Charting the Course to GDPR: Setting Sail
|
|
- Margery Williams
- 5 years ago
- Views:
Transcription
1 SESSION ID: GRC R02 Charting the Course to GDPR: Setting Sail Cindy E. Compert, CIPT/M CTO Data Security & Privacy IBM
2 Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data Protection Regulation. Clients are solely responsibility for obtaining advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulations that may affect the clients business and any actions the clients may need to take to comply with such laws and regulations. The products, services, and other capabilities described herein are not suitable for all client situations and may have restricted availability. IBM does not provide legal, accounting or auditing advice or represent or warrant that its services or products will ensure that clients are in compliance with any law or regulation. IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM s sole discretion. Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision. The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. None of the statements contained herein constitutes legal advice it is process advice only. 2 IBM PROPRIETARY 2017 IBM Corporation
3 A ship in port is safe; but that is not what ships are built for. Sail out to sea and do new things Grace Hopper
4 Agenda GDPR: A Quick Overview Tips to Help You Get Underway Q&A Nothing in this presentation should be considered Legal guidance or direction. IBM does not provide Legal advice. IBM recommends that your clients consult with the appropriate Legal Counsel as necessary
5 EU GDPR Privacy Regulations major impact EU Individual Rights enhanced, harmonized and extended globally Inform / access / rectify / erase / object Give or withdraw data specific consent Insight in automatic decision making Transfer personal data to other provider (portability) Broadened scope Personal Data All direct and indirect identifiers Behavioral-, derived- and self-identified data Adds biometric and genetic data Some exemptions where data used by government or for research Organizational Impact Stringent data security & 72 hour breach notification Data controller and data processors liable for breaches Data controllers legally bound to validate data processor s compliance Data Protection Officer obligatory in specific cases Conditions for cross-border data transfer altered Increased cost of noncompliance Fines up to 4% of annual turnover or 20 million Euro Data Privacy Authorities empowered Increased activist and court activity Risk / Cost of reputation loss
6 IBM s GDPR Framework: 5 phases to readiness Outcome Activity Phase Assess Design Transform Operate Conform Conduct GDPR assessments across privacy, governance, people, processes, data, security Develop GDPR Readiness Roadmap Identify personal data Assessments and roadmap Design governance, training, communication, and processes standards Design privacy, data management and security management standards Defined implementation plan Develop and embed procedures, processes, and tools Deliver GDPR training Develop/embed standards using Privacy by Design, Security by Design, data management policies Process enhancements completed Execute all relevant business processes Monitor security and privacy using TOMs Manage data subject access and consent rights Operational framework in place Monitor, assess, audit, report and evaluate adherence to GDPR standards Ongoing monitoring and reporting Identify GDPR impact and plan Technical and Organisational Measures (TOM) Includes Data Protection controls, processes and solutions to be implemented. TOMs in place: Personal Data discovery, classification and governance in place Begin the new GDPR compliant way of working Monitor TOMs execution; deliver compliance evidence to internal and external stakeholders Copyright IBM Corporation
7 IBM Security Framework: Key Activities to address GDPR ASSESS DESIGN TRANSFORM Privacy Requirements PREPARE: Conduct GDPR Assessments, assess and document GDPR related policies Assess data subject rights to consent, access, correct, delete, and transfer personal data DISCOVER: Discover and classify personal data assets and affected systems Identify access risks, supporting Privacy by Design ROADMAP: Create GDPR remediation/implementation plan PRIVACY BY DESIGN: Design policies, business processes and supporting technologies Create GDPR Reference Architecture Evaluate Controller/Processor Governance TRANSFORM PROCESSES: Implement and execute policies, processes and technologies Automate data subject access requests Security Requirements PREPARE: Assess security current state, identify gaps, benchmark maturity, establish conformance roadmaps Identify vulnerabilities, supporting Security by Design DISCOVER: Discover and classify personal data assets and affected systems to design Security controls ROADMAP: Create Security remediation/implementation plan SECURITY BY DESIGN: Create Security Reference Architecture Design Technical and Organizational Measures (TOMs) appropriate to risk (encryption, pseudonimization, access control, monitoring, etc.) PROTECT: Implement privacy enhancing controls (e.g. encryption, tokenization, dynamic masking) Implement security controls; mitigate access risks and security vulnerabilities IBM PROPRIETARY 2017 IBM Corporation
8 IBM Security Framework: Key Activities to address GDPR OPERATE CONFORM Privacy Requirements MANAGE GDPR PROGRAM: Manage GDPR Data Governance Practices such as Information Lifecycle Governance Manage GDPR Enterprise Conformance Programs such as data use, consent activities, data subject requests RUN SERVICES: Monitor personal data access Govern roles and identities DEMONSTRATE: Record personal data access audit trail including data subject rights to access, modify, delete, transfer data Run Data Processor/Controller Governance including providing processor guidance, track data processing activities, provide audit trail, preparing for data subject access requests Document and manage compliance program - Ongoing monitoring, assessment, evaluation and reporting of GDPR activities RESPOND: o Respond to and manage breaches Security Requirements MANAGE SECURITY PROGRAM: Manage and implement Security Program Practices such as risk assessment, roles and responsibilities, program effectiveness RUN SERVICES: Monitor security operations and intelligence: monitor, detect, respond to and mitigate threats Govern data incident response and forensics practices DEMONSTRATE: Demonstrate technical and organizational measures to ensure security appropriate to processing risk Document Security program - Ongoing monitoring, assessment, evaluation and reporting of security controls and activities RESPOND: o Respond to and manage breaches IBM PROPRIETARY 2017 IBM Corporation
9 Governance Activities PRIVACY REQUIREMENTS Develop data lifecycle management processes Maintain enterprise vocabulary GOVERN Manage Data Subject Quality Govern Risk and Compliance Vendor Management Copyright IBM Corporation
10 Setting Sail Top Tips
11 Tip 1: Know your risks and vulnerabilities
12 Tip 1: Identify and mitigate risks and vulnerabilities What is it? Article 35- Data Protection Impact Assessments (DPIA) enable organizations to identify and mitigate risks of proposed data processing activities before those activities start. Data Protection includes Privacy and Security. Why it matters: Article.35(7)(d)- The Data Protection Impact Assessments include assessing risks, including safeguards, security measures and mechanisms to ensure the protection of personal data and demonstrate compliance with this regulation
13 People Data Applications: Where are your risks? People Risks Application Risks Use Identity Governance Simplify to identify and mitigate access risks Automate user and identity lifecycle processes Application inventory Identify and mitigate vulnerabilities Data Layer Risks Find and mitigate known vulnerabilities RDBMS, NoSQL, HADOOP Identify entitlements and activity Remediate user access policy violations
14 Tip 1: Set Sail: Sample Risk Dashboard Visibility into residency of Information Assets and associated data. Inventory of data controllers and processors Key stakeholders view for accountability
15 Tip 2: Create a (good) map
16 Tip 2: To create a good map, you need to discover and classify Personal Data What & where is it? Understand and document where Personal Data is stored and processed, including with/by 3 rd parties Why it matters: Organizations need to understand what data they hold and process to assess risk and design adequate controls Personal data is the foundation of GDPR Classification and Data Mapping are necessary to support Data Portability, Right of Access, Right of Erasure.
17 Tip 2: Automation makes discovery and classification easier Discover database instances on the network Catalog Search: Search the database catalog for table or column name Search for Data: Match specific values or patterns in the data Search for Unstructured Data: Match specific values or patterns in an unstructured data file (CSV, Text, HTTP, HTTPS, Samba) Classify Data: Put data in actionable groups, automatically or manually
18 Jump start your efforts with a Critical Data Protection framework DEFINE DISCOVER BASELINE SECURE MONITOR What is the personal data? Where are they? How are they used? What is required to protect critical data? How to plan, design and implement? How to manage critical data protection? Understand overall data security strategy Determine data protection objectives Develop organizational data model / taxonomy Understand data environment, infrastructure and lifecycle Perform iterative discovery, analysis and classification Establish baseline security requirements for personal data Assess current data security processes and controls Determine gaps and identify solutions Plan and prioritize technical and business process transformations Design and implement solutions that protect critical data, enable access and align to business growth objectives Develop governance framework, risk metrics and monitoring processes Periodically validate data protection strategy and methodology Program Governance
19 Tip 2: Find identifiers first, since personal data must be identifiable
20 Tip 3: Data Processor/Controller Governance: Track where data is processed What is it? Data Controllers and Processors need to implement appropriate technical and organizational measures to ensure and be able to demonstrate that processing is performed in accordance with the Regulation. Why it matters: GDPR requires demonstrating compliance. How will you document and manage data processing audit trails?
21 Tip 3: Track where data is processed: Audit local and remote activity GDPR Personal Data Activity Report
22 Tip 3: Design a scalable audit trail Watch sensitive data & data access all the time Monitor it everywhere it lives Protect data at rest and in motion Easily review results and monitor your data security heartbeat
23 Tip 4 I am thankful the most important key in history was invented. It's not the key to your house, your car, your boat, your safety deposit box, your bike lock or your private community. It's the key to order, sanity, and peace of mind. The key is 'Delete. - Elayne Boosler
24 Tip 4: Track data subject s right to access, modify, delete, transfer data What is it? Individuals can request organizations produce information held about them as well as the right to rectify (correct), delete, or transfer data. The controller should be obliged to respond to requests from the data subject without undue delay and at the latest within one month and to give reasons where the controller does not intend to comply with any such requests. Why it matters: GDPR s highest fines (4%) are for violating data subject rights such as failing to respond and failure to provide adequate information Data subjects also have the right to recover monetary damages
25 Tip 4 at work: Automating the audit compliance workflow
26 Tip 5: Scramble!
27 Tip 5: Encrypt/ Obfuscate (Pseudonimize*) data before processing What is it? GDPR Article 32, Security of processing the controller and the processor shall implement appropriate technical and organizational measures to ensure a level of security appropriate to the risk, including the pseudonymisation and encryption of personal data; Why it matters: Article 33- Clients may not need to notify data subjects about a breach if the personal data has been rendered unintelligible to any person who is not authorised to access it, such as encryption. The only technical controls mentioned in GDPR are encryption and pseudonymisation (de-identifying data with a mechanism to re-identify if necessary) Pseudonimize: pronounced Soo DON ih mize : Replacing identifying characteristics of data with a value which does not allow the data subject to be directly identified without additional information.
28 Tip 5: Encryption Examples Database Encryption Usage: Encrypt Tablespace, Log, and other Database files Common Databases: DB2, Informix, Oracle, MSSQL, Sybase, MySQL Unstructured Data Encryption Usage: Encrypt and Control access to any type of data used by LUW server Common Data Types: Logs, Reports, Images, ETL, Audio/Video Recordings, Documents, Big Data Examples: FileNet, Documentum, Nice, Hadoop, Home Grown, etc Cloud Encryption Usage: Encrypt and Control Access to data used by Cloud Instances Common Cloud Providers: Amazon EC2, Rackspace, MS Azure
29 Tip 5: A Safe Harbor
30 Tip 6: You need to support breach management and notification including incident forensics What is it? GDPR Article 33, In the case of a personal data breach, the controller shall without undue delay and, where feasible, not later than 72 hours after having become aware of it, notify the personal data breach to the supervisory authority. The processor shall notify the controller without undue delay after becoming aware of a personal data breach. Why it matters: Both processors and controllers have responsibilities to report breaches in a timely manner, or risk substantial fines. EU has never had mandated breach reporting. Organizations will struggle with coordinating the people, process, and information needed to report and respond to a breach within the 72 hour window.
31 Tip 6: Automate your Incident Response
32 Summary
33 Apply What You ve Learned.. Conduct a Readiness Assessment Identify impacted business areas Evaluate current practices against the new requirements focus on process development, best practices and organizational need. Define a maturity model and gap/remediation plan to help develop and implement your compliance roadmap Appoint GDPR Czars in business units to coordinate activities This should not be considered Legal advice it is process advice only. Reach out to the appropriate Legal Counsel for guidance as necessary
34
35 Thank You
36 Reference
37 Links and further reading GDPR Full Regulations: IAPP Top 10 Operational Impacts of GDPR: 10 operational impacts of the gdpr/ IBM GDPR Webinar recordings (5): GDPR Blog Learn, Think, Prepare: IBM Security GDPR: 03.ibm.com/security/campaign/gdpr.html
38 The new General Data Protection Regulation.. The clock is ticking! Three primary objectives of the GDPR To create a unified data protection law for all 28 European Countries. To enhance the level of data protection for EU data subjects To modernize the law in line with existing and emerging technologies Caveat: The GDPR is still a work in progress and the details for its implementation have not yet been finalized GDPR will fundamentally change the way companies must manage their data 38
39 Terminology Data Protection Data Protection in the EU = Data Privacy Data Protection in the US = Data Security Data Protection in the EU covers both Data Privacy requirements and Data Security Requirements Data processing Any handling of Personal Data throughout its entire life cycle, from collection to deletion, is considered processing. Even remote access is considered processing. Personal Data Data Controllers, Data Processors, Data Subjects GDPR Glossary: 39
40 Key aspects of the Regulation GDPR came into force in May 2016 and will be applicable as of May 25, 2018 It also has international reach applying to any organization that processes data of EU data subjects. Fines for non-compliance will increase substantially up to a maximum fine of 20 million or 4% of global annual turnover per incident, whichever is higher The majority of US and EU companies are not ready for the new Privacy requirements of the 40 GDPR
41 Enhanced level of protection for data subjects Definition of Personal Data now explicitly includes online identifiers, location data and biometric/genetic data Higher standards for privacy notices and for obtaining consent Easier access to personal data by a data subject Enhanced right to request the erasure of their personal data Right to transfer personal data to another organization (portability) Right to object to processing now explicitly includes profiling. 41
42 Enhanced obligations on data controllers and processors Operationalization of a Data Protection by Design and by Default Process Requirement to conduct risk analysis and Data Protection Impact Assessments (DPIA) Appointment of a Data Protection Officer (DPO) Implementation of technical and organizational security measures appropriate to the risks presented Breach notification obligations Increased obligations for data processors 42
43 GDPR Readiness: Activities your company should be performing Understand how the new GDPR obligations will impact your business Determine what personal data you have, where it is located,and how it flows within the organization Determine how the personal data are secured Appoint a Data Protection Officer where necessary Review all privacy notices Review data subject consent and choice mechanisms Review processes addressing data subjects access, correction and erasure requests Review data retention schedules Assess external contracts, both as a controller and/or as a processor Review all cross-border data transfers 43
44 GDPR Readiness: Embark on organizational change Implement a Data Protection By Design approach to new systems, services and products Conduct a Data Protection Impact Assessment (DPIA) where required Document privacy compliance activities Implement and document appropriate security measures Create breach response and notification protocols Develop audit capabilities and processes Train employees Make sure the appropriate budgets are in place to support the changes Collaboration is key! 44
45 Don t stop now: There s more to Tip 1 Take the next step & identify additional risks There are many types of risks Unauthorized Users Anyone that can connect to the database to see the cardholder data Unauthorized IP Addresses Only certain servers are allowed to communicate together Unauthorized Programs Access by other programs bypasses other security controls Monitoring Database Objects Only certain tables contain sensitive data MS Excel Joe However, to simplify these risks, let s call it an unauthorized connection 45
46 Sample Database Vulnerability Assessment Report Overall Score Summary Test Results Detailed Scoring Matrix Filter control for easy use Result History Shows Trends Detailed Test Results External Reference Detailed Remediation Suggestions
47 and record and audit policy violations and quarantine connections for unauthorized access
48 Tip 4: Enhance your tracking using Privileged Identity Management credentials for data subject requests
49 Tip 5: Consider centralized key management to support all encryption environments
Fabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationGetting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions
Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across
More informationManaging Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow
Managing Privacy Risk & Compliance in Financial Services Brett Hamilton Advisory Solutions Consultant ServiceNow 1 Speaker Introduction INSERT PHOTO Name: Brett Hamilton Title: Advisory Solutions Consultant
More informationIBM services and technology solutions for supporting GDPR program
IBM services and technology solutions for supporting GDPR program 1 IBM technology solutions as key enablers - Privacy GDPR Program Work-stream IBM software 2.1 Privacy Risk Assessment and Risk Treatment
More informationStaying GDPR Ready with MaaS360. Ankur Acharya Offering Manager, IBM MaaS360
Staying GDPR Ready with MaaS360 Ankur Acharya Offering Manager, IBM MaaS360 GDPR Overview Unified data protection law Most important change in data privacy regulations in 20 years Will replace the existing
More informationEU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS
EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS MEET THE EXPERTS DAVID O LEARY Director, Forsythe Security Solutions THOMAS ECK Director, Forsythe Security Solutions ALEX HANWAY Product
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationAccelerate GDPR compliance with the Microsoft Cloud
Regional Forum on Cybersecurity in the Era of Emerging Technologies & the Second Meeting of the Successful Administrative Practices -2017 Cairo, Egypt 28-29 November 2017 Accelerate GDPR compliance with
More informationWHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help
WHITE PAPER The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help ii Contents Personal Data Defined... 1 Why the GDPR Is Such a Big Deal... 2 Are You Ready?...
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationCybersecurity Considerations for GDPR
Cybersecurity Considerations for GDPR What is the GDPR? The General Data Protection Regulation (GDPR) is a brand new legislation containing updated requirements for how personal data of European Union
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationThe GDPR Are you ready?
The GDPR Are you ready? kpmg.ie The GDPR - Overview The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) will come into force from 25th May 2018, replacing the existing data protection
More informationGeneral Data Protection Regulation (GDPR) and the Implications for IT Service Management
General Data Protection Regulation (GDPR) and the Implications for IT Service Management August 2018 WHITE PAPER GDPR: What is it? The EU General Data Protection Regulation (GDPR) replaces the Data Protection
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationSOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE
HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE PREPARATION FOR GDPR IS ESSENTIAL The EU GDPR imposes interrelated obligations for organizations handling
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationGDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018
GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018 GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into
More informationIBM Security Guardium Analyzer
IBM Guardium Analyzer Highlights Assess security & compliance risk associated with GDPR data Find GDPR data across onpremises and cloud databases Scan for database vulnerabilities Leverage next-generation
More informationG DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know
G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationThis Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationGDPR is here to stay. How prepared are you?
GDPR is here to stay. How prepared are you? KEY TENETS What & Why GDPR? A BRIEF General Data Protection Regulation (GDPR) is the European Union s new law for individuals data privacy & protection that
More informationWHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report
KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationUnderstanding my data and getting value from it
Understanding my data and getting value from it Creating Value With GDPR: Practical Steps 20 th February 2017 Gregory Campbell Governance, Regulatory and Legal Consultant, IBM Analytics gcampbell@uk.ibm.com
More informationGDPR: A technical perspective from Arkivum
GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection
More informationGeneral Data Protection Regulation (GDPR) Key Facts & FAQ s
General Data Protection Regulation (GDPR) Key Facts & FAQ s GDPR comes into force on 25 May 2018 GDPR replaces the Data Protection Act 1998. The main principles are much the same as those in the current
More informationNEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?
NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT? What the new data regulations mean for your business, and how Brennan IT and Microsoft 365 can help. THE REGULATIONS: WHAT YOU NEED TO KNOW Australia:
More informationAll you need to know and do to comply with the EU General Data Protection Regulation
All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 3 Challenges, requirements, and action plans GDPR is borderless... Broadened personal
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills
More informationBig data privacy in Australia
Five-article series Big data privacy in Australia Three actions you can take towards compliance Article 5 Big data and privacy Three actions you can take towards compliance There are three actions that
More informationEmbedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Who is Who? Sebastien Deleersnyder 5 years developer experience 15+ years information security experience Application security consultant
More informationSCHOOL SUPPLIERS. What schools should be asking!
SCHOOL SUPPLIERS What schools should be asking! Page:1 School supplier compliance The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and will be applied into UK law via the updated
More informationFileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved
FileFacets for GDPR Solution Overview for Compliance Copyright 2017 FileFacets Corporation. All rights reserved Contents FileFacets Overview... 3 GDPR Key Changes... 4 Key Changes to Policy... 4 Key Changes
More informationThis guide is for informational purposes only. Please do not treat it as a substitute of a professional legal
What is GDPR? GDPR (General Data Protection Regulation) is Europe s new privacy law. Adopted in April 2016, it replaces the 1995 Data Protection Directive and marks the biggest change in data protection
More informationEmbedding GDPR into the SDLC
Embedding GDPR into the SDLC Sebastien Deleersnyder Siebe De Roovere Toreon 2 Who is Who? Sebastien Deleersnyder Siebe De Roovere 5 years developer experience 15+ years information security experience
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationRecommendations on How to Tackle the D in GDPR. White Paper
Recommendations on How to Tackle the D in GDPR White Paper ABOUT INFORMATICA Digital transformation changes expectations: better service, faster delivery, with less cost. Businesses must transform to stay
More informationGetting ready for GDPR
Getting ready for GDPR Cybersecurity for Data Protection Brought to you by: What is GDPR? The (GDPR) is the European Union s response to the increasing privacy demands of the European society. The primary
More informationTechnical Requirements of the GDPR
Technical Requirements of the GDPR Purpose The purpose of this white paper is to list in detail all the technological requirements mandated by the new General Data Protection Regulation (GDPR) laws with
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationGDPR Controls and Netwrix Auditor Mapping
GDPR Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About GDPR The General Data Protection Regulation (GDPR) is a legal act of the European Parliament and the Council (Regulation
More informationEventLog Analyzer. All you need to know and do to comply with the EU General Data Protection Regulation
EventLog Analyzer All you need to know and do to comply with the EU General Data Protection Regulation Table of contents Introduction... 2 Challenges, requirements, and action plans GDPR is borderless...
More informationGeneral Data Protection Regulation (GDPR)
General Data Protection Regulation (GDPR) Michael Eva, London Grid for Learning What is GDPR? General Data Protection Regulation (GDPR) protects the personal data of EU citizens regardless of where the
More informationEU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know
EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know The General Data Protection Regulation (GDPR) The eprivacy Regulation (epr) The Network and Information Security Directive
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationPS Mailing Services Ltd Data Protection Policy May 2018
PS Mailing Services Ltd Data Protection Policy May 2018 PS Mailing Services Limited is a registered data controller: ICO registration no. Z9106387 (www.ico.org.uk 1. Introduction 1.1. Background We collect
More informationOur agenda. The basics
GDPR - AVG - RGPD. Our agenda The basics Key actions Responsibilities The basics Key actions Responsibilities Who cares? Why? From directive to regulation 24 Oct 1995: a Directive 95/46/EC is adopted partially
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationHow WhereScape Data Automation Ensures You Are GDPR Compliant
How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationGeneral Data Protection Regulation. May 25, 2018 DON T PANIC! PLAN!
General Data Protection Regulation May 25, 2018 DON T PANIC! PLAN! Protect the human behind the data record. On May 25, 2018 the General Data Protection Regulation (GDPR) is entering into force. It requires
More informationGDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper
White paper GDPR preparedness with OpenText InfoArchive The new EU privacy law, GDPR, will be in effect in less than a year. OpenText has the solutions to help you prepare and comply to this new law. Contents
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationA practical guide to using ScheduleOnce in a GDPR compliant manner
A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationSHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT
SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT AGREEMENT DATED [ ] BETWEEN: (1) SHELTERMANAGER LTD and (2) [ ] ( The Customer ) BACKGROUND (A) (B) (C) This Agreement is to ensure there is in place
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationDATA PROCESSING TERMS
DATA PROCESSING TERMS Safetica Technologies s.r.o. These Data Processing Terms (hereinafter the Terms ) govern the rights and obligations between the Software User (hereinafter the User ) and Safetica
More informationWhat You Need to Know About Addressing GDPR Data Subject Rights in Pivot
What You Need to Know About Addressing GDPR Data Subject Rights in Pivot Not Legal Advice This document is provided for informational purposes only and must not be interpreted as legal advice or opinion.
More informationIMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates
IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What
More informationAon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary
Aon Client Data Privacy Summary Table of Contents Our Commitment to Data Privacy 3 Our Data Privacy Principles 4 Aon Client Data Privacy Summary 2 Our Commitment to Data Privacy Data Privacy Backdrop As
More informationRobert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe
Respecting Privacy, Securing Data and Enabling Trust a view from Europe Robert Bond, Partner & Notary Public Robert Bond Robert Bond has nearly 40 years' experience in advising national and international
More informationData Protection. Plugging the gap. Gary Comiskey 26 February 2010
Data Protection. Plugging the gap Gary Comiskey 26 February 2010 Data Protection Trends in Financial Services Financial services firms are deploying data protection solutions across their enterprise at
More informationData Processing Agreement
Data Processing Agreement between The Data Controller Name Address Postcode and city Country and The Data Processor Idha Sweden AB Norra vägen 28 856 50 Sundsvall Sweden] Page 1 of 15 1 Content 2 Data
More informationIAPP-OneTrust Research: Bridging ISO to GDPR
IAPP-OneTrust Research: Bridging ISO 27001 to GDPR Introduction Privacy is hot. Security knows the feeling. Much as the move to digital products and services necessitated a new profession of information
More informationNew York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines
New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines New York Department of Financial Services ( DFS ) Regulation 23 NYCRR 500 requires that entities
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationVersion 1/2018. GDPR Processor Security Controls
Version 1/2018 GDPR Processor Security Controls Guidance Purpose of this document This document describes the information security controls that are in place by an organisation acting as a processor in
More informationGDPR and the Privacy Shield
GDPR and the Privacy Shield Mark Prinsley Partner +44 20 3130 3900 mprinsley@mayerbrown.com Kendall Burman Counsel + 202 263 3210 kburman@mayerbrown.com Speakers Kendall Burman Counsel Washington DC Mark
More informationData Privacy and Protection GDPR Compliance for Databases
Data Privacy and Protection GDPR Compliance for Databases Walo Weber, Senior Sales Engineer September, 2016 Agenda GDPR: who, what, why, when Requirements for databases Discovery Classification Masking
More informationProhire Software Systems Limited ("Prohire")
Prohire Software Systems Limited ("Prohire") White paper on Prohire GDPR compliance measures 11 th May 2018 Contents 1. Overview 2. Legal Background 3. How Prohire complies 4. Wedlake Bell 5. Conclusion
More informationSword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017
Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World September 20, 2017 The information and opinions expressed by our panelists today are their own, and do not necessarily represent the views of
More informationKnowing and Implementing the GDPR Part 3
Knowing and Implementing the GDPR Part 3 11 a.m. ET, 16:00 GMT March 29, 2017 Welcome & Introductions Panelists Your Host Dave Cohen IAPP Knowledge Manager Omer Tene Vice President Research & Education
More informationPROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION
PROTECT YOUR DATA AND PREPARE FOR THE EUROPEAN GENERAL DATA PROTECTION REGULATION INSIGHTS The EU s new data protection regulation, known as the GDPR (General Data Protection Regulation), can impact your
More informationΟ ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό. Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος
Ο ρόλος της τεχνολογίας στο ταξίδι της συμμόρφωσης με τον Γενικό Κανονισμό Αντιγόνη Παπανικολάου & Νίκος Αναστόπουλος Providing clarity and consistency for the protection of personal data The General
More informationThe GDPR and NIS Directive: Risk-based security measures and incident notification requirements
The GDPR and NIS Directive: Risk-based security measures and incident notification requirements Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 4 May 2017 Introduction Adrian Ross GRC consultant
More informationGeneral Data Protection Regulation for ecommerce. Reach Digital - 18 december 2017
General Data Protection Regulation for ecommerce Reach Digital - 18 december 2017 GDPR for ecommerce This document is intended to determine the recommendations and responsibilities for an ecommerce merchant
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationTHE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE
THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE EU DATA PROTECTION REGULATION Kalliopi Spyridaki Chief Privacy Strategist,
More informationGDPR: A GUIDE TO READINESS
SATORI CONSULTING GDPR: A GUIDE TO READINESS The European Union (EU) is implementing the General Data Protection Regulation (GDPR) that takes effect May of 2018. Any businesses offering goods or services
More informationSOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT
RSA ARCHER IT & SECURITY RISK MANAGEMENT INTRODUCTION Organizations battle growing security challenges by building layer upon layer of defenses: firewalls, antivirus, intrusion prevention systems, intrusion
More informationEU GDPR & ISO Integrated Documentation Toolkit https://advisera.com/eugdpracademy/eu-gdpr-iso integrated-documentation-toolkit
EU GDPR & https://advisera.com/eugdpracademy/eu-gdpr-iso-27001-integrated-documentation-toolkit Note: The documentation should preferably be implemented in the order in which it is listed here. The order
More informationCAN MICROSOFT HELP MEET THE GDPR
CAN MICROSOFT HELP MEET THE GDPR REQUIREMENTS? Danny Uytgeerts Microsoft 365 TSP / P-Seller Privacy Consultant (certified DPO) Member of DPO-Pro (Professional association of Belgian DPOs) danny.uytgeerts@realdolmen.com
More informationRights of Individuals under the General Data Protection Regulation
Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3
More informationngenius Products in a GDPR Compliant Environment
l FAQ l ngenius Products in a GDPR Compliant Environment This document addresses questions from organizations that use ngenius Smart Data Core platform and application products and are evaluating their
More informationA company built on security
Security How we handle security at Flywheel Flywheel was founded in 2012 on a mission to create an exceptional platform to help creatives do their best work. As the leading WordPress hosting provider for
More informationOBTAINING CONSENT IN PREPARATION FOR GDPR
A HOTELIER S GUIDE TO OBTAINING CONSENT IN PREPARATION FOR GDPR... WHAT IS GDPR? The General Data Protection Regulation (GDPR) is comprehensive legislation designed to harmonize data protection law across
More information