Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

Similar documents
Cybersecurity Considerations for GDPR

G DATA Whitepaper. The new EU General Data Protection Regulation - What businesses need to know

EU General Data Protection Regulation (GDPR) Achieving compliance

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Data Management and Security in the GDPR Era

GDPR: A technical perspective from Arkivum

General Data Protection Regulation (GDPR)

The GDPR Are you ready?

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

General Data Protection Regulation (GDPR) Key Facts & FAQ s

General Data Protection Regulation (GDPR)

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

GDPR: A QUICK OVERVIEW

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

General Data Protection Regulation (GDPR) The impact of doing business in Asia

THE NEW EU DATA PROTECTION REGULATION: WHAT IS IT AND WHAT DO WE NEED TO DO? KALLIOPI SPYRIDAKI CHIEF PRIVACY STRATEGIST, EUROPE

How icims Supports. Your Readiness for the European Union General Data Protection Regulation

Managing Privacy Risk & Compliance in Financial Services. Brett Hamilton Advisory Solutions Consultant ServiceNow

Plan a Pragmatic Approach to the new EU Data Privacy Regulation

FileFacets for GDPR. Solution Overview for Compliance. Copyright 2017 FileFacets Corporation. All rights reserved

EU Data Protection Triple Threat for May of 2018 What Inside Counsel Needs to Know

Accelerate GDPR compliance with the Microsoft Cloud

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

The GDPR and NIS Directive: Risk-based security measures and incident notification requirements

Charting the Course to GDPR: Setting Sail

GDPR AND WHAT IT MEANS FOR CRM AND CUSTOMER ENGAGEMENT MAY. A 7-step practical guide to achieving and maintaining GDPR compliance by 25 May 2018

SCHOOL SUPPLIERS. What schools should be asking!

Our agenda. The basics

EU GDPR & NEW YORK CYBERSECURITY REQUIREMENTS 3 KEYS TO SUCCESS

Getting ready for GDPR

SOLUTION BRIEF HELPING BREACH RESPONSE FOR GDPR WITH RSA SECURITY ADDRESSING THE TICKING CLOCK OF GDPR COMPLIANCE

The Role of the Data Protection Officer

EU GDPR & ISO Integrated Documentation Toolkit integrated-documentation-toolkit

Islam21c.com Data Protection and Privacy Policy

PS Mailing Services Ltd Data Protection Policy May 2018

City, University of London Institutional Repository. This version of the publication may differ from the final published version.

How the GDPR will impact your software delivery processes

WHITE PAPER. The General Data Protection Regulation: What Title It Means and How SAS Data Management Can Help

IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT

ZIMBRA & THE IMPACT OF GDPR

A practical guide to using ScheduleOnce in a GDPR compliant manner

General Data Protection Regulation (GDPR) and the Implications for IT Service Management

THE GDPR PCLOUD'S ROAD TO FULL COMPLIANCE

GDPR Compliance. Clauses

GDPR Controls and Netwrix Auditor Mapping

Data Protection Policy

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Data Protection and GDPR

Agenda GDPR Overview & Requirements IBM Secure Virtualization Solution Overview Summary / Call to Action Q & A 2

Version 1/2018. GDPR Processor Security Controls

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

EY s data privacy service offering. How to transform your data privacy capabilities for an EU General Data Protection Regulation (GDPR) world

AWS Webinar. Navigating GDPR Compliance on AWS. Christian Hesse Amazon Web Services

Wonde may collect personal information directly from You when You:

Technical Requirements of the GDPR

Unified Communications Phase 2 Presentation to IT Services Users Group

Element Finance Solutions Ltd Data Protection Policy

General Data Protection Regulation (GDPR) NEW RULES

General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

GDPR: Is it just another regulation or a great opportunity for operational excellence? Athens, February 2018

What the GDPR is and how to deal with it. Russell McDermott Sales Engineer +44 (0) x 2208

Creative Funding Solutions Limited Data Protection Policy

GDPR and the Privacy Shield

General Data Protection Regulation Frequently Asked Questions (FAQ) General Questions

Arkadin Data protection & privacy white paper. Version May 2018

IBM Compliance Offerings For Verse and S1 Cloud. 01 June 2017 Presented by: Chuck Stauber

How to work your cloud around the UK ICO s Data Protection Act

Knowing and Implementing the GDPR Part 3

Cisco Spark and GDPR. Thomas Flambeaux. Collaboration Consulting Solution Engineer, Security and Compliance. Cisco Connect 2018 Copenhagen April 12th

A Practical Look into GDPR for IT

Disruptive Technologies Legal and Regulatory Aspects. 16 May 2017 Investment Summit - Swiss Gobal Enterprise

All you need to know and do to comply with the EU General Data Protection Regulation

Technology's role in General Data Protection Regulation Dr. Prokopios Drogkaris Officer in NIS SECPRE 2017 Oslo

Guide to Cyber Security Compliance with GDPR

IT MANAGEMENT AND THE GDPR: THE VMWARE PERSPECTIVE

General Data Protection Regulation April 3, Sarah Ackerman, Managing Director Ross Patz, Consultant

Contract Services Europe

Sword vs. Shield: Using Forensics Pre-Breach in a GDPR World. September 20, 2017

PRIVACY STATEMENT +41 (0) Rue du Rhone , Martigny, Switzerland.

Data Warehouse Risk Assessment (GDPR)

Privacy by Design, Security by Design

Privacy Code of Conduct on mhealth apps the role of soft-law in enhancing trust ehealth Week 2016

Blue Alligator Company Privacy Notice (Last updated 21 May 2018)

BHConsulting. Your trusted cybersecurity partner

Data Protection Everywhere

How WhereScape Data Automation Ensures You Are GDPR Compliant

Martijn Loderus. Merritt Maxim. Principal Analyst Forrester. Director & Global Practice Partner for Advisory Consulting Janrain

Eco Web Hosting Security and Data Processing Agreement

enter into application on 25 May 2018

GDPR Workflow White Paper

Emsi Privacy Shield Policy

Register of Processings Manual Version: Mei 2018

Eight Minute Expert GDPR

PRIVACY NOTICE (TIER 4)

Dell EMC Data Protection Everywhere

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

Transcription:

Getting ready for GDPR Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

GDPR Background Single EU-wide Regulation Harmonizes Global User Data Protection across all EU member states Regulation = Directly Applicable Extra-territorial applicability All companies processing user date in EU 2

WHAT IS GDPR? On 25 th May 2018 an evolution of the EU Data Protection Directive, the General Data Protection Regulation (GDPR) will come into force Applies to all companies worldwide that collect, process and deal with personal data for citizens of 28 European Union (EU) Countries You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have Source: UK Data Regulator Information Commissioners Offices (ICO) March 2016 Any non EU company working with personal data relating to EU Citizens will have to comply with GDPR including Great Britain even after it leaves the EU Significant monetary fines for non-compliance of up to Euro 20 Million or 4% of annual global turnover 3

GDPR Scope Broad Scope Applies to personal data of EU Citizens Applies to any processing Personal Data: Information relating to an identified or identifiable natural person ( data subject ): name, identification number, location data, online identifier or factors specific to physical, physiological, genetic, mental, economic, cultural or social identity of that natural person Processing: Any (set of) operation(s) which is performed on (sets of) personal data: collection, recording, organization, structuring, storage, adaption, 4 4

Regulation Highlights & Stats Reach Applies to all EEA Member States Applies to both Data Controllers and Data Processors (such as cloud providers) Non EU based companies are also impacted Rights Centred around Privacy as a Human Right and the Subject Extended Right to be forgotten A New Right to Data Portability Enhanced Data Subject Access Right (DSAR) Data Protection Impact Assessment Must be undertaken for certain data processing activities Creates increased flow down obligations from data controller to data processor Sound DPIA execution will improve overall compliance Privacy by Design Enhanced to minimise data collection Stricter rules on retention Increased consent from consumers A less is more mentality for data collection and usage Breach Reporting Notification of Data Loss within 72 hours of awareness Both local authorities and consumer must be notified 5

ROLE OF DPO The GDPR Enforcement Regime European Data Protection Board Supervisory Authority (National Level) Data Protection Officer ( DPO ) Obligation to appoint Processing carried out by a public authority Conducts large scale of systematic monitoring Auditing on a regular basis Data Protection Officer (Company Level) 6 of Y

Data Focused View End-User Data Public Cloud Remote Offices Data Center GDPR Compliance Data Use/Consent Right of Access Right to Be Forgotten Cross-Border Transfers Cybersecurity Search / Access Data Deletion & Migration Audited Retention Choice of Cloud Locations Private Clouds Data Security Consulting Services 7

How Dell can help with their Data Protection Solutions? GDPR Focus Areas 1. Data Search / Indexing 2. Data Extraction Right of Access 3. Data Erasure Right to be forgotten 4. Data Minimization / Retention 5. Cross-border transfer limitations 8

Potential Solutions Search Enhancements Description Index content and backups develop searches to reasonably identify content specific to individuals making requests GDPR Focus Right of Access Right to be forgotten DPS Offerings DP Search SourceOne Mozy Isilon Search 1

Data Search DP Search Search capability for backup data Included as part of Data Protection Suite Process content from multiple input sources Avamar and NetWorker Servers in Data Protection Suite Support cross-server and cross-platform searches Supported actions on search hits Preview, Download, Restore 2

Data Search DP Search - Continued Narrow down search scope Unified Search Yield search results fast Visualize search results Google-like interface 3

Use Case Recover to File Share Alex unable to locate his files IT comes to rescue IT finds the file within minutes with Data Protection Search IT extracts the files and sends over to Alex 4

Data Archiving and Indexing Dell EMC SourceOne Information Governance Platform Archiving Email Management Archiving for governance and operational improvements Microsoft SharePoint Information governance readiness and storage management File Management Information governance readiness and storage management Discovery Manager ediscovery and legal hold tools for managed and archived content 5

Data Search and Extraction SourceOne Discovery Manager - Workflow Prepare Discovery Manager Create a Matter Search and Hold Content Review &Tag Content Assigned to Matter Export Content from Matter Application Admin User Admin Matter Owner Assigns matter managers Matter Manager Assigns/un-assigns investigators Provides information to investigators through matter properties Manages matter-specific tags Identity Admin TagAdmin Investigator Collect & Assign Investigator Review Investigator Export 6

Potential Solutions Managed Retention Description Establish and enforce retention of email and unstructured data on an organizational basis GDPR Focus Right of Access Right to be forgotten Data Minimization DPS Offerings SourceOne Data Domain 7

Data Minimization/Retention Dell EMC Data Domain Efficient Protect more data faster with industry leading speed and scale Reduce storage required by 10 30x Reliable End-to-end data verification, fault detection, and self healing Flexible Integrates with leading backup, archiving, and enterprise applications or directly with primary storage Deploy protection storage however you want it Cloud-enabled Natively tier deduped data to the cloud for modern long-term retention Deliver data protection as a service with logical data isolation 8

Potential Solutions Legacy Tape Remediation Description If legacy tapes are in scope index to enable search; then dispose or land data on accessible disk or local cloud for ongoing use GDPR Focus Right of Access Right to be forgotten Data Minimization DPS Offerings Tape remediation ECS Virtustream 9 of Y

Cross-Border Transfer Limitations Dell EMC Data Domain Cloud Tier Ultimate Flexibility and Control Elastic Cloud Storage 3 rd Party Clouds Long-term Retention 1

Potential Solutions Private and/or Local Clouds Description Cross-border (outside EU) transfers can be limited and potentially subject to ongoing changes in the law (eg. Privacy Shield) GDPR Focus Cross-border data transfers DPS Solutions Virtustream Mozy ECS (local private cloud) Data Domain (local infrastructure) 2

Elastic Cloud Storage A modern storage platform to bridge traditional and modern workloads. Lower TCO than public cloud Higher Storage Density SCALABLE Shared global storage that scales into Exabyte Globally distributed infrastructure INTELLIGENT Support for real-time data ingestion and analytics FLEXIBLE ECS Appliance Software only ECS Dedicated Cloud (ECS DC) ENTERPRISE-READY Enhanced enterprise capabilities (litigation hold support, Swift multi-part upload, etc.) #1 Scale-Out Object Market Leader COST EFFECTIVE 48% lower TCO than public cloud storage Lower TCO than tape 3

Potential Solutions Security of Data Description Controllers must implement an appropriate level of security for data that is being processed GDPR Focus Cybersecurity DPS Solutions Data Domain (Encryption) RSA & SecureWorks 4 of Y

Summary GDPR can not be resolved through technology alone You require a structured plan including A. Governance and preparation: Assess and audit information assets Privacy Document and identify location of personal data Gap analysis and remediation against GDPR by B. Implement processes for handling of personal data Design DPIA process Process of User consent / Data Extraction / Employees leaving organization Update procedures and policies C. Decide on use of technologies (search, extraction, deletion, retention, ) Once in place you can better understand how your existing or new technology should be applied to ensure current and future compliance with GDPR 5

Questions? 6

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback