SlideShare a Scribd company logo
GENERAL DATA PROTECTION REGULATION
A developer’s story
DISCLAIMER
This is not “legal advice” and all points made should be checked
with your company’s legal department or consult a legal advisor
for your specific situation!
GDPR
What is it?
GENERAL DATA PROTECTION REGULATION (GDPR)
➤ More strict modification of already existing advisories (not rules) of best practices
towards protecting privacy data in EU
➤ Become law in all 28 EU countries on May 25, 2018
➤ Impact all businesses that collect and process privacy related data of EU data
subjects (even outside of EU)
“GDPR is a risk based approach
-Cindy E. Compert - IBM Security
WHAT GDPR WANTS TO PROTECT
Religion & Beliefs
Physical Appearance
Cultural Background
Sexual Orientation
Social Status
Financial Strength Mental State
Medical Conditions
Studies & Education
Memberships
Loyalty Programs
Identity & Nationality
WHAT IS CONSIDERED “PRIVATE DATA”?
➤ Name, email address, home address, phone number
➤ Social security number, national identity number, passport number
➤ Medical data, social status, religion, political views, sexual orientation, nationality,
financial balance
➤ Concert tickets, travel arrangements, library cards, loyalty programs
➤ IP addresses with timestamps
➤ and much more…
PII
Personal Identifiable Information
Information that can identify a single individual
RULE OF THUMB
Any piece of information that can point to a single individual
within the EU
WHY CARE ABOUT
GDPR?
Why do I need to invest so much in
being ready?
PROTECT & SERVE
➤ Protect data of EU data subjects
➤ Secure the way you store data
➤ Audit access to data
➤ Know what data is kept in the company
FINES & PENALTIES
➤ up to 10 million Euro or 2% of annual
global turnover
➤ up to 20 million Euro or 4% of annual
global turnover for more severe
infringements
IMPROVING KNOWLEDGE
on the private data collected and processed by your company and
who had access to it.
SERVICE BINGO
IMPROVE SECURITY
GDPR is a risk based approach to protect privacy data. All
measures to ensure this protection will improve your overal
security.
GDPR
COMPLIANCE
The nitty-gritty
ASSESS
ASSESS AND PREPARE
➤ Assess all data across
➤ Clients
➤ Employees
➤ Suppliers
➤ Contacts
➤ Develop a GDPR readiness roadmap
➤ Identify personal data
LOOK OUT FOR KEY IDENTIFIERS
➤ When privacy data contains keys
➤ email address
➤ social security number
➤ national identity number
➤ …
DESIGN
DESIGN
➤ Governance (how are you going to protect the data?)
➤ Training (how are employees handling the data?)
➤ Communication (how is data communicated?)
➤ Processes (how is data processed?)
STANDARDS AND PROCEDURES
➤ Create a company wide standards to handle data
➤ Create procedures for
➤ Collecting data
➤ Processing data
➤ Exchanging data
TRANSFORM
AUTOMATION IS KEY
➤ Develop and implement
➤ Procedures
➤ Processes
➤ Tools
➤ Deliver GDPR training
➤ Adhere to
➤ Privacy by design
➤ Security by design
DATA MANAGEMENT POLICIES
➤ Data must be protected
➤ Collect the minimum amount of data
➤ Store the data safely (with encryption) and securely
➤ Anonymise the data before processing
➤ Ensure these policies are enforced
OPERATE
IN OPERATION
➤ Execute automated business processes
➤ Monitor security and privacy
➤ Manage data access and consent rights
RIGHT FOR DATA INSIGHT AND “BE FORGOTTEN”
➤ Data subjects
➤ Can request insight in data collected
➤ Can request to be forgotten
CONFORM
MAKE SURE YOU CONFORM TO YOUR POLICIES
➤ Assess that your procedures are implemented
➤ Monitor data access
➤ Report on data activity
➤ Audit on a regular basis the security of your data
➤ Evaluate continuously adherence to GDPR standards
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
PATH TO GDPR COMPLIANCY
ASSESS TRANSFORMDESIGN OPERATE CONFORM
SOME EXAMPLES
Some technical tips
PASSWORD MANAGEMENT
➤ Don’t store data access passwords in common repository
➤ Don’t keep passwords in environment variables*
➤ Make use of an Identity Management System to manage
➤ SSH keys
➤ API keys
➤ DSN’s
➤ Public keys
(*) Why not use environment variables: diogomonica.com
USE A TEAM PASSWORD
MANAGER
ENFORCE 2FA FOR EVERYONE!
AUDIT TRAILS WITH MIDDLEWARE
➤ Log access to data
➤ Automate anonymising of privacy data
➤ Automate encryption of privacy data
What’s wrong with this picture?
Why display full name details?
Why display email addresses?
Why display phone numbers?
REDUCE ACCESS TO DETAILS
If a user has other ways to communicate with your clients,
remove the visible display of common data elements like full
names, email and shipment addresses and phone numbers.
Do you see the difference?
Not full name display
Integrated communication functionality
SAME FUNCTIONALITY, BUT KEEPS DATA HIDDEN
➤ Prevents accidentally exposing email and phone numbers (e.g. during a call)
➤ Hides details from end-user, but functionality is still provided
➤ Sending out an email uses build-in mail client
➤ Making calls uses a phone middleware used in the company
➤ Gives clear audit trail on who accessed what
NOT 100% PROTECTION, BUT…
➤ We remove the personal one-on-one communication with customers
➤ We add better access management on customer communication
➤ Full audit trail now possible as communication stays in-application
➤ Less chance for data loss as contact details are kept away from users
…AND DON’T FORGET TO ENCRYPT YOUR STORAGE & COMMUNICATIONS!
App
Data Storage
File Storage
Log Storage
Backup Storage
Public - private key exchange| encrypted data storage
EMAIL MARKETING
CONTACT DATA
Opt-in , always
NOT OPT-IN
/dev/null is the place to be
LIMIT EXPIRATION
Don’t keep longer than needed
AUTOMATE IT!
NEXT STEPS
Get started now to be ready
GET STARTED NOW
DON’T START BLINDLY
KNOW WHAT TO PROTECT!
EVALUATE REGULARLY
GOAL: PROTECT PRIVACY
SOME RESOURCES
➤ European Commission: Protection of personal data
➤ EU GDPR Infograph
➤ Charting the Course to GDPR: Setting Sail
➤ Deloitte GDPR Series
➤ InfoSecurity Group GDPR Checklist
➤ Securing MongoDB
➤ Table and tablespace encryption on MariaDB 10.1
THE CLOCK IS TICKING…
Please leave feedback on joind.in to improve this talk
and grab the slides on your way out.
in it2PROFESSIONAL PHP SERVICES
Michelangelo van Dam
Zend Certified Engineer
contact@in2it.be - www.in2it.be - T in2itvof - F in2itvof
Microsoft Azure
Zend Framework
Consulting
Quality Assurance &
Disaster Recovery
JOIN THE DISCUSSION
https://in2.se/gdpr-updates
General Data Protection Regulation, a developer's story

More Related Content

What's hot

Combatting Insider Threats Presentation
Combatting Insider Threats PresentationCombatting Insider Threats Presentation
Combatting Insider Threats Presentation
Sara Thomason
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
Michael Scheidell
 
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
Elinar
 
BITGLASS - DATA BREACH DISCOVERY DATASHEET
BITGLASS - DATA BREACH DISCOVERY DATASHEETBITGLASS - DATA BREACH DISCOVERY DATASHEET
BITGLASS - DATA BREACH DISCOVERY DATASHEET
Edgar Alejandro Villegas
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
Aptera Inc
 
Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock   modern approach of it security & amp; encryption solution -whitep...Drivelock   modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...
Arbp Worldwide
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
S.M. Towhidul Islam
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
 
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
Seclore
 
CASBs - A New Hope
CASBs - A New HopeCASBs - A New Hope
CASBs - A New Hope
Bitglass
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
Boyd Neil
 
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
A Data Privacy & Security Year in Review: Top 10 Trends and PredictionsA Data Privacy & Security Year in Review: Top 10 Trends and Predictions
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
Delphix
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
CipherCloud
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
 
4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security
Bitglass
 
GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To Know
Bomgar
 

What's hot (20)

Combatting Insider Threats Presentation
Combatting Insider Threats PresentationCombatting Insider Threats Presentation
Combatting Insider Threats Presentation
 
GDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT SymposiumGDPR, Data Privacy and Cybersecurity - MIT Symposium
GDPR, Data Privacy and Cybersecurity - MIT Symposium
 
Not IF, but WHEN
Not IF, but WHENNot IF, but WHEN
Not IF, but WHEN
 
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
 
BITGLASS - DATA BREACH DISCOVERY DATASHEET
BITGLASS - DATA BREACH DISCOVERY DATASHEETBITGLASS - DATA BREACH DISCOVERY DATASHEET
BITGLASS - DATA BREACH DISCOVERY DATASHEET
 
Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365Learning about Security and Compliance in Office 365
Learning about Security and Compliance in Office 365
 
Drivelock modern approach of it security & amp; encryption solution -whitep...
Drivelock   modern approach of it security & amp; encryption solution -whitep...Drivelock   modern approach of it security & amp; encryption solution -whitep...
Drivelock modern approach of it security & amp; encryption solution -whitep...
 
Sensitive data
Sensitive dataSensitive data
Sensitive data
 
Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)Opening Keynote (Identity Live Berlin 2018)
Opening Keynote (Identity Live Berlin 2018)
 
Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016Cyber Security 4.0 conference 30 November 2016
Cyber Security 4.0 conference 30 November 2016
 
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
 
CASBs - A New Hope
CASBs - A New HopeCASBs - A New Hope
CASBs - A New Hope
 
Seattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and PrivacySeattle Tech4Good meetup: Data Security and Privacy
Seattle Tech4Good meetup: Data Security and Privacy
 
Managing Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social WebManaging Data Breach Communication on The Social Web
Managing Data Breach Communication on The Social Web
 
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
A Data Privacy & Security Year in Review: Top 10 Trends and PredictionsA Data Privacy & Security Year in Review: Top 10 Trends and Predictions
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
 
Understanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: WebinarUnderstanding Global Data Protection Laws: Webinar
Understanding Global Data Protection Laws: Webinar
 
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at ScaleDigital Identities in the Internet of Things - Securely Manage Devices at Scale
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
 
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use casesISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
 
4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security4 Essential Components of Office 365 Security
4 Essential Components of Office 365 Security
 
GDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To KnowGDPR and Remote Access Security: What You Need To Know
GDPR and Remote Access Security: What You Need To Know
 

Similar to General Data Protection Regulation, a developer's story

Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
Jason Chapman
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
HackerOne
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
XeniT Solutions nv
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
 
DLP
DLPDLP
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
Carlos Roberto Paula Soares
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During Downsizing
Constantine Karbaliotis
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
Capgemini
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
Jürgen Ambrosi
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Richard Veryard
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
FLUZO
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Perficient, Inc.
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
 

Similar to General Data Protection Regulation, a developer's story (20)

Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)Data compliance - get it right the first time (Full color PDF)
Data compliance - get it right the first time (Full color PDF)
 
Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)Data compliance - get it right the first time (Black/White printable PDF)
Data compliance - get it right the first time (Black/White printable PDF)
 
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPABoards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
 
CBC GDPR The Physics
CBC GDPR The PhysicsCBC GDPR The Physics
CBC GDPR The Physics
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
How to implement gdpr in your document repository
How to implement gdpr in your document repository How to implement gdpr in your document repository
How to implement gdpr in your document repository
 
Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10) Implementing and Auditing GDPR Series (3 of 10)
Implementing and Auditing GDPR Series (3 of 10)
 
General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6 General Data Protection Regulation Webinar 6
General Data Protection Regulation Webinar 6
 
Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...Privacy by Design and by Default + General Data Protection Regulation with Si...
Privacy by Design and by Default + General Data Protection Regulation with Si...
 
DLP
DLPDLP
DLP
 
CDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdfCDP_Engagement_Team_Training_BRADESCO.pdf
CDP_Engagement_Team_Training_BRADESCO.pdf
 
Data Loss During Downsizing
Data Loss During DownsizingData Loss During Downsizing
Data Loss During Downsizing
 
Data- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offerData- and database security & GDPR: end-to-end offer
Data- and database security & GDPR: end-to-end offer
 
Le soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPRLe soluzioni tecnologiche a supporto della normativa GDPR
Le soluzioni tecnologiche a supporto della normativa GDPR
 
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPRDigital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
 
A Global Marketer's Guide to Privacy
A Global Marketer's Guide to PrivacyA Global Marketer's Guide to Privacy
A Global Marketer's Guide to Privacy
 
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers GDPR solutions (JS Event 28/2/18) | Greenlight Computers
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital AgeManaging Privacy Risk and Promoting Ethical Culture in the Digital Age
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
 
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in ComplianceThe GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
 

More from Michelangelo van Dam

GDPR Art. 25 - Privacy by design and default
GDPR Art. 25 - Privacy by design and defaultGDPR Art. 25 - Privacy by design and default
GDPR Art. 25 - Privacy by design and default
Michelangelo van Dam
 
Moving from app services to azure functions
Moving from app services to azure functionsMoving from app services to azure functions
Moving from app services to azure functions
Michelangelo van Dam
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
Michelangelo van Dam
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
Michelangelo van Dam
 
Continuous deployment 2.0
Continuous deployment 2.0Continuous deployment 2.0
Continuous deployment 2.0
Michelangelo van Dam
 
Let your tests drive your code
Let your tests drive your codeLet your tests drive your code
Let your tests drive your code
Michelangelo van Dam
 
Leveraging a distributed architecture to your advantage
Leveraging a distributed architecture to your advantageLeveraging a distributed architecture to your advantage
Leveraging a distributed architecture to your advantage
Michelangelo van Dam
 
The road to php 7.1
The road to php 7.1The road to php 7.1
The road to php 7.1
Michelangelo van Dam
 
Open source for a successful business
Open source for a successful businessOpen source for a successful business
Open source for a successful business
Michelangelo van Dam
 
Decouple your framework now, thank me later
Decouple your framework now, thank me laterDecouple your framework now, thank me later
Decouple your framework now, thank me later
Michelangelo van Dam
 
Deploy to azure in less then 15 minutes
Deploy to azure in less then 15 minutesDeploy to azure in less then 15 minutes
Deploy to azure in less then 15 minutes
Michelangelo van Dam
 
Azure and OSS, a match made in heaven
Azure and OSS, a match made in heavenAzure and OSS, a match made in heaven
Azure and OSS, a match made in heaven
Michelangelo van Dam
 
Getting hands dirty with php7
Getting hands dirty with php7Getting hands dirty with php7
Getting hands dirty with php7
Michelangelo van Dam
 
Zf2 how arrays will save your project
Zf2   how arrays will save your projectZf2   how arrays will save your project
Zf2 how arrays will save your project
Michelangelo van Dam
 
Create, test, secure, repeat
Create, test, secure, repeatCreate, test, secure, repeat
Create, test, secure, repeat
Michelangelo van Dam
 
The Continuous PHP Pipeline
The Continuous PHP PipelineThe Continuous PHP Pipeline
The Continuous PHP Pipeline
Michelangelo van Dam
 
PHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the testsPHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the tests
Michelangelo van Dam
 
Easily extend your existing php app with an api
Easily extend your existing php app with an apiEasily extend your existing php app with an api
Easily extend your existing php app with an api
Michelangelo van Dam
 
Your code are my tests
Your code are my testsYour code are my tests
Your code are my tests
Michelangelo van Dam
 
200K+ reasons security is a must
200K+ reasons security is a must200K+ reasons security is a must
200K+ reasons security is a must
Michelangelo van Dam
 

More from Michelangelo van Dam (20)

GDPR Art. 25 - Privacy by design and default
GDPR Art. 25 - Privacy by design and defaultGDPR Art. 25 - Privacy by design and default
GDPR Art. 25 - Privacy by design and default
 
Moving from app services to azure functions
Moving from app services to azure functionsMoving from app services to azure functions
Moving from app services to azure functions
 
Privacy by design
Privacy by designPrivacy by design
Privacy by design
 
DevOps or DevSecOps
DevOps or DevSecOpsDevOps or DevSecOps
DevOps or DevSecOps
 
Continuous deployment 2.0
Continuous deployment 2.0Continuous deployment 2.0
Continuous deployment 2.0
 
Let your tests drive your code
Let your tests drive your codeLet your tests drive your code
Let your tests drive your code
 
Leveraging a distributed architecture to your advantage
Leveraging a distributed architecture to your advantageLeveraging a distributed architecture to your advantage
Leveraging a distributed architecture to your advantage
 
The road to php 7.1
The road to php 7.1The road to php 7.1
The road to php 7.1
 
Open source for a successful business
Open source for a successful businessOpen source for a successful business
Open source for a successful business
 
Decouple your framework now, thank me later
Decouple your framework now, thank me laterDecouple your framework now, thank me later
Decouple your framework now, thank me later
 
Deploy to azure in less then 15 minutes
Deploy to azure in less then 15 minutesDeploy to azure in less then 15 minutes
Deploy to azure in less then 15 minutes
 
Azure and OSS, a match made in heaven
Azure and OSS, a match made in heavenAzure and OSS, a match made in heaven
Azure and OSS, a match made in heaven
 
Getting hands dirty with php7
Getting hands dirty with php7Getting hands dirty with php7
Getting hands dirty with php7
 
Zf2 how arrays will save your project
Zf2   how arrays will save your projectZf2   how arrays will save your project
Zf2 how arrays will save your project
 
Create, test, secure, repeat
Create, test, secure, repeatCreate, test, secure, repeat
Create, test, secure, repeat
 
The Continuous PHP Pipeline
The Continuous PHP PipelineThe Continuous PHP Pipeline
The Continuous PHP Pipeline
 
PHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the testsPHPUnit Episode iv.iii: Return of the tests
PHPUnit Episode iv.iii: Return of the tests
 
Easily extend your existing php app with an api
Easily extend your existing php app with an apiEasily extend your existing php app with an api
Easily extend your existing php app with an api
 
Your code are my tests
Your code are my testsYour code are my tests
Your code are my tests
 
200K+ reasons security is a must
200K+ reasons security is a must200K+ reasons security is a must
200K+ reasons security is a must
 

Recently uploaded

AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
Paris Salesforce Developer Group
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
aryanpankaj78
 
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENTNATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
Addu25809
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
Atif Razi
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
21UME003TUSHARDEB
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
AlvianRamadhani5
 
5g-5G SA reg. -standalone-access-registration.pdf
5g-5G SA reg. -standalone-access-registration.pdf5g-5G SA reg. -standalone-access-registration.pdf
5g-5G SA reg. -standalone-access-registration.pdf
devtomar25
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
ijseajournal
 
Generative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdfGenerative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdf
mahaffeycheryld
 
Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...
Prakhyath Rai
 
Introduction to verilog basic modeling .ppt
Introduction to verilog basic modeling   .pptIntroduction to verilog basic modeling   .ppt
Introduction to verilog basic modeling .ppt
AmitKumar730022
 
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
upoux
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
PreethaV16
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
Roger Rozario
 
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
nedcocy
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
harshapolam10
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
ecqow
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
bjmsejournal
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
ElakkiaU
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
VANDANAMOHANGOUDA
 

Recently uploaded (20)

AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
AI + Data Community Tour - Build the Next Generation of Apps with the Einstei...
 
Digital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptxDigital Twins Computer Networking Paper Presentation.pptx
Digital Twins Computer Networking Paper Presentation.pptx
 
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENTNATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
NATURAL DEEP EUTECTIC SOLVENTS AS ANTI-FREEZING AGENT
 
Applications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdfApplications of artificial Intelligence in Mechanical Engineering.pdf
Applications of artificial Intelligence in Mechanical Engineering.pdf
 
Mechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdfMechanical Engineering on AAI Summer Training Report-003.pdf
Mechanical Engineering on AAI Summer Training Report-003.pdf
 
5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf5G Radio Network Througput Problem Analysis HCIA.pdf
5G Radio Network Througput Problem Analysis HCIA.pdf
 
5g-5G SA reg. -standalone-access-registration.pdf
5g-5G SA reg. -standalone-access-registration.pdf5g-5G SA reg. -standalone-access-registration.pdf
5g-5G SA reg. -standalone-access-registration.pdf
 
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...Call For Paper -3rd International Conference on Artificial Intelligence Advan...
Call For Paper -3rd International Conference on Artificial Intelligence Advan...
 
Generative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdfGenerative AI Use cases applications solutions and implementation.pdf
Generative AI Use cases applications solutions and implementation.pdf
 
Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...Software Engineering and Project Management - Software Testing + Agile Method...
Software Engineering and Project Management - Software Testing + Agile Method...
 
Introduction to verilog basic modeling .ppt
Introduction to verilog basic modeling   .pptIntroduction to verilog basic modeling   .ppt
Introduction to verilog basic modeling .ppt
 
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
一比一原版(osu毕业证书)美国俄勒冈州立大学毕业证如何办理
 
Object Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOADObject Oriented Analysis and Design - OOAD
Object Oriented Analysis and Design - OOAD
 
Transformers design and coooling methods
Transformers design and coooling methodsTransformers design and coooling methods
Transformers design and coooling methods
 
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
一比一原版(爱大毕业证书)爱荷华大学毕业证如何办理
 
SCALING OF MOS CIRCUITS m .pptx
SCALING OF MOS CIRCUITS m                 .pptxSCALING OF MOS CIRCUITS m                 .pptx
SCALING OF MOS CIRCUITS m .pptx
 
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
一比一原版(CalArts毕业证)加利福尼亚艺术学院毕业证如何办理
 
Design and optimization of ion propulsion drone
Design and optimization of ion propulsion droneDesign and optimization of ion propulsion drone
Design and optimization of ion propulsion drone
 
An Introduction to the Compiler Designss
An Introduction to the Compiler DesignssAn Introduction to the Compiler Designss
An Introduction to the Compiler Designss
 
ITSM Integration with MuleSoft.pptx
ITSM  Integration with MuleSoft.pptxITSM  Integration with MuleSoft.pptx
ITSM Integration with MuleSoft.pptx
 

General Data Protection Regulation, a developer's story

  • 1. GENERAL DATA PROTECTION REGULATION A developer’s story
  • 2.
  • 3. DISCLAIMER This is not “legal advice” and all points made should be checked with your company’s legal department or consult a legal advisor for your specific situation!
  • 5. GENERAL DATA PROTECTION REGULATION (GDPR) ➤ More strict modification of already existing advisories (not rules) of best practices towards protecting privacy data in EU ➤ Become law in all 28 EU countries on May 25, 2018 ➤ Impact all businesses that collect and process privacy related data of EU data subjects (even outside of EU)
  • 6. “GDPR is a risk based approach -Cindy E. Compert - IBM Security
  • 7.
  • 8. WHAT GDPR WANTS TO PROTECT Religion & Beliefs Physical Appearance Cultural Background Sexual Orientation Social Status Financial Strength Mental State Medical Conditions Studies & Education Memberships Loyalty Programs Identity & Nationality
  • 9. WHAT IS CONSIDERED “PRIVATE DATA”? ➤ Name, email address, home address, phone number ➤ Social security number, national identity number, passport number ➤ Medical data, social status, religion, political views, sexual orientation, nationality, financial balance ➤ Concert tickets, travel arrangements, library cards, loyalty programs ➤ IP addresses with timestamps ➤ and much more…
  • 10. PII Personal Identifiable Information Information that can identify a single individual
  • 11. RULE OF THUMB Any piece of information that can point to a single individual within the EU
  • 12. WHY CARE ABOUT GDPR? Why do I need to invest so much in being ready?
  • 13. PROTECT & SERVE ➤ Protect data of EU data subjects ➤ Secure the way you store data ➤ Audit access to data ➤ Know what data is kept in the company
  • 14. FINES & PENALTIES ➤ up to 10 million Euro or 2% of annual global turnover ➤ up to 20 million Euro or 4% of annual global turnover for more severe infringements
  • 15. IMPROVING KNOWLEDGE on the private data collected and processed by your company and who had access to it.
  • 17.
  • 18. IMPROVE SECURITY GDPR is a risk based approach to protect privacy data. All measures to ensure this protection will improve your overal security.
  • 21. ASSESS AND PREPARE ➤ Assess all data across ➤ Clients ➤ Employees ➤ Suppliers ➤ Contacts ➤ Develop a GDPR readiness roadmap ➤ Identify personal data
  • 22. LOOK OUT FOR KEY IDENTIFIERS ➤ When privacy data contains keys ➤ email address ➤ social security number ➤ national identity number ➤ …
  • 24. DESIGN ➤ Governance (how are you going to protect the data?) ➤ Training (how are employees handling the data?) ➤ Communication (how is data communicated?) ➤ Processes (how is data processed?)
  • 25. STANDARDS AND PROCEDURES ➤ Create a company wide standards to handle data ➤ Create procedures for ➤ Collecting data ➤ Processing data ➤ Exchanging data
  • 27. AUTOMATION IS KEY ➤ Develop and implement ➤ Procedures ➤ Processes ➤ Tools ➤ Deliver GDPR training ➤ Adhere to ➤ Privacy by design ➤ Security by design
  • 28. DATA MANAGEMENT POLICIES ➤ Data must be protected ➤ Collect the minimum amount of data ➤ Store the data safely (with encryption) and securely ➤ Anonymise the data before processing ➤ Ensure these policies are enforced
  • 30. IN OPERATION ➤ Execute automated business processes ➤ Monitor security and privacy ➤ Manage data access and consent rights
  • 31. RIGHT FOR DATA INSIGHT AND “BE FORGOTTEN” ➤ Data subjects ➤ Can request insight in data collected ➤ Can request to be forgotten
  • 33. MAKE SURE YOU CONFORM TO YOUR POLICIES ➤ Assess that your procedures are implemented ➤ Monitor data access ➤ Report on data activity ➤ Audit on a regular basis the security of your data ➤ Evaluate continuously adherence to GDPR standards
  • 34. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 35. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 36. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 37. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 38. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 39. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  • 41. PASSWORD MANAGEMENT ➤ Don’t store data access passwords in common repository ➤ Don’t keep passwords in environment variables* ➤ Make use of an Identity Management System to manage ➤ SSH keys ➤ API keys ➤ DSN’s ➤ Public keys (*) Why not use environment variables: diogomonica.com
  • 42. USE A TEAM PASSWORD MANAGER
  • 43. ENFORCE 2FA FOR EVERYONE!
  • 44. AUDIT TRAILS WITH MIDDLEWARE ➤ Log access to data ➤ Automate anonymising of privacy data ➤ Automate encryption of privacy data
  • 45. What’s wrong with this picture?
  • 46. Why display full name details?
  • 47. Why display email addresses?
  • 48. Why display phone numbers?
  • 49. REDUCE ACCESS TO DETAILS If a user has other ways to communicate with your clients, remove the visible display of common data elements like full names, email and shipment addresses and phone numbers.
  • 50. Do you see the difference?
  • 51. Not full name display
  • 53.
  • 54. SAME FUNCTIONALITY, BUT KEEPS DATA HIDDEN ➤ Prevents accidentally exposing email and phone numbers (e.g. during a call) ➤ Hides details from end-user, but functionality is still provided ➤ Sending out an email uses build-in mail client ➤ Making calls uses a phone middleware used in the company ➤ Gives clear audit trail on who accessed what
  • 55.
  • 56. NOT 100% PROTECTION, BUT… ➤ We remove the personal one-on-one communication with customers ➤ We add better access management on customer communication ➤ Full audit trail now possible as communication stays in-application ➤ Less chance for data loss as contact details are kept away from users
  • 57. …AND DON’T FORGET TO ENCRYPT YOUR STORAGE & COMMUNICATIONS! App Data Storage File Storage Log Storage Backup Storage Public - private key exchange| encrypted data storage
  • 60. NOT OPT-IN /dev/null is the place to be
  • 61. LIMIT EXPIRATION Don’t keep longer than needed
  • 63. NEXT STEPS Get started now to be ready
  • 65. DON’T START BLINDLY KNOW WHAT TO PROTECT!
  • 68. SOME RESOURCES ➤ European Commission: Protection of personal data ➤ EU GDPR Infograph ➤ Charting the Course to GDPR: Setting Sail ➤ Deloitte GDPR Series ➤ InfoSecurity Group GDPR Checklist ➤ Securing MongoDB ➤ Table and tablespace encryption on MariaDB 10.1
  • 69. THE CLOCK IS TICKING…
  • 70.
  • 71. Please leave feedback on joind.in to improve this talk and grab the slides on your way out.
  • 72. in it2PROFESSIONAL PHP SERVICES Michelangelo van Dam Zend Certified Engineer contact@in2it.be - www.in2it.be - T in2itvof - F in2itvof Microsoft Azure Zend Framework Consulting Quality Assurance & Disaster Recovery