Successfully reported this slideshow.
Your SlideShare is downloading. ×

General Data Protection Regulation, a developer's story

Apr. 26, 2017
2 likes 1,536 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
Privacy by design
Privacy by design
Loading in …3
×

Check these out next

Combatting Insider Threats Presentation
Sara Thomason
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
Not IF, but WHEN
Michael Scheidell
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
Elinar
BITGLASS - DATA BREACH DISCOVERY DATASHEET
Edgar Alejandro Villegas
Learning about Security and Compliance in Office 365
Aptera Inc
Drivelock modern approach of it security & amp; encryption solution -whitep...
Arbp Worldwide
Sensitive data
S.M. Towhidul Islam
1 of 74 Ad

General Data Protection Regulation, a developer's story

Apr. 26, 2017
2 likes 1,536 views

Download to read offline

Engineering

On May 25, 2018 all companies collecting and processing data of people from within the European Union must comply to the General Data Protection Regulation or GDPR. In this talk we'll cover what the GDPR is and how it will impact businesses within the EU and abroad, what can be done to comply to this regulation and how to proceed further.

This talk will not provide you legal answers, but will give you technology solutions that will make your applications compliant to these regulations. Even if you're not processing data from the EU, these solutions will offer you better protection to the data you currently keep and will ensure that in the case of a breach, the impact will be minimum.

On May 25, 2018 all companies collecting and processing data of people from within the European Union must comply to the General Data Protection Regulation or GDPR. In this talk we'll cover what the GDPR is and how it will impact businesses within the EU and abroad, what can be done to comply to this regulation and how to proceed further.

This talk will not provide you legal answers, but will give you technology solutions that will make your applications compliant to these regulations. Even if you're not processing data from the EU, these solutions will offer you better protection to the data you currently keep and will ensure that in the case of a breach, the impact will be minimum.

Engineering
License: CC Attribution-NonCommercial-ShareAlike License
Advertisement

Recommended

Privacy by design
Michelangelo van Dam
1.1k views
73 slides
NIAP Compliance & Data-Centric Security
Seclore
53 views
6 slides
Customer Data Privacy & Protection | Seclore
Seclore
27 views
7 slides
Security Myths Surrounding Microsoft Information Protection
Seclore
79 views
9 slides
Protect your sensitive data against data leaks with Safetica DLP
Adi Saputra
100 views
21 slides
Security v. Privacy: the great debate
David Strom
1.5k views
71 slides
Five Key Trends for Data-Centric Security
Seclore
82 views
11 slides
Office 365 Security: How to Safeguard Your Data
Bitglass
548 views
22 slides
Advertisement

More Related Content

Slideshows for you (20)

Combatting Insider Threats Presentation
Sara Thomason
481 views
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
831 views
Not IF, but WHEN
Michael Scheidell
170 views
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
Elinar
1.4k views
BITGLASS - DATA BREACH DISCOVERY DATASHEET
Edgar Alejandro Villegas
453 views
Learning about Security and Compliance in Office 365
Aptera Inc
831 views
Drivelock modern approach of it security & amp; encryption solution -whitep...
Arbp Worldwide
108 views
Sensitive data
S.M. Towhidul Islam
134 views
Opening Keynote (Identity Live Berlin 2018)
ForgeRock
354 views
Cyber Security 4.0 conference 30 November 2016
InfinIT - Innovationsnetværket for it
589 views
4 Reasons Why Automation Is a Crucial Aspect of Data-Centric Security
Seclore
75 views
CASBs - A New Hope
Bitglass
254 views
Seattle Tech4Good meetup: Data Security and Privacy
Sabra Goldick
644 views
Managing Data Breach Communication on The Social Web
Boyd Neil
476 views
A Data Privacy & Security Year in Review: Top 10 Trends and Predictions
Delphix
316 views
Understanding Global Data Protection Laws: Webinar
CipherCloud
3.5k views
Digital Identities in the Internet of Things - Securely Manage Devices at Scale
ForgeRock
1.6k views
ISC(2) Security Briefing Part 2 - CASBs: Real-world use cases
Bitglass
244 views
4 Essential Components of Office 365 Security
Bitglass
776 views
GDPR and Remote Access Security: What You Need To Know
Bomgar
1.4k views
Combatting Insider Threats Presentation
Sara Thomason
481 views
39 slides
GDPR, Data Privacy and Cybersecurity - MIT Symposium
Eric Vanderburg
831 views
45 slides
Not IF, but WHEN
Michael Scheidell
170 views
18 slides
GDPR and Privacy Data AI Miner - Solve your complex privacy data challenges!
Elinar
1.4k views
12 slides
BITGLASS - DATA BREACH DISCOVERY DATASHEET
Edgar Alejandro Villegas
453 views
6 slides
Learning about Security and Compliance in Office 365
Aptera Inc
831 views
22 slides

Similar to General Data Protection Regulation, a developer's story (20)

Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
947 views
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
987 views
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
119 views
CBC GDPR The Physics
Jason Chapman
187 views
Everything you Need to Know about The Data Protection Officer Role
HackerOne
9k views
How to implement gdpr in your document repository
XeniT Solutions nv
358 views
Implementing and Auditing GDPR Series (3 of 10)
Jim Kaplan CIA CFE
140 views
General Data Protection Regulation Webinar 6
Jim Kaplan CIA CFE
95 views
Privacy by Design and by Default + General Data Protection Regulation with Si...
Peter Procházka
410 views
DLP
saurabh.sood
1.6k views
Data Loss During Downsizing
Constantine Karbaliotis
813 views
Data- and database security & GDPR: end-to-end offer
Capgemini
2.9k views
Le soluzioni tecnologiche a supporto della normativa GDPR
Jürgen Ambrosi
193 views
Digital Disruption and Consumer Trust - Resolving the Challenge of GDPR
Richard Veryard
862 views
A Global Marketer's Guide to Privacy
FLUZO
963 views
GDPR solutions (JS Event 28/2/18) | Greenlight Computers
Gary Dodson
276 views
Keep Calm and Comply: 3 Keys to GDPR Success
Sirius
8.4k views
Managing Privacy Risk and Promoting Ethical Culture in the Digital Age
Perficient, Inc.
732 views
The GDPR Most Wanted: The Marketer and Analyst's Role in Compliance
ObservePoint
51 views
BSIDES DETROIT 2015: Data breaches cost of doing business
Joel Cardella
910 views
Data compliance - get it right the first time (Full color PDF)
Peter GEELEN ✔
947 views
59 slides
Data compliance - get it right the first time (Black/White printable PDF)
Peter GEELEN ✔
987 views
59 slides
Boards of Directors and GDPR Prof. Hernan Huwyler, MBA CPA
Hernan Huwyler, MBA CPA
119 views
36 slides
CBC GDPR The Physics
Jason Chapman
187 views
10 slides
Everything you Need to Know about The Data Protection Officer Role
HackerOne
9k views
24 slides
How to implement gdpr in your document repository
XeniT Solutions nv
358 views
59 slides
Advertisement

More from Michelangelo van Dam (20)

GDPR Art. 25 - Privacy by design and default
Michelangelo van Dam
93 views
Moving from app services to azure functions
Michelangelo van Dam
562 views
Privacy by design
Michelangelo van Dam
696 views
DevOps or DevSecOps
Michelangelo van Dam
969 views
Continuous deployment 2.0
Michelangelo van Dam
1.4k views
Let your tests drive your code
Michelangelo van Dam
2.5k views
Leveraging a distributed architecture to your advantage
Michelangelo van Dam
1.5k views
The road to php 7.1
Michelangelo van Dam
2.1k views
Open source for a successful business
Michelangelo van Dam
587 views
Decouple your framework now, thank me later
Michelangelo van Dam
1k views
Deploy to azure in less then 15 minutes
Michelangelo van Dam
780 views
Azure and OSS, a match made in heaven
Michelangelo van Dam
1k views
Getting hands dirty with php7
Michelangelo van Dam
3.1k views
Zf2 how arrays will save your project
Michelangelo van Dam
1.3k views
Create, test, secure, repeat
Michelangelo van Dam
3.9k views
The Continuous PHP Pipeline
Michelangelo van Dam
6.5k views
PHPUnit Episode iv.iii: Return of the tests
Michelangelo van Dam
869 views
Easily extend your existing php app with an api
Michelangelo van Dam
1.5k views
Your code are my tests
Michelangelo van Dam
2.6k views
200K+ reasons security is a must
Michelangelo van Dam
1.8k views
GDPR Art. 25 - Privacy by design and default
Michelangelo van Dam
93 views
39 slides
Moving from app services to azure functions
Michelangelo van Dam
562 views
40 slides
Privacy by design
Michelangelo van Dam
696 views
69 slides
DevOps or DevSecOps
Michelangelo van Dam
969 views
63 slides
Continuous deployment 2.0
Michelangelo van Dam
1.4k views
73 slides
Let your tests drive your code
Michelangelo van Dam
2.5k views
137 slides

Recently uploaded (20)

DAM ENGINEERING I.pptx
TewodrosAssefaNiguss
0 views
Bridge.pptx
ChrisPuyoc
0 views
Short Empire C Technical Manual.pdf.pdf
TahirSadikovi
0 views
5271197.ppt
ssuser35af09
0 views
MEC_403_Part_2_Cam_And_Follower.pdf
SalimSaleh9
0 views
FPGA_Module Bank_Sec B.pdf
AswiniSamantray2
0 views
Boeing B-17G Flying Fortress Erection and Maintenaice Instructions,Part 1.pdf
TahirSadikovi
0 views
MDP2206-2217-Lec2.pdf
amirashraf61
0 views
Grantt-Chart.pptx
BertPetalioCaporado
0 views
Pilots manual B-29/B-29A.pdf
TahirSadikovi
0 views
Lec 1 Introduction to Software Engg.pptx
Abdullah Khan
0 views
kupdf.net_corrosion-data-survey-metal-section-6th-ed-nace-publisher-1985 (1).pdf
OmarXavierFonsecaSer
0 views
Certificate_C-YG4BJ376VA CSWP.pdf
montassar18
0 views
6_2 Flexible MFG Performance.ppt
SabrySYoussef1
0 views
Machine Toold Design Handbook - CMTI.pdf
SakshamSetia1
0 views
Metals and Nonmetals.pptx
GUDIKANDULASRAVANTHI
0 views
418976977-Calculation-of-Paint.ppt
TimJalur
0 views
Lecture12_16717_Lecture1.ppt
Venneladonthireddy1
0 views
6G_Wireless_Communication_Systems_Applications_Requirements_Technologies_Chal...
habibi54854
0 views
SHOCK.pptx
KalaivaniGanapathy
0 views
DAM ENGINEERING I.pptx
TewodrosAssefaNiguss
0 views
123 slides
Bridge.pptx
ChrisPuyoc
0 views
14 slides
Short Empire C Technical Manual.pdf.pdf
TahirSadikovi
0 views
180 slides
5271197.ppt
ssuser35af09
0 views
34 slides
MEC_403_Part_2_Cam_And_Follower.pdf
SalimSaleh9
0 views
38 slides
FPGA_Module Bank_Sec B.pdf
AswiniSamantray2
0 views
3 slides
Advertisement

General Data Protection Regulation, a developer's story

  1. 1. GENERAL DATA PROTECTION REGULATION A developer’s story
  2. 2. DISCLAIMER This is not “legal advice” and all points made should be checked with your company’s legal department or consult a legal advisor for your specific situation!
  3. 3. GDPR What is it?
  4. 4. GENERAL DATA PROTECTION REGULATION (GDPR) ➤ More strict modification of already existing advisories (not rules) of best practices towards protecting privacy data in EU ➤ Become law in all 28 EU countries on May 25, 2018 ➤ Impact all businesses that collect and process privacy related data of EU data subjects (even outside of EU)
  5. 5. “GDPR is a risk based approach -Cindy E. Compert - IBM Security
  6. 6. WHAT GDPR WANTS TO PROTECT Religion & Beliefs Physical Appearance Cultural Background Sexual Orientation Social Status Financial Strength Mental State Medical Conditions Studies & Education Memberships Loyalty Programs Identity & Nationality
  7. 7. WHAT IS CONSIDERED “PRIVATE DATA”? ➤ Name, email address, home address, phone number ➤ Social security number, national identity number, passport number ➤ Medical data, social status, religion, political views, sexual orientation, nationality, financial balance ➤ Concert tickets, travel arrangements, library cards, loyalty programs ➤ IP addresses with timestamps ➤ and much more…
  8. 8. PII Personal Identifiable Information Information that can identify a single individual
  9. 9. RULE OF THUMB Any piece of information that can point to a single individual within the EU
  10. 10. WHY CARE ABOUT GDPR? Why do I need to invest so much in being ready?
  11. 11. PROTECT & SERVE ➤ Protect data of EU data subjects ➤ Secure the way you store data ➤ Audit access to data ➤ Know what data is kept in the company
  12. 12. FINES & PENALTIES ➤ up to 10 million Euro or 2% of annual global turnover ➤ up to 20 million Euro or 4% of annual global turnover for more severe infringements
  13. 13. IMPROVING KNOWLEDGE on the private data collected and processed by your company and who had access to it.
  14. 14. SERVICE BINGO
  15. 15. IMPROVE SECURITY GDPR is a risk based approach to protect privacy data. All measures to ensure this protection will improve your overal security.
  16. 16. GDPR COMPLIANCE The nitty-gritty
  17. 17. ASSESS
  18. 18. ASSESS AND PREPARE ➤ Assess all data across ➤ Clients ➤ Employees ➤ Suppliers ➤ Contacts ➤ Develop a GDPR readiness roadmap ➤ Identify personal data
  19. 19. LOOK OUT FOR KEY IDENTIFIERS ➤ When privacy data contains keys ➤ email address ➤ social security number ➤ national identity number ➤ …
  20. 20. DESIGN
  21. 21. DESIGN ➤ Governance (how are you going to protect the data?) ➤ Training (how are employees handling the data?) ➤ Communication (how is data communicated?) ➤ Processes (how is data processed?)
  22. 22. STANDARDS AND PROCEDURES ➤ Create a company wide standards to handle data ➤ Create procedures for ➤ Collecting data ➤ Processing data ➤ Exchanging data
  23. 23. TRANSFORM
  24. 24. AUTOMATION IS KEY ➤ Develop and implement ➤ Procedures ➤ Processes ➤ Tools ➤ Deliver GDPR training ➤ Adhere to ➤ Privacy by design ➤ Security by design
  25. 25. DATA MANAGEMENT POLICIES ➤ Data must be protected ➤ Collect the minimum amount of data ➤ Store the data safely (with encryption) and securely ➤ Anonymise the data before processing ➤ Ensure these policies are enforced
  26. 26. OPERATE
  27. 27. IN OPERATION ➤ Execute automated business processes ➤ Monitor security and privacy ➤ Manage data access and consent rights
  28. 28. RIGHT FOR DATA INSIGHT AND “BE FORGOTTEN” ➤ Data subjects ➤ Can request insight in data collected ➤ Can request to be forgotten
  29. 29. CONFORM
  30. 30. MAKE SURE YOU CONFORM TO YOUR POLICIES ➤ Assess that your procedures are implemented ➤ Monitor data access ➤ Report on data activity ➤ Audit on a regular basis the security of your data ➤ Evaluate continuously adherence to GDPR standards
  31. 31. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  32. 32. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  33. 33. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  34. 34. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  35. 35. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  36. 36. PATH TO GDPR COMPLIANCY ASSESS TRANSFORMDESIGN OPERATE CONFORM
  37. 37. SOME EXAMPLES Some technical tips
  38. 38. PASSWORD MANAGEMENT ➤ Don’t store data access passwords in common repository ➤ Don’t keep passwords in environment variables* ➤ Make use of an Identity Management System to manage ➤ SSH keys ➤ API keys ➤ DSN’s ➤ Public keys (*) Why not use environment variables: diogomonica.com
  39. 39. USE A TEAM PASSWORD MANAGER
  40. 40. ENFORCE 2FA FOR EVERYONE!
  41. 41. AUDIT TRAILS WITH MIDDLEWARE ➤ Log access to data ➤ Automate anonymising of privacy data ➤ Automate encryption of privacy data
  42. 42. What’s wrong with this picture?
  43. 43. Why display full name details?
  44. 44. Why display email addresses?
  45. 45. Why display phone numbers?
  46. 46. REDUCE ACCESS TO DETAILS If a user has other ways to communicate with your clients, remove the visible display of common data elements like full names, email and shipment addresses and phone numbers.
  47. 47. Do you see the difference?
  48. 48. Not full name display
  49. 49. Integrated communication functionality
  50. 50. SAME FUNCTIONALITY, BUT KEEPS DATA HIDDEN ➤ Prevents accidentally exposing email and phone numbers (e.g. during a call) ➤ Hides details from end-user, but functionality is still provided ➤ Sending out an email uses build-in mail client ➤ Making calls uses a phone middleware used in the company ➤ Gives clear audit trail on who accessed what
  51. 51. NOT 100% PROTECTION, BUT… ➤ We remove the personal one-on-one communication with customers ➤ We add better access management on customer communication ➤ Full audit trail now possible as communication stays in-application ➤ Less chance for data loss as contact details are kept away from users
  52. 52. …AND DON’T FORGET TO ENCRYPT YOUR STORAGE & COMMUNICATIONS! App Data Storage File Storage Log Storage Backup Storage Public - private key exchange| encrypted data storage
  53. 53. EMAIL MARKETING
  54. 54. CONTACT DATA Opt-in , always
  55. 55. NOT OPT-IN /dev/null is the place to be
  56. 56. LIMIT EXPIRATION Don’t keep longer than needed
  57. 57. AUTOMATE IT!
  58. 58. NEXT STEPS Get started now to be ready
  59. 59. GET STARTED NOW
  60. 60. DON’T START BLINDLY KNOW WHAT TO PROTECT!
  61. 61. EVALUATE REGULARLY
  62. 62. GOAL: PROTECT PRIVACY
  63. 63. SOME RESOURCES ➤ European Commission: Protection of personal data ➤ EU GDPR Infograph ➤ Charting the Course to GDPR: Setting Sail ➤ Deloitte GDPR Series ➤ InfoSecurity Group GDPR Checklist ➤ Securing MongoDB ➤ Table and tablespace encryption on MariaDB 10.1
  64. 64. THE CLOCK IS TICKING…
  65. 65. Please leave feedback on joind.in to improve this talk and grab the slides on your way out.
  66. 66. in it2PROFESSIONAL PHP SERVICES Michelangelo van Dam Zend Certified Engineer contact@in2it.be - www.in2it.be - T in2itvof - F in2itvof Microsoft Azure Zend Framework Consulting Quality Assurance & Disaster Recovery
  67. 67. JOIN THE DISCUSSION https://in2.se/gdpr-updates

×