EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

Size: px
Start display at page:

Download "EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world"

Transcription

1 EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

2 In May 2018, the European Union s new General Data Protection Regulation (GDPR) ushers in unprecedented levels of data protection for EU residents. Backed by fines of up to 20 million or 4% of global revenue, whichever is higher, the GDPR gives individuals new, expanded rights over their personal data and heightens the responsibilities and liabilities of controllers and processors, regardless of their geographic location. EU GDPR is a global game changer. No organization storing or processing the personal data of EU residents can afford to be complacent, wherever the organization is based and irrespective of its current privacy maturity level. As well as the urgency of working towards compliance, there is also the opportunity to take a strategic approach to GDPR. EY s risk-based, multi-disciplinary approach targets GDPR investment where it matters most for regulatory compliance and competitive advantage. Drawing on our extensive privacy knowledge and proven tools and methodologies, we help to identify clients highest risks, and design and execute a tailored road map for compliance and beyond. GDPR timeline January 2012 European Commission (EC) proposed GDPR December 2015 GDPR agreed 25 May 2018 GDPR takes full effect Transition period of two years Monitoring and Compliance Ensuring compliance: Monitoring Continuous improvement March 2014 EU Parliament adopted compromise text 14 April 2016 GDPR formally adopted by EU member states 2 EY s data privacy service offering

3 GDPR: what you need to know When GDPR comes into force, it will introduce a raft of new rights for individuals and principles to facilitate and protect the flow of personal data in the market. Among the key changes, organizations must prove that they have a robust accountability framework in place for data protection, an ongoing data protection impact assessment and a privacy-by-design approach. The latter ensuring that data protection safeguards are built into products and services from the earliest stage of development. Key rights for individuals include the right to erasure (right to be forgotten), and the requirement for consent to be explicitly given for specific uses and transfer of sensitive data. Notification regime limited to sensitive data processing/prior checking approach Legitimate interest Right to be forgotten Broad definition of personal data An (almost) harmonized EU data protection regime Data protection officer International data transfers One-stop-shop Extended territorial effect Scope-Defiinitions Formalities Key Changes Data subjects rights Legal grounds grounds for data processing High bar for consent Data portability Children Clear and plain language Profiling Transparency Data minimisation Accountability Appropriate safeguards New principles Security and breach notifiication Enforcement/sanctions Penalties for companies Liability of data processor Impact assessments Security & data breach notification Privacy by design and by default EY s data privacy service offering 3

4 EY approach towards GDPR compliance Five stage transformational approach 1 Understand Getting to grips with the impacts and implications of data privacy The fact that data privacy regulations in general, and GDPR in particular, have broad impacts across the organization, can make it hard to pinpoint their specific effects. It can also be difficult to look beyond the regulatory and technological issues to grasp the competitive opportunities that privacy presents. You should understand your current content and how much GDPR impacts you, in particular looking into: The business and governance models Gather information related to the organization and its adopted strategies to understand the current data protection governance model. Assess the industry and market, the organization s management structure and its digital and data strategy, as well as the data protection measures and awareness in place. 1. Understand 4. Recommend 2. Assess 5. Run 3. Define 2 Assess Strategic alignment and risk appetite Determine the strategic alignment and risk appetite in a workshop. Define the tone at the top towards strategy, risk culture, direction and conduct. the gaps between the current and desired state. This provides input for our team to develop your practical and tailored roadmap to GDPR compliance, including clearly stated goals and purpose. This approach not only drives GDPR compliance, but also increases the data maturity of the business as a whole helping clients to extend their data usage capabilities, and boost the effectiveness of their data analytics and dashboarding. Our broad transformation approach mirrors the cross-functional nature of the GDPR We bring our own multidisciplinary team of professionals, combining knowledge and experience across legal, cybersecurity and data analytics, to engage with stakeholders from all parts of the organization, to bring GDPR to life. 3 Define GDPR maturity and gap assessment To plan out your responses to GDPR, you must first identify the gaps between where you are today in terms of data privacy and where you need to get to in the future. You also need to conduct a Data Protection Impact Assessment (PIA) and map out the flows of data across your operations. All of these elements are part of EY s GDPR assessment and roadmap offering. Often combined with the GDPR awareness workshop, this approach starts with our privacy team executing our proven GDPR assessment to pinpoint Establish the mechanism to address the requirements of the GDPR Data subject rights Define processes to ensure data subject rights are enforceable. Facilitate compliance through privacy by design, e.g., embed user access Data flow mapping and records of processing activities (ROPA) Mapping data flows is vital for identifying your organization s data privacy requirements and implementing data protection processes that comply with relevant regulations, including GDPR. However, all too often, businesses undertake data flow mapping with an IT mindset, meaning it produces outputs that quickly become outdated and are too detailed for use in the business. This is because an IT-orientated data flow mapping tends to focus on specific technical fields rather than the types of data used by business processes. In contrast, an EY data flow mapping rights in online applications. Evaluate and redesign processes for retrieval, correction and erasure of personal data throughout the organization. Vendor and partner management Identify and prioritize the vendor relationships, which include personal data processing activities. Evaluate the contracts, security measures Our five-phased approach is a framework from which we can build a tailored approach for each organization, to operationalize GDPR, and provide compliance and beyond. 4 Recommend Based on company assessments getting situational insights and making a privacy risk assessment, EY recommend the processes and measures defined in the previous phase 3, by leveraging existing processes within the organization. Ensure that data protection governance and documentation are in place by introducing internal guidelines and process documentation. 5 Run Privacy control framework Facilitate compliant personal data management through a holistic privacy control framework, integrating data protection throughout the organization, including project management, process and product development, as well as risk and vendor management. EY can help with Privacy strategy and governance Privacy design and implementation 4 EY s data privacy service offering

5 Data protection and privacy framework Leverage acknowledged frameworks, gather information and create an understanding of the existing data protection and privacy posture of the organization, including policies, standards and guidelines. Legal and regulatory framework Understand the organization s status and compliance toward the applicable laws and regulations, specifically GDPR and sector-specific laws and regulations. Data transfers with vendors and partners Understand the organization s vendors and partners, including providers of cloud services and outsourcing. Create an overview of data transfers abroad, and understand the legal and regulatory impact Raising awareness Ensure data protection and privacy awareness through appropriate information, and specific data protection awareness trainings and workshops. An EY GDPR awareness workshop helps clients understand why privacy is much more than just a compliance or security issue. After the workshop, your business will understand how you are impacted by GDPR and be well equipped to navigate today s complex privacy landscape. delivers business-driven results at high pace, by focusing on the business-relevant aspects of data and applying leadingedge data discovery tools and strong data governance. encompassing the full privacy life cycle shown below, will help you embed data privacy and data protection into the design of all your processes and applications that process personal data. 5 Review of privacy expectations 1 Appropriate collection of data Map data flows to enhance the implementation support of data privacy. The identified data streams can be used to determine the requirements for privacy (on the basis of applicable laws and regulations) and setting up data protection. On this basis, formalize the records of processing activities which will serve as the foundation for a privacy risk assessment and the DPIA if applicable. Data Protection Impact Assessment (DPIA) and privacyby-design A high quality DPIA process throughout the organization is imperative for ensuring compliance with GDPR. An EY DPIA, EY can support you in the design and execution of DPIAs using our established GDPR toolset, and supplement this with training to raise data privacy awareness and compliance across the organization. Assess personal data collection and processing activities with a data protection impact assessment to identify the risks inherent to the personal data processing activities. Reduce such risks by redefining the processes in accordance with the principles of privacy by design and privacy by default. 4 Appropriate retention and disposal Privacy life cycle 3 Managed disclosure Privacy risk assessment 2 Relevant use of data GDPR is a regulation which should trigger responses commensurate with the privacy risk exposure of the organisations. A privacy risk assessment shall be conducted to develop solid recommendations for the implementation and remediation steps in light of company s risk appetite and level of compliance gap. and oversight governance against compliance with GDPR and define a strategy to renegotiate personal data processing agreements. Ensure appropriate security measures and vendor management are in place by defining a lean oversight governance. Monitoring and incident handling Define a process for personal data breach monitoring and reporting. Develop a process for personal data breach reporting towards the data protection authority and towards the data subjects. Design templates and communication approval processes to ensure that the notification deadline of 72 hours can be met. Governance, policy, standards and guidelines Redefine the data protection governance model, including a detailed description of the roles and responsibilities with regard to management of external relationships and communication with regulators. These actions as well as the ones defined in phase 5 will help to comply with the accountability principle, moving towards compliance. Roadmap The roadmap contains the necessary actions identified during the assessments and workshops. It focuses on compliance towards the applicable laws and regulations, and the defined privacy and data protection strategy. Data flow mapping Managed services On-site and web-based data privacy and GDPR awareness Data protection impact assessments Privacy program and data management Compliance monitoring Privacy and data analytics, including anonymization and pseudonymization Maturity assessment Gap assessment Data breach notification and incident management Data breach stress tests Third-party and vendor management Continuous improvement EY s data privacy service offering 5

6 Why EY? Extensive privacy knowledge and experience EY employs over 200 Certified Information Privacy Professionals (CIPPs) across EU and privacy lawyers to help organizations to better understand data privacy risk and GDPR compliance. Close cooperation with EY legal specialists means EY CIPPs can translate legal requirements into a risk-based, customized approach. Highly experienced For over a decade, EY has assisted multi-national organizations in understanding privacy and data protection and regulations such as GDPR. Using their deep industry and client knowledge, EY has helped clients across financial services achieve both compliance and competitive advantage through effective GDPR programs, from gap analysis through to ongoing managed services. Global teams EY teams work within common global structures so they can easily draw on EY s global industry and functional experts to bring insights on legislation, regulations and business practice across the globe. EY has proven success in rollout across multiple countries. Professional approach EY uses a risk-based, multi-disciplinary approach supported by robust tools and methodologies to help you to understand the impact of GDPR on your organization, achieve timely and consistent GDPR compliance and leverage GDPR for wider strategic benefit. How EY can help 1 Approach Comprehensive transformation approach to guide our clients 2 Risks Identification of high risks and focus on compliance with current legislation while keeping sight of the GDPR readiness 3 Cooperation Close cooperation with EY regulatory and compliance to transpose regulatory requirements into customized approach 4 Solutions Multi-disciplinary solutions by integrating the IT, risk and business perspectives of privacy EY s unique approach 5 Assessments Unique combination of maturity and Privacy Impact Assessments 6 Tools Maturity and Privacy Impact Assessment, data discovery tools and enablers to support our engagements 6 EY s data privacy service offering

7 Is your organization ready for the EU General Data Protection Regulation? Now it is time to take appropriate actions towards becoming compliant with GDPR. Areas of consideration based on EY approach are as follows: Expanded scope Are you a data processor or a data controller processing personal data inside the EU or processing the personal data of EU citizens? DPOs Do you conduct large-scale systematic monitoring (including employee data) or process large amounts of sensitive personal data? New rights Do you know how will comply with the new rights: the right to be forgotten, the right to data portability and the right to object to profiling? Accountability Do you conduct large-scale systematic monitoring (including employee data or process large amounts of sensitive personal data? Privacy by design Do you design data protection and privacy requirements into the development of your business processes and new systems? Mandatory breach notification Would you be able to notify a data protection supervisory authority of a data breach within 72 hours? EY s data privacy service offering 7

8 EY Assurance Tax Transactions Advisory About EY EY is a global leader in assurance, tax, transaction and advisory services. The insights and quality services we deliver help build trust and confidence in the capital markets and in economies the world over. We develop outstanding leaders who team to deliver on our promises to all of our stakeholders. In so doing, we play a critical role in building a better working world for our people, for our clients and for our communities. EY refers to the global organization, and may refer to one or more, of the member firms of Ernst & Young Global Limited, each of which is a separate legal entity. Ernst & Young Global Limited, a UK company limited by guarantee, does not provide services to clients. For more information about our organization, please visit ey.com Ernst & Young Business Advisory Services S. à R. L. All Rights Reserved. ED none This material has been prepared for general informational purposes only and is not intended to be relied upon as accounting, tax, or other professional advice. Please refer to your advisors for specific advice. ey.com/luxembourg Contacts To find out more about any of our privacy-related services and how EY can help you use GDPR as a catalyst for change, beyond compliance, please contact: Olivier Maréchal GDPR Advisory Services Leader Partner, Advisory Leader for Financial Services Olivier.Marechal@lu.ey.com Philippe Belche Senior Manager, Legal Advisory Services Philippe.Belche@lu.ey.com Patrice Fritsch Directeur Associé Managed services Patrice.Fritsch@lu.ey.com Karim Bouaissi Senior Manager, IT Risk Assurance, Financial Sector Karim.Bouaissi@lu.ey.com Alexandre Minarelli Director, IT Risk & Assurance Leader, Commercial and Public Sector Alexandre.Minarelli@lu.ey.com Alejandro del Rio Manager alejandro.del-rio@lu.ey.com

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR) Developing your GDPR response for competitive advantage EU General Data Protection Regulation (GDPR) Introduction In May 2018, the EU s new GDPR ushers in unprecedented levels of data protection for EU

More information

EY s data privacy service offering

EY s data privacy service offering EY s data privacy service offering How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world Introduction Data privacy encompasses the rights and obligations

More information

EY s Data Privacy Services. January 2019

EY s Data Privacy Services. January 2019 EY s Data Privacy Services January 2019 Introduction Data privacy encompasses the rights and obligations of individuals and organizations with respect to the collection, use, disclosure, and retention

More information

GDPR: A QUICK OVERVIEW

GDPR: A QUICK OVERVIEW GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance

More information

Demonstrating data privacy for GDPR and beyond

Demonstrating data privacy for GDPR and beyond Demonstrating data privacy for GDPR and beyond EY data privacy assurance services Introduction The General Data Protection Regulation (GDPR) is ushering in a new era of data privacy in Europe. Organizations

More information

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

Plan a Pragmatic Approach to the new EU Data Privacy Regulation AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General

More information

GDPR. Lessons Learned

GDPR. Lessons Learned GDPR Lessons Learned Introduction 01 Privacy is a hot topic Privacy and Data Protection is increasingly in the spotlight and undergoing a paradigm shift in light of the new General Data Protection Regulation

More information

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services

Introduction. When it comes to GDPR compliance, is OK for now enough? Minds made for protecting financial services When it comes to GDPR compliance, is OK for now enough? EY CertifyPoint s GDPR certification process will help you achieve and demonstrate compliance. Minds made for protecting financial services Introduction

More information

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As

More information

Protecting your data. EY s approach to data privacy and information security

Protecting your data. EY s approach to data privacy and information security Protecting your data EY s approach to data privacy and information security Digital networks are a key enabler in the globalization of business. They dramatically enhance our ability to communicate, share

More information

Big data privacy in Australia

Big data privacy in Australia Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that

More information

EU General Data Protection Regulation (GDPR) Achieving compliance

EU General Data Protection Regulation (GDPR) Achieving compliance EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,

More information

Data Management and Security in the GDPR Era

Data Management and Security in the GDPR Era Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini

More information

The GDPR Are you ready?

The GDPR Are you ready? The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection

More information

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready? European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability

More information

General Data Protection Regulation (GDPR) The impact of doing business in Asia

General Data Protection Regulation (GDPR) The impact of doing business in Asia SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer

More information

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant

More information

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive

More information

The Role of the Data Protection Officer

The Role of the Data Protection Officer The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services

More information

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach

Customer Breach Support A Deloitte managed service. Notifying, supporting and protecting your customers through a data breach Customer Breach Support A Deloitte managed service Notifying, supporting and protecting your customers through a data breach Customer Breach Support Client challenges Protecting your customers, your brand

More information

ISACA Cincinnati Chapter March Meeting

ISACA Cincinnati Chapter March Meeting ISACA Cincinnati Chapter March Meeting Recent and Proposed Changes to SOC Reports Impacting Service and User Organizations. March 3, 2015 Presenters: Sayontan Basu-Mallick Lori Johnson Agenda SOCR Overview

More information

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

How icims Supports. Your Readiness for the European Union General Data Protection Regulation How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection

More information

Cybersecurity Considerations for GDPR

Cybersecurity Considerations for GDPR Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017

More information

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling

More information

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across

More information

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient?

Canada Highlights. Cybersecurity: Do you know which protective measures will make your company cyber resilient? Canada Highlights Cybersecurity: Do you know which protective measures will make your company cyber resilient? 21 st Global Information Security Survey 2018 2019 1 Canada highlights According to the EY

More information

How the GDPR will impact your software delivery processes

How the GDPR will impact your software delivery processes How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use

More information

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services

Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services Forensic analysis with leading technology: the intelligent connection Fraud Investigation & Dispute Services Forensic Technology & Discovery Services EY s Forensic

More information

NEWSFLASH GDPR N 8 - New Data Protection Obligations

NEWSFLASH GDPR N 8 - New Data Protection Obligations GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine

More information

Accelerate GDPR compliance with the Microsoft Cloud

Accelerate GDPR compliance with the Microsoft Cloud Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with

More information

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only. EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations For private circulation only Cyber Risk Preface Does the EU GDPR impact organisations in India? Yes! This

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant

More information

EXAM PREPARATION GUIDE

EXAM PREPARATION GUIDE EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills

More information

EU data security and privacy trends

EU data security and privacy trends EU data security and privacy trends Top issues for HR and global mobility 26 29 October 2014 Disclaimer EY refers to the global organization, and may refer to one or more, of the member firms of Ernst

More information

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016 Pēteris Zilgalvis, J.D., Head of Unit for Health and Well-Being, DG CONNECT Table of Contents 1. Context

More information

Google Cloud & the General Data Protection Regulation (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR) Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to

More information

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

EU GDPR and  . The complete text of the EU GDPR can be found at  What is GDPR? EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing

More information

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

General Data Protection Regulation (GDPR) and the Implications for IT Service Management General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection

More information

GDPR COMPLIANCE REPORT

GDPR COMPLIANCE REPORT 2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.

More information

Regulating Cyber: the UK s plans for the NIS Directive

Regulating Cyber: the UK s plans for the NIS Directive Regulating Cyber: the UK s plans for the NIS Directive September 2017 If you are a digital service provider or operate an essential service then new security and breach notification obligations may soon

More information

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:

More information

M&A Cyber Security Due Diligence

M&A Cyber Security Due Diligence M&A Cyber Security Due Diligence Prepared by: Robert Horton, Ollie Whitehouse & Sherief Hammad Contents Page 1 Introduction 3 2 Technical due diligence goals 3 3 Enabling the business through cyber security

More information

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO White Paper Incentives for IoT Security May 2018 Author: Dr. Cédric LEVY-BENCHETON, CEO Table of Content Defining the IoT 5 Insecurity by design... 5 But why are IoT systems so vulnerable?... 5 Integrating

More information

Safeguarding unclassified controlled technical information (UCTI)

Safeguarding unclassified controlled technical information (UCTI) Safeguarding unclassified controlled technical information (UCTI) An overview Government Contract Services Bulletin Safeguarding UCTI An overview On November 18, 2013, the Department of Defense (DoD) issued

More information

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...

More information

Turning Risk into Advantage

Turning Risk into Advantage Turning Risk into Advantage How Enterprise Wide Risk Management is helping customers succeed in turbulent times and increase their competitiveness Glenn Tjon Partner KPMG Advisory Presentation Overview

More information

General Data Protection Regulation (GDPR) NEW RULES

General Data Protection Regulation (GDPR) NEW RULES General Data Protection Regulation (GDPR) NEW RULES AGENDA A. GDPR : general overview B. Sectorial topics and concerns GDPR GENERAL OVERVIEW 1. GDPR : WHAT IS IT AND WHY CARE? 27 April 2016 : Approval

More information

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than

More information

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...

More information

ENISA s Position on the NIS Directive

ENISA s Position on the NIS Directive ENISA s Position on the NIS Directive 1 Introduction This note briefly summarises ENISA s position on the NIS Directive. It provides the background to the Directive, explains its significance, provides

More information

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon Changing times in Swiss Data Privacy: new opportunities? Clara-Ann Gordon Which countries have Data Protection Laws? Source: https://www.taylorwessing.com/globaldatahub/risk_map.html Page 2 Different Data

More information

General Data Protection Regulation (GDPR)

General Data Protection Regulation (GDPR) General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the

More information

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION

PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION INSIGHTS The EU s new data protection regulation, known as the GDPR (General Data Protection Regulation), can impact your

More information

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities

More information

Recommendations on How to Tackle the D in GDPR. White Paper

Recommendations on How to Tackle the D in GDPR. White Paper Recommendations on How to Tackle the D in GDPR White Paper ABOUT INFORMATICA Digital transformation changes expectations: better service, faster delivery, with less cost. Businesses must transform to stay

More information

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR) Key Facts & FAQ s General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current

More information

Step 1: Open browser to navigate to the data science challenge home page

Step 1: Open browser to navigate to the data science challenge home page Step 1: Open browser to navigate to the data science challenge home page https://datascience.ey.com/ Step 2: Logging in You will need to create an account if you are a new user. Click the sign up button

More information

Information Security Strategy

Information Security Strategy Security Strategy Document Owner : Chief Officer Version : 1.1 Date : May 2011 We will on request produce this Strategy, or particular parts of it, in other languages and formats, in order that everyone

More information

BHConsulting. Your trusted cybersecurity partner

BHConsulting. Your trusted cybersecurity partner Your trusted cybersecurity partner BH Consulting Securing your business BH Consulting is an award-winning, independent provider of cybersecurity consulting and information security advisory services. Recognised

More information

DATA PROTECTION BY DESIGN

DATA PROTECTION BY DESIGN DATA PROTECTION BY DESIGN Preparing for Europe s New Security Regulations Summary In 2018, the European Union will begin to enforce the provisions of the General Data Protection Regulation (GDPR), a new

More information

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security

SYMANTEC: SECURITY ADVISORY SERVICES. Symantec Security Advisory Services The World Leader in Information Security SYMANTEC: SECURITY ADVISORY SERVICES Symantec Security Advisory Services The World Leader in Information Security Knowledge, as the saying goes, is power. At Symantec we couldn t agree more. And when it

More information

ISO 27001:2013 certification

ISO 27001:2013 certification www.pwc.ch/cybersecurity ISO 27001:2013 certification Building confidence in your digital future Our approach to certification PwC offers a four-phase approach to help with your ISO 27001 project, using

More information

GDPR: A GUIDE TO READINESS

GDPR: A GUIDE TO READINESS SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services

More information

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018

GDPR Privacy Webinar. Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018 GDPR Privacy Webinar Prioritizing Your Path towards GDPR Compliance Annika Sponselee and Nicole Vreeman 28 February 2018 Prioritizing Your Path to GDPR Compliance Presented by Half-Day Workshops Online

More information

TRULY INDEPENDENT CYBER SECURITY SPECIALISTS. Cyber Major

TRULY INDEPENDENT CYBER SECURITY SPECIALISTS. Cyber Major TRULY INDEPENDENT CYBER SECURITY SPECIALISTS Cyber Major 1 WHO WE ARE Cyber Major is a world class, independent and cutting-edge cyber security consultancy. We specialise in conducting full end-to-end

More information

Knowing and Implementing the GDPR Part 3

Knowing and Implementing the GDPR Part 3 Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education

More information

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall

More information

Arkadin Data protection & privacy white paper. Version May 2018

Arkadin Data protection & privacy white paper. Version May 2018 Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data

More information

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17

Guidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17 GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive

More information

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services

EY Norwegian Cloud Maturity Survey Current and planned adoption of cloud services EY Norwegian Cloud Maturity Survey 2019 Current and planned adoption of cloud services Contents 01 Cloud maturity 4 02 Drivers and challenges 6 03 Current usage 10 04 Future plans 16 05 About the survey

More information

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product

More information

DATA PROTECTION POLICY THE HOLST GROUP

DATA PROTECTION POLICY THE HOLST GROUP DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller

More information

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What

More information

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or

More information

GENERAL DATA PROTECTION REGULATION (GDPR)

GENERAL DATA PROTECTION REGULATION (GDPR) GENERAL DATA PROTECTION REGULATION (GDPR) Date: 01/02/17 Vendor Assessment Contents Introduction 2 Transparency 2 Collection and Purpose Limitation 4 Quality 4 Privacy Program Management 5 Security for

More information

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification

Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification July 2016 Follow @Paul_Hastings Five Ways that Privacy Shield is Different from Safe Harbor and Five Simple Steps Companies Can Take to Prepare for Certification By Paul Hastings Global Privacy and Cybersecurity

More information

Meeting GDPR requirements in your S2 Security environment

Meeting GDPR requirements in your S2 Security environment white paper Meeting GDPR requirements in your S2 Security environment May 2018 What is GDPR? The European Union s General Data Protection Regulation (GDPR) takes effect May 25, 2018 and applies to all

More information

Vulnerability Assessments and Penetration Testing

Vulnerability Assessments and Penetration Testing CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze

More information

MITIGATE CYBER ATTACK RISK

MITIGATE CYBER ATTACK RISK SOLUTION BRIEF MITIGATE CYBER ATTACK RISK CONNECTING SECURITY, RISK MANAGEMENT & BUSINESS TEAMS TO MINIMIZE THE WIDESPREAD IMPACT OF A CYBER ATTACK DIGITAL TRANSFORMATION CREATES NEW RISKS As organizations

More information

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February,

GDPR Impacts. SEV GDPR Workshop Athens Giles Watkins, UK Country Leader. Wednesday 7th February, GDPR Impacts SEV GDPR Workshop Athens Giles Watkins, UK Country Leader Wednesday 7th February, 2018 Agenda What is the Privacy Opportunity? What is different under GDPR? Where organisations are focusing?

More information

GDPR: An Opportunity to Transform Your Security Operations

GDPR: An Opportunity to Transform Your Security Operations GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)

More information

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ). PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our

More information

Privacy by Design and the GDPR

Privacy by Design and the GDPR Privacy by Design and the GDPR ISACA Geek Week Atlanta August 9, 2016 Phillip Mahan, CISA, CIPM, CISSP, CIPT, CIPP/US, CCSK Director, Office of the CPO Ionic Security 1 Standard Disclaimer The presenter

More information

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit

EU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order

More information

SOC for cybersecurity

SOC for cybersecurity April 2018 SOC for cybersecurity a backgrounder Acknowledgments Special thanks to Francette Bueno, Senior Manager, Advisory Services, Ernst & Young LLP and Chris K. Halterman, Executive Director, Advisory

More information

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES

IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES IMPLEMENTING SECURITY, PRIVACY, AND FAIR DATA USE PRINCIPLES Introductions Agenda Overall data risk and benefit landscape / shifting risk and opportunity landscape and market expectations Looking at data

More information

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

PPS is Private Practice Software as developed and produced by Rushcliff Ltd. Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and

More information

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into

More information

Conducting a data flow mapping exercise under the GDPR. Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017

Conducting a data flow mapping exercise under the GDPR. Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017 Conducting a data flow mapping exercise under the GDPR Presented by: Alan Calder, founder and executive chairman, IT Governance 4 October 2017 TM Introduction Alan Calder Founder of IT Governance The single

More information

enter into application on 25 May 2018

enter into application on 25 May 2018 General Data Protection Regulation What is GDPR? Is GDPR applicable for you? Which actions are required from you (and us)? Which rights do your clients have and which services can KBC Securities s provide

More information

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.

More information

Securing Your Digital Transformation

Securing Your Digital Transformation Securing Your Digital Transformation Security Consulting Managed Security Leveraging experienced, senior experts to help define and communicate risk and security program strategy using real-world data,

More information

PS Mailing Services Ltd Data Protection Policy May 2018

PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect

More information

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international

More information

GDPR compliance: some basics & practical to do list

GDPR compliance: some basics & practical to do list GDPR compliance: some basics & practical to do list Philippe LAURENT independent full service business law firm located in Brussels May 2017 Personal data processing = any operation or set of operations

More information

European Union Agency for Network and Information Security

European Union Agency for Network and Information Security Critical Information Infrastructure Protection in the EU Evangelos Ouzounis Head of Secure Infrastructure and Services Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European Union Agency

More information

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.

More information

Best Practices in Securing a Multicloud World

Best Practices in Securing a Multicloud World Best Practices in Securing a Multicloud World Actions to take now to protect data, applications, and workloads We live in a multicloud world. A world where a multitude of offerings from Cloud Service Providers

More information