Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Similar documents
ENISA activities in ICT security certification Dr. Prokopios Drogkaris NIS Expert NLO Meeting Athens

New cybersecurity landscape in the EU Sławek Górniak 9. CA-Day, Berlin, 28th November 2017

Our agenda. The basics

Infrastructures and Service Dimitra Liveri Network and Information Security Expert, ENISA

Technical guidelines implementing eidas

The NIS Directive and Cybersecurity in

EU General Data Protection Regulation (GDPR) Achieving compliance

The Role of ENISA in the Implementation of the NIS Directive Anna Sarri Officer in NIS CIP Workshop Vienna 19 th September 2017

The emerging EU certification framework: A role for ENISA Dr. Andreas Mitrakas Head of Unit EU Certification Framework Conference Brussels 01/03/18

The Network and Information Security Directive - ENISA's contribution

Securing Europe s IoT Devices and Services

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

ENISA EU Threat Landscape

Network and Information Security Directive

Security Aspects of Trust Services Providers

Discussion on MS contribution to the WP2018

The EU Cybersecurity Package: Implications for ENISA Dr. Steve Purser Head of ENISA Core Operations Athens, 30 th January 2018

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

2017 ANNUAL TRUST SERVICES SECURITY INCIDENTS ANALYSIS. ENISA Article 19 Team

ENISA Cooperation in the EU / NIS Directive

GDPR compliance: some basics & practical to do list

General Data Protection Regulation (GDPR) NEW RULES

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

NIS Standardisation ENISA view

NIS Directive development The Incident Notification Framework

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

General Data Protection Regulation (GDPR)

European Union Agency for Network and Information Security

ENISA & Cybersecurity. Steve Purser Head of Technical Competence Department December 2012

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

IoT and Smart Infrastructure efforts in ENISA

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Data Management and Security in the GDPR Era

Cybersecurity Considerations for GDPR

Cyber Security Beyond 2020

The Impact of GDPR Compliance on IT and Security

General Data Protection Regulation (GDPR)

I GOT ROBBED! HOW NYS AND THE US SHOULD PROTECT YOUR DATA ONLINE

ENISA s Position on the NIS Directive

Cybersecurity & Digital Privacy in the Energy sector

Achieving Global Cyber Security Through Collaboration

Resilience, Deterrence and Defence: Building strong cybersecurity for the EU

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

GDPR - Are you ready?

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

H2020 WP Cybersecurity PPP topics

ENISA And Standards Adri án Belmonte ETSI Security Week Event Sophia Antipolis (France) 22th June

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

ARE YOU READY FOR GDPR?

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

EU General Data Protection Regulation (GDPR) A Point of View for Technology Sector Organisations. For private circulation only.

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

Privacy by Design, Security by Design

SCHOOL SUPPLIERS. What schools should be asking!

Implementing the new GDPR: what does it mean for Universities?

The Role of the Data Protection Officer

Adtech and GDPR What to consider when choosing your partner

Preparing for the GDPR

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

Package of initiatives on Cybersecurity

Call for Expressions of Interest

GDPR: A technical perspective from Arkivum

PROJECT BACKGROUND AND RATIONALE

Development, Analysis and Evaluation of Cyber Resilience Strategies

Arkadin Data protection & privacy white paper. Version May 2018

COMMISSION STAFF WORKING DOCUMENT EXECUTIVE SUMMARY OF THE IMPACT ASSESSMENT. Accompanying the document

CNPD Course: Data Protection Basics

How the European Commission is supporting innovation in mobile health technologies Nordic Mobile Healthcare Technology Congress 2015

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

European Union Agency for Network and Information Security

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

Accelerate GDPR compliance with the Microsoft Cloud

DATA PROTECTION BY DESIGN

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

A Practical Look into GDPR for IT

Islam21c.com Data Protection and Privacy Policy

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

Developments in Global Data Protection & Transfer: How They Impact Third-Party Contracts

GDPR Update and ENISA guidelines

Emergency Compliance DG Special Case DAMA INDIANA

The GDPR Are you ready?

How the GDPR will impact your software delivery processes

L attuale scenario in cyber security all indomani dell adozione di nuovi quadri normativi europei

STANDARDS TO HELP COMPLY WITH EU LEGISLATION. EUROPE HAS WHAT IT TAKES INCLUDING THE WILL?

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

What is GDPR? Editorial: The Guardian: August 7th, EU Charter of Fundamental Rights, 2000

Forms. GDPR for Zoho Forms

The GDPR: The catalyst for customer July 2017

The Digitalisation of Finance

Cyber Security in Europe

ENISA S WORK ON ICS AND SMART GRID SECURITY

Meeting GDPR Requirements with GoAnywhere MFT

Cybersecurity in the EU Steve Purser Head of Operational Departments, ENISA Regional Cybersecurity Forum Sofia, Bulgaria 29 th November 2016 European

Transcription:

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo 15.9.2017 European Union Agency for Network and Information Security

Fighting fraud in school exams Different decisions under Data Protection Directive 95/46/EC from National DPAs 2

Securing Europe s Information society 3

Positioning ENISA activities CAPACITY Hands on activities POLICY Support MS & COM in policy implementation Harmonisation across EU EXPERTISE Recommendations Independent Advice 4

Technologies revolutionizing IT markets (back in 2015) Big data Ability to run complex calculations on big amounts of data in a meaningful time frame Sensors and actuators Cloud computing Mobile technology Natural user interfaces Computation, storage, and networks Introduction of cheap sensors and actuators to many different appliances to collect huge amounts of data Hosting of software on centralized servers with high-speed access through the Internet Massive increase of mobile computing power, storage, and bandwidth Creation of new kinds of interfaces that allow for more intuitive handling of IT systems Possibility to store large amounts of data and transfer the data with high bandwidth between computers Source: Gartner 5

EU Policy Context Network and Information Security Directive EU Cybersecurity Strategy* General Data Protection Regulation Digital Single Market Strategy eidas Regulation Strengthening Europe s Cyber Resilience System and Fostering a Competitive and Innovative Cybersecurity Industry Proposal for a Regulation on Privacy and Electronic Communications 6

GDPR Overview Harmonization Broader Scope Obligations Strengthened Rights of individuals One Stop Shop European Data Protection Board Wider definition of Personal Data Obligations on both controller and processor Transparency/Notices Data Protection Impact Assessment Data Protection Officer Right to erasure Data Portability Consent Security Outside EU Personal Data Breach Fines Data protection by design and by default Pseudonymisation Encryption Non - EU companies will need to appoint a representative in the EU Notification to the supervisory authority Notification to the data Subject up to 4 % of the total worldwide annual turnover Risk Based Approach 7

Data Protection: more than IT Security IT security: The adversary is Eve (or Mallory) Data protection: The adversary is Bob http://rmg.zum.de/wiki/benutzer:deininger_matt hias/facharbeit/alice_bob_und_mallory 8

More Information Security? more effort from data controllers and data processors regarding information security 9

Need for technology Article 15 Right of access by the data subject Article 16 Right to rectification Article 17 Right to erasure (right to be forgotten) Article 18 Right to restriction of processing Article 19 Notification obligation regarding rectification or erasure of personal data or restriction of processing Article 20 Right to data portability Article 21 Right to object Article 22 Automated individual decision-making, including profiling Article 25 Data protection by design and default 10

ENISA activities in GDPR Security of personal data Privacy Enhancing Technologies Crypto Personal data breaches Certification, Seals & Marks Transparency, control, new user rights Personal Data Clouds Right to be forgotten Big data privacy 11

PETs control matrix A systematic approach for assessing online privacy tools (PETs) an assessment framework and tool for the systematic presentation and evaluation of online and mobile privacy tools for end users a practical tool that can be used for performing the assessment of a PET and presenting the relevant results. 12

PETS Maturity Assessment Beta Demo available at http:\\94.23.106.129 13

Repository 14

Possible ways forward Harmonization of cyber products, services and skills Aligned policies and technical requirements across MSs for products, services and skills Cooperation across EU Foster standardization activities at EU level Demonstrate compliance/ adherence through (lightweight) certification 15

Thank you PO Box 1309, 710 01 Heraklion, Greece Tel: +30 28 14 40 9710 info@enisa.europa.eu www.enisa.europa.eu

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback