2018

enter into application on 25 May 2018 General Data Protection Regulation What is GDPR? Is GDPR applicable for you? Which actions are required from you (and us)? Which rights do your clients have and which services can KBC Securities s provide

More information

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise Disruptive Technologies Legal and Regulatory Aspects 16 May 2017 Investment Summit - Swiss Gobal Enterprise Legal and Regulatory Framework in Switzerland Legal and regulatory Framework: no laws or provisions

More information

Staying GDPR Ready with MaaS360. Ankur Acharya Offering Manager, IBM MaaS360

Staying GDPR Ready with MaaS360. Ankur Acharya Offering Manager, IBM MaaS360 Staying GDPR Ready with MaaS360 Ankur Acharya Offering Manager, IBM MaaS360 GDPR Overview Unified data protection law Most important change in data privacy regulations in 20 years Will replace the existing

More information

GDPR Controls and Netwrix Auditor Mapping

GDPR Controls and Netwrix Auditor Mapping GDPR Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About GDPR The General Data Protection Regulation (GDPR) is a legal act of the European Parliament and the Council (Regulation

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Introduction Stewart Watt & Co. is law firm and provides legal advice and assistance to its clients. It is regulated by the Law Society of Scotland. The personal data that Stewart

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions General Data Protection Regulation Frequently Asked Questions (FAQ) This document addresses some of the frequently asked questions regarding the General Data Protection Regulation (GDPR), which goes into

More information

Processing Cyber Threat Data Through the GDPR Regulatory Lens: for Operational Compliance with GDPR

Processing Cyber Threat Data Through the GDPR Regulatory Lens: for Operational Compliance with GDPR Processing Cyber Threat Data Through the GDPR Regulatory Lens: for Operational Compliance with GDPR and Improved Privacy Risk Management John Sabo, CISSP Chair OASIS IDTrust Member Section Chair, OASIS

More information

Implementing the new GDPR: what does it mean for Universities?

Implementing the new GDPR: what does it mean for Universities? Implementing the new GDPR: what does it mean for Universities? Case study Alumni Portal Cosimo Monda Director - European Centre on Privacy and Cybersecurity Maastricht University Twitter: @ecpcmaastricht

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act (DPA) 2018 [UK] For information on this Policy or to request Subject Access please

More information

Managing SaaS risks for cloud customers

Managing SaaS risks for cloud customers Managing SaaS risks for cloud customers Information Security Summit 2016 September 13, 2016 Ronald Tse Founder & CEO, Ribose For every IaaS/PaaS, there are 100s of SaaS PROBLEM SaaS spending is almost

More information

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

Data Protection Policy

Data Protection Policy The Worshipful Company of Framework Knitters Data Protection Policy Addressing the General Data Protection Regulation (GDPR) 2018 [EU] and the Data Protection Act 1998 (DPA) [UK] For information on this

More information

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international

More information

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder

GDPR effects on Gift Aid. Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder GDPR effects on Gift Aid Presented by Keren Caird Business Development Gift Aid Manager Sue Ryder Accountability Processed lawfully, fairly and in a transparent manner Collected for specified, explicit

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

Designing GDPR compliant software

Designing GDPR compliant software Designing GDPR compliant software 1 Alain Cieslik Agenda o GDPR Summary o What does compliance with GDPR mean? o Example of GDPR Accountability o Consent & Purpose Management o What does security mean

More information

Getting ready for GDPR

Getting ready for GDPR Getting ready for GDPR Cybersecurity for Data Protection Brought to you by: What is GDPR? The (GDPR) is the European Union s response to the increasing privacy demands of the European society. The primary

More information

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

Little Blue Studio. Data Protection and Security Policy. Updated May 2018 Little Blue Studio Data Protection and Security Policy Updated May 2018 Contents Introduction... 3 Purpose... 3 Application... 3 General Data Protection Regulation (GDPR)... 3 Handling personal information,

More information

GDPR Compliance. Clauses

GDPR Compliance. Clauses 1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The

More information

Website Privacy Notice

Website Privacy Notice This privacy notice explains the processing of personal data on the website of Assurity Consulting Ltd (including the entity of Assurity Consulting Holdings Ltd). Assurity Consulting Ltd is committed to

More information

Privacy by Design and Privacy by Default

Privacy by Design and Privacy by Default Privacy by Design and Privacy by Default Suk Kim, VP, General Counsel, Urban Airship, Inc. Amanda Gratchner, Principal, IdeaLegal, LLC Alex Wall, Privacy Counsel, Marketo, Inc. The General Data Protection

More information

Embedding GDPR into the SDLC

Embedding GDPR into the SDLC Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience

More information

Altitude Software. Data Protection Heading 2018

Altitude Software. Data Protection Heading 2018 Altitude Software Data Protection Heading 2018 How to prevent our Contact Centers from Data Leaks? Why is this a priority for Altitude? How does it affect the Contact Center environment? How does this

More information

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) Page 1 of 6 IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT) I. Understanding the need for privacy in the IT environment A. Evolving

More information

Data Protection Policy

Data Protection Policy Data Protection Policy Worcester Action for Youth Last updated 26 November 2018 Definitions Charity means Worcester Action for Youth, a registered charity No. 1169888 GDPR Responsible Person Register of

More information

Charting the Course to GDPR: Setting Sail

Charting the Course to GDPR: Setting Sail SESSION ID: GRC R02 Charting the Course to GDPR: Setting Sail Cindy E. Compert, CIPT/M CTO Data Security & Privacy IBM Security @CCBigData Disclaimer Notice: Clients are responsible for ensuring their

More information