Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Gearing up for GDPR in the Cloud


Published on

With 2018 being just around the corner, in enterprise-speak, the challenges around compliance with the new EU General Data Protection Regulations must be resolved yesterday. Will two years be enough to get it all done? Do you know everything you need to put together a solid game plan? Have any lingering questions, perhaps specific to your unique situation, which a local law expert can help answer?

Published in: Technology
  • Be the first to comment

Gearing up for GDPR in the Cloud

  1. 1. Gearing Up for EU GDPR Compliance in the Cloud 1
  2. 2. Presenters 2 Jennifer Sand VP of Product Management, CloudLock Russell Miller Director of Product Marketing, CloudLock Andrew Dyson Partner, DLA Piper
  3. 3. Continuing Professional Education (CPE) Credits Claim your CPE credit for attending this webinar For more information or questions please contact us 3
  4. 4. Agenda 01 02 03 04 What is happening when What do you need to know? What do you need to do today? What do you need to do in the next 2 years? 4 05 Questions
  5. 5. EU GDPR Timeline 555
  6. 6. EU GDPR vs. Privacy Shield 666
  7. 7. 777 8 New Provisions 1 No ambiguity. One law across all 28 countries of the EU. 2 The law is global. 3 Increased fines. Up to 4% of global turnover or €20,000,000. 4 Breach notification. Mandatory within 72 hours. 5 New individual rights. 6 Liability extended to data processors as well as data controllers. 7 Information governance through the supply chain. 8 Privacy by design.
  8. 8. 888 Who This Applies To European offices Hold data on EU residents
  9. 9. Every Company Uses Cloud Services 999
  10. 10. 1010 What You Need to Know Where What How
  11. 11. 1111 What is Required Appropriate Security Measures Restrict Onward Transfers Access/Manipulate Data
  12. 12. Sensitive Data is Out There 12 ** CloudLock Cybersecurity Report: The Extended Parameter
  13. 13. A New Operating Paradigm 1313 Internal governance Transparency Customer controls Incident management Audit Data protection officer Disclosure of supply chain/transfer terms Minimise level of data processed Routine risk assessments/audits Formal breach management processes Internal training/ audit & review Internal register of processing Regulate who and how processed Manage Offshore data transfers Appropriate security measures EC Approved “Model Clauses” EC approved Country
  14. 14. 141414 Appropriate Security Measures in The Cloud Automatic Detection of Personal Data Automated Action Employee Involvement
  15. 15. Cloud Vendor Readiness Questions Add 151515 Dedicated Security Team? Systems subjected to penetration testing? Terms for ownership of data? Share most recent vulnerability scan results? Formal procedure for reporting a suspected security violation? Access security of data facilities? What is security policy?
  16. 16. 161616 What You Need to Do - Today Tomorrow’s Task: 5 MAY 1 Document where and who process data 2 Audit and Prioritize Cloud Vendors 3 Consider technology at hand
  17. 17. 171717
  18. 18. Do you comply? Come See Us At: 7-9 June Olympia, London Booth D202
  19. 19. Thank You Questions & Answers 781.996.4332 21