SlideShare a Scribd company logo

Gdpr and ISMS Quick Map Framework EL

Eugene Lee
Eugene Lee

Documentation Strategy for GDPR - Identify which control item fit and relates to GDPR - Editing, Adding, Modify relates document or regulation - Draft GDPR policy by referring back existing or edited document For Example, - Privacy and Personal Data Protection - Draft the content table - Referring table back to existing controls (regulation, rules)

Internet
1 of 15
GDPR and ISMS Quick Map Framework DRAFT:EUGENELEEWORK@GMAIL.COM
Topic •Principle •Lesson of GDPR •Data Protection Officer (DPO) •Quick Start Mapping • How-To: Quick leverage ISO27001 ISMS in order
Principle 1. Documented Policy 2. Minimize data collected 3. Do not retain data beyond purpose 4. Data Subject ownership to their Data 5. Breach notification Must* notify data authorities within 72 hours once a personal data breach discovered Notify individual (data subjects) if high risk to their rights 6. Proven Records while legal requesting 2/8/2018eugeneleework@gmail.com 3
Lesson of GDPR • Key Elements of GDPR • Risk Assessment (DPIA) • Documenting IT Procedures • Data classification and Minima Data Lifetime • Monitoring and Automation • Extraterritoriality • New law extend outside the EU, even there is no a physical presence in the EU • Especially e-commerce and cloud-based companies 2/8/2018eugeneleework@gmail.com 4
Data Protection Officer (DPO) • Responsible for • As Contactor (depends on condition) • Creating access controls • Reducing risk • Ensuring compliance • Responding to requests • Reporting breaches within 72 hours • Creating a strong data security policy 2/8/2018eugeneleework@gmail.com 5
Quick Start Mapping – Core Element • Data classification • Define Information levels • Metadata • When was collected,Why was collected and its Purpose • Governance • GDPR security policies (personal data) • Role and Privilege to which system (Authorization and Permission) • ACL Policy,Who can access on limiting file • Monitoring • Unusual access patterns against files containing personal data 2/8/2018eugeneleework@gmail.com 6
Quick Start Mapping – Doc. Plan. • Documentation Strategy for GDPR • Identify which control item fit and relates to GDPR • Editing, Adding, Modify relates document or regulation • Draft GDPR policy by referring back existing or edited document • Example, 1. Privacy and Personal Data Protection 2. Draft the content table 3. Referring table back to existing controls (regulation, rules) 2/8/2018eugeneleework@gmail.com 7
Key Scope GDPR ISO27001 Guidance and Strategy Protection Policy 4、5、6 A.5 and its referral policy Classification Data classification A.8.1、A.8.2 Metadata HR、minimize data collected CRM Project A.7、A.8、A.14、A.15 Governance ACL on systems HRMS、System which stored personal information A.6.1、A.8.1、A.8.3、A.9、 A.10、A11、A12、A.18.1.3、 A.18.1.4 Monitoring Proven Logs on systems、 Monitor system、SysLog 6、10 A.8.3、A.9、A.11.1、A.12.4、 A.16 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 8
Key Scope GDPR ISO27001 New Role DPO A.6.1 ExtraTerritoriality (EU to US, Privacy Shield) Articles 3 HRMS, Saelsforce,CRM A.7、A13.2、A.18 Privacy Shield Framework Violations of basic principles related to data security Articles 5 5、6、7 A.5、A.6、A.7、A.13、 A.16、A.18 Violations of the core Privacy by Design concepts Articles 7 5、6、7 A.5、A.6、A.7、A.13、 A.16、A.18 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 9
Domain or Scope GDPR ISO27001 • Right to Erasure and to- be-forgotten • Able to discover and target specific data when ever intend to remove it • Data subject can request to erase the data held by companies at any time • Data processors have to erase all whenever asked Articles 17 HRMS, Saelsforce, CRM 6.1.2 A.7、A.8、A.12.3、 A.14.1.1、A.16 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 10
Domain or Scope GDPR ISO27001 Data Protection by Design and By Default Accountability and Automation Articles 25 6.1.2、6.1.3、7.5.3、9.1 A.6.1.5、A.7、A.8、 A.12.3、A.14.1.1、A.16 Not having records in order 2% of global revenue for Records of Processing Activities Organizational measures to process personal data Articles 30 6、7、8 A.8、A.12.3、A.16、 A.18 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 11
Domain or Scope GDPR ISO27001 Security of Processing Least privilege access, Accountability by data subject (the owner = individuals) Able to provide measurement reports on policies, processes Articles 32 8.2、8.3 A.9、A.10、A.11、A.13、 A.16、A.15 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 12
Domain or Scope GDPR ISO27001 Notification of personal data breach to the supervisory authority Prevent and alert on data breach activity Incidence response plan Articles 33 A.16、A.18.1.4 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 13
Domain or Scope GDPR ISO27001 Not notifying the supervising authority and data subject about a breach Articles 34 A.16、A.18.1.4 Not conducting impact assessments Data Protection Impact Assessment Quantify data protection risk profiles Articles 35 6.1.2 A.6.1.3、A.8.2.1 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 14
ThankYou

Recommended

GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELEugene Lee
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Aoife Flynn
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
GDPR in a nutshell
GDPR in a nutshellGDPR in a nutshell
GDPR in a nutshellInitio
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 

Recommended

GDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELGDPR for Non-European Region - Financial Services EL
GDPR for Non-European Region - Financial Services ELEugene Lee
 
GDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELGDPR and ISO27001 mapping EL
GDPR and ISO27001 mapping ELEugene Lee
 
Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Payslip gdpr deck nov 2017
Payslip gdpr deck nov 2017Aoife Flynn
 
Simple GDPR Overview
Simple GDPR OverviewSimple GDPR Overview
Simple GDPR OverviewGydeline Ltd
 
Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney FD Event 05.09.19
Niall Rooney FD Event 05.09.19Niall Rooney
 
Sophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRSophie's Privacy - a story about GDPR
Sophie's Privacy - a story about GDPRHans Demeyer
 
GDPR in a nutshell
GDPR in a nutshellGDPR in a nutshell
GDPR in a nutshellInitio
 
GDPR Overview
GDPR OverviewGDPR Overview
GDPR OverviewTrish McGinity, CCSK
 
20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is hereRichard Hogg,Global GDPR Offerings Evangelist
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?Christiana Kozakou
 
GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality Susan Moran
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?BrightPay Payroll and Auto Enrolment Software
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk►David Clarke FBCS CITP
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies Benoît De Nayer
 
Data protection
Data protectionData protection
Data protectionLewis Silkin
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyRay ABOU
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101 Anubhav Dhiman
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
GDPR 101
GDPR 101GDPR 101
GDPR 101Mafazo: Digital Solutions
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 
New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
Partner enablement GDPR
Partner enablement GDPRPartner enablement GDPR
Partner enablement GDPRJuan Niekerk
 

More Related Content

What's hot

GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityDean Sappey
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentationPriyanka Aash
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?Christiana Kozakou
 
GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality Susan Moran
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Stephanie Vasey
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for developmentTomppa Järvinen
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessOlivier BARROT
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsChris Doolittle
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution Google
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyRay ABOU
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?Frederick Penaud
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and PrivacyVertex Holdings
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPRTim Hyman LLB
 

What's hot (20)

20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here20170323 are you ready the new gdpr is here
20170323 are you ready the new gdpr is here
 
GDPR From Implementation to Opportunity
GDPR From Implementation to OpportunityGDPR From Implementation to Opportunity
GDPR From Implementation to Opportunity
 
Gdpr overview ciso platform presentation
Gdpr overview ciso platform presentationGdpr overview ciso platform presentation
Gdpr overview ciso platform presentation
 
How does GDPR affect your business?
How does GDPR affect your business?How does GDPR affect your business?
How does GDPR affect your business?
 
GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality GDPR – The Practicalities of a New Reality
GDPR – The Practicalities of a New Reality
 
Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?Payroll Data & GDPR: What you need to know?
Payroll Data & GDPR: What you need to know?
 
Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...Preparing for general data protection regulations (gdpr) within the hous...
Preparing for general data protection regulations (gdpr) within the hous...
 
GDPR practical info session for development
GDPR practical info session for developmentGDPR practical info session for development
GDPR practical info session for development
 
GDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your businessGDPR what you should know and how to minimize impact on your business
GDPR what you should know and how to minimize impact on your business
 
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR RequirementsTeleran Data Protection - Addressing 5 Critical GDPR Requirements
Teleran Data Protection - Addressing 5 Critical GDPR Requirements
 
3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk3GRC approach to GDPR V 0.1 www.3grc.co.uk
3GRC approach to GDPR V 0.1 www.3grc.co.uk
 
SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution SureSkills GDPR - Discover the Smart Solution
SureSkills GDPR - Discover the Smart Solution
 
GDPR for dummies
GDPR for dummies GDPR for dummies
GDPR for dummies
 
Data protection
Data protectionData protection
Data protection
 
Ready for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital EconomyReady for the GDPR, Ready for the Digital Economy
Ready for the GDPR, Ready for the Digital Economy
 
GDPR 101
GDPR 101 GDPR 101
GDPR 101
 
GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?GDPR security services - Areyou ready ?
GDPR security services - Areyou ready ?
 
Data Protection and Privacy
Data Protection and PrivacyData Protection and Privacy
Data Protection and Privacy
 
GDPR 101
GDPR 101GDPR 101
GDPR 101
 
The Essential Guide to GDPR
The Essential Guide to GDPRThe Essential Guide to GDPR
The Essential Guide to GDPR
 

Similar to Gdpr and ISMS Quick Map Framework EL

New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonUlf Mattsson
 
Partner enablement GDPR
Partner enablement GDPRPartner enablement GDPR
Partner enablement GDPRJuan Niekerk
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
Partner enablement GDPR
Partner enablement GDPRPartner enablement GDPR
Partner enablement GDPRJuan Niekerk
 
Mailstore advisory GDPR
Mailstore advisory GDPRMailstore advisory GDPR
Mailstore advisory GDPRBalázs Antók
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRMatt Stubbs
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSAUlf Mattsson
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAmazon Web Services
 
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentHow to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentJade Global
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Index Engines Inc.
 
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...AIIM International
 
2018 advanced data governance - slide share
2018 advanced data governance - slide share2018 advanced data governance - slide share
2018 advanced data governance - slide shareAlbert Hoitingh
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRReynold Leming
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCapgemini
 
CIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit SagooCIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit SagooAndrew Pryor
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, RubrikVMUG IT
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help Niklas Hjorthen
 

Similar to Gdpr and ISMS Quick Map Framework EL (20)

New york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattssonNew york oracle users group 2013 spring general meeting ulf mattsson
New york oracle users group 2013 spring general meeting ulf mattsson
 
Partner enablement GDPR
Partner enablement GDPRPartner enablement GDPR
Partner enablement GDPR
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0Gdpr brief and controls ver2.0
Gdpr brief and controls ver2.0
 
Partner enablement GDPR
Partner enablement GDPRPartner enablement GDPR
Partner enablement GDPR
 
Mailstore advisory GDPR
Mailstore advisory GDPRMailstore advisory GDPR
Mailstore advisory GDPR
 
Big Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPRBig Data LDN 2017: Applied AI for GDPR
Big Data LDN 2017: Applied AI for GDPR
 
Gdpr action plan - ISSA
Gdpr action plan - ISSAGdpr action plan - ISSA
Gdpr action plan - ISSA
 
AWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPRAWS Shared Responsibility Model and GDPR
AWS Shared Responsibility Model and GDPR
 
How to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test EnvironmentHow to Maximize Data Governance in Snowflake Test Environment
How to Maximize Data Governance in Snowflake Test Environment
 
Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017Building the Governance Ready Enterprise for GDPR Compliance December 2017
Building the Governance Ready Enterprise for GDPR Compliance December 2017
 
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
[Webinar Slides] Data Explosion in Your Organization? Harness It with a Compr...
 
2018 advanced data governance - slide share
2018 advanced data governance - slide share2018 advanced data governance - slide share
2018 advanced data governance - slide share
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPR
 
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) planCWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
CWIN17 san francisco-geert vanderlinden-don't be stranded without a (gdpr) plan
 
CIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit SagooCIO WaterCooler Focus: GDPR Jasmit Sagoo
CIO WaterCooler Focus: GDPR Jasmit Sagoo
 
DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018DEFeND Project Presentation - July 2018
DEFeND Project Presentation - July 2018
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
04 - VMUGIT - Lecce 2018 - Giampiero Petrosi, Rubrik
 
The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help The EU General Protection Regulation and how Oracle can help
The EU General Protection Regulation and how Oracle can help
 

Recently uploaded

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Roomdivyansh0kumar0
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Roomishabajaj13
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一Fs
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作ys8omjxb
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝soniya singh
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Personfurqan222004
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一z xss
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Roomdivyansh0kumar0
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)Christopher H Felton
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Deliverybabeytanya
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一3sw2qly1
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一Fs
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkataanamikaraghav4
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsThierry TROUIN ☁
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012rehmti665
 

Recently uploaded (20)

VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With RoomVIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
VIP Kolkata Call Girl Alambazar 👉 8250192130 Available With Room
 
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With RoomVIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
VIP Kolkata Call Girl Salt Lake 👉 8250192130 Available With Room
 
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
定制(AUT毕业证书)新西兰奥克兰理工大学毕业证成绩单原版一比一
 
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
Potsdam FH学位证,波茨坦应用技术大学毕业证书1:1制作
 
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls KolkataLow Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
Low Rate Call Girls Kolkata Avani 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
Call Girls in Uttam Nagar Delhi 💯Call Us 🔝8264348440🔝
 
Complet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled PersonComplet Documnetation for Smart Assistant Application for Disabled Person
Complet Documnetation for Smart Assistant Application for Disabled Person
 
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
办理(UofR毕业证书)罗切斯特大学毕业证成绩单原版一比一
 
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With RoomVIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
VIP Kolkata Call Girl Kestopur 👉 8250192130 Available With Room
 
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
A Good Girl's Guide to Murder (A Good Girl's Guide to Murder, #1)
 
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort ServiceHot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
Hot Sexy call girls in Rk Puram 🔝 9953056974 🔝 Delhi escort Service
 
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on DeliveryCall Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
Call Girls In Mumbai Central Mumbai ❤️ 9920874524 👈 Cash on Delivery
 
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
定制(CC毕业证书)美国美国社区大学毕业证成绩单原版一比一
 
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
定制(Lincoln毕业证书)新西兰林肯大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Ishita 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
定制(UAL学位证)英国伦敦艺术大学毕业证成绩单原版一比一
 
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls KolkataRussian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
Russian Call Girls in Kolkata Samaira 🤌 8250192130 🚀 Vip Call Girls Kolkata
 
AlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with FlowsAlbaniaDreamin24 - How to easily use an API with Flows
AlbaniaDreamin24 - How to easily use an API with Flows
 
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
Call Girls South Delhi Delhi reach out to us at ☎ 9711199012
 
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Serviceyoung call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
young call girls in Uttam Nagar🔝 9953056974 🔝 Delhi escort Service
 

Gdpr and ISMS Quick Map Framework EL

  • 1. GDPR and ISMS Quick Map Framework DRAFT:EUGENELEEWORK@GMAIL.COM
  • 2. Topic •Principle •Lesson of GDPR •Data Protection Officer (DPO) •Quick Start Mapping • How-To: Quick leverage ISO27001 ISMS in order
  • 3. Principle 1. Documented Policy 2. Minimize data collected 3. Do not retain data beyond purpose 4. Data Subject ownership to their Data 5. Breach notification Must* notify data authorities within 72 hours once a personal data breach discovered Notify individual (data subjects) if high risk to their rights 6. Proven Records while legal requesting 2/8/2018eugeneleework@gmail.com 3
  • 4. Lesson of GDPR • Key Elements of GDPR • Risk Assessment (DPIA) • Documenting IT Procedures • Data classification and Minima Data Lifetime • Monitoring and Automation • Extraterritoriality • New law extend outside the EU, even there is no a physical presence in the EU • Especially e-commerce and cloud-based companies 2/8/2018eugeneleework@gmail.com 4
  • 5. Data Protection Officer (DPO) • Responsible for • As Contactor (depends on condition) • Creating access controls • Reducing risk • Ensuring compliance • Responding to requests • Reporting breaches within 72 hours • Creating a strong data security policy 2/8/2018eugeneleework@gmail.com 5
  • 6. Quick Start Mapping – Core Element • Data classification • Define Information levels • Metadata • When was collected,Why was collected and its Purpose • Governance • GDPR security policies (personal data) • Role and Privilege to which system (Authorization and Permission) • ACL Policy,Who can access on limiting file • Monitoring • Unusual access patterns against files containing personal data 2/8/2018eugeneleework@gmail.com 6
  • 7. Quick Start Mapping – Doc. Plan. • Documentation Strategy for GDPR • Identify which control item fit and relates to GDPR • Editing, Adding, Modify relates document or regulation • Draft GDPR policy by referring back existing or edited document • Example, 1. Privacy and Personal Data Protection 2. Draft the content table 3. Referring table back to existing controls (regulation, rules) 2/8/2018eugeneleework@gmail.com 7
  • 8. Key Scope GDPR ISO27001 Guidance and Strategy Protection Policy 4、5、6 A.5 and its referral policy Classification Data classification A.8.1、A.8.2 Metadata HR、minimize data collected CRM Project A.7、A.8、A.14、A.15 Governance ACL on systems HRMS、System which stored personal information A.6.1、A.8.1、A.8.3、A.9、 A.10、A11、A12、A.18.1.3、 A.18.1.4 Monitoring Proven Logs on systems、 Monitor system、SysLog 6、10 A.8.3、A.9、A.11.1、A.12.4、 A.16 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 8
  • 9. Key Scope GDPR ISO27001 New Role DPO A.6.1 ExtraTerritoriality (EU to US, Privacy Shield) Articles 3 HRMS, Saelsforce,CRM A.7、A13.2、A.18 Privacy Shield Framework Violations of basic principles related to data security Articles 5 5、6、7 A.5、A.6、A.7、A.13、 A.16、A.18 Violations of the core Privacy by Design concepts Articles 7 5、6、7 A.5、A.6、A.7、A.13、 A.16、A.18 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 9
  • 10. Domain or Scope GDPR ISO27001 • Right to Erasure and to- be-forgotten • Able to discover and target specific data when ever intend to remove it • Data subject can request to erase the data held by companies at any time • Data processors have to erase all whenever asked Articles 17 HRMS, Saelsforce, CRM 6.1.2 A.7、A.8、A.12.3、 A.14.1.1、A.16 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 10
  • 11. Domain or Scope GDPR ISO27001 Data Protection by Design and By Default Accountability and Automation Articles 25 6.1.2、6.1.3、7.5.3、9.1 A.6.1.5、A.7、A.8、 A.12.3、A.14.1.1、A.16 Not having records in order 2% of global revenue for Records of Processing Activities Organizational measures to process personal data Articles 30 6、7、8 A.8、A.12.3、A.16、 A.18 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 11
  • 12. Domain or Scope GDPR ISO27001 Security of Processing Least privilege access, Accountability by data subject (the owner = individuals) Able to provide measurement reports on policies, processes Articles 32 8.2、8.3 A.9、A.10、A.11、A.13、 A.16、A.15 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 12
  • 13. Domain or Scope GDPR ISO27001 Notification of personal data breach to the supervisory authority Prevent and alert on data breach activity Incidence response plan Articles 33 A.16、A.18.1.4 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 13
  • 14. Domain or Scope GDPR ISO27001 Not notifying the supervising authority and data subject about a breach Articles 34 A.16、A.18.1.4 Not conducting impact assessments Data Protection Impact Assessment Quantify data protection risk profiles Articles 35 6.1.2 A.6.1.3、A.8.2.1 Quick Start Mapping – cont. 2/8/2018eugeneleework@gmail.com 14