GDPR regulations are little over a year away and there are still many questions to be answered for IT. think S3 working with leading technology vendors are answering these questions and leading the way to compliance of IT environments. If you have questions regarding GDPR or want to assess if you are ready for GDPR we can help.
2. www.thinkS3.co.ukS3 Consulting Ltd.
Establish a single, pan-European law to
replace the current inconsistent
patchwork of national laws.
Modernize the principles enshrined in the 1995 Data
Protection Directive
Goal
3. www.thinkS3.co.ukS3 Consulting Ltd.
Benefits of the new Regulation
Benefits for organisations
1. One EU market, one law
2. One-stop-shop – a single supervisory authority
3. Same rules for all organisations
Benefits for EU citizens
1. Better data security
2. Putting people in control
4. www.thinkS3.co.ukS3 Consulting Ltd.
Data security focus
3 key Articles pertaining to data security :
1. Security of processing (Article 30)
a. prevent any unauthorized access to personal data
b. prevent any unauthorized disclosure, reading, copying,
modification, erasure or removal of personal data
2. Notification of a personal data breach to the
supervisory authority (Article 31)
3. Communication of a personal data breach to the data
subject (Article 32)
5. www.thinkS3.co.ukS3 Consulting Ltd.
What you need to know
• Organisations must:
• implement appropriate security measures to protect personal
data
• have a clear data protection policy
• have a named Data Protection officer (except SMEs)
• Fines for unprotected data breaches will range up to €100
million or 5% of annual turnover.
• If you suffer a breach and can show that the personal data
can’t be accessed by unauthorized people (e.g. it was
encrypted):
• The likelihood of being fined should be very greatly reduced
• You won’t need to notify affected data subjects of the breach
6. www.thinkS3.co.ukS3 Consulting Ltd.
The legislative process
• 25 January 2012 – Draft legislation first presented by EU Commissioner
Vivian Reding
• January 2012 – October 2013 – Extensive discussion and amendment to
the proposed bill
• 12 March 2014 – European Parliament voted overwhelmingly in favour of
the legislation (95%)
• The Regulation still needs to go through further steps. However, it is widely
anticipated that it will be adopted by 2018
• EU‐US signs umbrella agreement on transatlantic data protection.
7. www.thinkS3.co.ukS3 Consulting Ltd.
Encryption is key
The Regulation will require organizations to:
1. Implement ‘appropriate security measures’ to protect personal data
Encryption is widely agreed to be the best data security measure available
2. Notify affected parties in the event of a personal data breach
If you can prove the data was encrypted you don’t need to notify the individuals
concerned
3. Pay fines in the event of a personal data breach
If the data was encrypted it’s highly likely that no fines will be imposed
9. www.thinkS3.co.ukS3 Consulting Ltd.
Lost or Stolen Device
Unencrypted Encrypted
• Accidental loss or Theft of a device is a
common occurrence.
• Only authorized user should access devices.
• How many devices have you lost?
10. www.thinkS3.co.ukS3 Consulting Ltd.
Copy Files to the Cloud
• Cloud Storage Services revolutionized the way
we share data between users and devices.
• What have you stored in the Cloud and what
happens if someone steals it?
• Encrypt the data before sending it to the Cloud.
11. www.thinkS3.co.ukS3 Consulting Ltd.
Copy Files to a Network Share
• Today’s Operating Systems make sharing data
on the Network very simple.
• Protect against Internal Threats.
• Who is allowed to access company/user
data?
12. www.thinkS3.co.ukS3 Consulting Ltd.
Copy Files to Removable Media
• These tiny devices can store large amounts of
data and are easily misplaced.
• Block or protect?
• Where is your first USB stick and what was
on it?
13. www.thinkS3.co.ukS3 Consulting Ltd.
Attach Files to E-Mail
• We all email & we all make mistakes (it
happens)
• What’s the consequence of sending the wrong
attachment to the wrong person?
• Encrypt file attachments or examine at
Gateway?
14. www.thinkS3.co.ukS3 Consulting Ltd.
Rock solid data protection strategy
It’s all about the data
1. How does data flow into
and out of your
organization?
2. How do end users use
the data?
3. Who has access to
company data?
15. www.thinkS3.co.ukS3 Consulting Ltd.
5 steps to stop data getting into the wrong hands
1. Keep patches up-to-date
Data-stealing malware often exploits known vulnerabilities.
2. Apply multi-layered entry-point protection
Secure against multiple vectors of attack with Web, Email and Malware protection at
the gateway.
3. Select Advanced Threat Protection
Choose a next-generation firewall that detects and blocks attacks directly on the
network.
4. Use Selective Sandboxing
Secure against slow-moving or delayed threats.
5. Limit dissemination of sensitive data
Deploy Application Control and Data Control
16. www.thinkS3.co.ukS3 Consulting Ltd.
How can think S3 help?
GDPR Readiness Assessment
Discover what steps you need to take before 18th May 2018 to be compliant with the new
regulations.
Cloud Readiness Assessment
Are you ready for the cloud? Do you have the relevant encryption and security policies in place?
Backup Health Checks
Not only will restoring your Backup help you recover data when required. It is a requirement to have
a working backup solution in place for all data under GDPR.
17. www.thinkS3.co.ukS3 Consulting Ltd.
Amendments from
European Parliament
21 November 2013
(623 pages)
Q&A on EU DP reform
European Parliament
22 October 2013
Project of Regulation
European Commission
25 January 2012
(118 pages)
Press pack from the
European Commission
22 October 2013
Handbook on
European
data protection laws
Council of Europe
December 2013
Sources
18. www.thinkS3.co.ukS3 Consulting Ltd.
What next?
Develop strategy confidence in your GDPR plan by making sure you have a partner with the
industry knowledge and technical know how. Avoid getting caught short and risking any
hefty fines!
Call think S3 on 0845 686 0530 or email info@thinks3.co.uk
www.thinks3.co.uk
@think_S3
What next?