GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

Similar documents
Data Management and Security in the GDPR Era

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

EU General Data Protection Regulation (GDPR) Achieving compliance

GENERAL DATA PROTECTION REGULATION (GDPR) CLIENT INFORMATION GENERAL DATA PROTECTION REGULATION CLIENT INFORMATION

Embedding GDPR into the SDLC

Embedding GDPR into the SDLC. Sebastien Deleersnyder Siebe De Roovere

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

General Data Protection Regulation (GDPR)

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

How To Establish A Compliance Program. Richard E. Mackey, Jr. SystemExperts Corporation

GDPR is here to stay. How prepared are you?

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Accelerate GDPR compliance with the Microsoft Cloud

GDPR: A QUICK OVERVIEW

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

Charting the Course to GDPR: Setting Sail

NYDFS Cybersecurity Regulations

Ex Libris Ltd Alma Privacy Impact Assessment

Virginia State University Policies Manual. Title: Information Security Program Policy: 6110

GENERAL DATA PROTECTION REGULATION (GDPR)

Google Cloud & the General Data Protection Regulation (GDPR)

Developing your GDPR response for competitive advantage. EU General Data Protection Regulation (GDPR)

An Introduction to the ISO Security Standards

INFORMATION ASSET MANAGEMENT POLICY

GDPR: A technical perspective from Arkivum

Unified Communications Phase 2 Presentation to IT Services Users Group

The GDPR Are you ready?

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

Data Processing Clauses

GDPR. Lessons Learned

Eco Web Hosting Security and Data Processing Agreement

EXAM PREPARATION GUIDE

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Ex Libris. Summon Privacy Impact Assessment

Putting It All Together:

ConnectingGTA Combined Back-End and Front-End Solution Privacy Impact Assessment (Executive Summary & Conclusion)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

EY s Data Privacy Services. January 2019

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

IT Privacy Certification Outline of the Body of Knowledge (BOK) for the Certified Information Privacy Technologist (CIPT)

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

SCHOOL SUPPLIERS. What schools should be asking!

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

EY s data privacy service offering

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

Why you should adopt the NIST Cybersecurity Framework

LBI Public Information. Please consider the impact to the environment before printing this.

Data Protection Policy

Data Protection. Plugging the gap. Gary Comiskey 26 February 2010

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

New York Department of Financial Services Cybersecurity Regulation Compliance and Certification Deadlines

SECURITY & PRIVACY DOCUMENTATION

Cloud Computing Standard 1.1 INTRODUCTION 2.1 PURPOSE. Effective Date: July 28, 2015

GDPR Compliance. Clauses

Overview of Key E.U. and U.S. Privacy and Cybersecurity Laws. Brett Lockwood Smith, Gambrell & Russell, LLP May 15, 2018

Data Processing Agreement

Element Finance Solutions Ltd Data Protection Policy

General Data Protection Regulation (GDPR)

University of Pittsburgh Security Assessment Questionnaire (v1.7)

Security and Privacy Governance Program Guidelines

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

Presented by Ingrid Fredeen and Pamela Passman. Copyright 2017NAVEXGlobal,Inc. AllRightsReserved. Page 0

GDPR: The Day After. Pierre-Luc REFALO

Information technology Security techniques Code of practice for personally identifiable information protection

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

01.0 Policy Responsibilities and Oversight

Incentives for IoT Security. White Paper. May Author: Dr. Cédric LEVY-BENCHETON, CEO

PS Mailing Services Ltd Data Protection Policy May 2018

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Auditing Bring Your Own Devices (BYOD) Risks. Shannon Buckley

THE PROCESS FOR ESTABLISHING DATA CLASSIFICATION. Session #155

GDPR compliance: some basics & practical to do list

2 The IBM Data Governance Unified Process

EHR SECURITY POLICIES & SECURITY SITE ASSESSMENT OVERVIEW WEBINAR. For Viewer Sites

Towards an integrated regulation platform in Luxembourg. Information Security Education Day th of april

Checklist: Credit Union Information Security and Privacy Policies

Managing Microsoft 365 Identity and Access

PREPARING FOR THE GDPR AT THE UNIVERSITY OF HELSINKI

Enhancing Security With SQL Server How to balance the risks and rewards of using big data

TIPS FOR FORGING A BETTER WORKING RELATIONSHIP BETWEEN COUNSEL AND IT TO IMPROVE CYBER-RESPONSE

Creative Funding Solutions Limited Data Protection Policy

Just-Property Ltd GDPR Client Data Register

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

GDPR: A GUIDE TO READINESS

Kährs Group s Privacy Policy

BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE

Case Study Vitality Justin Skinner Group Chief Risk Officer

Getting personal with your customers and GDPR

IT Security Training MS-500: Microsoft 365 Security Administration. Upcoming Dates. Course Description. Course Outline $2,

Magento GDPR Frequently Asked Questions

Healthcare Security Success Story

Data Protection Policy

VERSION 1.3 MAY 1, 2018 SNOWFLY PRIVACY POLICY SNOWFLY PERFORMANCE INC. P.O. BOX 95254, SOUTH JORDAN, UT

Hong Kong s Personal Data (Privacy) Ordinance

Transcription:

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

GDPR Roadmap Continuous Awareness Program Implement Privacy Solutions Intergrade Privacy into Operations Evaluate KPIs & execute scenarios in order verify GDPR compliance Record outcomes and Identify Gaps & breaches 9 10 11 8 Execute PIA Engage Company Functions Establish Methodology Approach 7 6 5 Create Governance & Assign Stakeholders Analyse Regulation Present Regulation to High Management Define GDPR & PIA Framework 1 2 3 4

Maturity Status (PIA Results ) Personal Data Processing Basic Principles Organizational Structure Safeguarding Data Subject s Rights Policies and Procedures Personal Data Breach Notification Level 2 Level 2 Level 3 Audit and Continuous Improvement Level 3 Level 3 Level 2 Based on CMMI Maturity Model Security Level 3 Legend 1 Initial 2 Managed 3 Defined 4 Measured 5 Optimized

GDPR Findings Consent Requests for consent for different purposes are not distinguished. Consent is opt-out Retention Portability Retention periods for personal data are not clearly defined. No policy for satisfying requests for personal data portability. Security USB ports are enabled on all corporate PCs and Laptops. Emails containing personal data are not encrypted Forgetness Collection Purpose Contracts Audit Data Breach There are no mechanisms for personal data erasure. Not all data collected, stored, transferred etc. are necessary for the purposes of personal data processing The template contract between IAG and an insurer partner is not updated based on GDPR provisions The scope and criteria of the internal audit process does not include personal data protection requirements. The security incidents records do not include all the required information regarding personal data breaches.

GDPR : Effort Diagram Governance Policies & procedures 10% Security 10% Awareness 10% Data Governance 70%

Approaching GDPR (Governance & Policies ) Assign the role of Data Protection Officer (DPO) and appoint responsibilities Document a corporate Data Protection Policy Create DPO HUB ( DPO, Info Sec, BCM, Legal, Compliance, Risk, IT Sec) Define KPIs for the measurement of GDPR performance Establish communication with Data Protection Authority Review and update contracts & agreements with processors

Approaching GDPR (Security) Implement Data Protection Policy security controls Strengthen DLP functionality Encrypt or Mask personal information depending on purpose Review the removable storage media policy & procedure Review, adjust & enhance processes to satisfy requests from data subjects Secure Application environment & encryption in corporate mobile devices

Approaching GDPR ( Awareness ) Educate/Train people according to GDPR principles Create internal site for Security & GDPR Awareness Uploading Videos & Quizzes in portal, Posters, Manuals & Guidelines Executing periodical Clean Desk Assessment Reward employees who comply GDPR requirements Live Presentations across all different business functions

Approaching GDPR ( Data Governance ) Strengthen corporate Data Governance Policy incorporating GDPR requirements Enhance Data Lineage ( Data Processes & Flows ) Create a personal data processing register Tagging personal and sensitive identifier ( PII, SII, VII ) Enhance Data Remediation processes Create common data glossary

Approaching GDPR ( Data Governance ) Assign the role of Data Traffic Controller and appoint responsibilities Confirm existence of Data Owner per data category within framework Adjust current Retention Policy Data Disposal either hardcopy or electronic Create Internal Data Request Center Adjust Data Collection possesses according to GDPR requirements

Data Governance: Data Manipulation Metadata Management SAS Data Management Studio

Data Governance: Data Management Enterprise Data Lineage SAS Data Lineage Join with TB1TRAN (policy transactions) &TB1PREM (premiums) tables Used by VONEPRTF (portfolio) & VONEGWP (Gross Written Premium)views Execute 02.Business Rule for TB1IPRST (Premium Stage) Content

Data Governance: Data Framework SAS Data Management Studio Data Controls Business Rule transformed to Technical Rule

GDPR New Principles Personal Identity Information -PII SAS Data Management Studio

Data Governance: Data Framework Wiki-Like Search SAS Business Glossary

Data Governance: Data Framework Data Remediation SAS Data Management Studio

Data Governance: Data Framework Data Monitoring and Dash boarding SAS Data Monitoring & Dash boarding

GDPR New Principles SAS Federation Server Data Encryption and Data Masking by creating technical rules

GDPR New Principles SAS Federation Server Data Encryption for Email Account Data Masking for Customer Name

GDPR New Principles Enterprise, Govern, Risk and Compliance (EGRC) ` Impact mitigation tools for data breaches SAS Enterprise GRC

Data & Reporting Request Center

Last but not least. Set up a Clean Desk policy Ensure paper documents are safely stored and disposed of Classify Unstructured data Employee involvement through continuous awareness Verify Processors compliance Control requests for data Expected additional guidelines from Data Protection Authority & Hellenic Insurance Union

GDPR : Post implementation Benefits Strengthen customer trust and customer relationships, resulting in loyalty Enhance market reputation & business cooperation Competitive market advantage Strengthen security & minimized security Incident Digital benchmark through PIA Smart Big Data leads to better, safer, faster processing Elimination of redundant or duplicate data leads to reduced costs & faster processes

GDPR is not just another framework or regulation but a great opportunity to enhance operational excellence!

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback