Recommended
Recommended
More Related Content
What's hot
What's hot (20)
Similar to GDPR - are you ready?
Similar to GDPR - are you ready? (20)
Recently uploaded
Recently uploaded (20)
GDPR - are you ready?
- 1. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION1 ZSCALER CONFIDENTIAL INFORMATION GDPR – Are you ready? Key steps to getting it GDPR right Chris Hodson | Sr. Director, Office of the CISO | Zscaler Shaun Ghafouri | Associate General Counsel | Zscaler
- 2. ©2018 Zscaler, Inc. All rights reserved. | ZSCALER CONFIDENTIAL INFORMATION2 To ask a question • Type your questions into the chat box in the Webex panel or email us at communications@zscaler.com • We’ll try to get to all questions during the Q&A session. If we do not get to your question, we’ll make sure to follow up afterwards • At the end of the webcast – please let us know how we did! ©2018 Zscaler, Inc. All rights reserved. Ask your question here…
- 3. The latest research A majority of FTSE 350 and Fortune 500 companies are overestimating their capabilities when it comes to GDPR compliance. 92 per cent of European businesses are unprepared for GDPR. According to research from law firm Paul Hastings. Survey of 400 European businesses by RSM and the European Business Awards.
- 4. GDPR is Here! What now? Or Are you Compliant? In state of Readiness? • Your company is in constant state of change. • Your processes are in a constant state of change. What happens to your GDPR Team going forward? Legal | Marketing | Infosec | IT
- 5. What priorities should drive your readiness? Analysis of Data Retention Tracking key GDPR Readiness Priorities Technical Security Data Deletion Communicating to the Business Data Flows
- 6. What personal information should you be concerned with? Shoe Size Eye color IP Address “Any information relating to the identified or identifiable natural person” Hair Color DNA RNA Name Address Phone Weight Online Identifier Income Cultural Profile GPS/Localization Email Browser Cookies Race Religion Image Fingerprint Height Biometrics
- 7. Which Security Controls Should be in Place? Logging Access Control Data Mapping Authentication EncryptionAnti-Malware
- 8. What about Shadow IT? Are you able to track unsanctioned user activity? We don’t know what we don’t know Data ownership issues Data flows Data Protection Impact Assessment
- 9. CISO Challenges • Best of Breed Security • Privacy by Design • 72 Hour Reporting • Encryption Challenges “Only 20% of GDPR is within my purview!”
- 10. How Zscaler can Help SSL Interception at Scale Application Visibility: All Ports, All Protocols Payload data is not written to disk Logging data retained with European Union Pseudonymisation and obfuscation where required
- 11. ©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. Thank You! Questions and Next Steps 11 Chris Hodson Sr. Director, Office of CISO at Zscaler chodson@zscaler.com www.zscaler.com/gdpr Overcoming the Challenges of Architecting for the Cloud Slow Office 365 Deployment? Let Zscaler help you get in the fast lane! zscaler.com/webcasts Shaun Ghafouri Associate General Counsel at Zscaler sghafouri@zscaler.com Learn more about Zscaler and GDPR zscaler.com/webcasts Other On-Demand Webcasts
- 12. ©2017 Zscaler, Inc. All rights reserved. ZSCALER CONFIDENTIAL INFORMATION. June 25-27, 2018 The Cosmopolitan, Las Vegas Register at zenithlive.zscaler.com Join the conversation at community.zscaler.com
Editor's Notes
- We need to frame the discussion around the areas we want to discuss. A Royal Mail Data Services survey has found that three out of 10 UK companies are falling short of the data quality required for the EU’s General Data Protection Regulation Almost one-third of UK organisations lack the data quality enforcement processes required for the EU’s General Data Protection Regulation (GDPR), according to research from Royal Mail Data Services. FTSE350 and F500 over stating readiness: https://ibsintelligence.com/ibs-journal/fortune-ftse-companies-declare-readiness-gdpr-half-actually-anything/ Market research business Forrester has identified that 80% of firms affected by the GDPR will not be compliant with the Regulation when it comes into force on 25 May 2018. https://www.lexology.com/library/detail.aspx?g=353b4336-657f-4db7-a13d-ba06e3881bdb 92 per cent of European businesses are unprepared for GDPR. Survey of 400 European businesses by RSM and the European Business Awards. https://www.institutionalassetmanager.co.uk/2017/12/08/259129/92-cent-european-businesses-are-unprepared-gdpr
- Communicating to the organisation, we could expand this section. 1. educating internally on the GDPR and 2 ensuring consistent and effective communication between departments. How do you ensure a joined up approach across departments? Data protection from external sources. Website etc. Chris – clearly, there are lots of things to do – what should an organisation focus on? We’ve put on screen a number of data centric points which I’ll come onto in a moment but, for me, the most important thing is to work in understanding the business architecture of your company.
- What about shadow IT and Apps held outside the organisation which the org doesn’t know about? How will this impact Privacy by design How will this impact DPIAs
- Chris, you wrote regularly regarding the challenges for CISO – I see you’ve noted down a few in relation to GDPR. Article 17 – Right to Erasure – how to make sure data is securely and appropriately removed from systems – tough when systems are relational databases Article 33 – 72 hour reporting window. Could you talk use through them? Seed questions: You spoke about multiple data centres – how does that help us with GDPR requirements? What about my mobile and roaming users? Can I go anywhere to find further information about Zscaler and GDPR?