EU GDPR and Security Compliance for the DBA. Santa Clara, California April 23th 25th, 2018
|
|
- Gilbert Richard
- 5 years ago
- Views:
Transcription
1 EU GDPR and Security Compliance for the DBA Santa Clara, California April 23th 25th, 2018
2 Meet Your Presenters Tyler Duzan Product Manager for MySQL Software at Percona Prior to joining Percona was an Operations Engineer for more than twelve years Background in security and compliance, specifically PCI, HIPAA/HITECH, HITRUST, SOC, and FEDRAMP & FISMA. Jeff Sandstrom Product Manager for MongoDB Software at Percona Jeff has been a Product Manager for over ten years, first in the contact center space, then enterprise voice, and now open source databases. He's a business nerd who loves tech. 2
3 Disclaimer We are not Attorneys, we are Product Managers Nothing within this presentation should be construed as legal advice You should consult with an attorney to understand and mitigate any compliance risk for your organization This presentation is not all-inclusive, we are discussing specific selected Articles of the GDPR we think are especially relevant 3
4 Outline 1. General Overview of Compliance 2. GDPR Key Terminology 3. EU GDPR Articles a DBA Should Know Article Overview Articles of Particular Interest to DBAs Deep Dive into Article 17, Article 25, Article 32-35, and Article How Does Percona Software Help to Solve This? 5. Open Questions for DBAs to Consider 6. Q&A 4
5 General Overview of Compliance
6 Compliance Objectives Build a secure infrastructure and know where sensitive data resides Implement consistent security and data-handling standards across the enterprise Design and implement effective controls for access to sensitive data Provide a pathway to audit the organization Reduce risk to the organization from data breaches Protect your customers and partners who have entrusted you Protect shareholder value 6
7 Why Compliance Matters to the DBA Datastores across the enterprise may likely contain sensitive data Databases are a primary target for malicious actors attempting a data breach Most compliance regulations specifically prescribe methods and techniques that must be used for datastores The DBA is often the primary responsible party for implementing compliance controls and technical measures for protecting data 7
8 How Has Compliance Changed? Compliance regulations began by targeting specific industry verticals such as healthcare, finance, and government. The focus of early compliance was really on mitigating broad organizational risk, typically when handling data that had large financial risk implications or national security implications Later compliance regulations began focusing on the safety of consumer data as technology became integral to our daily existence Many of these regulations limited coverage to situations where the consumer might be directly financially impacted by a breach and where a clear and direct customer relationship existed 8
9 How Has Compliance Changed? Lately compliance regulations have shifted because of a shifting environment both in technology and economics. Current compliance regulations must take into account the existence of cloud providers, the ubiquity of Software-as-a-Service (SaaS) applications for both businesses and consumers, and the rise of sophisticated attacks. We now exist in a world where great harm can be caused at scale using data that was previously thought to be innocuous. Many of these are first of their kind attacks. EU GDPR seeks to address many of these concerns by emphasizing that fundamental ownership of data resides with the person whom that data is about. 9
10 GDPR Key Terminology
11 Terminology Data Controller The entity that is determining the purposes and means of processing the data. - Example: A social media application collecting user information, a manufacturing company collecting personal data about employees, etc. Data Processor The entity that processes data on behalf of the Data Controller. - Example: A payroll company that is issuing paychecks for a manufacturing company s employees, a cloud service provider storing personal data Data Processing Any automated or partially automated operation performed on personal data 11
12 Terminology Data Subject A natural person whose personal data is processed by a Controller or Processor Personal Data Any information that can directly or indirectly identify the Data Subject - Examples: Biometric data Health data Online identifiers Geolocation data PII (name, address, government ID number, etc) Profiling Any data processing intended to evaluate, analyze, or predict the behavior of a Data Subject 12
13 GDPR Articles DBAs Should Know
14 GDPR Articles Overview Chapter 1: General Provisions Article 1-4 Chapter 2: Principles Article 5-11 Chapter 3: Rights of the Data Subject Article Chapter 4: Controller and Processor Article Chapter 5: Transfer of personal data to third countries of international organizations Article Chapter 6: Independent Supervisory Authorities Article Chapter 7: Cooperation and Consistency Article
15 GDPR Articles Overview Chapter 8: Remedies, Liabilities, and Sanctions Article Chapter 9: Provisions relating to specific data processing situations Article Chapter 10: Delegates Acts and Implementing Acts Article 92 & 93 Chapter 11: Final Provisions Article
16 Articles of Particular Interest to DBAs Article 17 the ( ) controller shall have the obligation to erase personal data without undue delay, especially in relation to personal data which are collected when the data subject was a child, and the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. Article 25 Data protection by design and by default Article 32 Security of data processing Article 33 & 34 Notification of a personal data breach to the supervisory authority Communication of a personal data breach to the data subject Article 35 Data protection impact assessment Article 44 General principles for transfers 16
17 General Areas of Concern in GDPR Change Management Data Discovery and Classification Environmental Evaluation Establishing Appropriate Internal Processes Auditability Internally defining ethical walls Tracking location of data by user / Data Mapping 17
18 Article 17 Establishes a legislative structure which resides ownership of data with the Data Subject Establishes the Right to be Forgotten as EU Law the ( ) controller shall have the obligation to erase personal data without undue delay, especially in relation to personal data which are collected when the data subject was a child, and the data subject shall have the right to obtain from the controller the erasure of personal data concerning him or her without undue delay. Expands deletion requirements to now include the obligation for the Data Controller to inform anyone else who has the Personal Data when a deletion request is received, extending to Data Processors or copies of that data 18
19 Article 25 Enshrines the concept of data protection by design and default Requires that controls must be in place to ensure that Personal Data cannot be attributed to an identified or identifiable Data Subject Only the Personal Data necessary for a specific purpose can be processed Only the Personal Data necessary for a specific purpose is collected Data that is no longer needed should be deleted Implies strongly specific technical requirements, which in some cases are defined elsewhere Data minimization, data masking, data pseudonymization Implementing strict ethical walls and access controls within your organization for seeing Personal Data Utilizing best practice methods for protecting Personal Data when stored 19
20 Article 32 Requires both Data Controllers and Data Processors to implement certain technical and organizational measures These measures help to prescribe how to handle the philosophical basis of EU GDPR Technical examples Encryption for data that is both at rest and in motion Monitoring and auditing access to Personal Data Data masking for applications which access Personal Data Organizational examples Maintaining data accessibility and planning for a response to a breach Testing and evaluating the effectiveness of your controls Auditability of your environment 20
21 Article 33 and 34 Establishes the requirements for informing regulators (Supervisory Authority) and users (Data Subjects) when a breach occurs Data Controllers must inform the appropriate Supervisory Authority within 72 hours of a data breach occurring or provide a substantial reason for any delay Data Processors must notify Data Controllers immediately as soon as they become aware of a breach If a data breach presents risk to users Data Controllers and Data Processors must individually notify affected Data Subjects, without undue delay. If it s not possible to provide all required information initially, it can be provided in phases through multiple notifications 21
22 Article 35 Establishes and defines the Data Protection Impact Assessment (DPIA) Data Controllers must perform a DPIA whenever a new processing operation or technology is proposed The Data Protection Impact Assessment must at minimum include the following documented items: A description of the new processing operation or technology and it s purpose, as well as a justification of its necessity relative to that defined purpose. An assessment of the potential risks to the rights and freedoms of Data Subjects A description of the proposed measures to mitigate the risks to the Data Subjects A description of proposed data safeguards and security measures 22
23 Article 44 Prohibits the transfer of Personal Data outside the EU, unless the recipient can prove it provides adequate data protection. Requires the Data Controller or Data Processor to be responsible for verifying that the data protection requirements are met by any partners or vendors outside the EU. Articles define the methods for acceptable proof of adequate data protection The European Commission can declare a territory or country to provide adequate protections thus whitelisting it. The Privacy Shield Framework in the US allows companies to self-certify to the US Department of Commerce to be in compliance and has force of law. 23
24 How Percona Software Helps to Solve This
25 Encryption Capabilities Percona Server for MySQL and PXC both provide for encryption functionality Vault keyring plugin for centralized encryption key management Binlog encryption InnoDB general tablespace encryption InnoDB file-per-table encryption (community TE) Upcoming additional features (undo log, redo log, ) Percona Server for MongoDB has WiredTiger encryption on the roadmap OS-level Full Disk Encryption (FDE) is datastore agnostic 25
26 Authentication Capabilities Percona Server for MySQL and PXC both provide support for PAM authentication, which allows arbitrary PAM plugins to provide authentication facilities Allows LDAP or Kerberos integration Allows integration of 2FA Percona Server for MongoDB provides native support for LDAP authentication as well as X509 based authentication 26
27 Auditing Capabilities Percona Server for MySQL and PXC both provide numerous enhanced informational capabilities to make auditing easier Audit Log plugin Extended SHOW GRANTS Changed Page Tracking User Statistics Percona Server for MongoDB has built in audit log capabilities, along with log redaction functionality. Tracks system events, can be configured with filters. Tracks schema changes, authn/authz events, cluster membership events, and can track CRUD operations 27
28 Monitoring Capabilities Percona Server for MySQL and PXC include significant improvements in additional instrumentation to assist in monitoring the database and establishing baselines for heuristic analysis Additional INFORMATION_SCHEMA tables Enhancements to PERFORMANCE_SCHEMA Large numbers of additional performance counters User Statistics Percona Server for MongoDB adds enhanced instrumentation and improved query profiling capabilities Percona Monitoring and Management provides a complete monitoring solution for MySQL and MongoDB, including query analytics 28
29 Data Control Capabilities Percona Server for MongoDB adds in the ability to perform log redactions Percona Server for MySQL and PXC provide encryption capabilities ProxySQL as a component of the overall PXC solution allows for implementation for data masking 29
30 Open Questions for DBAs to Consider
31 Article 17 How do you ensure all Personal Data is deleted when a delete is issued? Foreign Key Constraints / Cascade Delete Binlog, Redo log, Undo log, etc. contents Content of backups How do you relate Personal Data across disparate datastores as it relates to a single Data Subject? Data discovery systems? Externally indexing data? How do you identify other entities that may have received a copy of the Personal Data? Tracing transfers to Data Processors by Data Subject Tracking scraping of Personal Data from public pages 31
32 Article 25 How do you use technology to help enforce ethical walls in your organization? Separating data by purpose using access controls to prevent crossing boundaries What methods are appropriate to limit DBA access or monitor DBA access to ensure compliance? Audit log of database activity Monitoring logins to the system and alerting on them when done by a non-automated user How can you most effectively implement data masking in your application stack? Utilizing data masking as the query routing layer, implementing row level access controls, restricting access to the database to only application users 32
33 Article 32 Does your organization have the capabilities today to allow for proper PKI? Utilizing TLS for client to database connections via enterprise CA How do you track the purpose for data and enforce limits for access and collection at a technical level? Data classification systems Break databases up by data purpose and enforce access controls Long-term data storage becomes a compliance liability, how do you effectively enforce technical limits on data lifetime? Tracking backups and their contents Setting a TTL on data at ingest 33
34 Article 33 & 34 As a Data Processor how do you ensure immediate notification to Data Controllers of a breach? Alerting and monitoring must encompass audit logs. It is no longer sufficient to only monitor and alert on items which affect uptime As a Data Controller how do you ensure rapid notification of a breach to the Supervisory Authority? Similarly, alerting and monitoring must encompass audit logs. Additionally, you need to consider what required information needs to be in the notification and ensure that this is being collected as a matter of rote How do you know that a breach has occurred? Tighter integration between DBAs and their internal security and networking teams to implement intrusion detection systems and heuristic monitoring that accounts for database behavior 34
35 Article 35 Does the necessity of a Data Protection Impact Assessment (DPIA) cause DBAs to become gatekeepers in their organization? Do DBAs become responsible for assisting their security organization with understanding the risks of various database capabilities? 35
36 Article 44 Where does the DBA fit into your organizations practices and policies for controlling where data goes? Consider what types of controls need to be implemented at the database layer to prevent data transfer Consider how this rule impacts your ability to implement geographical scaling, disaster recovery zones, and offsite backup strategies How does this impact your organizations strategy for deploying databases in the Cloud? 36
37 Q & A
38 Thank You Sponsors!! 38
39 Thank You!
40 Rate My Session 40
This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).
PRIVACY POLICY Data Protection Policy 1. Introduction This Data Protection Policy (this Policy ) sets out how Brital Foods Limited ( we, us, our ) handle the Personal Data we Process in the course of our
More informationTechnical Requirements of the GDPR
Technical Requirements of the GDPR Purpose The purpose of this white paper is to list in detail all the technological requirements mandated by the new General Data Protection Regulation (GDPR) laws with
More informationGDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018
GDPR How to Comply in an HPE NonStop Environment Steve Tcherchian GTUG Mai 2018 Agenda About XYPRO What is GDPR Data Definitions Addressing GDPR Compliance on the HPE NonStop Slide 2 About XYPRO Inc. Magazine
More informationAUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE
AUTOTASK ENDPOINT BACKUP (AEB) SECURITY ARCHITECTURE GUIDE Table of Contents Dedicated Geo-Redundant Data Center Infrastructure 02 SSAE 16 / SAS 70 and SOC2 Audits 03 Logical Access Security 03 Dedicated
More informationACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION
ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION Document Control Owner: Distribution List: Data Protection Officer Relevant individuals who access, use, store or
More informationIMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates
IMPACT OF INTERNATIONAL PRIVACY REGULATIONS Michelle Caswell, Coalfire Julia Jacobson, K&L Gates Introduction to International Privacy Law General Data Protection Regulation 2 2018 HITRUST Alliance What
More informationHow the GDPR will impact your software delivery processes
How the GDPR will impact your software delivery processes About Redgate 230 17 202,000 2m Redgaters and counting years old customers SQL Server Central and Simple Talk users 91% of the Fortune 100 use
More informationTRACKVIA SECURITY OVERVIEW
TRACKVIA SECURITY OVERVIEW TrackVia s customers rely on our service for many mission-critical applications, as well as for applications that have various compliance and regulatory obligations. At all times
More informationDo you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?
European Union (EU) General Data Protection Regulation (GDPR) Do you handle EU residents personal data? The GDPR update is coming May 25, 2018. Are you ready? What do you need to do? Governance and Accountability
More informationGeneral Data Protection Regulation (GDPR)
BCD Travel s Response to the EU General Data Protection Regulation (GDPR) November 2017 Page 1 Response to the EU GDPR Copyright 2017 by BCD Travel N.V. All rights reserved. November 2017 Copyright 2017
More informationData Protection Policy
Data Protection Policy Data Protection Policy Version 3.00 May 2018 For more information, please contact: Technical Team T: 01903 228100 / 01903 550242 E: info@24x.com Page 1 The Data Protection Law...
More informationBHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD
BHBIA New Data Protection Rules Pharma Company Perspective Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD Pharma Company Perspective Data Controllers Responsibilities
More informationCisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th
Cisco Spark and GDPR Thomas Flambeaux Collaboration Consulting Solution Engineer, Security and Compliance Cisco Connect 2018 Copenhagen April 12th 2015 Cisco and/or its affiliates. All rights reserved.
More informationTalenom Plc. Description of Data Protection and Descriptions of Registers
Talenom Plc. Description of Data Protection and Descriptions of Registers TALENOM DESCRIPTION OF DATA PROTECTION Last updated 14 March 2018 Scope Limitations Data protection principles Personal data Registers
More informationGDPR Compliance. Clauses
1 Clauses GDPR The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a privacy and data protection regulation in the European Union (EU). It became enforceable from May 25 2018. The
More informationGetting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions
Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across
More informationData Processing Agreement
In accordance with the European Parliament- and Council s Directive (EU) 2016/679 of 27th April 2016 (hereinafter GDPR) on the protection of physical persons in connection with the processing of personal
More informationHow WhereScape Data Automation Ensures You Are GDPR Compliant
How WhereScape Data Automation Ensures You Are GDPR Compliant This white paper summarizes how WhereScape automation software can help your organization deliver key requirements of the General Data Protection
More informationGDPR: An Opportunity to Transform Your Security Operations
GDPR: An Opportunity to Transform Your Security Operations McAfee SIEM solutions improve breach detection and response Is your security operations GDPR ready? General Data Protection Regulation (GDPR)
More informationINTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE
INTO THE CLOUD WHAT YOU NEED TO KNOW ABOUT ADOPTION AND ENSURING COMPLIANCE INTRODUCTION AGENDA 01. Overview of Cloud Services 02. Cloud Computing Compliance Framework 03. Cloud Adoption and Enhancing
More informationGDPR AMC SAAS AND HOSTED MODULES. UK version. AMC Consult A/S June 26, 2018 Version 1.10
GDPR AMC SAAS AND HOSTED MODULES UK version AMC Consult A/S June 26, 2018 Version 1.10 INDEX 1 Signatures...3 2 General...4 3 Definitions...5 4 Scoping...6 4.1 In scope...6 5 Responsibilities of the data
More informationEmsi Privacy Shield Policy
Emsi Privacy Shield Policy Scope The Emsi Privacy Shield Policy ( Policy ) applies to the collection and processing of Personal Data that Emsi obtains from Data Subjects located in the European Union (
More informationCOMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2
COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September 2018 Table of Contents 1. Scope, Purpose and Application to Employees 2 2. Reference Documents 2 3. Definitions 3 4. Data Protection Principles
More informationOverview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018
Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018 Agenda Principal Obligations Under GDPR Key U.S. Privacy & Cybersecurity Laws E.U.
More informationPrivacy Policy. In this data protection declaration, we use, inter alia, the following terms:
Last updated: 20/04/2018 Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of VITO (Vlakwa). The
More informationWHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report
KuppingerCole Report WHITE PAPER by Mike Small December 2017 GDPR introduces stringent controls over the processing of PII relating to people resident in the EU with high penalties for non-compliance.
More informationFileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved
FileFacets for GDPR Solution Overview for Compliance Copyright 2017 FileFacets Corporation. All rights reserved Contents FileFacets Overview... 3 GDPR Key Changes... 4 Key Changes to Policy... 4 Key Changes
More informationGDPR compliance. GDPR preparedness with OpenText InfoArchive. White paper
White paper GDPR preparedness with OpenText InfoArchive The new EU privacy law, GDPR, will be in effect in less than a year. OpenText has the solutions to help you prepare and comply to this new law. Contents
More informationGeneral Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant
General Data Protection Regulation April 3, 2018 Sarah Ackerman, Managing Director Ross Patz, Consultant Introductions Sarah Ackerman, CISSP, CISA Managing Director, Cincinnati Responsible for overall
More informationData Management and Security in the GDPR Era
Data Management and Security in the GDPR Era Franck Hourdin; Vice President, EMEA Security Russ Lowenthal; Director, Database Security Product Management Mike Turner; Chief Operating Officer, Capgemini
More informationGDPR: A QUICK OVERVIEW
GDPR: A QUICK OVERVIEW 2018 Get ready now. 29 June 2017 Presenters Charles Barley Director, Risk Advisory Services Charles Barley, Jr. is responsible for the delivery of governance, risk and compliance
More informationDATA PROTECTION POLICY THE HOLST GROUP
DATA PROTECTION POLICY THE HOLST GROUP INTRODUCTION The purpose of this document is to provide a concise policy regarding the data protection obligations of The Holst Group. The Holst Group is a data controller
More informationHow icims Supports. Your Readiness for the European Union General Data Protection Regulation
How icims Supports Your Readiness for the European Union General Data Protection Regulation The GDPR is the EU s next generation of data protection law. Aiming to strengthen the security and protection
More informationAdtech and GDPR What to consider when choosing your partner
Adtech and GDPR What to consider when choosing your partner 1 Agenda What to avoid and What to do Where is Adform on GDPR Posibilities for advertisers 2 This is about GDPR, not the unknown eprivacy update
More informationAgenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2
GRC3386BUS GDPR Readiness with IBM Cloud Secure Virtualization Raghu Yeluri, Intel Corporation Shantu Roy, IBM Bill Hackenberger, Hytrust #VMworld #GRC3386BUS Agenda GDPR Overview & Requirements IBM Secure
More informationngenius Products in a GDPR Compliant Environment
l FAQ l ngenius Products in a GDPR Compliant Environment This document addresses questions from organizations that use ngenius Smart Data Core platform and application products and are evaluating their
More informationthe processing of personal data relating to him or her.
Privacy Policy We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the Hotel & Pensionat Björkelund. The use of
More informationData Processing Clauses
Data Processing Clauses The examples of processing clauses below are proposed pending the adoption of standard contractual clauses within the meaning of Article 28.8 of general data protection regulation.
More informationRights of Individuals under the General Data Protection Regulation
Rights of Individuals under the General Data Protection Regulation 2018 Contents Introduction... 2 Glossary... 3 Personal data... 3 Processing... 3 Data Protection Commission... 3 Data Controller... 3
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified Data Protection Officer The objective of the PECB Certified Data Protection Officer examination is to ensure that the candidate has acquired the knowledge and skills
More informationQ&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR )
Q&A for Citco Fund Services clients The General Data Protection Regulation ( GDPR ) May 2018 Document Classification Public Q&A for Citco Fund Services clients in relation to The General Data Protection
More informationYou will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to
Suzanne Dibble 2018. Copyright in this document belongs to Suzanne Dibble. You may not copy or use it for any purpose unless you have purchased this template document from Suzanne Dibble. You may not allow
More informationGoogle Cloud & the General Data Protection Regulation (GDPR)
Google Cloud & the General Data Protection Regulation (GDPR) INTRODUCTION General Data Protection Regulation (GDPR) On 25 May 2018, the most significant piece of European data protection legislation to
More informationWhat You Need to Know About Addressing GDPR Data Subject Rights in Pivot
What You Need to Know About Addressing GDPR Data Subject Rights in Pivot Not Legal Advice This document is provided for informational purposes only and must not be interpreted as legal advice or opinion.
More informationHPE DATA PRIVACY AND SECURITY
ARUBA, a Hewlett Packard Enterprise company, product services ( Services ) This Data Privacy and Security Agreement ("DPSA") Schedule governs the privacy and security of Personal Data by HPE in connection
More informationAWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services
AWS Webinar Navigating GDPR Compliance on AWS Christian Hesse Amazon Web Services What is the GDPR? What is the GDPR? The "GDPR" is the General Data Protection Regulation, a significant new EU Data Protection
More informationGeneral Data Protection Regulation for ecommerce. Reach Digital - 18 december 2017
General Data Protection Regulation for ecommerce Reach Digital - 18 december 2017 GDPR for ecommerce This document is intended to determine the recommendations and responsibilities for an ecommerce merchant
More informationGDPR Processor Security Controls. GDPR Toolkit Version 1 Datagator Ltd
GDPR Processor Security Controls GDPR Toolkit Version 1 Datagator Ltd Implementation Guidance (The header page and this section must be removed from final version of the document) Purpose of this document
More informationPrivacy Policy CARGOWAYS Logistik & Transport GmbH
Privacy Policy CARGOWAYS Logistik & Transport GmbH We are very delighted that you have shown interest in our enterprise. Data protection is of a particularly high priority for the management of the CARGOWAYS
More informationEmergency Compliance DG Special Case DAMA INDIANA
1 Emergency Compliance DG Special Case DAMA INDIANA Agenda 2 Overview of full-blown data governance (DG) program Emergency compliance with a specific regulation We'll use GDPR as an example What is GDPR
More informationCreative Funding Solutions Limited Data Protection Policy
Creative Funding Solutions Limited Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationlocuz.com SOC Services
locuz.com SOC Services 1 Locuz IT Security Lifecycle services combine people, processes and technologies to provide secure access to business applications, over any network and from any device. Our security
More informationThis guide is for informational purposes only. Please do not treat it as a substitute of a professional legal
What is GDPR? GDPR (General Data Protection Regulation) is Europe s new privacy law. Adopted in April 2016, it replaces the 1995 Data Protection Directive and marks the biggest change in data protection
More informationNEWSFLASH GDPR N 8 - New Data Protection Obligations
GDPR N 8 May 2017 NEWSFLASH GDPR N 8 - New Data Protection Obligations Following the adoption of the new EU General Data Protection Regulation (GDPR) on 27 April 2016, most organisations began to re-examine
More information"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.
Rushcliff Ltd Data Processing Agreement This Data Processing Agreement ( DPA ) forms part of the main terms of use of PPS, PPS Express, PPS Online booking, any other Rushcliff products or services and
More informationG DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know
G DATA Whitepaper The new EU General Data Protection Regulation - What businesses need to know G DATA Software AG September 2017 Introduction Guaranteeing the privacy of personal data requires more than
More informationMotorola Mobility Binding Corporate Rules (BCRs)
Motorola Mobility Binding Corporate Rules (BCRs) Introduction These Binding Privacy Rules ( Rules ) explain how the Motorola Mobility group ( Motorola Mobility ) respects the privacy rights of its customers,
More informationGeneral Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant
General Data Protection Regulation: Knowing your data Title Prepared by: Paul Barks, Managing Consultant Table of Contents 1. Introduction... 3 2. The challenge... 4 3. Data mapping... 7 4. Conclusion...
More informationGDPR Controls and Netwrix Auditor Mapping
GDPR Controls and Netwrix Auditor Mapping www.netwrix.com Toll-free: 888-638-9749 About GDPR The General Data Protection Regulation (GDPR) is a legal act of the European Parliament and the Council (Regulation
More informationGLOBAL DATA PROTECTION POLICY
GLOBAL DATA PROTECTION POLICY BRS UK Version 1.0 TABLE OF CONTENTS SCOPE 2 COLLECTION AND PROCESSING USE OF YOUR PERSONAL DATA 2 Compliance with the European data protection law and any additional applicable
More informationUSER CORPORATE RULES. These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy.
These User Corporate Rules are available to Users at any time via a link accessible in the applicable Service Privacy Policy. I. OBJECTIVE ebay s goal is to apply uniform, adequate and global data protection
More informationMySQL Enterprise Security
MySQL Enterprise Security Mike Frank Product Management Director Safe Harbor Statement The following is intended to outline our general product direction. It is intended for information purposes only,
More informationIslam21c.com Data Protection and Privacy Policy
Islam21c.com Data Protection and Privacy Policy Purpose of this policy The purpose of this policy is to communicate to staff, volunteers, donors, non-donors, supporters and clients of Islam21c the approach
More informationMagento GDPR Frequently Asked Questions
Magento GDPR Frequently Asked Questions Whom does GDPR impact? Does this only impact European Union (EU) based companies? The new regulation provides rules that govern how companies may collect and handle
More informationUnderstand & Prepare for EU GDPR Requirements
Understand & Prepare for EU GDPR Requirements The information landscape has changed significantly since the European Union (EU) introduced its Data Protection Directive in 1995 1 aimed at protecting the
More informationGDPR COMPLIANCE REPORT
2018 GDPR COMPLIANCE REPORT INTRODUCTION Effective as of May 25, 2018, the European Union General Data Protection Regulation (GDPR) represents the most sweeping change in data privacy regulation in decades.
More informationGeneral Data Protection Regulation (GDPR) The impact of doing business in Asia
SESSION ID: GPS-R09 General Data Protection Regulation (GDPR) The impact of doing business in Asia Ilias Chantzos Senior Director EMEA & APJ Government Affairs Symantec Corporation @ichantzos Typical Customer
More informationCloud Computing, SaaS and Outsourcing
Cloud Computing, SaaS and Outsourcing Michelle Perez, AGC Privacy, IPG Bonnie Yeomans, VP, AGC & Privacy Officer, CA Technologies PLI TechLaw Institute 2017: The Digital Agenda Introduction to the Cloud
More informationPercona Server for MySQL 8.0 Walkthrough
Percona Server for MySQL 8.0 Walkthrough Overview, Features, and Future Direction Tyler Duzan Product Manager MySQL Software & Cloud 01/08/2019 1 About Percona Solutions for your success with MySQL, MongoDB,
More informationA practical guide to using ScheduleOnce in a GDPR compliant manner
A practical guide to using ScheduleOnce in a GDPR compliant manner Table of Contents Glossary 2 Background What does the GDPR mean for ScheduleOnce users? Lawful basis for processing Inbound scheduling
More informationElement Finance Solutions Ltd Data Protection Policy
Element Finance Solutions Ltd Data Protection Policy CONTENTS Section Title 1 Introduction 2 Why this Policy Exists 3 Data Protection Law 4 Responsibilities 5 6 7 8 9 10 Data Protection Impact Assessments
More informationPlan a Pragmatic Approach to the new EU Data Privacy Regulation
AmChamDenmark event: EU Compliant & Cyber Resistant Plan a Pragmatic Approach to the new EU Data Privacy Regulation Janus Friis Bindslev, Partner Cyber Risk Services, Deloitte 4 February 2016 Agenda General
More informationSECURITY & PRIVACY DOCUMENTATION
Okta s Commitment to Security & Privacy SECURITY & PRIVACY DOCUMENTATION (last updated September 15, 2017) Okta is committed to achieving and preserving the trust of our customers, by providing a comprehensive
More informationCIPP/E CIPT. Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification
CIPP/E CIPT Data Protection Technologist (DPT) Training Bundle Official IAPP Training and Certification The CIPP/E + CIPT credentials shows you ve got the knowledge to build your organization s privacy
More informationDATA PROTECTION A GUIDE FOR USERS
DATA PROTECTION A GUIDE FOR USERS EN Contents Introduction 5 Data protection standards - making a difference in the European Parliament 7 Data protection the actors 8 Data protection the background 9 How
More informationArkadin Data protection & privacy white paper. Version May 2018
Arkadin Data protection & privacy white paper Version May 2018 Table of Contents 1- About Arkadin 4 2- Objectives 6 3- What does the GDPR cover? 8 4- What does the GDPR require? 10 5- Who are the data
More informationThe Role of the Data Protection Officer
The Role of the Data Protection Officer Adrian Ross LLB (Hons), MBA GRC Consultant IT Governance Ltd 28 July 2016 www.itgovernance.co.uk Introduction Adrian Ross GRC consultant Infrastructure services
More informationDATA PROCESSING AGREEMENT
DATA PROCESSING AGREEMENT This Data Processing Agreement ( DPA ) is entered into between: A. The company stated in the Subscription Agreement (as defined below) ( Data Controller ) and B. Umbraco A/S Haubergsvej
More informationINFORMATION TO BE GIVEN 2
(To be filled out in the EDPS' office) REGISTER NUMBER: 1423 (To be filled out in the EDPS' office) NOTIFICATION FOR PRIOR CHECKING DATE OF SUBMISSION: 03/01/2017 CASE NUMBER: 2017-0015 INSTITUTION: ESMA
More informationADIENT VENDOR SECURITY STANDARD
Contents 1. Scope and General Considerations... 1 2. Definitions... 1 3. Governance... 2 3.1 Personnel... 2 3.2 Sub-Contractors... 2 3.3. Development of Applications... 2 4. Technical and Organizational
More informationBaseline Information Security and Privacy Requirements for Suppliers
Baseline Information Security and Privacy Requirements for Suppliers INSTRUCTION 1/00021-2849 Uen Rev H Ericsson AB 2017 All rights reserved. The information in this document is the property of Ericsson.
More informationData Processing Agreement for Oracle Cloud Services
Data Processing Agreement for Oracle Cloud Services Version January 12, 2018 1. Scope, Order of Precedence and Term 1.1 This data processing agreement (the Data Processing Agreement ) applies to Oracle
More informationSOC 3 for Security and Availability
SOC 3 for Security and Availability Independent Practioner s Trust Services Report For the Period October 1, 2015 through September 30, 2016 Independent SOC 3 Report for the Security and Availability Trust
More informationPercona Software & Services Update
Percona Software & Services Update Q4 2016 Peter Zaitsev,CEO Percona Technical Webinars January 12, 2017 Why? Talking to Many Users and Customers Getting What have you been up to? Question This is a way
More informationPrivacy Policy. Effective date: 21 May 2018
Privacy Policy Effective date: 21 May 2018 We at Meetingbird know you care about how your personal information is used and shared, and we take your privacy seriously. Please read the following to learn
More informationGeneral Data Protection Regulation (GDPR) FAQ
General Data Protection Regulation (GDPR) FAQ At Salesforce, trust is our #1 value and the protection of our customers data is paramount. We know that many organizations have questions about the GDPR and
More informationPrivacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information
Privacy Statement Introduction Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information about how IT Support (UK) Ltd handle personal information.
More informationHIPAA Security and Privacy Policies & Procedures
Component of HIPAA Security Policy and Procedures Templates (Updated for HITECH) Total Cost: $495 Our HIPAA Security policy and procedures template suite have 71 policies and will save you at least 400
More informationCriminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud
Criminal Justice Information Security (CJIS) Guide for ShareBase in the Hyland Cloud Introduction The Criminal Justice Information Security (CJIS) Policy is a publically accessible document that contains
More informationEU General Data Protection Regulation (GDPR) Achieving compliance
EU General Data Protection Regulation (GDPR) Achieving compliance GDPR enhancing data protection and privacy The new EU General Data Protection Regulation (GDPR) will apply across all EU member states,
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationGDPR: A technical perspective from Arkivum
GDPR: A technical perspective from Arkivum Under the GDPR, you have a general obligation to implement technical and organisational measures to show that you have considered and integrated data protection
More informationEU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?
EU GDPR and Email The EU General Data Protection Regulation (GDPR) is the new legal framework governing the use of the personal data of European Union (EU) citizens across all EU markets. It replaces existing
More informationThe HIPAA Omnibus Rule
The HIPAA Omnibus Rule What You Should Know and Do as Enforcement Begins Rebecca Fayed, Associate General Counsel and Privacy Officer Eric Banks, Information Security Officer 3 Biographies Rebecca C. Fayed
More informationDATA PROTECTION POLICY
DATA PROTECTION POLICY Introduction The purpose of this document is to provide a concise policy regarding the data protection obligations of Youth Work Ireland. Youth Work Ireland is a data controller
More informationData Protection and GDPR
Data Protection and GDPR At DPDgroup UK Ltd (DPD & DPD Local) we take data protection seriously and have updated all our relevant policies and documents to ensure we meet the requirements of GDPR. We have
More informationData Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform
Data Governance: Data Usage Labeling and Enforcement in Adobe Cloud Platform Contents What is data governance? Why data governance? Data governance roles. The Adobe Cloud Platform advantage. A framework
More information01.0 Policy Responsibilities and Oversight
Number 1.0 Policy Owner Information Security and Technology Policy Policy Responsibility & Oversight Effective 01/01/2014 Last Revision 12/30/2013 Department of Innovation and Technology 1. Policy Responsibilities
More informationMySQL Enterprise Edition
MySQL Enterprise Edition and EU General Data Protection Regulation (GDPR) A MySQL White Paper May, 2017 2017, Oracle Corporation and/or its affiliates Table of Contents Executive Summary... 3 Introduction
More informationThe Common Controls Framework BY ADOBE
The Controls Framework BY ADOBE The following table contains the baseline security subset of control activities (derived from the Controls Framework by Adobe) that apply to Adobe s enterprise offerings.
More information