General Data. Protection Regulations MAY Martin Chapman Head of Ops & Sales Microminder. Presentation Micro Minder Ltd 2017

Similar documents
General Data Protection Regulation (GDPR) Key Facts & FAQ s

Data Protection Policy

GDPR Compliance. Clauses

The Role of the Data Protection Officer

COMPUTAMATRIX LIMITED T/A MATRICA Data Protection Policy September Table of Contents. 1. Scope, Purpose and Application to Employees 2

GDPR - Are you ready?

Do you handle EU residents personal data? The GDPR update is coming May 25, Are you ready?

Data Protection and GDPR

Cybersecurity Considerations for GDPR

Element Finance Solutions Ltd Data Protection Policy

PS Mailing Services Ltd Data Protection Policy May 2018

General Data Protection Regulation (GDPR) The impact of doing business in Asia

Privacy and Data Protection Policy

Guide to Cyber Security Compliance with GDPR

General Data Protection Regulation (GDPR)

NEW DATA REGULATIONS: IS YOUR BUSINESS COMPLIANT?

Adkin s Privacy Information Notice for Clients, Contractors, Suppliers and Business Contacts

This Policy has been prepared with due regard to the General Data Protection Regulation (EU Regulation 2016/679) ( GDPR ).

Islam21c.com Data Protection and Privacy Policy

GDPR How to Comply in an HPE NonStop Environment. Steve Tcherchian GTUG Mai 2018

Introductory guide to data sharing. lewissilkin.com

Creative Funding Solutions Limited Data Protection Policy

SHELTERMANAGER LTD CUSTOMER DATA PROCESSING AGREEMENT

Eight Minute Expert GDPR. Login. Password

GDPR: A QUICK OVERVIEW

Wonde may collect personal information directly from You when You:

Data Protection Policy

DATA PROTECTION BY DESIGN

How the GDPR will impact your software delivery processes

General Data Protection Regulation: Knowing your data. Title. Prepared by: Paul Barks, Managing Consultant

EU General Data Protection Regulation (GDPR) Achieving compliance

ACCOUNTING TECHNICIANS IRELAND DATA PROTECTION POLICY GENERAL DATA PROTECTION REGULATION

GDPR: A technical perspective from Arkivum

PRIVACY POLICY. What personal data we collect and why we collect it IN ORDER TO: (Date of last update: 1 st January 2019)

CEM Benchmarking Privacy Policy

Changing times in Swiss Data Privacy: new opportunities? Microsoft Security Day 27 April 2017 Clara-Ann Gordon

DEPARTMENT OF JUSTICE AND EQUALITY. Data Protection Policy

Little Blue Studio. Data Protection and Security Policy. Updated May 2018

A practical guide to IT security

A Homeopath Registered Homeopath

Getting ready for GDPR. Philipp Hobler EMEA Field CTO Global Technology Office Dell EMC Data Protection Solutions

This Privacy Policy applies if you're a customer, employee or use any of our services, visit our website, , call or write to us.

Data protection. 3 April 2018

CITY SECURITY MAGAZINE

First aid toolkit for the management of data breaches. Mary Deligianni Senior Associate 15 February 2018

Michael Robinson Associates Limited is committed to protecting your personal information. This policy

Robert Bond. Respecting Privacy, Securing Data and Enabling Trust a view from Europe

BELLISSIMA BEAUTY SALON PRIVACY NOTICE

Cybersecurity and Nonprofit

Contract Services Europe

Eco Web Hosting Security and Data Processing Agreement

Data Protection Privacy Notice

What kind of information do you collect, when and how?

Site Builder Privacy and Data Protection Policy

IMPACT OF INTERNATIONAL PRIVACY REGULATIONS. Michelle Caswell, Coalfire Julia Jacobson, K&L Gates

BHBIA New Data Protection Rules. Pharma Company Perspective. Guy Murray Director, Market Research & Analytics, GC&BI MR Operations and Compliance, MSD

RVC DATA PROTECTION POLICY

General Data Protection Regulation (GDPR)

This guide is for informational purposes only. Please do not treat it as a substitute of a professional legal

Eight Minute Expert GDPR

Data Protection Policy

Privacy Policy. Effective date: 21 May 2018

Aon Service Corporation Law Global Privacy Office. Aon Client Data Privacy Summary

Index Introduction... 3

Data Protection Policy

Wesley House data protection statement and privacy notice (short-course delegates)

Data Sharing Agreement. Between Integral Occupational Health Ltd and the Customer

THE NEW GENERAL DATA PROTECTION REGULATION IMPLICATIONS FOR ENTERPRISES. Forum financier du Brabant wallon

Privacy Notice For Ghana International Bank Plc customers

Access Rights and Responsibilities. A guide for Individuals and Organisations

You will see lots of references in the Checklist to the GDPR Pack if you would like to purchase this, go to

AIRMIC ENTERPRISE RISK MANAGEMENT FORUM

2. The Information we collect and how we use it: Individuals and Organisations: We collect and process personal data from individuals and organisation

DLB Privacy Policy. Why we require your information

Frequently Asked Questions

DATA PROTECTION POLICY THE HOLST GROUP

INNOVENT LEASING LIMITED. Privacy Notice

CHASE GRAMMAR SCHOOL PRIVACY STATEMENT General Data Protection Regulations (GDPR)

These pieces of information are used to improve services for you through, for example:

Getting ready for GDPR

About Us. Privacy Policy v1.3 Released 11/08/2017

The General Data Protection Regulation

Accelerate GDPR compliance with the Microsoft Cloud

EU GDPR and . The complete text of the EU GDPR can be found at What is GDPR?

DATA PROTECTION POLICY

Cognizant Careers Portal Privacy Policy ( Policy )

"PPS" is Private Practice Software as developed and produced by Rushcliff Ltd.

Care Recruitment Matters Limited Privacy Notice

PRIVACY POLICY OF THE WEB SITE

General Data Protection Regulation (GDPR) Policy

The GDPR Are you ready?

Privacy Statement. Your privacy and trust are important to us and this Privacy Statement ( Statement ) provides important information

GENERAL DATA PROTECTION REGULATION (GDPR)

WHITE PAPER. Meeting GDPR Challenges with Delphix. KuppingerCole Report

Within the meanings of applicable data protection law (in particular EU Regulation 2016/679, the GDPR ):

Requirements for a Managed System

Our Data Privacy Statement Scope Responsibilities

Enviro Technology Services Ltd Data Protection Policy

CURTIS BANKS LIMITED. Privacy Information Notice. curtisbanks.co.uk

Data Warehouse Risk Assessment (GDPR)

Transcription:

General Data Please note: - This legislation is untested and open to interpretation. - I am not a Privacy or Data Protection Solicitor. - Should you have any concerns or queries please seek legal advice from a qualified person. Protection Regulations MAY 2018 Presentation Micro Minder Ltd 2017 Martin Chapman Head of Ops & Sales Microminder

Aim: To deliver an insight into Cyber Crime and GDPR Objectives: - To highlight the scale, methods and impact of Cyber Crime - To offer an introduction to GDPR - To educate attendees on key changes of DP Key Points: - The role of Cyber Crime in GDPR - How will GDPR affect me? - Data Controllers & Processors - What is a DPO? Role & Responsibilities - Exemptions. Do they apply? - GDPR a paradigm shift - Penalties & Sanctions - Where do I start?

Cyber threats Open email from attacker Will open attachment/link Within 4 minutes 286 days Detect intrusion 80 days Contain damage - some important facts to get started 63% of your team Weak, default or stolen passwords 58% of your team Accidently share sensitive information 80% of your team Non-approved SaaS usage: Shadow IT Data leakage: User mistakes 90% 53 seconds a laptop is stolen 55,000 Estimated devices compromised by Ransomware every MONTH in 2016! 5x increase from 2015 with 4x increase against Android devices. $1 Billion Average earning of a hacker from Ransomware (FBI statistics) Wannacry 152 countries $4B PAID Disruptive Individual(s) - Pranksters Disruptive Groups - Hacktivists Serious & Organised Crime Syndicates Nation State Attackers

Intro to GDPR WHAT: - The biggest change to Data Protection legislation since DPA 98 - EU-wide legislation (irrespective of Brexit), worldwide jurisdiction WHY: - Absolute focus on Data Subject Rights - Recognises huge advances in threat, risk and value of data - Places greater obligation on people who want your data - Allows for current technology (e.g. Biometrics, AI, ML) Don t underestimate the implications of GDPR

Who s Who within GDPR DATA CONTROLLER: A legal individual, public authority, agency or other body which, alone or jointly with others, determines the purposes and methods of processing personal Data. YOU ARE ALMOST CERTAINLY BOTH! DATA PROCESSOR: A legal individual, public authority, agency or body which processes personal Data on behalf of the controller. DATA PROTECTION OFFICER: An expert on data privacy who works independently to ensure an organisation is adhering to the policies and procedures in the GDPR. DATA SUBJECT: A natural person who can be identified by the data stored whose personal data is processed by a controller or processor. INFORMATION COMMISSIONER S OFFICE (ICO): The UK s DP Authority which enforces the protection of data and privacy and monitors and enforces GDPR within the EU.

What s What within GDPR PROCESSING: Any operation performed on personal data, including collection, use, recording, migrating, etc. PERSONAL DATA: Any information related to an identified or identifiable data subject that can be used to directly or indirectly identify the person (inc. images, video, voice, numbers ) PERSONAL DATA BREACH: A breach of security leading to the destruction, loss, alteration, unauthorised disclosure of or access to, personal data. CONSENT: Informed, unambiguous, freely given, specific, and explicit consent by statement or Action from the data subject to have data relating to them processed. PRIVACY IMPACT ASSESSMENT (PIA): Tool used to identify/reduce privacy risks of a project. A PIA helps identify/reduce potential risk to data and bring about better processes for handling data.

Rights & Requirements within GDPR EXEMPTION: MYTH v REALITY..NONE OF YOU ARE EXEMPT FROM ANY PARTS OF GDPR.!!!! Some organisations <250 employees are exempt BUT SPECIAL CATEGORY DATA IS NOT HEALTH! BREACH NOTIFICATIONS: Statutory requirement to report data breaches to ICO within 72 hrs of becoming aware of it. Where client data is at serious risk, individuals concerned MUST be notified. RIGHT TO PORTABILITY: Entitles individuals to obtain their data to move elsewhere. Organisations OBLIGED to comply and provide in a commonly used and readable format. RIGHT TO ERASURE: AKA Right To Be Forgotten. Removal/Deletion of all personal data. This may include Back-Ups, Archives and information shared with 3 rd parties (obvious example, lab/referral) RIGHT TO ACCESS: AKA Subject Access Right. No 10 fee. 30 day response unless certain circumstances prevail. ALL DATA consider CCTV, Phone Recordings, Temp & Cache Storage.

Microsoft - taking GDPR seriously Important even if you ve only just heard of Europe

Microsoft - taking GDPR seriously

GDPR - Deep Dive 1 Discover Identify what personal data you have and where it resides 2 Manage Govern how personal data is used and accessed 3 Protect Establish security controls to prevent, detect and respond to vulnerabilities & data breaches 4 Report Keep required documentation, manage data Requests and breach notifications

GDPR - Phase 1 Discover Identify what personal data you have and where it resides What: What Data do you have? Why: Did you OBTAIN it? Do you RETAIN it? How: OBTAIN, STORE, PROTECT, ACCESS, PROCESS, DISPOSE it? (Workflows) Where: Do you STORE the Data? Who: Might you DISCLOSE it to (if any)? May have ACCESS (legitimately)? When: Would you OBTAIN, DISCLOSE, DISPOSE of Data? Review

GDPR - Phase 2 Manage Govern how personal data is used and accessed Gather Retain Process Disclose Dispose Why? What? How? Where? Who? When? Desire X Need Obligation Must Be: Reasonable Genuine Justifiable Review DATA MINIMISATION

GDPR - Phase 3 Protect Establish security controls to prevent, detect and respond to vulnerabilities & data breaches Physical HW Position; HW Movement; Premises; Mobile; Printing Digital Human Training Indemnity AV; DR; WBC; SM; Email; Encryption; Automation PW Policies; DP ID; Staff Turnover Policy; Int/Ext Comms Data Protection; Threat Awareness; Breach Recognition Adult, Child, Employee Consent; Insurance Review

GDPR - Phase 4 Report Keep required documentation, manage data Requests and breach notifications Assessments Policies Record Keeping Registers Sanctions Gap Analyses; Vendor; Team; Processes; DPIA in due course Privacy (x2); Breach; Access/Change; Retention/Destruction; Rights (Erasure, Correction, Portability etc); General GDPR Policies; Workflows; Training Logs; Review Logs Consent; Access; RTBF; Workflows; Vendors, Training Upto 17 million; 4% of Global Revenue; Stop Orders Review

General Data Protection Regulations 219 DAYS TO GO https://ico.org.uk/ martin.chapman@microminder.com 020 8799 6883 www.microminder.com/gdpr

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback