EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Size: px
Start display at page:

Download "EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know"

Transcription

1 EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive (NISD)

2 Our Topics & Agenda Highlights of the Triple Threat General Data Protection Regulation (GDPR) National Information Security Directive (NISD) eprivacy Regulation (epr) Designing a Compliance Program Legal Management Operational Technical Minefields and gotchas Conclusion 2

3 Highlights of the Triple Threats All three are effective May 2018 Expansion of territorial and sectoral application of data security and privacy obligations and sanctions Strict data security and privacy reporting obligations Reflects global trend (e.g., see DFARS, NYSDFS Cybersecurity Regulation) Implicates increasingly broader ecosystem of third- and fourth-party vendors 3

4 General Data Protection Regulation 4

5 Overview What is GDPR? General Data Protection Regulation Replaces local EU Data Protection Directive implementations (e.g., in UK the Data Protection Act ) Starts on May 25, 2018 Who is Subject? All organizations that collect and process personal data of EU Data Subjects regardless of size No longer applies only to organizations with an office the EU is borderless Applies to data processors not just data controllers What are the Penalties? Up to 20M or 4% of organization s annual global turnover, whichever is higher (board attention is now guaranteed) Data subjects can claim compensation for damages from breaches to their personal data

6 Key Requirements Breach Notification Privacy By Design & By Default Data Subject s Rights Consent Data Protection Officer (DPO) Requirement to report privacy breaches to the regulator within 72 hours and potentially to the data subject Firms must, when introducing new technology, minimize the collection of personal data and ensure that the right security controls are in place throughout all development phases New rights include the right to erasure ( right to be forgotten ) and the right to data portability Requirement to gain unambiguous consent (i.e., explicit) DPO required for organizations that conduct regular and systematic monitoring of data subjects on a large scale or process Special Categories of data (e.g., healthcare) on a large scale

7 Top Challenges Data Inventories Third Party Compliance Cross-Border Data Transfers Notice and Consent Right to Erasure Article 30 Requirement to develop Records of processing activities Processors held to essentially the same standard as controllers; Article 28 list of requirements Considerations: Scope, time, and expense Requirement to gain unambiguous consent (i.e., explicit) Is notice given at every collection point? How much search and deletion is enough?

8 Top Challenges Privacy By Design & By Default Breach Notification Art. 25 Two considerations: (1) data minimization and (2) information security Meeting the 72-hour requirement Data Protection Impact Assessments Data Protection Officer (DPO) Privacy Policy Art. 29 WP 248 list of 10 criteria Art. 37 Determining whether you need a DPO. Some confusion vs. Art. 35 Data Protection Impact Assessments (DPIA) Implied by Art. 32; a principle organizational control; policies vs. notices

9 eprivacy Regulation 9

10 eprivacy Regulation January 2017, the European Commission published draft eprivacy Regulation to replace current eprivacy Directive Consolidates member state implementation and Align with the General Data Protection Regulation Applies to any provider of electronic communications services ( ECS ) or to any entity that processes electronic communications data ECS includes voice telephony, SMS, , internet access services, services consisting wholly or in part in the conveyance of signals (e.g., radio), VoIP, messaging services including services where the messaging function is ancillary (such as dating apps or video game services), web-based , connected devices (e.g., Internet of Things devices), and public and semi-private Wi-Fi hotspots. 10

11 eprivacy What s in scope? Entities that process electronic communications data now include Telecoms Providers of publicly available directories Software providers permitting electronic communications, including the presentation and retrieval of online information Natural and legal persons who use ECS to send direct marketing communications or collect information from or stored in end users terminal equipment. The Regulation applies to: Data processed in connection with ECS in the EU, regardless of whether the data is processed in the EU or elsewhere. It also applies to data associated with electronic communications sent from outside the EU to users in the EU. 11

12 Liability & Penalties The Regulation Permits users to bring suit against any entity that violates the Regulation s provisions. Users may sue for both material and non-material damages. Data protection authorities also have the right to impose monetary penalties for violations of the Regulation. Administrative penalties for violations of the Regulation will correspond with those laid out in the GDPR, ranging up to $10m Euro or 2% of the worldwide annual turnover to up to $20m Euro or 4% of worldwide turnover, whichever is greater, depending on the type of violation. 12

13 The Network and Information Security Directive (NISD) 13

14 NISD The purpose is to ensure a high common level of network and information security across the Union. The NIS Directive provides legal measures to boost the overall level of cybersecurity in the EU by ensuring: Preparedness via a Computer Security Incident Response Team (CSIRT) and a competent national NIS authority; Cooperation among Member States to support and facilitate strategic cooperation and exchange of information Establishment of CSIRT Network to promote swift and effective operational cooperation on specific cybersecurity incidents Creation of terms Operators of Essential Services ( OES ) Digital Service Providers ( DSP ) 14

15 NISD Directive covers sectors vital for our economy and society ( OES ) Energy Transport Water Banking Financial market infrastructures Healthcare and digital infrastructure Additional Providers in Scope Key digital service providers ( DSP ) Search engines Cloud computing services and Online marketplaces 15

16 NISD Adopted by the European Parliament on 6 July The Directive entered into force in August Member States will have 21 months to transpose the Directive into their national laws and 6 months more to identify operators of essential services. Germany has passed the NIS Directive Implementation Act ( NIS-Umsetzungsgesetz ) in April 2017 Significantly increases the territorial and sectoral scope of organizations subject to EU cybersecurity and privacy obligations and introduces strict data security and breach disclosure obligations with potentially severe penalties for non-compliance 16

17 Discussion What are the opportunities for synchronizing internal initiatives to respond to the Triple Threat? What foundational steps should be taken over the next 3 months? How does the GC balance the business drivers associated with automated processing/profiling and the related security and privacy risks? What are three minefields in driving to the finish line? Who owns these initiatives? 17

NIS-Directive and Smart Grids

NIS-Directive and Smart Grids NIS-Directive and Smart Grids Workshop on European Smart Grid Cybersecurity: Emerging Threats and Countermeasures Marie Holzleitner Table of Content Aims & Objectives Affected Parties Selected Requirements

More information

Directive on Security of Network and Information Systems

Directive on Security of Network and Information Systems European Commission - Fact Sheet Directive on Security of Network and Information Systems Brussels, 6 July 2016 Questions and Answers The European Parliament's plenary adopted today the Directive on Security

More information

ENISA s Position on the NIS Directive

ENISA s Position on the NIS Directive ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides

More information

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant

More information

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

How icims Supports. Your Readiness for the European Union General Data Protection Regulation How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection

More information

Network and Information Security Directive

Network and Information Security Directive Network and Information Security Directive Provisions + ENISA s activities Dr Evangelos Ouzounis Head of Secure Infrastructure and Services Unit, ENISA European Union Agency for Network and Information

More information

Directive on security of network and information systems (NIS): State of Play

Directive on security of network and information systems (NIS): State of Play Directive on security of network and information systems (NIS): State of Play Svetlana Schuster Unit H1 Cybersecurity and Digital Privacy DG Communications Networks, Content and Technology, European Commission

More information

Regulating Cyber: the UK s plans for the NIS Directive

Regulating Cyber: the UK s plans for the NIS Directive Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

The NIS Directive and Cybersecurity in

The NIS Directive and Cybersecurity in The NIS Directive and Cybersecurity in ehealth Dr. Athanasios Drougkas Officer in NIS Belgian Hospitals Meeting on Security Brussels 13 th October European Union Agency For Network And Information Security

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

General Data Protection Regulation (GDPR) NEW RULES

General Data Protection Regulation (GDPR) NEW RULES General Data Protection Regulation (GDPR) NEW RULES AGENDA A. GDPR : general overview B. Sectorial topics and concerns GDPR GENERAL OVERVIEW 1. GDPR : WHAT IS IT AND WHY CARE? 27 April 2016 : Approval

More information

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon Changing times in Swiss Data Privacy: new opportunities? Clara-Ann Gordon Which countries have Data Protection Laws? Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 2 Different Data

More information

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

The Network and Information Security Directive - ENISA's contribution

The Network and Information Security Directive - ENISA's contribution The Network and Information Security Directive - ENISA's contribution Konstantinos Moulinos Information Security Expert 3rd IMPROVER- ERNCIP Operators Workshop Lisbon 23.05.2018 European Union Agency for

More information

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD)

COUNCIL OF THE EUROPEAN UNION. Brussels, 24 May /13. Interinstitutional File: 2013/0027 (COD) COUNCIL OF THE EUROPEAN UNION Brussels, 24 May 2013 Interinstitutional File: 2013/0027 (COD) 9745/13 TELECOM 125 DATAPROTECT 64 CYBER 10 MI 419 CODEC 1130 NOTE from: Presidency to: Delegations No. Cion

More information

Discussion on MS contribution to the WP2018

Discussion on MS contribution to the WP2018 Discussion on MS contribution to the WP2018, 30 January 2018 European Union Agency for Network and Information Security Possibilities for MS contribution to the WP2018 Expert Groups ENISA coordinates several

More information

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international

More information

CNPD Course: Data Protection Basics

CNPD Course: Data Protection Basics CNPD Course: Data Protection Basics Presentation of Luxembourg s data protection authority Esch-sur-Alzette Dani Jeitz 7-8 February 2018 Service juridique Programme 1. Introduction 2. Basic knowledge 3.

More information

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world In May 2018, the European Union s new General Data Protection

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across

More information

GDPR - Are you ready?

GDPR - Are you ready? GDPR - Are you ready? Anne-Marie Bohan and Michael Finn 24 March 2018 Matheson Ranked Ireland s Most Innovative Law Firm Financial Times 2017 International Firm in the Americas International Tax Review

More information

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular

Creating NIS Compliant Country in a Non-Regulated Environment. Jurica Čular Creating NIS Compliant Country in a Non-Regulated Environment Jurica Čular (jcular@zsis.hr) What NIS actually is? NIS Directive NIS Network Information Security Directive EU Cyber Security Policy Mandatory

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

Our agenda. The basics

Our agenda. The basics GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially

More information

Implementing the new GDPR: what does it mean for Universities?

Implementing the new GDPR: what does it mean for Universities? Implementing the new GDPR: what does it mean for Universities? Case study Alumni Portal Cosimo Monda Director - European Centre on Privacy and Cybersecurity Maastricht University Twitter: @ecpcmaastricht

More information

COMMENTARY. The New EU Cybersecurity Directive: What Impact on Digital Service Providers? Relevant Terms

COMMENTARY. The New EU Cybersecurity Directive: What Impact on Digital Service Providers? Relevant Terms August 2016 COMMENTARY The New EU Cybersecurity Directive: What Impact on Digital Service Providers? On August 8, 2016, the Directive on Security of Network and Information Systems ( NIS Directive ) entered

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo 15.9.2017 European Union Agency for Network and Information Security Fighting fraud in school

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive)

ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) ETNO Reflection Document on the EC Proposal for a Directive on Network and Information Security (NIS Directive) July 2013 Executive Summary ETNO supports the European Commission s global approach to cyber-security

More information

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.

More information

Recommendations on How to Tackle the D in GDPR. White Paper

Recommendations on How to Tackle the D in GDPR. White Paper Recommendations on How to Tackle the D in GDPR White Paper ABOUT INFORMATICA Digital transformation changes expectations: better service, faster delivery, with less cost. Businesses must transform to stay

More information

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018 First aid toolkit for the management of data breaches Mary Deligianni Senior Associate 15 February 2018 What is a personal data breach? Breach of security which leads to the accidental or unlawful destruction,

More information

Committee on the Internal Market and Consumer Protection

Committee on the Internal Market and Consumer Protection European Parliament 2014-2019 AMDMTS: 12 Regulation on ISA, the "EU Cybersecurity Agency", and repealing Regulation (EU) s created with Go to http://www.at4am.ep.parl.union.eu \000000.doc United in diversity

More information

How the GDPR will impact your software delivery processes

How the GDPR will impact your software delivery processes How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use

More information

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts Rebecca Eisner Partner +1 312 701 8577 reisner@mayerbrown.com Mark Prinsley Partner +44 20 3130 3900] mprinsley@mayerbrown.com

More information

EY s data privacy service offering

EY s data privacy service offering EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations

More information

DATA PROTECTION BY DESIGN

DATA PROTECTION BY DESIGN DATA PROTECTION BY DESIGN Preparing for Europe s New Security Regulations Summary In 2018, the European Union will begin to enforce the provisions of the General Data Protection Regulation (GDPR), a new

More information

NIS Directive development The Incident Notification Framework

NIS Directive development The Incident Notification Framework NIS Directive development The Incident Notification Framework Dan Tofan #certcon 30.10.2017 Bucharest European Union Agency for Network and Information Security Topics 01 NISD Short Intro 02 The incident

More information

Core Elements of HIPAA The Privacy Rule establishes individuals privacy rights and addresses the use and disclosure of protected health information ( PHI ) by covered entities and business associates The

More information

IAB Europe Guidance CONTROLLER-PROCESSOR CRITERIA. IAB Europe GDPR Implementation Working Group. Version July Working Paper 05/2018

IAB Europe Guidance CONTROLLER-PROCESSOR CRITERIA. IAB Europe GDPR Implementation Working Group. Version July Working Paper 05/2018 Guidance WHITE PAPER CONTROLLER-PROCESSOR CRITERIA Five Practical Steps to help companies comply with the E-Privacy Directive Working Paper 05/2018 GDPR Implementation Working Group Version 1.0 19 July

More information

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE

CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 18-19 APRIL, SKOPJE CONCLUSIONS OF THE WESTERN BALKANS DIGITAL SUMMIT 2018 At the Trieste Western Balkans Summit, we stressed the importance of the

More information

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud

Cybersecurity Policy in the EU: Security Directive - Security for the data in the cloud Cybersecurity Policy in the EU: The Network and Information Security Directive - Security for the data in the cloud Microsoft Commitment to Cybersecurity Security at the heart of our products and services

More information

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017 European Union Agency for Network and Information Security Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM

More information

Cybersecurity & Digital Privacy in the Energy sector

Cybersecurity & Digital Privacy in the Energy sector ENERGY INFO DAYS Brussels, 25 October 2017 Cybersecurity & Digital Privacy in the Energy sector CNECT.H1 Cybersecurity & Digital Privacy, DG CNECT ENER.B3 - Retail markets; coal & oil, DG ENER European

More information

All you need to know and do to comply with the EU General Data Protection Regulation

All you need to know and do to comply with the EU General Data Protection Regulation All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal

More information

Adtech and GDPR What to consider when choosing your partner

Adtech and GDPR What to consider when choosing your partner Adtech and GDPR What to consider when choosing your partner 1 Agenda What to avoid and What to do Where is Adform on GDPR Posibilities for advertisers 2 This is about GDPR, not the unknown eprivacy update

More information

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only. EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Cyber Risk Preface Does the EU GDPR impact organisations in India? Yes! This

More information

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE TRANSFORM SECURITY DATA PROTECTION SOLUTION OVERVIEW IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE Introduction This Solution Overview is intended for IT personnel interested in the VMware perspective

More information

The SPARKS Project Motivation, Objectives and Results

The SPARKS Project Motivation, Objectives and Results The SPARKS Project Motivation, Objectives and Results Paul Smith paul.smith@ait.ac.at AIT Austrian Institute of Technology SEGRID Project Workshop 14 th November, 2016, Barcelona, Spain The SPARKS Project

More information

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document EUROPEAN COMMISSION Strasbourg, 7.2.2013 SWD(2013) 31 final COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT Accompanying the document Proposal for a Directive of the European

More information

Call for Expressions of Interest

Call for Expressions of Interest Call for Expressions of Interest ENISA M/CEI/17/T01 Experts for assisting in the implementation of the annual ENISA Work Programme TECHNICAL DESCRIPTION CONTENTS TECHNICAL DESCRIPTION... 3 1. INTRODUCTION...

More information

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall

More information

GDPR compliance: some basics & practical to do list

GDPR compliance: some basics & practical to do list GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations

More information

EU data security and privacy trends

EU data security and privacy trends EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst

More information

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services

cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services Enhancing infrastructure cybersecurity in Europe Rossella Mattioli Secure Infrastructures and Services European Union Agency for Network and Information Security Securing Europe s Information society 2

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

General Data Protection Regulation (GDPR) and the Implications for IT Service Management General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

Data Breach Notification: what EU law means for your information security strategy

Data Breach Notification: what EU law means for your information security strategy Data Breach Notification: what EU law means for your information security strategy Olivier Proust December 8, 2011 Hunton & Williams LLP Key points 1. Introduction 2. Overview of data breach requirements

More information

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3

The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 The European Policy on Critical Information Infrastructure Protection (CIIP) Andrea SERVIDA European Commission DG INFSO.A3 Andrea.Servida@ec.europa.eu What is at stake with CIIs The World Economic Forum

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the

More information

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017 The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017 European Union Agency for Network and Information Security Positioning ENISA

More information

ENISA Cooperation in the EU / NIS Directive

ENISA Cooperation in the EU / NIS Directive ENISA Cooperation in the EU / NIS Directive Paulo Empadinhas Head of Administration & Stakeholders Relations IT STAR Milan, Italy 28 th October 2016 European Union Agency for Network and Information Security

More information

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov

Contributed by Djingov, Gouginski, Kyutchukov & Velichkov Contributed by Djingov, Gouginski, Kyutchukov & Velichkov General I Data Protection Laws National Legislation General data protection laws The Personal Data Protection Act implemented the Data Protection

More information

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team 2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS ENISA Article 19 Team 23 10 2018 GENERAL MODEL SECURITY SUPERVISION Market operators/providers assess security risks, take appropriate measures, and

More information

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU Resilience, Deterrence and Defence: Building strong cybersecurity for the EU 1 Building strong cybersecurity for the EU: Resilience, Deterrence and Defence From reactive to pro-active and cross-policy

More information

NEWSFLASH GDPR N 8 - New Data Protection Obligations

NEWSFLASH GDPR N 8 - New Data Protection Obligations GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine

More information

GDPR and the Privacy Shield

GDPR and the Privacy Shield GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark

More information

Magento GDPR Frequently Asked Questions

Magento GDPR Frequently Asked Questions Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle

More information

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.

More information

ENISA EU Threat Landscape

ENISA EU Threat Landscape ENISA EU Threat Landscape 24 th February 2015 Dr Steve Purser ENISA Head of Department European Union Agency for Network and Information Security www.enisa.europa.eu Agenda ENISA Areas of Activity Key

More information

In Accountable IoT We Trust

In Accountable IoT We Trust In Accountable IoT We Trust AIOTI WG3 Security & Privacy-in-IoT Taskforces, and H2020 CSA CREATE-IoT & LSPs AG Trust in IoT Arthur van der Wees Managing Director Arthur s Legal, the global tech-by-design

More information

Data Leak Protection legal framework and managing the challenges of a security breach

Data Leak Protection legal framework and managing the challenges of a security breach Data Leak Protection legal framework and managing the challenges of a security breach ACC Europe's Annual Conference 2009 June 7-9, 2009 Geneva Alexander Duisberg Partner, Bird & Bird LLP About Bird &

More information

Package of initiatives on Cybersecurity

Package of initiatives on Cybersecurity Package of initiatives on Cybersecurity Presentation to Members of the IMCO Committee Claire Bury Deputy Director-General, DG CONNECT Brussels, 12 October 2017 Building EU Resilience to cyber attacks Creating

More information

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.

USER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection

More information

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Agenda Principal Obligations Under GDPR Key U.S. Privacy & Cybersecurity Laws E.U.

More information

IEEE GDPR Implementation & NTC

IEEE GDPR Implementation & NTC IEEE GDPR Implementation & NTC Ed Perkins, Oregon Section & R6 NWA Chair Based on GDPR presentation at IEEE Conferences Committee 15 February 2018 by: Kevin Dresely, Business Planning and Analysis Director

More information

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know

Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Exploring the European Commission s Network and Information Security Directive (NIS) What every CISO should know Aristotelis Tzafalias Programme Officer, Trust and Security DG Communications Networks,

More information

I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE

I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE By Clyde Vanel, NYS Assemblyman, Chair, Subcommittee on Internet & New Technologies HELP, I GOT ROBBED! I felt like screaming that line

More information

Islam21c.com Data Protection and Privacy Policy

Islam21c.com Data Protection and Privacy Policy Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach

More information

Cybersecurity Strategy of the Republic of Cyprus

Cybersecurity Strategy of the Republic of Cyprus Cybersecurity Strategy of the Republic of Cyprus George Michaelides Commissioner of Electronic Communications and Postal Regulation http://www.ocecpr.org.cy 12 th February 2016 Cybersecurity Strategy of

More information

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain Merritt Maxim Principal Analyst Forrester Martijn Loderus Director & Global Practice Partner for Advisory Consulting Janrain Merritt and Martijn will share insights on Digital Transformation & Drivers

More information

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018.

Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary. For Private Circulation Only August 2018. Privacy and Data Protection Draft Personal Data Protection Bill 2018: A Summary For Private Circulation Only August 2018 Introduction Protection of of data principal* is at the core of the draft Personal

More information

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012 ENISA & Cybersecurity Steve Purser Head of Technical Competence Department December 2012 Agenda Protecting Critical Information Infrastructure Input to EU & MS Cyber Security Strategies Assisting Operational

More information

Getting ready for GDPR

Getting ready for GDPR Getting ready for GDPR Cybersecurity for Data Protection Brought to you by: What is GDPR? The (GDPR) is the European Union s response to the increasing privacy demands of the European society. The primary

More information

FAQ about the General Data Protection Regulation (GDPR)

FAQ about the General Data Protection Regulation (GDPR) FAQ about the General Data Protection Regulation (GDPR) 1. When does the GDPR come into force? The GDPR was promulgated 25 May 2016 and comes into effect 25 May 2018. 2. Is there a transition period? We

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

GDPR COMPLIANCE REPORT

GDPR COMPLIANCE REPORT 2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.

More information

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist,

More information

2017 RIMS CYBER SURVEY

2017 RIMS CYBER SURVEY 2017 RIMS CYBER SURVEY This report marks the third year that RIMS has surveyed its membership about cyber risks and transfer practices. This is, of course, a topic that only continues to captivate the

More information